Copyright 1999 Federal News Service, Inc.
Federal News Service
APRIL 21, 1999, WEDNESDAY
SECTION: IN THE NEWS
LENGTH:
3568 words
HEADLINE: PREPARED TESTIMONY OF
JERRY
BERMAN
EXECUTIVE DIRECTOR
CENTER FOR DEMOCRACY AND TECHNOLOGY
BEFORE
THE SENATE JUDICIARY COMMITTEE
BODY:
I. Overview
The Center for Democracy and Technology (CDT) is pleased
to have this opportunity to testify on the issue of individual privacy in the
online environment. CDT is a non-profit, public interest organization dedicated
to developing and implementing public policies to protect and advance civil
liberties and democratic values on the Internet. One of our core goals is to
enhance privacy protections for individuals in the development and use of new
communications technologies.
CDT focuses much of its work on the Internet
because we believe that it more than any other media has
characteristics--architectural, economic, and social--that are uniquely
supportive of First Amendment values. Because of its decentralized, open, and
interactive nature, the Internet is the first electronic medium to allow every
user to "publish" and engage in commerce. Users can reach and create communities
of interest despite geographic, social, and political barriers. As the World
Wide Web grows to fully support voice, data, and video, it will become in many
respects a virtual "face-to-face" social and political milieu.
But while the
First Amendment potential of the Internet is clear, and recognized by the Court,
the impact of the Internet on individual privacy is less certain. Will the
online environment erode individual privacy--building in national identifiers,
tracking devices, and limits on autonomy? Or will it breathe new life into
privacy-- providing protections for individuals' long held expectations of
privacy?
As we move swiftly toward a world of electronic democracy,
electronic commerce and indeed electronic living, the need to construct a
framework of privacy protection that fits with the unique opportunities and
risks posed by the Internet is critical. But as Congress has discovered in its
attempts to regulate speech, this medium deserves its own analysis. Laws
developed to protect interests in other media should not be blindly imported. To
create rules that map onto the Internet we must fully understand the
characteristics of the Internet and their implications for privacy protection.
We must also have a shared understanding of what we mean by privacy. Finally we
must assess how to best use the various tools we have for implementing
policy--law, computer code, industry practices, and public education--to achieve
the protections we seek.II. What Makes the Internet Different?
As Congress
considers crafting rules to protect privacy on the Internet, it must first
understand the specific challenges to privacy posed by the Internets' functions
and use.
A. Increased Data Creation and Collection
The Internet
accelerates the trend toward increased information collection that is already
evident in our offline world. The data trail, known as transactional data, left
behind as individuals use the Internet is a rich source of information about
their habits of association, speech, and commerce. When aggregated, these
digital fingerprints reveal a great deal about an individual's life. This
increasingly detailed information is bought and sold as a commodity by a growing
assortment of players and often sought by government.
B. The Globalization
of Information and Communications
On the Internet, information and
communications flow unimpeded across national borders. The Internet places the
corner store, and a store three continents away, equally at the individual's
fingertips. Just as the flow of personal information across national borders
poses a risk to individual privacy, citizens' ability to transact with entities
in other countries places individual privacy at risk in countries that lack
privacy protections. Whether protecting citizens from fraud, limiting the
availability of inappropriate content, or protecting privacy, governments are
finding their traditional ability to make and effectively enforce policies
challenged by the global communications medium.
C. Lack of Centralized
Control Mechanisms
The Internet's distributed architecture presents
challenges for the implementation of policies.
The Internet was designed
without gatekeepers -there is no single entity that controls the flow of
information. And as individuals and governments continually discover, the
Internet offers users an unequalled ability to route around unwanted attempts to
control activities and communications.
The Internet's distributed
architecture presents challenges for the implementation of policies. The
Internet was designed without gatekeepers -there is no single entity that
controls the flow of information. As individuals and governments continually
discover, the Internet offers users an unequalled ability to route around
unwanted attempts to control activities and communications.
III. What do we
Mean by Privacy? And How is it Being Eroded?
There are several core "privacy
expectations" that individuals have long held vis-a-vis both the government and
the private sector, the protection of which should carry over to interactions on
the Internet.
.4. The Expectation of Autonomy
Imagine walking through a
mall where every store, unbeknownst to you, placed a sign on your back. The
signs tell every other store you visit exactly where you have been, what you
looked at, and what you purchased. Something very close to this is possible on
the Internet.
When individuals surf the World Wide Web, they have a general
expectation of anonymity, more so than in the physical world where an individual
may be observed by others. Individuals believe that if they have not
affirmatively disclosed information about themselves, then no one knows who they
are or what they are doing. But, counter to this belief, the Internet generates
an elaborate trail of data detailing every stop a person makes on the Web. The
individual's employer may capture this data trail if she logged on at work, and
it is captured by the Web sites the individual visits. Transactional data, click
stream data, or "mouse-droppings" can provide a "profile" of an individual's
online life.Two recent examples highlight the manner in which individuals'
expectation of autonomy is challenged. (1) The introduction of the Pentium III
processor equipped with a unique identifier (Processor Serial Number) threatens
to greatly expand the ability of Web sites to surreptitiously track and monitor
online behavior. The PSN could become something akin to the Social Security
Number of the online world- a number tied inextricably to the individual and
used to validate one's identity throughout a range of interactions with the
government and the private sector. (2) The Child Online Protection Act (COPA),
passed in October, requires Web sites to prohibit
minors' access to material
considered "harmful to minors.
" Today when an individual walks into - a
convenience store to purchase an adult magazine they may flash their id. Under
the COPA an
individual will instead be asked to not only flash their id, but
also to leave a record of it and their purchase with the online store. Reliance
on such systems will create records of individuals' First Amendment activities,
thereby conditioning adult access to constitutionally protected speech on a
disclosure of identity. The defenses pose a Faustian choice to individuals
seeking access to information -- protect privacy and lose access or exercise
First Amendment freedoms and forego privacy.
B. The Expectation of Fairness
and Control Over Personal Information
When individuals provide information
to a doctor, a merchant, or a bank, they expect that those
professionals/companies will collect only information necessary to perform the
service and use it only for that purpose. The doctor will use it to tend to
their health, the merchant will use it to process the bill and ship the product,
and the bank will use it to manage their account---end of story. Unfortunately,
current practices, both offline and online, foil this expectation of
privacy. Whether it is medical information, or
a record of a book purchased at the bookstore, or information left behind during
a Web site visit information is routinely collected without the individual's
knowledge and used for a variety of other purposes without the individual's
knowledge--let alone consent.
The Federal Trade Commission report from last
June, "Privacy Online: A Report to Congress," found that despite increased
pressure businesses operating online continue to collect personal information on
the World Wide Web without providing even a minimum of consumer protection. The
report looked only at whether Web sites provided users with notice about how
their data was to be used; there was no discussion of whether the stated privacy
policies provided adequate protection. The survey found that while 92% of the
sites surveyed were collecting personally identifiable information only 14% had
some kind of disclosure of what they were doing with personal data.
In a CDT
study of federal agency Web sites, last week, we found that just over one-third
of federal agencies had a "privacy notice" link from the agency's home page.
Eight other sites had privacy policies that could be found after following a
link or two and on 22 of the sites surveyed we could not find a privacy policy
at all. C. The Expectation of Confidentiality
When individuals send email
they expect that only the intended recipient will read it. In passing the
Electronic Communications Privacy Act in 1986, Congress reaffirmed this
expectation. Unfortunately, it is once again in danger.
While United States
law provides email the same legal protection as a first class letter, the
technology leaves unencrypted email as vulnerable as a postcard. Compared to a
letter, an email message is handled by many independent entities and travels in
a relatively unpredictable and unregulated environment. To further complicate
matters, the email message may be routed, depending upon traffic patterns,
overseas and back, even if it is a purely domestic communication. While the
message may effortlessly flow from nation to nation, the privacy protections are
likely to stop at the border.
Email is just one example. Today our diaries,
medical records, and confidential documents are more likely to be out in the
network than stored in our homes. As our wallets become "ewallets" housed
somewhere out on the Internet rather than in our back-pockets, the
confidentiality of our personal information is at risk.The advent of online
datebooks, and products such as Novell's "Digital Me", which invite individuals
to take advantage of the convenience of the Internet to manage their lives,
raise increasingly complex privacy questions. While the real "me" has Fourth and
Fifth Amendment protections from the government, the "Digital Me" is
increasingly naked in cyberspace.
IV.. Where Do we Go From Here?
It is
clear that our policy framework did not envision the Internet as we know it
today, nor did it foresee the pervasive role information technology would play
in our daily lives. Our legal framework for protecting individual privacy in
electronic communications, while built upon constitutional principles buttressed
by statutory protections, reflects the technical and social "givens" of specific
moments in history. Crafting privacy protections in the electronic realm has
always been a complex endeavor. Reestablishing protections for individuals'
privacy in this new environment requires us to focus on both the technical
aspects of the Internet and on the practices and policies of those who operate
in the online environment.
A. The Importance of Architecture
Understanding the context is central to all effective efforts to protect
privacy. While the global, distributed network environment of the Internet
raises challenges to our traditional methods of implementing policies, the
specifications, standards, and technical protocols that support the operation of
the Internet offer a new way to implement policy decisions. By building privacy
into the architecture of the Internet, we have the opportunity to advance public
policies in a manner that scales with the global and decentralized character of
the network. As Larry Lessig repeatedly reminds us, "(computer) code is law."
Accordingly, we must promote specifications, standards and products that
protect privacy. A privacy-enhancing architecture must incorporate, in its
design and function, individuals' expectations of privacy. For example a
privacy-protective architecture would provide individuals the ability to "walk"
through the digital world, browse, and even purchase without disclosing
information about their identity, thereby preserving their autonomy and ensuring
the expectations of privacy. A privacy-protective architecture would enable
individuals to control when, how, and to whom personal information is revealed.
It would also provide individuals with the ability to exercise control over how
information once disclosed is, if at all, subsequently used. Finally, a
privacy-protective Internet architecture would provide individuals with
assurance that communications and data will be technically protected from prying
eyes.
While there is much work to be done in the designing a privacy-
enhancing architecture, some substantial steps toward privacy protection have
occurred. Positive steps to leverage the power of technology to protect privacy
can be witnessed in efforts like the Anonymizer, Crowds, and Onion Routing that
shield individuals' identity during online interactions, and encryption tools
such as Pretty Good Privacy that allow individuals to protect their private
communications during transit. The World Wide Web Consortium's Platform for
Privacy Preferences ("P3P") is also a promising development. The P3P
specification will allow individuals to query Web sites for their policies on
handling personal information and to allow Web sites to easily respond. While
P3P does not drive the specific practices, it is a standard designed to drive
openness about information practices to encourage Web sites to post privacy
policies and to provide individuals with a simple automated method to make
informed decisions. Through settings on their Web browsers, or through other
software programs, users will be able to exercise greater control over the use
of their personal information.
Technologies must be a central part of our
privacy protection framework, for they can provide protection across the global
and decentralized Internet where law or self-regulation alone may prove
insufficient.
B. Protecting the Privacy of Communications and Information
Increasingly, our most important records are not "papers" in our "houses"
but "bytes" stored electronically at distant "virtual" locations for indefinite
periods of time and held by third parties. The Internet, and digital technology
generally, accelerate the collection of information about individuals' actions
and communications. Our communications, rather than disappearing, are captured
and stored on servers controlled by third parties. Daily interactions such as
our choice of articles at a news Web site, our search and purchase of an airline
ticket, and our use of an online date book to manage our schedule such as
Yahoo's calendar leave detailed information in the hands of third-parties. With
the rise of networking and the reduction of physical boundaries for privacy, we
must ensure that privacy protections apply regardless of where information is
stored.
Under our existing law, there are now essentially four legal
regimes for access to electronic data: 1) the traditional Fourth Amendment
standard for records stored on an individual's hard drive or floppy disks; 2)
the Title III-Electronic Communications Privacy Act standard for records in
transmission; 3) the standard for business records held by third parties,
available on a mere subpoena to the third party with no notice to the individual
subject of the record; and 4) a statutory standard allowing subpoena access and
delayed notice for records stored on a remote server such as the diary of a
student stored on a university server, or personal correspondence.
As the
third and fourth categories of records expand because the wealth of
transactional data collected in the private sector grows and people find it more
convenient to store records remotely, the legal ambiguity and lack of strong
protection grows more significant and poses grave threats to privacy in the
digital environment.
While Congress took the first small step towards
recognizing the changing nature of transactional data with amendments to the
Electronic Communications Privacy Act enacted as part of the Communications
Assistance for Law Enforcement Act of 1994 ("CALEA"), the increase in
transactional data and the increasing detail it reveals about individuals' lives
suggests that these changes are insufficient to protect privacy.
Moreover,
the Electronic Communications Privacy Act must be updated to provide a
consistent level of protection to communications and information regardless of
where they are stored and how long they have been kept. Technologies that invite
us to live online will quickly create a pool of personal data with the capacity
to reveal an individual's travels, thoughts, purchases, associations, and
communications. We must raise the legal protections afforded to this growing
detailed data regardless of where it resides on the network.
C. Establish
Rules That Give Individuals Control Over Personal Information During Commercial
Interactions
We must adopt enforceable standards, both self-regulatory and
regulatory, to ensure that information provided for one purpose is not used or
redisclosed for other purposes without the individual's consent. All such
efforts should focus on the Code of Fair Information Practices developed by the
Department of Health, Education and Welfare in 1973. The challenge of
implementing privacy practices on the Internet is ensuring that they build upon
the medium's real-time and interactive nature to foster privacy and that they do
not unintentionally impede other beneficial aspects of the medium.
Historically, for privacy legislation to be successful, it must garner the
support of at least a section of the industry. To do so, it must build upon the
work of some industry members--typically binding bad actors to the rules being
followed by industry leaders or be critically tied to the viability of a
business service or product as with the Video Privacy Protection Act and the
Electronic Communications Privacy Act.
Today, the dialogue over assuring
privacy on the Internet and in electronic commerce is well situated for a
successful legislative effort. Consensus exists around at least four general
principles: notice of data practices; individual control over the secondary use
of data; access to personal information; and, security for data. However, the
specifics of their implementation and the remedies for their violation are just
beginning to be explored by all interested parties. When is information
identifiable? How is it accessed? How do we create meaningful and proportionate
remedies that address the disclosure of sensitive medical information as well as
the disclosure of inaccurate marketing data? These hard issues must be more
fully resolved before the policy process will successfully move forward. The
leadership of Internet-savvy members of this Committee and others will be
critical if we are to provide workable privacy protections for the Internet.
D. A Privacy Protection Entity to Provide Expertise and Institutional
Memory, a Forum for Privacy Research, and a Source of Policy Recommendations on
Privacy Issues
The work outlined above, and the state of privacy today, all
weighs in favor of creating a privacy entity within the federal government. The
existing approach has hindered the development of Sound policy and failed to
keep pace with changes in technology. While we are pleased with the
Administration's recent appointment of Peter Swire to the Office of Information
and Regulatory Affairs as the federal "privacy czar," we believe that OIRA is
incapable, due to institutional constraints and a lack of autonomy, of
addressing several key privacy issues. The United States needs an independent
voice empowered with the scope, expertise, and authority to guide public policy.
Such an entity has important roles to play on both domestic and international
fronts. It would serve as the foram for collaboration with other governments,
the public interest community, and the business community.
V. Conclusion
No doubt, privacy on the Internet is in a fragile state. However, there is
new hope for its resuscitation. There is a special need now for dialogue.
Providing a web of privacy protection to data and communications as they flow
along networks requires a unique combination of tools--legal, policy, technical,
and self-regulatory. Cooperation among the business community and the nonprofit
community is crucial. Whether it is setting limits on government access to
personal information, ensuring that a new technology protects privacy, or
developing legislation--none will happen without a foram for discussion, debate,
and deliberation. We thank the Committee for providing this initial forum and
look forward to working with the members and staff and other interested parties
to foster privacy protections for the Digital Age.
END
LOAD-DATE: April 22, 1999