What They Do Know Can Hurt You
Some privacy activists scoff at the idea of using government to assure our privacy. Governments, they say, are responsible for some of the greatest privacy violations of all time. This is true, but the US government was also one of the greatest polluters of all time. Today the government is the nation's environmental police force, equally scrutinizing the actions of private business and the government itself.
At the very least, governments can alter the development of technology that affects privacy. They have done so in Europe. Consider this: A growing number of businesses in Europe are offering free telephone calls--provided that the caller first listens to a brief advertisement. The service saves consumers money, even if it does expose them to a subtle form of brainwashing. But not all these services are equal. In Sweden both the caller and the person being called are forced to listen to the advertisement, and the new advertisements are played during the phone call itself. But Italy's privacy ombudsman ruled that the person being called could not be forced to listen to the ads.
There is also considerable public support for governmental controls within the United States itself--especially on key issues, such as the protection of medical records. For example, a 1993 Harris-Equifax survey on medical privacy issues found that 56 percent of the American public favored "comprehensive federal legislation that spells out rules for confidentiality of individual medical records" as part of national healthcare reform legislation. Yet Congress failed to act on the public's wishes.
The Fair Credit Reporting Act was a good law in its day, but it should be upgraded into a Data Protection Act. Unfortunately, the Federal Trade Commission and the courts have narrowly interpreted the FCRA. The first thing that is needed is legislation that expands it into new areas. Specifically, consumer-reporting firms should be barred from reporting arrests unless those arrests result in convictions. Likewise, consumer-reporting firms should not be allowed to report evictions unless they result in court judgments in favor of the landlord or a settlement in which both the landlord and tenant agree that the eviction can be reported. Companies should be barred from exchanging medical information about individuals or furnishing medical information as part of a patient's report without the patient's explicit consent.
We also need new legislation that expands the fundamental rights offered to consumers under the FCRA. When negative information is reported to a credit bureau, the business making that report should be required to notify the subject of the report--the consumer--in writing. Laws schould be clarified so that if a consumer-reporting company does not correct erroneous data in its reports, consumers can sue for real damages, punitive damages and legal fees. People should have the right to correct any false information in their files, and if the consumer and the business disagree about the truth, then the consumer should have a right to place a detailed explanation into his or her record. And people should have a right to see all the information that has been collected on them; these reports should be furnished for free, at least once every six months.
We need to rethink consent, a bedrock of modern law. Consent is a great idea, but the laws that govern consent need to be rewritten to limit what kinds of agreements can be made with consumers. Blanket, perpetual consent should be outlawed.
Further, we need laws that require improved computer security. In the eighties the United States aggressively deployed cellular-telephone and alphanumeric-pager networks, even though both systems were fundamentally unsecure. Instead of deploying secure systems, manufacturers lobbied for laws that would make it illegal to listen to the broadcasts. The results were predictable: dozens of cases in which radio transmissions were eavesdropped. We are now making similar mistakes in the prosecution of many Internet crimes, going after the perpetrator while refusing to acknowledge the liabilities of businesses that do not even take the most basic security precautions.
We should also bring back the Office of Technology Assessment, set up under a bill passed in 1972. The OTA didn't have the power to make laws or issue regulations, but it could publish reports on topics Congress asked it to study. Among other things, the OTA considered at length the trade-offs between law enforcement and civil liberties, and it also looked closely at issues of worker monitoring. In total, the OTA published 741 reports, 175 of which dealt directly with privacy issues, before it was killed in 1995 by the newly elected Republican-majority Congress.
Nearly forty years ago, Rachel Carson's book Silent Spring helped seed the US environmental movement. And to our credit, the silent spring that Carson foretold never came to be. Silent Spring was successful because it helped people to understand the insidious damage that pesticides were wreaking on the environment, and it helped our society and our planet to plot a course to a better future.
Today, technology is killing one of our most cherished freedoms. Whether you call this freedom the right to digital self-determination, the right to informational autonomy or simply the right to privacy, the shape of our future will be determined in large part by how we understand, and ultimately how we control or regulate, the threats to this freedom that we face today.