| |||
April 15, 1997
Secretary
Federal Trade Commission
Room H-159
Sixth Street & Pennsylvania Ave., NW
Washington, DC 20580
Re: Data Base Study -- Comment P974806
and
Re: Data Base Study -- Request to Participate P974806
The Center for Democracy and Technology (CDT) submits these comments
and requests to participate in the Federal Trade Commission's
upcoming Public Workshop on Consumer Information Privacy, Session
one: Data Base Study.
CDT is a non-profit, public interest organization working to protect
and advance civil liberties and democratic values on the Internet.
One of our core goals is to develop a privacy framework for the
Internet. Towards this end, CDT is working to develop and implement
fair information principles and technical tools that foster individual
control over personal information on the Internet.
The emerging global information infrastructure poses both difficult
challenges and unique opportunities for protecting individual
privacy. CDT believes that new technologies can be designed to
enable citizens to exercise greater control over the collection
and use of personal information. Through the development and implementation
of strong privacy policies, and the design and implementation
of technological mechanisms that facilitate individual choice,
we believe that interactive digital media can empower citizens
to make meaningful decisions about the flow of personal information.
Today the impact of interactive media on individual privacy remains
unclear. Recent public concern with the Social Security Administration's
web site designed to provide individuals access to their own earnings
and benefits statements highlights the consequences of failing
to adequately address privacy and security concerns. If we fail
to address the privacy issues that arise with this new technology
we may undermine its roles as communication medium, information
source, and global marketplace of ideas and products. The temporary
closing of the SSA's web site should serve as a wake-up call to
those handling personal information -- privacy is on the public's
mind. We urge you to consider the privacy implications of "look-up
services" within the context of the growing global information
infrastructure.
| CDT's Response to Specific Questions Individual Control |
1.5 Do the data bases contain identifying information that
consumers regard as sensitive? What identifying information is
considered to be sensitive? Why is such information regarded as
sensitive?
1.6 Do the data bases contain identifying information that
consumers regard as non-sensitive? What identifying information
is considered to be non-sensitive? Why is such information regarded
as non-sensitive?
1.13 What means might be considered in the future to address
any risks posed by these data bases?
1.15 Are consumers' privacy interests implicated by the collection,
compilation, sale and use of information from these data bases?
The Code of Fair Information Principles, developed by the Department
of Health Education and Welfare in 1973 and published in the Report
of the Secretary's Advisory Committee on Automated Personal Data
Systems1 provides the
intellectual and structural basis of existing privacy laws and
policies in the US While there have been efforts to codify the
fair information practices through statute, regulations, and industry
guidelines, the results have generally fallen far short of the
desired goal of privacy advocates -- to have individuals control
the collection, use, and disclosure of personal information.2
The basic principles of the 1973 Code, as published in the Advisory
Committee's Report, are:
The Code of Fair Information Practices and other general policies
and laws dealing with privacy and personal data generally avoid
labeling certain data as sensitive. The goal of privacy policies
and data protection laws -- protecting the individuals privacy
interests -- is best supported by policies that let individuals
decide for themselves which personal information is sensitive.
It is through facilitating individual decisions over the use and
disclosure of personal information that public policy can best
serve the privacy interest of the individual.
A number of reasons argue for policies that facilitate control.
The perceived sensitivity of a given piece of information will
vary based on a number of factors such as, the individual involved
and the context or purpose in question. Individuals have extremely
varied privacy interests. For example, a telephone number can
be very sensitive to someone who is experiencing harassing phone
calls, is being stalked, or is in a high-profile or public position
(police officers, government officials, media stars). On the other
hand many individuals find the publication of their phone number
in the white pages to be a useful method of enabling friends and
others to contact them. People in each position should be able
to set their privacy expectation.
Similarly, the same individual may have different privacy concerns
with a single piece of information depending on the context or
the purpose. For example, an individual may be perfectly happy
to share information about their income when applying for a bank
loan, but would not offer that information to a company for the
purposes of direct marketing. Finally the same piece of information
may raise different concerns at different times in an individuals
life. For example, as people age they often become less willing
to reveal their age to others.
What this points to is the difficulty of arriving at a single
definition of "sensitive information."
The existence of many "look-up services" depends upon
a violation of Fair Information Principle #5:
The lack of attention to this core principle of fair information
practice undermines individual privacy.
CDT suggests that the FTC structure this study around the Fair
Information Practice Principles, focusing on the implementation
of the basic principle that:
The recently passed rules governing Customer Proprietary Network
Information that require customer consent prior to a companies
use of calling pattern information, offer one example of this
principle in practice.
| CDT's Response to Specific Questions Fraud and Privacy |
1.10 Do these data bases create an undue potential for theft
of consumers' credit identities? How is such potential for theft
created? What is the extent to which these data bases (as opposed
to other means) contribute to consumer identity theft? Is this
likely to change in the future?
The nexus between the availability of personal information and
vulnerability to fraud has been remarked upon by courts, policy-makers,
and victims alike.3
In particular, the widespread use of the Social Security Number
as an identifier by both the private and public sectors continues
to raise concerns. As the most frequently used identifier, the
Social Security Number acts as a key to numerous public and private
systems of records.
The availability of an individual's Social Security Number from
various sources such as department of motor vehicle records and
"credit headers" provides would be thieves with access
to the "key" needed to unlocked a wealth of personal
data in both public and private sector data systems. As one Court
noted:
As the court noted later in its opinion, the release of Social
Security Numbers creates "high potential for fraud and victimization."
[ 5 ] Another Court went
further -- linking the availability of social security numbers
directly to financial fraud -- stating:
Congressional interest in this issue was piqued by the recent
revelation that both Lexis-Nexis and Westlaw were making credit
header information -- obtained from Trans Union -- available on
millions of individuals, to anyone willing to pay the fee. In
the wake of deep public concern a number of members of Congress
requested the FTC to examine this issue. [ 7 ]
Despite the role that availability of social security numbers
plays in undermining privacy and facilitating fraud, the disclosure
of "credit header information" -- which includes the
individual's name, address, prior addresses, social security numbers,
and phone numbers -- is not regulated by the Fair Credit Reporting
Act of 1970. The availability of this information directly from
Credit Bureaus and through other entities who purchase and repackage
it, such as "look-up services", has led to heightened
risks to consumer privacy and unnecessary exposure of both individuals
and financial institutions to increased risk of fraud. The invasions
of privacy and the risk of both individual and institutional fraud
are compelling reasons to revisit the issue of what information
should be considered part of the "credit report" and
governed by the permissible purpose rules of the FCRA.
The advent of the Internet and other interactive communications
media may have interesting consequences for those who provide
"look-up services." As "look-up services"
are advertised and in limited instances offered via the Internet
the public is becoming alarmed at the ability of companies with
whom they have never interacted to sell personal information about
individuals without the individuals consent or knowledge. The
public ire directed at Lexis-Nexis after an email about its service
P-Trak -- a "look-up service" built with "credit
header" information -- including social security numbers
-- is evidence of growing public concern.
As information about the current practices of collecting and using
personal information trickles out in news stories and in on-line
discussion groups public concern with privacy continues to escalate.
A recent survey revealed that 83% of Americans are very concerned
about their privacy. This number has increased steadily over the
years. A finding of even greater importance in our "Interactive
Age," is that the publics' concern with privacy reaches new
heights when computerization is mentioned. The public's concern
is well placed. There are significant new challenges to protecting
privacy online. The ability to directly connect to "look-up
services" via the Internet is likely to increase there use.
As is the ability to connect from home, office and other locations.
In addition this new medium is relatively inexpensive and is likely
to decrease the cost of accessing "Look-up services"
making them more attractive and affordable to those seeking information
about individuals.
As the Social Security Administration's recent experience indicates
-- providing security and protecting privacy on the Internet is
not an easy task. The lack of easy to use encryption products
that can both protect communications and data while in transit
and storage, and provide a useful tool for verifying or authenticating
individuals is undermining the development of useful services
on the Internet. Personal information -- be it SSA records, financial
transactions, or communications -- will remain unacceptably vulnerable
until strong encryption becomes a ubiquitous feature of the Internet.
| Conclusion |
CDT appreciates the opportunity to submit comments for this proceeding
and hopes to have the opportunity to participate in the Workshop
on this important privacy issue. Please contact us if we can be
of further assistance.
Sincerely,
Jerry Berman
Executive Director
Deirdre K. Mulligan
Staff Counsel
| Notes |
1.Due to the
lack of strong constitutional privacy protection, added emphasis
has been placed on federal and state statutory protections. While
statutory privacy protections for personal information have been
crafted on a sector by sector basis, many are based on the principles
set out in The Code of Fair Information Principles , published
in the Report of the Secretary's Advisory Committee on Automated
Personal Data Systems, Records, Computers and the Rights of
Citizens. US. Dept. of Health, Education & Welfare, July
1973.
2. Current
US privacy protections for personal information are incomplete
and scattered throughout case law, federal and state statutes,
and executive branch reports. See, The Privacy Act of 1974, 5
U.S.C. §552a(1974); The Computer Matching and Privacy Protection
Act of 1988, 5 U.S.C. 552a (1988); The Fair Credit Reporting Act,
15 U.S.C. § 1681 (1970); The Family Educational Rights and
Privacy Act, 20 U.S.C. §1232g(1974); Right to Financial Privacy
Act § 12 U.S.C. 3401 (1978); The Privacy Protection Act 42
U.S.C. §2000aa (1980) (prohibits the government from searching
press offices without a warrant); The Debt Collection Act 31 U.S.C.
§952 (1982) (requiring due process before an individuals
federal debt information is referred by an agency to a private
credit bureau); The Cable Communications Policy Act of 1984, 47
U.S.C §551 (1984); the Video Privacy Protection Act, 18 U.S.C.
§2710 (1988); The Electronic Communications Privacy Act of
1986, 18 U.S.C. §2510 et seq. (1986); Section 207 of the
Communications Assistance and Law Enforcement Act of 1994, providing
heightened protections for transactional data. Pub. L. No. 103414,
108 Stat 4279 (1994); and, Section 702 of the Telecommunications
Reform Act of 1995, "Privacy of Customer Information".
See also: Personal Privacy in an Information Society: The report
of the Privacy Protection Study Commission, Washington DC, 1977;
Privacy and Related Security Principles for the NII, Mega-Project
III of the National Information Infrastructure Advisory Council,
1995; and, the Principles for Providing and Using Personal
Information, Report of the Privacy Working Group of the Information
Infrastructure Task Force, October, 1995. While there is no definitive
case finding a constitutional right of information privacy, the
Supreme Court acknowledged that such a privacy right exists in
Whalen v. Roe.429 U.S. 589 (1977) (upholding a state statute that
required doctors to disclose information on individuals taking
certain highly addictive prescription drugs for inclusion on a
state database)
3. The Federal
Trade Commissions August, 1996 meeting on Consumer Identity Fraud
provided useful information on the relation between the availability
of personal information and credit card fraud.
4. State
Ex Rel. Beacon Journal Pub. v. Akron, 640 N.E. 2d, 164, 169
(Ohio 1994).
5. Id.
6. Greidinger
v. Davis, 988 F.2d 1344 , 1354 (4th Cir. 1993).