September 26, 1975
Page 30496
THE FEDERAL GOVERNMENT AND YOUR RIGHT TO PRIVACY
Mr. MUSKIE. Mr. President, a senior citizen receiving social security assistance receives a questionnaire from the Federal Government. It asks not only if she has sought outside work recently, but also what kinds of dreams she has and detailed questions about her religious beliefs.
A businessman in Maine with a growing family and new responsibilities applies for a new life insurance policy. Even though he is not required to undergo a physical examination, he is rejected on the basis of medical information obtained from a central data bank maintained on insurance applicants from all parts of the country.
An Army veteran is denied a job because his potential employer obtained erroneous information about him from a government file.
To one degree or another, the privacy of each of these Americans has been violated.
Beginning tomorrow, September 27, such incidents will hopefully become a thing of the past.
That is the day the new Privacy Act, passed by Congress in late 1974, goes into effect.
That landmark law, which I sponsored with former Senator Sam Ervin, is the first major legislation adopted by Congress which is aimed at the protection of personal privacy. It has been described by U.S. News & World Report as a "new weapon to fight the growing trend
of government to pry into people's private affairs."
That trend is awesome indeed. It has been estimated that all Federal agencies, combined have accumulated more than 1.3 billion records on American citizens — that is nearly six records for every person in this country. Thus we all have a stake in the success of the new law in reversing this dangerous trend.
Under the provisions of the new law, Federal agencies will have to list publicly all records systems on individuals — no longer will even the existence of such files be kept a secret.
By listing every system of records and by setting standards for the use and protection of personal information, hopefully we can for the first time get a handle on the massive paperwork bureaucracy which has sprung up around these records systems.
The law is further designed to reduce the amount of data which is being collected, and to restrict its use to official personnel only in the course of their duties.
In order to enforce this new law, most Americans will be able to obtain copies of their personal files which are held by Government agencies. If they find that the information in them is incorrect or outdated, they can ask that it be changed or removed. And there is an appeals process for resolving disagreements, which ultimately can go to the Federal courts.
Even if a citizen and an agency disagree about the information in his file, he may submit a statement giving his version of the information which the agency has objected to changing.
The Privacy Act is only a beginning. For one thing, its present provisions apply only to Government. Threats to personal privacy from the private sector — the credit, health care and banking industries just to name a few — will be the subject of study by the Privacy Protection Study Commission, established by the new law. Its recommendations will ultimately become the basis for an expanded law protecting the privacy of all of us, in every aspect of our daily lives.
Advances in the use of computers and other technological tools present unlimited opportunities for a better and more comfortable life for every American. They can be risky business, however. We must never allow our zeal for new information and new technology to outrun our ability to control their use, or we will have invited erosion of one of our most precious individual liberties.
Mr. President. I ask that a recent editorial from the Washington Post entitled "Focusing on Federal Files," an article from the September 22, 1975 Washington Star entitled, "Americans Worry over Growing Loss of Privacy," and an article in the September 22, 1975 U3. News and World Report, "Government Snooping — How to Fight Back," be printed in the RECORD.
There being no objection, the articles were ordered to be printed in the REC0RD, as follows:
[From the Washington Post, September 1975]
FOCUSING ON FEDERAL FILES
A new era in federal record keeping will officially begin Sept. 27 when the Privacy Act of 1974 goes into effect. The law gives citizens the right to inspect many kinds of government files about themselves, and sets down strict rules for the collection, use and exchange of information about individuals. The principles involved — accuracy, relevance, fairness and need-to-know — are elementary. But applying them to the great volume and variety of federal records has proved to be, as expected, quite a monumental task.
The part of the law that has generated the most work and grumbling in many agencies is the requirement for full disclosure of the nature of all files involving individuals. This provision, in effect an annual public inventory of the government's information stock, was enacted because Congress found that nobody knew the full extent of federal record keeping about citizens. Some agencies were maintaining secret files and concealing some abusive practices from Congress and the public. The broader difficulty, however, was simply that the government's data demands had grown so fast, and had been answered in so many uncoordinated ways, that not even the agencies themselves had a firm grasp of all their information practices.
The inventory is now nearing completion. The results are staggering, to put it mildly, even to those who have long suspected that the government has a file on everything. So far, over 8,000 records systems have been summarized in fat volumes of the Federal Register totaling 8,100 pages and more. The entries range from the controversial to the commonplace. There are listings for the sensitive files of the Defense Investigative Service; for records of the participants in National Security Council meetings since Jan. 20, 1969 (classified "SECRET"); for HEW's roster of licensed dental hygienists; for the Agriculture Department's list of people interested in forestry news, and for the Export-Import Bank's roster of employees who want parking spaces. There are outlines of huge computerized networks such as the Air Force's Advanced Personnel Data System, summarized in 11 columns of small print; there are earnest entries for little lists such as the key personnel telephone directory of the Administrative Office, Assistant Secretary of Defense (Intelligence) — a roster kept, according to the Aug. 18 Federal Register (Part II, section 1, page 35379), on "8 x 10½ Xerox plain bond sheets."
The huge pile of records of records and lists of lists may seem to reach new heights of regulatory overkill. Indeed, there are bound to be jokes and complaints about the agencies that keep so many files — and about the Congress that required such detailed, indiscriminate reports. But such an inventory, however tedious to prepare — and however trivial parts of it may be — is a useful and necessary step. For the first time, the awesome range of government records has been catalogued. For the first time, all agencies have been compelled to define what they collect on individuals, how the materials are used, who has responsibility for what, and which records, primarily in law enforcement fields, are so sensitive that they should be withheld from inspection by the citizens involved.
The catalogs and related agency regulations merit scrutiny on a number of grounds. Many citizens will no doubt want to inspect various records on themselves. Congressional committees and interested groups in many fields may wish to challenge some uses of data and some exceptions from disclosure, notably the extensive withholding proposed by the Justice Department on law enforcement grounds. Congress may now be able to sharpen the focus of the Privacy Act and modify the reporting requirements for mundane records systems such as internal telephone lists. And federal administrators, given some time to review their reports, may well start questioning some of their offices' data collecting practices and weeding out their files.
Indeed, it is quite possible that some bureaucrats, faced with the choice of cataloguing marginal or redundant files, may have already employed a very unbureaucratic strategy: throwing some records out. If that has happened even in one agency, the Privacy Act has already done some good.
[From the Washington Star, Sept. 22, 1975]
AMERICANS WORRY OVER GROWING LOSS OF PRIVACY
(By Mary Ann Kuhn)
To a mother in the Washington suburbs, privacy is the right to be left alone when her baby is quiet. Several months ago, a neighbor called police when she didn't hear the woman's baby crying as usual. Two officers came to the woman's door, checked the baby for possible child abuse, found none, and left. But the woman worries there may be a record of the incident stored somewhere, questioning her fitness as a parent.
To a 28-year-old Reston man, privacy is the right to register to vote without having to disclose his Social Security number, a requirement in Virginia.
To a Montgomery County woman, privacy is the right to go through a pregnancy without diaper companies phoning daily to inquire if she's interested in their services. "How do you know I'm pregnant," she asked one such caller. "I haven't even announced it yet. My doctor just told me yesterday."
To a Falls Church man, privacy is the right to buy a home without representatives from homeowners' insurance companies bombarding him with calls and letters and salesmen at the door trying to sell storm windows.
Americans frequently complain that they have about as much privacy as a goldfish in a glass bowl. And although that expression has been around since at least 1904 when a Scottish writer named Hector Hugh Munro wrote it in a short story, it is even more apropos today.
A growing number of persons in this country feel they are losing their grip on personal privacy and are seeking ways to protect whatever is left of it in a record keeping, number oriented, increasingly computerized plastic card society that has been called by one Harvard University professor, "a nation of datamaniacs."
There is the worry expressed by some about information being a source of power, of an individual being made something by the information collected about him rather than what he is.
Concern over actual and potential invasions of privacy gathered momentum on Capitol Hill and elsewhere during the past 10 years. More than 200 privacy bills were introduced in the last Congress, more than 60 in this one. Five years ago, Congress enacted the Fair Credit Reporting Act giving an individual the right to be informed of the nature and substance of information in his credit file. Last year, Congress passed legislation giving college students and the parents of younger students the right to inspect their school records.
There was a growing public awareness of the increasing use of data collecting and the use of the computer as a record keeping tool, both in the public and private sector. Suspicion and fear grew, too, over the computer's potential for abuse — for example, of linking information about an individual from one data bank to another.
Agencies and organizations became involved — ranging from the National Bureau of Standards, which has sponsored workshops on privacy protection in the private sector, to the American Medical Association, which devoted most of an entire issue of its monthly Prism magazine last year to privacy, data collecting and medicine.
Other countries saw the need for privacy protection. In Sweden, where a National Data Protection Act was passed in 1973 — setting up a board of nine members — no data bank can operate without a license.
While this concern was growing over what happens to records kept on individuals, who has access to them and what purposes they are used for, two things happened.
The Privacy Act of 1974 was passed by Congress in December and hailed by Rep. William S. Moorhead, D-Pa., as the first "comprehensive federal privacy law since the adoption of the 4th Amendment" and by Rep. Edward I. Koch, D-N.Y., an original sponsor of the legislation, as a "monumental breakthrough in the field of personal privacy," although it was still "far from perfect."
The law takes effect this Saturday and is designed to protect persons from invasions of privacy by the federal government. Under the law, individuals will be allowed for the first time to inspect information about themselves contained in agency files and to challenge, correct or amend the material. However, such records as law enforcement, CIA, Secret Service and certain other government records are exempt from disclosure.
Where the Privacy Act stops — in the government sector — the Privacy Protection Study Commission picks up — in the private sector. That was the second move toward protecting individual privacy rights — the creation, under the act, of a seven-member commission, equipped with subpoena power and a budget of $1.5 million to examine for two years privacy issues not included in the act. It is the first commission of its kind to focus primarily on possible invasions of privacy in the private sector although it has authority to look into invasions of privacy by government, too.
David F. Linowes, chairman of the commission, said its purpose is "to find out whether there is a justified concern that privacy is invaded and, if so, take it at this timely point in history and install safeguards. Our investigation is not limited to just computer invasion of privacy but manual (record keeping) too."
"Computers have reached the sophistication today that the major thrust of the computer industry — the fastest selling part — is the data bank to data bank linkage or core-to-core Protege which means you can tie together information in various data banks and retrieve it in a matter of seconds," said Linowes in a recent interview.
"This can impose the kind of erosion of a person's privacy which tracks him through life, from the time he is born, where he goes to school, where he travels. This, in the wrong hands can give us a 1984 society — a society where blackmail can be used to dominate the lives of individuals.
"We know it's possible to have this kind of universal linkage from computer to computer," said Linowes, an international management consultant, certified public accountant and author. "Our hearings will bring out whether they are in effect now."
The commission is gearing up now for hearings they plan to hold here and across the country beginning in the next several weeks on topics ranging from credit cards to use of the Social Security number as a so-called universal identifier.
The commission plans to call to the hearings representatives of large companies, for instance, who maintain dossiers on individuals who seek credit through credit cards, said Linowes.
"We'll be calling representatives of hotel reservation units. How long do they keep their information? The same with airlines. For example, who do they make it available to when asked if a person is on a particular flight?"
Linowes said the commission "is very anxious to have representatives of the general public" come to the hearings. He said he wants to hear from "anybody who feels his rights of privacy have been invaded.
"I think it is very important for us to hear from individuals and industry and the American Civil Liberties Union as well as any other public interest groups," he said.
The law says that the commission is to study data banks, automated data processing programs, and information systems of governmental, regional and private organizations to determine the standards and procedures in force for the protection of personal information and make whatever recommendations to Congress and the President that are necessary to "protect the privacy of individuals while meeting the legitimate needs of government and society for information."
Specifically, the commission has authority to examine many areas, including the following, according to commission chairman Linowes:
Employment and personnel records. Is all the information necessary? What happens to information in these files? Is it sold to others without permission?
Credit cards. Is the information requested by credit card companies from prospective card holders necessary? Again, is this information sold? Can the data be corrected by an individual?
Medical records. Do hospitals and physicians violate privacy when they pass along the medical history of a patient? When they allow interns to examine individual records, without knowledge of a patient?
Newspapers. What happens to material accumulated in newspaper "morgues?" Who has access? When does freedom of the press and the right of privacy conflict?
Hotel reservations. How long do hotels keep reservation records? Who has access to them?
Mailing lists. Should companies have a right to sell lists of individuals? Should an individual have a right to have his name removed?
Insurance companies. What do they do with their information? Do their salesmen have access to it? Do they verify information furnished them by third persons? How?
Unions’ records. Why should they maintain personal files?
The commission, which began its two year term on June 10, also has the authority to analyze the use of Social Security numbers, license plate numbers, universal identifiers, and other symbols to identify individuals in data banks.
At a recent meeting, the commission members agreed on four areas it would hold hearings on first: credit cards, travel and hotel reservation systems; mailing lists; the use of the Social Security number as a universal identifier, and the transfer of Internal Revenue Service data to state and local governments.
Three of the commission members were appointed by the President, two by the president pro tempore of the Senate and two by the speaker of the House. The members decided to give first priority to the private sector "because very little has been done — practically no hearings have been undertaken in the private sector," said Linowes.
In addition to Linowes, the six other commission members are: Willis H. Ware, a member of the corporate research staff at the Rand Corporation; William O. Haney, executive vice president of Aetna Life and Casualty Co.; William B. Dickinson, retired managing and executive editor of the Philadelphia Bulletin; Rep. Barry Goldwater Jr., R-Calif.; Rep. Edward I. Koch, D-N.Y., and Minnesota State Sen. Robert J. Tennessen. Carole W. Parsons is the commission's executive director and Ronald L. Plesser is the general counsel to the commission.
Privacy means different things to different people at different times in their lives. It can be elusive and at the same time obvious.
To Justice Louis D. Brandeis, who defined it in a 1928 opinion, privacy is "the right to be let alone — the most comprehensive of rights, and the right most valued by civilized men."
Actress Katherine Hepburn wrote in the Virginia Law Weekly 10 years ago: "The greatest 'bugaboo' against privacy is insurance — you can be protected against anything, but for it you must sacrifice your privacy. Privacy in the sense that it was used 30 years ago has almost ceased to exist — the individual has become a pretty well documented punch card."
Columbia University Professor Alan Westin defines privacy as "the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others."
And Robert Ellis Smith, a lawyer and publisher of the newsletter "Privacy Journal" — an independent monthly on privacy in a computer age — says privacy is "the right to control one's own destiny and in this modern world, that means controlling information about oneself.
"People sometimes think they have nothing to hide. That is true. But through the use of computers, perfectly innocuous personal information can be used for another purpose without your knowledge and to your detriment."
(From the U.S. News and World Report, Sept. 22, 1975)
GOVERNMENT SNOOPING — HOW TO FIGHT BACK
DOES THE GOVERNMENT HAVE A SECRET FILE ON YOU? THE NEW PRIVACY ACT LETS YOU FIND OUT — AND GIVES YOU WEAPONS TO PROTECT YOUR PERSONAL AFFAIRS
Americans are now being armed with a new weapon to fight the growing trend of government to pry into their private affairs.
And it is the Federal Government itself — prodded by a rising chorus of public concern over the issue — that is supplying the weapon.
The Privacy Act of 1974, signed by President Ford last December, goes into effect September 27 — with many details still to be worked out.
Millions of words have been printed in the Federal Register as the various Government departments and agencies set out the procedures they will follow to make a private citizen's life more private than it has been.
U.S. News & World Report went to numerous experts to compile the following facts on the rules that will touch practically every American.
What is the aim of the new law?
One authority puts it this way:
"The Federal Government has gone too far in collecting personal data, data that goes beyond what is absolutely necessary, and this creates the danger of misuse or the potential of building up dossiers. The object of the law is to reduce the amount of information to be collected and to reduce the flow of information between agencies."
How much information has been collected? No one knows precisely. The 100 or so federal departments and agencies are estimated to have substantially more than 1.3 billion records that focus on the lives of nearly every citizen.
All the big agencies, such as the Departments of Defense and of Health, Education and Welfare, have "multitudinous" systems. The Defense Department has at least 2,000 separate filing systems. Some reports once put them at 5,000, or even more. No one, not even the President, knows exactly how many filing systems there have been in the Federal Government.
Is one object of the Act to cut down on the number of these filing systems?
Yes. The aim is to "junk" as many systems — some secret — as possible. But the Act has other objectives, too.
For one thing, it's the intention of the Act to ban all secret filing systems throughout the Government.
The law also calls for a halt in collecting personal information that has no relevance to the job that a department or agency is set up to do.
In collecting new data, there will be more emphasis on getting it directly from the individual rather than depending on outside sources.
Further, departments and agencies must restrict the information on individual Americans that they pass out to each other, and records of such transfers of data must be maintained.
As a rule, only specific answers to specific questions will be forwarded from a person's file — not, as sometimes occurs at present — the entire file.
On occasion, even the individual's permission will have to be obtained before personal information can be transferred from one agency to another. Thus, if a Government hospital wishes to use some personal data for research, it will have to contact the person involved.
How can a citizen be sure that this law is being carried out?
Most Americans will be permitted to secure copies of their personal files that the various Government agencies will continue to maintain. The Federal Government will print a booklet in December, for public sale, listing where citizens can write to obtain information on file.
Some officials feel the Government will be deluged by millions of requests from those who want to see what Washington has to say about them.
Are there no restrictions on what an individual will be permitted to see in his or her personal files?
There are some restrictions. For example, material that concerns other individuals will not be released.
Files used for law enforcement purposes are generally exempt from release to an individual.
Among other restrictions is one prohibiting release of files evaluating the work of members of the military. Also, if the Federal Government is preparing a lawsuit against an individual, there will be restrictions.
But generally a citizen will be able to secure copies of files that pertain directly to him.
How about the files maintained by the Central Intelligence Agency, the Federal Bureau of Investigation, the Secret Service and other agencies handling intelligence matters?
The law leaves it up to those agencies to determine what information and how much of it can be released to individuals. For example, information that would compromise the security of the President would not be released.
But final decisions on what data can be given to citizens have not been determined. Experts on the law report that there seems to be a conflict, or at least significant differences, between the access provisions of the Privacy Act and the Freedom of Information Law, which also provides for access to Government information.
Will Americans be able to read what others — such as bosses, friends, neighbors — say about them in personal files?
Yes. Even the names of informants will be revealed if the data was not given to the Government in confidence. Experts foresee the possibility, however, that even if the information was given in confidence, an individual sometimes will be able to recognize informants by reading his flies.
What if an individual comes across material he or she feels is incorrect or extraneous?
He may petition the agency to have it removed from his files. If the agency objects, he can take his demands to higher authority — and if that fails he or his lawyer can write an amended version of the information he considers faulty and have that also placed as a permanent part of all his files.
Can an individual go to the courts to have disputed material removed from his files?
Yes. If the person is turned down by the agency, he can sue. The burden of proof that the data is correct and necessary will be borne by the agency. If the agency loses the case, the material under question will be destroyed. Should it be proved that the agency was "willfully maintaining" false material to the detriment of a person, the plaintiff will be awarded at least $1,000, plus court costs.
In the future, can people refuse to answer questions, claiming that the Government does not need the information?
Many do that now, but the new law gives them additional legal weapons. In the future, an agency asking questions must make sure that the individual knows what information is mandatory and what information is voluntary. Any data elicited that an agency considers mandatory must be backed up by law.
What's the practical effect?
Government questionnaires are now likely to be shorter and more to the point. Some of the questions on passport applications may be deleted. There will be less frequent use of Social Security numbers on Government documents.
Are there any inherent dangers in the new law?
Some authorities fear that criminals may be able to get critical information expunged from their federal files. There is also concern that, as agencies will be subject to lawsuits if they trespass on personal rights of individuals in gathering information, some people will find it easier to qualify for welfare and other Government services.
How will the new law affect States, localities and private institutions that gather information?
The new law is generally restricted to the Federal Government. State and local governments, however, will be subject to restrictions on the use of Social Security numbers.
Private organizations that maintain personal records for the Federal Government under grant or contact will be expected to follow the new standards in dealing with the public. If this is not done, the federal agency contracting with the private organization could have a flock of lawsuits on its hands.
Authorities also make this point:
After the Federal Government has had some experience with the new law, a pattern will be set which will have an impact on informational requirements by all those outside Government.
In other words: States, localities and firms that seek information from the public are expected to follow the lead of the Federal Government in requiring less information from individuals.
How does the new law affect a businessman who contracts to do business with the Federal Government?
The emphasis of the law is based on what authorities refer to as "personal rights." Consequently, should a businessman feel that the Government is going too far in securing information about his business in order to arrange a contract, he can — if he believes the questions are of a personal nature — challenge the Government.
Experts on the law point out, however, that the Act is specifically aimed at protecting personal rights, not corporate rights.
Again the ultimate test is the Government's "need to know" in order to serve an individual or the public.
Any information gathering that does not fall within that category — whether it concerns businessmen, farmers, professionals — can be challenged unless it is secured on a voluntary basis.
Is there any part of Government that still will be able to collect any information it chooses and maintain what files it cares to?
Yes — the U.S. Congress. In writing the law, Congress permitted its committees those rights — and rendered itself immune to lawsuits.