As an example of how the move toward coping with the electronic world has long been sidelined, Database Nation cites the following, from a report prepared by a commission appointed by Elliot Richardson, President Richard Nixon's Secretary of Health, Education, and Welfare.
The Code of Fair Information Practices*
The Code of Fair Information Practices was the central contribution of the HEW (Health, Education, Welfare) Advisory Committee on Automated Data Systems. The Advisory Committee was established in 1972, and the report released in July. The citation for the report is as follows:
U.S. Dep't. of Health, Education and Welfare, Secretary's Advisory Committee on Automated Personal Data Systems, Records, computers, and the Rights of Citizens viii (1973).
The Code of Fair Information Practices is based on five principles:
1. There must be no personal data record-keeping systems whose very existence is secret.
2. There must be a way for a person to find out what information about the person is in a record and how it is used.
3. There must be a way for a person to prevent information about the person that was obtained for one purpose from being used or made available for other purposes without the person's consent.
4. There must be a way for a person to correct or amend a record of identifiable information about the person.
5. Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuses of the data.
It's vastly more than privacy, as Garfinkel realizes: "The problem with this word 'privacy' is that it falls short of conveying the really big picture. Privacy isn't just about hiding things. It's about self-possession, autonomy, and integrity. .... It's the right of people to control what details about their lives stay inside their own houses and what leaks to the outside. .... Privacy is fundamentally about the power of the individual."
Indeed it is, and it's on the run as witness just these recent headlines:
This last story, datelined Paris, quoted French President Jacques Chirac as telling the 300 delegates to an international conference, "The Internet, whose construction was fired by the universal ideals of freedom and solidarity, is testing our institutions."
And a U.S. Assistant Attorney General observed, "These technologies grow on a daily basis, and people are exploiting them all the time."
Garfinkel describes the many faces of the problem clearly, but his book presents only a lukewarm agenda for a solution. In a chapter with the promising title of "Privacy Now!" he introduces a series of proposals with very little discussion of what it will take to actually move forward with any of them.
For example, in a section entitled "A Government Privacy Agenda for the Twenty-First Century" he suggests the creation of "... a permanent federal oversight agency charged with protecting privacy." The agency (Garfinkel doesn't offer a name for it.... maybe the Privy Council?) would rein in the feds' tendency to sacrifice people's privacy for other goals, enforce the few existing privacy laws, guard individual privacy in the business world, and "be an ombudsman for the American public....".
"It is estimated that such an agency could be created for less than $5 million..." he offers. A glance at the notes in the back of the book shows the single source of this optimistic estimate to be: "Estimate by Evan Hendricks, chairman, U.S. Privacy council; publisher, Privacy Times." How to establish this agency? Who would sponsor the legislation? The book is silent, noting only that there might be considerable public support for governmental controls .... on key issues such as the protection of medical records.
There are more proposals (bringing back the Office of Technology Assessment, an arm of Congress that used to turn out some of the best information in Washington D.C., is my favorite), but precious little in the way of suggestions for actually accomplishing any of them.
Still, it's obvious that our author has done his homework. He clearly sees a growing civic problem and the need to do something about it before things get farther out of hand. The book provides a good bibliography, a helpful notes section, organized by chapter, a list of pertinent web sites (But why aren't these cited as pertinent throughout the book?), and a useful index.
This book is a beginning; it would be a good primer for members of Congress and their staffs considering the problems of privacy in the electronic age and what to do about them; and it's a good intro for anyone who might be just a little worried about where all those customer registration forms, medical forms, insurance forms, driver's license records, and web site sign-ins are winding up.
"If you browse Apple's web site, you do so anonymously. .... We do log your IP address (the Internet address of your computer) to give us an idea of which parts of our web site you visit and how long you spend there. But we do not link your IP address to anything personally identifiable. The only other information automatically provided to us is the type of computer and operating system you are using. ....
"At times we may request that you voluntarily supply us with personal information, such as your email address and postal address, for purposes such as corresponding with us, registering at a site, making a purchase, .....
"We use the personal information you provide to create a personal ID, called Apple ID. Your Apple ID gives you easy access to Apple services including product registration and the Apple Store. ....
"If you provide us with your email or postal address,... we will ask you if we can use it to send you updates on the latest Apple products and promotions. We also ask if you want us to share your personal information with other companies that offer related services. If you do not want us or other companies to contact you, you can choose to "opt out," and Apple will respect your wishes.
"Apple is actively involved in current industry initiatives-- such as the Online Privacy Alliance http://www.privacyalliance.org -- to preserve individual privacy rights on the Internet and in all aspects of electronic commerce. If you have a question specific to privacy, please contact us at firstname.lastname@example.org.
* Simson L. Garfinkel: http://simson.vineyard.net/