History of the Right to Privacy
Violations of the Right to Privacy
The needs of society change with the increased use of and progress in technology. With the invention of the telephone and computer, communication has reached a new height in celerity. Given enough resources and money, time no longer factors in as a constraint in gathering and distributing information. Along with the increase in the speed of communicating, the efficiency and ease of obtaining information also have increased. The tendency towards an information based society raises new issues that need to be resolved. One of those issues, privacy rights, demands our attention and resolution.
Telecommunication technology has been evolving so fast that the law simply cannot keep pace with all the new ramifications. Privacy rights, although not explicitly stated in the Constitution, remain an issue upon which the American public places significant concern. According to a Harris survey results in 1984, almost eighty percent of the American public displayed at least some concern in privacy rights. (Office of Technology Assessement, p. 26-27) The general level of concern over privacy issues has increased over the years. (Office of Technology Assessment, p. 26-27) In spite of the growing concern, the response concern by the Congress has been lackluster.
The origin of privacy rights stems from efforts to define the boundary of acceptable limitation on the amount of information a person can acquire and distribute. Why is the public so concerned with privacy today? With swift changes in technology, the public can no longer take privacy for granted. This paper will examine the general history and roots of the right of privacy and analyze how the advancing telecommunication technology can threaten a large degree of the privacy from the American public. In particular, by focusing on and analyzing the violations of the right to privacy through the increasing the use of telecommunication technology, this paper will expose just how easily privacy can be lost. Because less constraint on obtaining information about an individual by advancing telecommunication technology diminishes the degree of privacy an individual may enjoy, the advancement in telecommunication provokes fear from the public. Therefore, with progressive technology, this paper will argue that an explicit right to privacy must be incorporated in order to protect the right to privacy.
In the year 1890, Professors Louis D. Brandeis and Samuel D. Warren published their historic article "The Right to Privacy" in Harvard Law Review. (Rubin, p. 16) In reaction to yellow journalism, Brandeis and Warren stipulated that the individuals have "the right to be let alone." For the first time, legal scholars advanced an articulated legal theory on the evolution of privacy rights from the common law; the common law developed to protect a person not only from the physical attack on his life and property but also from intangible attack as well. (Rubin, p. 16) In 1960, William L. Prosser strengthened Brandeis and Warren's theory by publishing an article in California Law Review tracing more than 300 cases germane to the evolution of the right to privacy. (Bier, p. 93) The influence of the works of Brandeis, Warren, and Prosser contributed greatly in the recognition of the right of privacy.
Although publication of the legal theory by Brandeis and Warren caused a stir in legal community, at first the courts did not accept that privacy rights existed. The New York Court of Appeals decided that no enforceable privacy rights remedy existed in common law in the case of Roberson v. Rochester Folding Box Company in 1902. (171 N.Y. 538) The court found that the theory was too broad to be enforced and suggested that the legislature could enact statutes so that "the rule would be applicable only to cases provided for by the statute." (171 N.Y. 538) In response, the New York legislative body enacted Section 50 and 51 of New York Civil Rights Law recognizing the right of privacy. (Freedman, p. 23) In 1905, the appellate court in Georgia recognized for the first time the existence of the right of privacy without a statute in the case of Pavesich v. New England Life Insurance Co. (50 SE 68) Other courts from other states followed the example of recognizing the right of privacy from this case. (Freedman, p. 5) The right of privacy gained ground slowly both by enactment of statutes and by judicial decisions setting legal precedents. (Rubin, p.19) By 1930's, the First Restatement of Torts stated that "a person who reasonably and seriously interferes with another's interest in not having his affairs known to others or his likeness exhibited to the public is liable to the other." (Freedman, p. 5)
Even as the right to privacy began to take root, in 1928 the Supreme Court had to decide what role privacy must play in the light of advancing technology. Olmstead v. United States raised the issue of legality of wiretapping by the United states government. The Court decided that the Fourth Amendment was not violated when securing evidence by wiretapping since "the evidence was secured by the use of the sense of hearing only." ( 277 US 438) Again, this decision compelled the legislative body to act. This time the Congress enacted the Communications Act of 1934 in which one of the provisions banned all wiretapping. (Rubin, p. 21) However, the Court's opinion on right to privacy concerning wiretapping did not remain permanent. Almost 40 years later in 1967, the Supreme Court overruled Olmstead v. United States in Katz v. United States. According to the new interpretation of the Fourth Amendment, "the Fourth Amendment protects people, not places...what [a person] seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected." (389 US 347) The Congress reacted to the Court's decision by enacting the Omnibus Crime Control and Safe Streets Act of 1968 whereby wiretapping can legally occur provided certain requirements are met. One other important provision of this act that will prove relevant in the Clipper Chip controversy today required that assistance should be given by the communication service providers when law enforcement agents need assistance executing warrants. (Rotenberg, p. 67) Because advancing technology outstripped the limits of the law, the Electronic Communications Privacy Act of 1986 was enacted to include wireless electronic devices. (Rubin, p. 23)
History displays the propensity of the court to decide the role of the right to privacy before any legislative action took place. So it is not surprising that the constitutionality of the right to privacy also rose from a court case. Griswold v. Connecticut, decided in 1965, raised the status of the right to privacy from the tort law to an independent constitutional privacy right. According to the majority decision, the Constitution provided for the right to privacy by "penumbras." (381 US 479) With the controversial decision in Roe v. Wade, the Court expanded further the scope of privacy rights. (410 US 113 1973) However, the constitutionality of the right to privacy remains limited to only the questions of marital relationships and the like; no further cases rose to apply the notion to the communications and various types of records. (Rubin, p. 27)
The major burden of shaping the right of privacy in America fell on the Court's shoulders as the Court often took the first step in determining the status and the enforceability of the right of privacy. Indeed, William L. Prosser identified the developments in four distinct torts in the case law relating to the right of privacy: public disclosure, intrusion, false light, and appropriation. (Bier, p. 93) Even though most legislative actions for the right of privacy took place in reaction to the Court's decisions, legislation has played a small part in molding privacy rights, particularly as modern society became more technologically oriented. Two major federal statutes, the Privacy Act of 1974 and the Freedom of Information Act of 1966, exemplified the effect of legislation on the American public's right of privacy.
This is a general sketch of the history of the right to privacy. From the beginning, ambiguity clouded the rise of the privacy right; in response to the controversy provoked by the court's first major decision that the privacy rights do not exist, the legislative body took actions where the court would not. Thus the recognition of the right to privacy came, not from the courts, but from the American public's reaction to the knowledge that privacy may not be protected. From this inauspicious beginning, the right to privacy grew haphazardly depending on the cases rising in the court. In cases where the public intensely disagreed or disapproved the decisions of the court, the legislative body would take actions. Incredibly, such random development of the right to privacy did not extinguish the right to privacy in spite of the fact that the right depended precariously on retroactive reactions rather than a progressive outlook.
Unlike other constitutional rights where the courts interpreted explicitly defined rights, the right to privacy struggled to attain the status of a constitutional right because the courts and legislature defined and shaped the right to privacy according to the public's reactions to changes in the society. As can be seen through the rise of cases from Roberson v. Rochester Folding Box Company to Roe v. Wade, the court grappled with the problem of being in the position of defining what has been an implicit right explicitly. The fact that legislative actions have been reactive instead of progressive compounded the difficulty of anchoring any lucid privacy rights firmly into our society. Detailed examination of some of the privacy invasion issues in rapidly changing telecommunication technology will demonstrate that the right to privacy cannot continue to be defined by capricious approach.
The fear of invasion of privacy lies in the real possibilities and/or occurrences of misuse of advancing technology. The abuse from either a big institution, such as the government, or a private individual can easily deprive unsuspecting victims of privacy. Although the types of intrusion may differ depending on the size, number, and the intention of invaders, the results all point to the common denominator--privacy loss. The large organizations generally focus more on electronic surveillance of individuals. Telecommunication technology allows one to gain more information about an individual for the sake of knowledge or to manipulate private informations for the organization's profit. On the other hand, private individuals may simply invade one's privacy for amusement or for the pleasure of manipulating the technology. With the integration of the computer into the telecommunication information highway, more threats to privacy invasions arise. Due to the limitation of time and space, this section will focus on the rise of different types of surveillance problems and the effectiveness or ineffectiveness of the legal remedies available to respond to these problems.
The ease of electronic surveillance increased dramatically with the development of a sophisticated telecommunication system. The Harris poll which showed that "almost one out of every ten Americans believes his or her telephone has been tapped at one time or another" (Petrocelli, p. 179) reflects the anxiety of the American public about being electronically monitored. The statistics show that the public understands the existence of the threat of losing privacy to modern technology to the government or to an equally equipped institution. The examination of the types of invasions of privacy possible by such organizations will illuminate the easy possibilities of electronic monitoring through wiretapping and data matching by computer. The increased incorporation of the Internet in today's communication system also raises the same kind of threat which the Clipper Chip controversy reflected.
In today's society where the use of telephone has become ubiquitous, wiretapping can provide a valuable aid for catching criminals in the act or for simply giving the tapper important information for personal gain. Wiretapping can also deprive a person of his/her privacy since the caller may have no knowledge that a third party is listening and/or recording the conversation. Because people have "an expectation of privacy" when making telephone calls, (Tuerkheimer, p. 36) the possibility that an unwanted party may be listening to private conversations upsets most people. Thus, the Federal Communications Act of 1934 passed after the Olmstead v. U.S. decision prohibited wiretapping by federal agents without a court order or a warrant. (Freedman, p. 111) Is this enough?
Unfortunately, although the statute requires the federal agencies to obtain a search warrant in order to tap a line, telephone company is exempted from obtaining any search-warrants for routine monitor. (Petrocelli, p.183) As a result, the telephone company can and did monitor about 1.8 million telephone calls in one incident for five years, justifying its action as necessary to catch Phone Phreaks. (Petrocelli, p. 180) However, of the approximated 1.8 million monitored telephone calls, more than 98 percent of the calls were innocent calls which happened to be picked up while trying to catch Phone Phreaks. (Petrocelli, p. 180) Even more shockingly, telephone company employees routinely listen to numerous telephone conversations for maintenance and training. (Petrocelli, p. 183) In fact, the Pacific Bell's White Pages carries a notice warning that "for training and quality control purposes, one percent or less of operator-assisted or directory assistance phone calls between Pacific Bell employees and customers are monitored without notice to the customer or the employee, by supervisory or management personnel."
The loophole in the existing wiretap law leaves sizable room for invasion of the privacy of an unsuspecting phone caller. Although according to the notice in the White Pages "calls between customers are not monitored for [training and quality control purposes] or for any purpose...except when required by law enforcement and national defense agencies," if the telephone company spots suspicious calls, the telephone company may inform the law enforcement agencies of suspicions of criminal activity so that the law enforcement agents can obtain a warrant to tap the phone line. In fact, a case in Baltimore, Maryland raises the question whether the telephone company and law enforcement agents may be cooperating beyond the legal limits. In 1975, Baltimore police officers asked their friends in the telephone company's security office to listen in on suspicious calls to a certain residence so that enough evidence could be collected to obtain a warrant. (Petrocelli, p. 184-5) Although the existing wiretap law stipulates that the phone company should help law enforcement agencies in executing warrants for wiretap, (Rotenberg, p. 67) the law does not provide for unofficial surveillance by the telephone company. However, it is difficult to stop such surveillance because the existing law exempts the phone-company employee in routine monitoring of the calls.( Petrocelli , p. 184) Hence, unofficial surveillance can occur in the disguise of routine monitoring.
An average person would not consider that a conversation over the phone would be monitored without consent by a third party. How about when the consent is given? Although existing law forbids wiretapping without a warrant for the law enforcement agents, the law does allow wiretapping by a "party to the communication" or with his/her "prior consent." (Petrocelli, p. 182) In other words, a person can tap his/her own line or give permission to tap the line. Does that mean that the other party must also give consent to being tapped? No. The fact that the wiretapping law does not require consent from both ends of the call for tapping the line can be problematic since the other party may not wish to be overheard. The party that has not given consent to being tapped may not even have the choice of ending the call of the tapped line since without a warning, the party would not be aware that the line is tapped.
Whose consent is needed to tap the line in cases where more than one person uses the same line? In the case of married couple, either the husband or the wife alone can give consent to tapping the line without informing the other spouse. In 1974, a Circuit Court of Appeals ruled that a husband could legally consent to tapping the line without informing his wife because they live together in the same house. ( Petrocelli , p. 183) The courts also have permitted a company to tap the line within its offices. ( Petrocelli , p. 183) Again, because the law does not require the consent of all the users of the same line, these cases reflect serious problems in protecting the privacy of the some of the telephone users.
The loopholes in the existing wiretap laws allow room for loss of privacy for individuals caught unsuspectingly. Granted that "wiretapping has been a critical tool in combating organized crime, drug trafficking, and acts of extortion, terrorism, kidnapping, and murder," (Denning, IEEE Spectrum, p. 16) the potential for wiretapping to not only intrude but monitor individuals weighs heavily in today's society. One can argue that when people use the phone they must assume that "the contents of their private phone calls can be revealed by a telephone workman who wanders across their line." ( Petrocelli , p. 184) In fact, perhaps people should assume that no privacy will be given when making any phone calls. After all, no law exists giving people the right to use the phone; using a telephone is a privilege much like driving. Isn't it?
With the birth of telephone system, society rapidly adopted speedy communication into their daily lives. Today, the telephone has become an invaluable tool for people to stay informed and in touch with each other. From personal calls to business calls, much of our lives depend on the usage of the telephone. The telephone has become ubiquitous because it replaces the need for people to be physically present to conduct errands and transactions. Hence, when people use a telephone, people expect as much privacy in a telephone conversation as a private conversation between two people in a room. Because of this function of a telephone conversation, the telephone company or any other equally equipped organization such as the government cannot assume that those privileged to use a phone should expect a minimal amount of privacy. Consequently, unwanted surveillance and unconsented wiretapping violate an implicit right which cannot be condoned .
The extension of the telecommunication technology from telephones to the Internet not only extends new method of communicating but also the problems of unwanted surveillance. The same amount of privacy should exist in using e-mail by the same line of logic as using the telephone. However, because of even less law existing to protect privacy rights in using e-mail, privacy invasion problems are rife in the e-mail system. For example, Alana Shoars lost her job at the Epson company because she tried to stop her supervisor from monitoring the e-mail system and has brought suit against the company for wrongful termination. ( Branscum , p. 63) Subsequent to learning the Epson company's policy on the e-mail system, the employees of Epson brought suit against Epson which the court dismissed because the court ruled that California statute which prohibits wiretapping and eavesdropping on private communication does not apply to an e-mail system. In fine historical fashion, the court stated that the legislation should resolve these types of problems by enacting clearer statutes covering e-mail systems. ( Trubow , p. 97)
The federal statute at present is ambiguous about what constitutes an invasion of privacy in an e-mail system. The only federal statute available for privacy problems involving e-mail system is the Electronic Communications Privacy Act of 1986. This statute forbids the interception of electronic information and the disclosure of intercepted information in a system not accessible to public. The provider of such a system can intercept and disclose information for its normal course of business but cannot monitor the system except for mechanical and service quality-control check. ( Trubow , p. 98) The ambiguity arises in cases of e-mail because the Act does not provide any clear guideline as to constitutes a quality-control check. Whether reading e-mail to check that the employees do not use the system for personal matters constitutes a proper quality-control check or a violation of worker's privacy rights remains uncertain under this Act. ( Trubow , p. 98)
In using either a phone or Internet, the problem of violation of privacy remains unresolved because of unclear legislation. Although the system providers claim that maintaining the operation of the systems necessitates routine monitoring, such routine monitoring can easily transform into surveillance which invades the privacy of the users of the systems. As people depend more and more on these technologies for communication, more surveillance will probably take place to secure the systems' operations, and there will be more violations of privacy. The legislature must enact clearer legislation on what should constitute a routine monitoring.
The incorporation of the computer into our lives has eased our ability to store information but has generated new privacy problems. Since telecommunication technology has increasingly integrated the use of the computer, inspecting some of the privacy violations created by the use of computer in our society may shed some light on the kinds of loss of privacy that might occur as computers play an increasingly significant role in telecommunications.
The power that attracts people to computers has become a nemesis of right to privacy; the ability of the computer to store vast amounts of information for a long time entices the government and large organizations to gather huge amount of information including personal information about people. "As information-recording processes have become cheaper and more efficient,...appetite for data has intensified as been accompanied by a predilection toward centralization and collection of file material. As if responding to something akin to Parkinson's Law, technological improvements in information-handling capability have been followed by a tendency to engage in more extensive manipulation and analysis of recorded data." (Miller, p. 21) In short, the computer's ability to store and to analyze information raises privacy problem. Because dissemination and interchange of information is swift and easy through the computer, the computer can become another tool in violating the right of privacy. The government exemplifies how a large institution can and misuse the efficiency of the computer by putting little regard to the privacy of the individuals. By studying the government's actions and its operations, this section will show the imperative need for better legislation to protect people as the computer becomes more significant in the telecommunication.
With the "world's information base...estimated to be doubling every three to four years," ( Linowes , p. 169) the government has taken steps to establish itself as the major source of information. Because the government has become the single biggest collector and disseminator of information, the probability that the data is acquired and used via questionable methods increases. ( Hixon , p. 209) As the information privacy of individuals become increasingly threatened by the heightened use of computers by the government, the Congress enacted statutes to provide individuals control of some amount of privacy. The two federal statutes involved are the Freedom of Information Act and the Privacy Act of 1974. These two statutes give individuals the power to preclude government from invading their privacy through misusing personal informations.
Under the Freedom of Information Act, every American has the right to look at any government records unless the disclosure of a record would warrant an "invasion of personal privacy." ( Freedman , p. 18) This act gives the citizens the right to know what the government knows so that the citizens would be able to discover any fraud in the government including privacy violations. Ironically, this act simultaneously creates a tension between the public's right to know and an individual's right to privacy. ( Freedman , p. 18-19) Because the Act provides that files may be available to "any person," individual privacy may be lost, especially since the party whose information may be requested by another will not be notified. ( Miller , p. 156) The Act in an attempt to protect the privacy of the individuals does contain several exemptions. However, the vaguely worded directions concerning matters relating to "internal personnel rules" or " files, the disclosure of which would constitute a clearly unwarranted invasion of personal privacy" ( Hixon , p. 194-5, 199) create interpretation problems especially with the use of computers. For example, what constitutes "files" remain ambiguous when using a computer. ( Miller , p. 158) Should "files" be interpreted to constitute storage discs or data cells containing items unrelated to each other? Answering this question determines how much information a person could obtain and how much privacy of an individual can be lost.
The Privacy Act of 1974 was implemented "to provide certain safeguards for an individual against an invasion of privacy." (Public Law 93-579, sec 2(b)) The "Code of Fair Information Practice" was recommended by an advisory committee of the Secretary of the Department of Health, Education and Welfare in a report called Records, Computer, and the Rights of Citizens in 1973. ( Rubin , p. 80) The code served as the model in constructing the Privacy Act. Five major principles of the code stipulated: 1) no secret personal data record-keeping system should exist; 2) access for individuals to find out the use and existence of any information about him/her in a record should exist; 3) a way for an individual to prevent the use of information collected for one purpose to be used for another purpose without his/her consent should exist; 4) a way for an individual to correct a record about himself/herself should exist; and 5) assurance of the reliability and accuracy of the use, maintenance, and dissemination of the data should exist. ( OTA, p. 16) Based on these principles, federal agencies faces six requirements from the Privacy Act; 1) an individual should be permitted to determine what records related to him/her are used, collected, maintained, and disseminated; 2) an individual should be able to prevent the use of information collected for one purpose from being used for another purpose without his/her consent; 3) an individual should be allowed access to information pertaining to him/her, have copies of such records, and to be able to make corrections; 4) collection, maintenance, use, and dissemination of personal information is necessary, legal, and accurate; 5) exemptions from the requirements should only occur when authorized by specific statutory authority; and 6) a federal agency can be subject to civil suit for violations of any individual's rights under this Act. ( OTA, p. 17-21) In essence, this act empowered individuals to know of the existence and use of the information pertaining to him/her by the government.
In spite of the efforts by the Congress to protect privacy by enacting the Privacy Act, the Office of Technology Assessment in 1986 concluded that in today's society where the computer has become vital for the functioning of the government, much of the protection from the Privacy Act of 1974 has been eroded by computer matching, front-end verification, and computer profiling. ( OTA , p.4) The sentiment of the American public has not changed since the 1960's when the Congress defeated the National Database proposal in response to the public's demand to protect privacy. ( Miller , p. 54-7) The report in 1986 also states that according to a Harris survey, 78% of the American public believe that master files containing personal information violates privacy. ( OTA, p. 28) However, the increasing new application of the computer in the government has created a de facto national database with the social security number as a de facto electronic national identifier. ( OTA, p. 28)
The basic ineffectiveness of the Privacy Act stems from the fact that no independent agency has been charged to enforce it. (Petrocelli, p. 216) Hence, private information collected for one use may frequently be used for another purpose in disguise of "routine use." Since with "telephone hookups between computers, the actual physical location of any one piece of data is practically irrelevant," (Petrocelli, p. 215) the misuse and dissemination of private information can occur easily and quickly. Computer matching, front-end verification, and profiling, useful in assisting government in checking an individual's background and history, also erode privacy rights of the individuals by pooling different sources of information given to the government clearly unintended to be used for such applications.
Computer matching and front-end verification involve using different sources of information to match or verify the information given while computer profiling involves combining different informations about an individual to deduce the person's characteristics and behavioral patterns. ( OTA, pp. 37, 67, 87) Even though the cost effectiveness of such applications are still lacking, (OTA, p. 5) the agencies continue with computer matching, front-end verification, and profiling justifying their actions by claiming that the verifications are more cost-effective with these methods.
The danger of disseminating personal information to a wider circle by new applications of the computer lies in the high likelihood of distributing inaccurate factual and/or contextual data creating erroneous impressions about a person since no independent agency exists to oversee such errors do not occur among the government agencies. (Miller, p. 26) Although human errors and computer program errors exist, most computer users depend on the data in the computer without making any other independent verifications. (Columbia Human Rights Review, p. 18-19) The consequences of inaccurate data, factually or contextually, can be dire in a person's life. For example, John Seigenthaler, a former Administrative Assistant to the Attorney General, was horrified to discover that the FBI inaccurately hinted that he had "illicit relations with young girls." He was able to obtain a copy of FBI file only after years of persistence. ( Petrocelli , pp. 222-223) Equally inaccurate pictures of an individual can be drawn from contextual errors in the records kept in the computer. For example, an arrest record showing that an individual spent six months in jail for trespassing shows no difference between a political activist demonstrating for desegregation and a common criminal trespassing. (Columbia Human Rights Law Review, p. 19)
Privacy problems will become more severe with the practice of record sharing by terminals linking computer systems. (Miller, p. 36) Without an independent agency to enforce the accuracy of the data used by different agencies as required by the Privacy Act, not much remedy exists to correct these privacy violations because the Act provides only for individual remedies when each individual who were violated brings a case against the agency involved. Hence, individuals without resources to bring a case or ignorant of privacy violations occurring in the government do not have effective recourse.
The Congress enacted the Privacy Act of 1974 a few years after the controversy about the National Data Center to guarantee that the "Code of Fair Information Practice" can be enforced and to protect the individuals from data surveillance by the government. The heated controversy in the 1960's over the proposal to centralize government information into a single National Data Center and its eventual defeat illustrated that the American public was concerned about the possibility of data surveillance by the government. (Miller, pp. 54-57) The notion of giving the power to the government to monitor each individual through more efficient compilation of the information into a womb-to-tomb dossier struck a disconcerting note. Subsequently, no other proposals were made regarding the creation of such an "information base," and the House passed the Privacy Act to "address the tension between the individual's interest in personal information and the Federal Government's collection and use of that information." ( OTA, p. 3, 14-5)
The government still recorded much of the private information manually at the time of the Privacy Act's enactment. Although the Privacy Act of 1974 intends to protect the privacy of the individuals, the Act does not address the possibility of using the computer to manipulate, match, and disseminate information. (OTA, p. 3) Consequently, the lack of provisions on the new applications and use of the computer by the present statutes and the absence of an independent enforcement agency to oversee the protection of the privacy of the individuals fosters the growth of a de facto national database. With the application of telecommunication technology to the computers, the possibility of a national database has become a fast reality.
The very concept of a womb-to-tomb dossier of each individual kept by the government invokes the picture of Big Brother watching. Even without a de jure national database, the ease and the speed of access of information suffices for the possibility of a de facto one. The idea of someone or some institution having the capability to cite, monitor, and manipulate all the relevant informations pertaining to the lives of citizens leaves the individuals feeling helpless and without privacy. Data surveillance, similar to electronic surveillance, deprives privacy rights from people because an unwanted and unconsented third party covertly intrudes in the lives of people.
Data surveillance, as any other type of surveillance, can only function at the price of some privacy loss. Surveillance occurs without warnings or notices to those being observed; any warnings would defeat the purpose of obtaining any information about those being observed. Hence, privacy loss would occur for the monitored individuals because those observed have not given consent to the method and to the content of the information procured through surveillance. The same general principle applies for data surveillance.
In the case of data surveillance, people lose privacy because they have the expectation that the information given is going to be used in a certain way. A person would not expect when giving information about personal history and background to the IRS in order to establish the identity of the person paying the tax that the IRS employee will use that information to audit people whom they dislike. A person would not also expect the contents of said information to be disseminated arbitrarily. Although it may be appropriate for the IRS to know the annual income of the individuals, people do not expect the IRS to disseminate such information to other agencies.
Existing statutes provide very little protection for the individuals against new technological data surveillance. The Privacy Act of 1974 has become obsolete with new applications of the computer. The public did not and still does not want a national database of any form, de jure or de facto. In 1990, Lotus Development Corp and Equfax tried to market a CD-ROM disk called Market place which contained names, addresses, shopping habits, and estimated income levels of about 80 million U.S. residents. However, because of the negative reaction from the public, Lotus withdrew the product. (Baer, p. 7) Whether marketed in the private sector or handled in the government sector, the public wants and needs protection from the centralization of information because of the danger of privacy loss. In order to ensure the protection of privacy of the individuals, the Congress must act soon to establish an independent agency as well as an updated legislation to wipe out the existence and the possibility of a de facto national database.
The computer linked to the telephone line created not only de facto national database but also the popular Internet. As the newest communication method, the Internet attracts more and more users every year. One of the privacy concerns involved in the use of the Internet lies in the application of encryption codes to gain as much privacy in using e-mail as using regular mail. To guard against computer hackers who may intercept and read private e-mail, people increasingly use encryption. The government intelligent agencies feared that the widespread use of the almost unbreakable encryption would breed criminal activities. The problem rises not from the growth of criminal activities but from the inability of the government intelligent agencies to break the encryption to detect and catch the culprits. To make the inaccessible accessible, the agencies proposed the Clipper Chip as the encryption method for people to use. Because the Clipper Chip allows the government to hold the key to decrypt, the controversy ensued between the proponents and the opponents of the implementation of the Clipper Chip. The examination surrounding the Clipper Chip proposal as the last topic in the types of the violations of privacy evinces the exigency for progressive clearer legislations in consideration of the advancing telecommunication technology.
The National Security Agency and the National Institute for Standards and Technology designed the Clipper Chip to be used in lieu of RSA and DES, currently the two most popular encryption method. Both systems rely on a "key" to encode and decode. The "key" consists of bits or series of number and an algorithm. (Denning, American Scientist, p. 319) In the case of RSA, a pair of keys are used in which the message is encoded by either the public key or by the sender's secret key and decoded by the receiver's secret key or the public key respectively. The RSA algorithm achieves security because of the difficulty of factoring a large number into two primary numbers. (Denning, IEEE Spectrum p. 31) The DES uses only one secret key to encode and decode using the same principles. (Denning, American Scientist, p. 320) Both systems are difficult to break because of the use of large primary numbers. The Clipper Chip runs on 80-bit keys and a secret encryption algorithm called "Skipjack." The security for this encryption comes from requiring both two 40-bit decoder keys which are to be placed in escrow with two government agencies. The agencies would be authorized to hand the keys to the law-enforcement agencies only with probable cause of crime being committed. (Levin , p. 29) Hence, government agencies would be able to decode if necessary. The controversy stems from this escrow security system of the Clipper Chip and the possibility of the government to abuse the "back door".
The proponents of the Clipper Chip argue that the proposal enables "law-abiding citizens with access to the encryption they need and [prevents] criminals from using it to hide criminal activity." (Levin , p. 29) A Clipper Chip proponent, Dorothy E. Denning makes several points in favor of the Clipper Chip proposal. Three pertains to the discussion of the privacy rights. Denning first argues that although present law states does not explicitly state that communication service providers must incorporate systems which will insure that the law enforcement agents have the capability to intercept data, the law does state that the communication providers must assist those law-enforcement agents with warrants. The law naturally lacks the provision because at the time of the enactment of the law, legislators did not anticipate technological advances. Hence, in today's society, we must interpret the meaning of the word "assist" more flexibly. (Denning , Communications of the ACM, p. 27)
Denning's line of argument assumes that the if the legislators at the time of the enactment of the wiretapping law anticipated technological advancement today, they probably would have explicitly required the system providers to use the systems which the law-enforcers can intercept. In light of the public concern over intrusiveness of the wiretapping, "Congress intended that wire surveillance be difficult." (Branscomb, p. 36) Because of public reaction against the court's inaction, the legislation took the action to curb wire surveillance. Although Congress could not have known how far technology would progress, the enactment of the wiretapping law did not intend or imply the facilitation of the wire surveillance for the government agencies. Denning misconstrues this intention by taking the word "assist" out of context. The basic purpose of enacting the wiretapping law is to allow as few wiretapping as possible, not to aid the intelligent agencies in wire surveillance.
A second major point made by Denning relates to the right of privacy and directly addresses the concern about a decrease in the level of privacy due to the use of the Clipper Chip. She argues that because the service providers must route the tapped line to the law-enforcement agents and "the connection to a remote government monitoring facility would support an outgoing data stream only...[it] does not impose any new or additional danger to the security of the systems and the privacy of the people who rely on them for their communications." (Denning , Communications of the ACM, p. 28) She maintains that the privacy level will not decrease because the "employees of the service providers who have been strict about requiring court orders" must initiate the tap not the law-enforcers. (Denning , Communications of the ACM, p. 28)
In reality the threat to privacy will not diminish and may well increase. Despite Denning's claim that the employees have been "strict about requiring a court order," I have pointed out earlier that the employees of the telephone company have been known to cooperate and to monitor unofficially for law-enforcers so that the warrants could be obtained to legitimize the wiretapping. The Clipper Chip proposal does not attempt to reduce such risk. Denning also assumes, with more faith than most people, that the government will not abuse its power. In fact, with the government agents holding the capability to decode, the governmental abuse of the power becomes more likely. Given the history of governmental abuse of power, such as Nixon's "enemy lists" to the Iran-Contra affair to name a few, (Branscomb, p. 36) more than a huge leap of faith must be made to entrust government agencies with the keys to the encryption.
At the same time, Marc Rotenberg points out that the reasoning that the intelligence agencies only want access not the remote monitoring capability simply does not obviate the fact that the proposal intends to set up a "government monitoring facility." (Rotenberg, p. 38) By endorsing the monitoring capability, people cannot expect privacy even though the quintessential reason for using the encryption is for privacy. Hence even if by practice those who use the system will not lose privacy, people will not expect privacy to be preserved because people will perceive the omnipresent monitoring capability of the government in using the Clipper Chip. This apprehension violates the privacy of the Clipper Chip users by changing the perception of the degree of privacy maintained or not maintained. The users lose a sense of freedom and personal space. By losing certain personal space, the users will also lose some privacy.
A final argument by Denning that pertains to the discussion of privacy involves the social contract theory. Denning argues that a contract "strikes a balance between our rights to privacy and to an orderly society." (Denning , Communications of the ACM , p. 32) Hence, people do not have "absolute" privacy. In using cryptography, users can have absolute protection or privacy but Denning states that neither is necessary. (Denning , Communications of the ACM, p. 32)
On the surface, Denning's argument seems persuasive enough. Compromises must be made for a harmonious society. As she points out, regulations already exist in our speech such as slander, obscenity, and libel; striking a balance between privacy and protection equals the same type of regulation for the society. (Denning , Communications of the ACM, p. 32) The balancing act, however, runs deeper than simply for "an orderly society." The law balances rights when the one right clashes or conflicts with another right. The individual rights remain absolute as long as it does not encroach on other person's rights. Denning's example of the regulation of speech reflects the balance of a person's right to speak freely so long as the speaker does not injure another person or another person's rights. Is the protection or security of the nation one of the rights to be balanced with privacy rights? Indeed, does the Constitution balance "individual rights such as privacy with the government's responsibility to protect our liberties by enforcing the laws?" (Rotenberg, Communications of the ACM, p. 43)
The government certainly has the "responsibility to protect," but the cost of protection must not come at the expense of the rights unconsented by the individuals. The belief that the people have an "inalienable and natural rights" which cannot be suppressed by the power of the government built the foundation of the United States of America. To balance the privacy right with the government's power to protect "shifts the balance of power and control to...[the] government," (Godwin , p. 35) colliding against the principles of the social contract drawn by the founding fathers in the Constitution. The social contract reflects the agreement between the people and the government on how much power the people consent for the government to have and exert. The social contract between the people and the government exists so long as the government use its powers within the due process of law and the people agree to the outcome of the due process of law. With the due process of law as a vehicle for maintaining the social contract, the government uses its power without compromising certain "natural and inalienable" rights of the individuals in a way unspecified by the Constitution, our social contract. Hence, by allowing the government to expand its power at the expense of the right to privacy breaches the contract between the people and the government because such action compromises the individual rights without the consent from the people.
The major justification for the implementation of the Clipper Chip is simply that "the government needs the ability to catch criminals and thwart terrorists." ( Canon , p. 23) The opponents of the Clipper Chip solution, however, point out that if the Clipper Chip is implemented, "anyone who uses Clipper for the conduct of organized crime is dumb." ( Barlow , p. 22) Why would anybody commit a crime using an encryption system of which the government holds the decoding key? Most of the criminals will simply use other encryption. ( Canon , p.23) Unless the government mandates the use of the Clipper Chip, concludes John Perry Barlow. ( Barlow , p. 23)
If the government does not mandate the use of the Clipper Chip, one can only reasonably conclude that government intelligence agencies may want the implementation of the Clipper Chip to monitor "businesses and private citizens" ( Canon , p. 23) since most criminals will use a different encryption. As explained earlier, surveillance cannot occur without violating the privacy of the users of the encryption. No one would question the privacy of a regular mail. By being able to decode without the user's knowledge, the government would be violating privacy in an analogous manner as opening a sealed letter.
How about mandating the key escrow system? With the mandate of Clipper Chip, "any transmission encoded by some other algorithm would stick out like a licorice dot." ( Barlow , p. 23) Hence, using a different encryption will seem conspicuous and suspicious. By being forced to use one kind of encryption for fear of being suspected, the users have no choice left other than to accept that by using the encryption they will be susceptible to government surveillance. The only other alternative would be to not use any encryption and risk the interception and the exposition of private, sometimes vital, information to any malicious hackers and the government. Forced to the scrutiny of the government, the individuals using the encryption would lose privacy more than if the law-enforcements simply wiretapped to listen in on the phone conversation.
Prohibited by the Fourth Amendment from making secret searches, law-enforcement must announce themselves before entering and only seize property after serving the owner with a warrant. Although the law does permit eavesdropping for wiretapping purposes, the law does not permit secret seizure of a record of that conversation. ( Barlow , p. 24) Unfortunately, in electronic communication, the key to the encryption would open up "not only the phone line but the filing cabinet." ( Barlow , p. 24) Consequently, the loss of privacy through monitoring the electronic communication becomes even greater by the amount of information that could be seized.
This grim picture is the worst scenario; at the moment, the government asserts that it has no intention of mandating the Clipper Chip. ( Barlow , p. 24) However, painting the extreme worst scenario of case elucidates how much privacy rights can be violated. Although the argument for not accepting the Clipper Chip cannot depend on the potential of the worst case, the picture focuses on the method and the extent of the privacy violations that can occur. Even if the government chooses not to monitor to the extreme, the frightening fact still remains that the use of the Clipper Chip will result in privacy loss.
In conclusion, the examination of wiretapping, data manipulation, and the possibility of the Clipper Chip proposal all result in the invasion of privacy rights through surveillance. The continued expansion and the greater use of telecommunication technology creates new opportunities for abusing the advancing technology at the expense of privacy rights. Although the government or an equally equipped large institution cannot conduct physical surveillance of the public, the ease and the accessibility of various forms of electronic surveillance has led the government to seize opportunities with little regard for the right to privacy.
Surveillance constitutes only a part of the issues of privacy invasions in the telecommunications. Disregard for privacy rights have pervaded the mentality of the individuals as well as the big organizations. (e.g. computer hacking, eavesdropping, etc.) Although I will not examine these violations in detail, again the same problem of unclear definition of privacy rights exist.
With the Internet paving the way for the future information highway, more troubling questions arise such as the status and the level of control of the service providers such as Prodigy. ( Branscum , p. 67) Although civil liberty groups such as Electronic Frontier Foundation and Computer Professionals for Social Responsibility currently battle the issues of many individual rights (including privacy rights) in using the Internet, (Brody , p. 24) the privacy rights cannot be firmly anchored and protected until explicit and clear legislations pass defining the right to privacy in the context of telecommunication technology. The problems of violations of privacy point to enactments of clearer statutes protecting and enforcing the right to privacy especially in light of the shortcomings of common law's ability to protect the privacy rights in the advancing telecommunications.
In analyzing some of the major problems of the violations of privacy in the telecommunication technology in terms of the common law, the intrusion theory of privacy right bears the most relevance. Privacy rights remedy is available in a case of intrusion upon an individual's solitude or his/her private affair. ( Miller , p. 175) De May v. Roberts exemplifies the typical case of a physical intrusion where privacy rights may have been violated. (46 Mich. 160, 9 N.W. 146) In Nader v. General Motors Corporation, the intrusion theory expanded to include non-physical intrusion as well as physical intrusion. (25 N.Y. 2d 560) With the increasing use of technology, expanding the intrusion theory can become crucial in protecting the privacy of an individual.
However, the " unpromising growth capacity of the common-law theories" ( Miller , p. 220) rules out any immediate prospect for privacy right protection, especially when the technology outstrips itself more quickly each year. Although the right to privacy grew slowly over the years from 1905 with the case of Pavsich v. New England Life Insurance Co., (50 SE 68), the common-law has been slow and reluctant in expanding the right with the advancing technology. Repeatedly, the courts have asked for more legislations in light of the new technology. Unwilling to act as the legislature in a highly technical field, the courts want clearer statutes defining guidelines on the boundaries of privacy of individuals with respect to telecommunication.
Since the right to privacy in the common-law remains a weak outlet of protection, the next alternative seems to be the federal privacy legislation. Previous discussion of the history and the types of violations of privacy included federal legislations that exist for protecting privacy right in telecommunications presently. Unfortunately, the discussions vividly show that "while technology races, legislation crawls." ( Long , p. 183) The latest federal statute in response to the need for better protection of the privacy in face of the fast changing technology is the Electronic Communications Privacy Act of 1986. Since then the Internet has expanded at a rapid rate raising new privacy rights issues to which the interpretation and the application of the most current statute becomes difficult. For example, how far can companies monitor e-mail without violating privacy? How far can phone companies monitor calls? No solid answers exist in the present statutes.
The founding fathers designed the system to work slowly and bureaucratic ally. Hence, Congress may be willing to enact new statutes but the legislative process impedes enacting statutes as fast as the technology changes. From past history, Congress's proclivity has been to enact reactive statutes to remedy only issues raised. The combination of slow reactive statutes and fast changing technology creates obsolete statutes, not quite capable of applying to new questions and debates.
The only reasonable solution seems to be to incorporate an explicit definition of the privacy rights into the Constitution. A legal scholar from Harvard University, Laurence Tribe, suggests adopting a "Twenty-Seventh Amendment to ensure that protections of free speech and against unreasonable searches apply regardless of the technological medium." (Brody , p. 28) Although such a proposal is more progressive in outlook than other statutes in existence, the basic flaw again stems from implicit incorporation of the privacy rights. With broadly defined privacy right incorporated into the Constitution as a firm anchor, supporting federal statutes can be enacted without being pressured to define all the new issues that might arise. With an explicit definition that the courts can interpret, even if the federal statutes cannot keep up with the technology, the courts can go back to the definition in determining if the privacy rights have been violated. From the definition, then, new legal precedents can pave ways for the court to take action in the future if federal legislations does not cover new issues. Of course, the difficulty rises in giving the privacy right a definition. I only end this section with a proposal to follow such course of action without any definition.
Our society is evolving and progressing to become as informed as possible. The advances in the telecommunication technology to come will surely move to ward a faster, easier, and more efficient method of communicating and transporting information. During our march toward a speedier society, the right to privacy has been violated and trampled with the expansion of ways to monitor and snoop. In an ironic twist, the telecommunications which have eased our lives in many ways have also become the source of new issues and problems.
In analyzing the history of privacy rights and new types of privacy invasions that accompany the advent of telecommunication technology, I come to an inevitable conclusion that individuals need more privacy protection and remedies than provided by the legislations and the court now. The courts have been reluctant to step over the boundary of law-making, and the legislative body has been slow to respond to the violations of the privacy rights. Part of such slow actions is because the field of high technology is difficult to understand and to visualize ramifications. Therefore, by explicitly adopting the privacy rights into the Constitution, the courts can take more assertive tone to protect the privacy rights and the federal legislations would not have to take pains of trying to enact detailed statutes covering old and new issues.
In the end, the protection of the privacy rights depends on how important the people think the privacy rights are worth protecting. We must become more aware of the problems and erosion of our right. By staying informed and taking action now to protect our privacy, we can protect our right before we realize that it is gone so that the future will be safer and private.
Baer, Walter S. "Technology's Challenges to the First Amendment." Telecommunications Policy. v17, n1. Jan-Feb, 1993: 3-13.
Banisar, David. "Battle for Control of Encryption Technology." IEEE Software. v10, n4. July, 1993: 95-97.
Barlow, John Perry. "A Plain Text on Crypto Policy." Communications of the ACM. v36, n11. Nov. 1993: 21-26.
Bayse, William A. "To Tap or Not to Tap." Communications of the ACM. v36, n3. March 1993: 35
Bequai, August. Technocrimes. Lexington: D.C. Heath and Company, 1987.
Bier, William C. Privacy: A Vanishing Value? New York: Fordham University Press, 1980.
Branscomb, Lewis M. and Anne M. Branscomb. "To Tap or Not to Tap." Communications of the ACM. v36, n3. March 1993: 36-37.
Branscum, Deborah. "Ethics, E-Mail, and the Law." Macworld. v8, n3. March 1991: 63-83.
Brody, Herb. "Of Bytes and Rights." Technology Review. v95, n8. Nov./Dec. 1992: 23-29.
Canon, Maggie. "Yank the Clipper." MacUser. v10, n6. June 1994: 23.
Columbia Human Rights Law Review. Surveillance, Dataveillance, and Personal Freedoms: Use and Abuse of Information Technology. Fair Lawn: R.E. Burdick, Inc., 1973.
Denning, Dorothy E. "Wiretapping and Cryptography." IEEE Spectrum. v30, n3. March 1993: 16-17.
Ibid. "The Clipper Encryption System." American Scientist. v81, n4. July-Aug. 1993: 319-323.
Ibid. "To Tap or Not to Tap." Communications of the ACM. v36, n3. March 1993: 26-33.
Ibid. "Final Thoughts." Communications of the ACM. v36, n3. March 1993: 42-44.
Dutton, William H. "The Social Impact of Emerging Telephone Services." Telecommunication Policy. v16, n5. July 1992: 377-387.
Freedman, Warren. The Right of Privacy in the Computer Age. New York: Quorum Books, 1987.
Godwin, Mike. "To Tap or Not to Tap." Communications of the ACM. v36, n3. March 1993: 34-35.
Griswold v. Connecticut, 381 US 479.
Hixson, Richard F. Privacy in a Public Society: Human Rights in Conflict. New York: Oxford University Press, 1987.
Hoffman, Lance J. Security and Privacy in Computer Systems. Los Angeles: Melville Publishing Company, 1973.
Katz v. United States, 389 US 347.
Kleiner, Kurt. "Cracking into the World of Whispers." New Scientist. v139, n1891. Sept. 18, 1993: 14-15.
Levin, Carol. "Digital Privacy: Who Has the Right to Read Your Data?" PC Magazine. v12, n20. Nov. 23, 1993: 29.
Linowes, David F. Privacy in America: Is Your Private Life in the Public Eyes? Chicago: University of Illinois Press, 1989.
Long, Edward V. The Intruders: The Invasion of Privacy by Government and Industry. New York: Frederick A. Praeger, 1966.
MacNeil, Heather. Without Consent: The Ethics of Disclosing Personal Information in Public Archives. Metuchen: The Scarecrow Press, Inc., 1992.
Malloy, Rich. "Technology Is Not the Problem." Byte. v16, n11. Oct 15, 1991: 40.
Marx, Gary T. "To Tap or Not to Tap." Communications of the ACM. v36, n3. March, 1993: 41.
Miller, Arthur R. The Assault on Privacy: Computers, Data Banks, and Dossiers. Ann Arbor: The University of Michigan Press, 1971.
Niblett, G.B.F. "Digital Information and the Privacy Problem." OECD Informatics Studies. Organisation for Economic Co-operation and Development, 1971.
Olmstead v. United States, 277 US 438.
Pennock, J. Roland, and John W. Chapman. Privacy. New York: Atherton Press, 1971.
Petrocelli, William. Low Profile: How to Avoid the Privacy Invaders. New York: McGraw-Hill Book Company, 1981.
Rabel, Timothy R. "Who's Listening in on Your Portable phone?" IEEE Software. v9, n2. March 1992: 89-91.
Rivest, Ronald L. "To Tap or Not to Tap." Communications of the ACM. v36, n3. March, 1993: 39-40.
Roberson v. Rochester Folding Box Company, 171 N.Y. 538.
Roe v. Wade, 410 US 113.
Rotenberg, Marc. "Communications Privacy: Implications for Network Design." Communications of the ACM. v36, n8. August 1993: 61-68.
Rothfeder, Jeffrey. Privacy For Sale: How Computerization Has Made Everyone's Private Life an Open Secret. New York: Simon and Schuster, 1992.
Rubin, Michael Rogers. Private Rights, Public Wrongs: The Computer and Personal Privacy. Norwood: Alex Publishing Corporation, 1988.
Schoeman, Ferdinand David. Privacy and Social Freedom. Cambridge: University Press, 1992.
Sieghart, Paul. Privacy and Computers. Great Britain: The Hollen Street Press Ltd, 1976.
Smith, H. Jeff. Managing Privacy: Information Technology and Corporate America. Chapel Hill: The University of North Carolina Press, 1994.
Trubow, George B. "When Is Monitoring E-Mail Really Snooping?" IEEE Software. v9, n2. March 1992: 97-98.
Tuerkheimer, Frank M. "The Underpinnings of Privacy Protection." Communications of the ACM. v36, n8. August 1993: 69-73.
U.S. Congress, Office of Technology Assessment. Federal Government Information Technology: Electronic Record Systems and Individual Privacy. 1986.
U.S. Privacy Protection Study Commission. Personal Privacy in an Information Society. July 1977.
Ware, Willis H. "Emerging Privacy Issues" IFIP/SEC'85, Trinity College. Dublin, Ireland, August 13, 1985.
Wayner, Peter. "Should Encryption Be Regulated?" Byte. v18, n6. May 1993: 129-134.
Wildstrom, Stephen H. "Spy vs. Computer Nerd: The Fight Over Data Security." Business Week. n3339. Oct. 4, 1993: 43.
Young, John B. Privacy. New York: John Wiley and Sons, 1978.
To be contacted for a confidential consultation |
please E-mail: firstname.lastname@example.org
or send a letter via US Mail to: