Source
Automatically imported from: http://commons.somewhere.com:80/rre/1996/Inside.the.Beltway.The.P.html
Content
This web service brought to you by Somewhere.Com, LLC.
Inside the Beltway: The Politics of Privacy
``` [Privacy policy in the United States is falling behind the rest of the industrial world and heading for disaster. It's time to mobilize to ridicule and reject "volunary" privacy regulations. Details below. The situation is simple: if it's your information then it's their responsibility to ensure that it's used in ways that you approve of. This article is adapted from one that appeared in the Fall 1995 issue of Government Information Insider.]
---
This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, send an empty message to rre-help@weber.ucsd.edu
---
Date: 12 Feb 1996 17:48:26 -0500
From: "Marc Rotenberg"
[...]
INSIDE THE BELTWAY: THE POLITICS OF PRIVACY Marc Rotenberg Electronic Privacy Information Center
As public concern about privacy grows, the Clinton administration and various trade groups in Washington, DC continue to sing "Don't worry, be happy," but a better song for government officials working the privacy issue might be that country western hit "You can't roller skate in a buffalo herd."
The administration has developed several sets of standards for privacy protection -- each one drafted with the approval of industry, and each one completely unenforceable. It is a strategy intended to avoid real safeguards for consumers and serious inquiry into industry practices.
First, came the draft code developed by the Office of Management and Budget after the key representative at the US Office of Consumer Affairs left the task force working on privacy safeguards to join American Express. That initial draft moved the privacy issue sharply from consumer protection to industry accommodation. Whereas Codes of Fair Information Practice -- a generic term for privacy codes of conduct -- had always placed responsibilities on data collectors (business and government) to protect privacy and given individuals rights of access and correction, this new Code turned the tables. Now, the responsibility fell on consumers to find out about abusive record-keeping practices and the misuse of personal data. This approach is sharply at odds with standards that would restrict the misuse of personal data or provide legal incentives to pursue claims.
Then instead of simply rejected the initial OMB draft, as consumers organizations and privacy groups had urged, both the National Information Infrastructure Advisory Council and the National Telecommunication and Information Administration continued the game. Each group in turn recommending is own code of practice. Each code placing more burdens on consumers and users of new on-lines services and fewer responsibilities on companies and organizations that collect personal data. Both proposals emphasized notice provisions which make little sense in an industry where the sale of marketing lists occurs between large organizations without the participation or control of consumers whose data is sold. Since consumer are not party to the actual sale of their data, their is no real opportunity to know how the information will be used. Notice provisions only make sense in contexts like food labelling and cigarrette warnings were consumers who exercise market power are able to act on the information disclosed. No such opportunity arises with the collection and sale of personal data.
The NTIA also ignored calls to investigate industry practices, to explore options pursued in other countries, or even the question of enforcement for whatever standards may be adopted. The NTIA approach contrasted sharply with the outcome with similar agencies in other countries, such as the Ministry of Post an Telecommunications in Japan or the Canadian Standards Association, which have both pushed for enforceable legal rights for new on-line services.
The last act in what is clearly becoming bad drama came recently when the Federal Trade Commission announced that it too would pursue a voluntary code of conduct to protect privacy. Even as the national papers ran front-pages stories about the $600 billion direct marketing industry acting without accountability, FTC commissioners said sincerely that the Commission would pursue voluntary standards until they were shown not to work. Throughout the hearings, representatives of industry and direct marketing smiled as they have throughout this process, knowing that without enforceable legal rights consumers will have little opportunity to press privacy claims in the information age.
Just to be clear, there is no question that the White House can act with force in the privacy arena when it chooses to do so. It simply acts in the wrong way. The Clinton administration tried to push forward the Clipper encryption scheme until it ran into the brick wall that is the Internet user community and the fierce devotion to privacy. It did manage, with the help of some embarrassing lobbying, to push a wiretap bill to require the extension of surveillance to new communications technologies. But the cost of the proposal is so great and the implementation of the measure so impractical, that the prospects for going forward with the national wiretap plan, fortunately, continue to fade.
But if Washington continues to fumble the privacy issue, many states and other countries have been aggressively picking up the ball.
This past year the Europeans adopted a comprehensive privacy directive to protect the flow of personal information within the European Union. Although the US direct marketing association and its allies lobbied hard against the measure, a firm structure for data protection is now in place. The implications for the United States are interesting. Since the US lacks complementary safeguards in many sectors, some US companies may be unable to do business in Europe and European privacy officials may restrict the flow of personal data to the United States because of inadequate consumer protection. An interesting twist on the old NAFTA problem.
The Europeans are also pursuing technical solutions to privacy protection. David Chaum, a noted cryptographer, won the highest European award for technical achievement last month for the Digicash system, which is now being deployed for everything from on-line payments to highway toll systems.
Canada has also made important strides in the past year. New legislation to protect the privacy of records held by commercial firms is under consideration in the provinces and at the federal level. Even the Canadian Direct Marketing Association has called for enforceable legal privacy rights, noting not surprisingly, that without a clear legal framework in place, companies that want to protect consumer privacy will not be able to compete effectively with companies that do not. (In fact, America Online made a similar admission last year when it explained the sale of its customer database by saying that it could not otherwise compete with other on-line service providers).
The states are also make good progress on privacy issues, pursuing more protections for personal information, limitations on the misuses of the Social Security Number, and sharp controls on the Caller ID service. The last development is particularly interesting because Caller ID represents a textbook example of a new consumer service that collapses once the privacy implications are uncovered. A better mechanism in Washington for evaluating services like Caller ID could have produced an outcome more favorable to both consumers and telecommunication service providers.
So, the question that could well be asked is why is Washington so out of touch on the privacy issue?
1. Privacy is a classic public interest issue. Support is wide but thin. Opponents of privacy measures are counting on the difficulty in organizing the public to oppose egregious industry practices. But the recent furor on the Internet with Clipper and the FBI wiretap bill, and the growing opposition to the unregulated sale of personal data, may change the politics of this issue dramatically.
2. Washington lobbyists are writing the scripts for government officials. Much of the materials that is coming out of Washington today from administration officials is being spoon-fed by industry. It is hard to find an original statement or concern voiced by any officials at OMB, NTIA, or the FTC. The process contrasts sharply with the experience in other countries and also the US's own experience with the development of the original Code of Fair Information Practices back in 1973. Then there was no question that officials had a responsibility to protect the public interest and to call for sharp controls on bad practices by both industry and government.
3. The public and the press are still not fully aware of the practices in the direct marketing industry or the consequences for the development of the Internet if strong safeguards are not put in place. A recent CNN segment focused on the Donnelley corporation's sale of personal data about young children through through 900 telephone number service. Personal information on young children is routinely sold by marketing firms. Couple this data with interactive television services, and marketers and advertisers will quickly know more about the preferences of children than will the childrens' own parents. That issue, as much as any, is likely to lead to significant reforms in the industry.
Indeed, the prospects for comprehensive privacy reform are not so bleak. Polling data shows strong support for much stronger privacy safeguards. A recent Yankelovich survey found that 90% of consumers favored enforceable legal rights against companies that invade privacy. This matches a 1991 Time/CNN poll which found that 93% of the American public believed that companies should not sell data without express permission.
Support is growing also for the "opt-in" approach, which would give consumers more control over personal data but is vigorously opposed by the direct marketing industry. As USA Today said in a recent editorial "opt-in does not trample on anyone's rights. Consumers can still get their catalogs and other direct-mail pitches by checking a box or clicking a mouse. Companies can still get data for marketing by asking for it. It would cause some inconvenience for businesses, which face increased costs to persuade customers to give up their privacy. But who should bear the burden: the businesses that glean the profit or the consumers whose information is sold?"
In the same editorial, USA Today also faulted the voluntary approach championed by the White House saying that "while voluntary compliance might be preferable in an ideal world, it's not likely to work in the real world. The reality is that the absence of government prodding has resulted in too many companies doing too little to protect consumers' privacy rights." (October 24, 1995).
The staid Economist has also joined the call for an enforceable privacy rights, saying that "there is little reason to suppose that market- driven practices will be enough to protect privacy." (February 10, 1996).
Even these polls and editorials do not reflect the level of concern on the Internet today. Web users feel strongly about privacy and are savvy political organizers. Privacy will simply become more politicized as time passes.
Still, Washington policy makers are hoping to avoid a confrontation with powerful industry groups on the privacy issue. But by ignoring public concern, the White House has placed itself squarely on the wrong side of the privacy issues. And if the positions don't change soon, people may start singing "Thank God and Greyhound they're gone."
---
More information about privacy is available from the Electronic Privacy Information Center (http://www.epic.org/) ```
This web service brought to you by Somewhere.Com, LLC.