Computerized Governmental Database Systems Containing Persona

ABSTRACT

Computerized Governmental Database Systems

Containing Personal Information

And

The Right to Privacy

by

Lewis William Oleinick, M.P.Af.

The University of Texas at Austin, 1993

SUPERVISORS: Chandler Stolp and Philip Doty

This report identifies and examines the potential threats to

individual privacy created by the collection, aggregation, and

dissemination of personal information by governmental agencies and the

role computer systems play in potentiating such threats.Computer

matching, computer profiling, the national criminal justice database,

and portfolio creation via data aggregation of personal information

are the governmental activities stipulated to be potentially

threatening to personal privacy.These four activities are forms of

"dataveillance."Dataveillance poses dangers to the security of civil

liberties in a free society.

To carry on an intelligible discussion about privacy and how the

collection, aggregation, and dissemination of personal information by

governmental agencies may threaten individual privacy it is necessary

to first define privacy and personal information.Independence,

autonomy, dignity, and respect create a conceptual framework upon

which privacy may be defined.

Privacy is a culturally defined norm.As such a discussion of

the American cultural tradition of privacy is necessary to understand

both how Americans have defined privacy over time and the roles

privacy has played in American society in 1) "starting over," 2) in

interpersonal relationships, and 3) in maintaining the "balance of

power" with the State.Privacy is held to be as important as the

unalienable rights of "life, liberty, and the pursuit of happiness" by

the majority of the American public.Americans have become more and

more concerned with their privacy as intrusive technologies have

evolved.Many Americans fear that computers allow the U.S. Government

too much power over the average citizen.

Privacy has been protected in the United States by

precedents set in court cases, by legislation and by executive act.

The breadth of cases pertaining to privacy precludes the examination

of all cases.Supreme Court cases provide a historical overview of

the evolution of the right to privacy as the questions presented to

the Court have become more complex with the introduction of new

technologies into the law enforcement process.

Congress has attempted to address the public's concerns of the

government's collection, aggregation, and dissemination of personal

information by passing legislation designed to protect individual

privacy.The four major pieces of legislation passed by Congress for

the protection of the citizen's right to privacy are the Freedom of

Information Act, the Privacy Act, the Computer Security Act of 1987,

and the Computer Matching and Privacy Protection Act of 1988.The

Office of Management and Budget has produced regulations designed to

enforce the intent of the legislation promulgated by Congress.These

regulations are contained in OMB Circular A-130 which details federal

information policy.

This report concludes by suggesting the need for the

implementation of a Privacy Protection Board at the national level.

Such a board would be based on the model suggested by David Flaherty.

The primary conclusion that should be drawn from this report is

that society as a whole must re-evaluate the existing paradigm of who

should be in control of personal information; i.e., should it be the

agency who collects it or should the power of control remain with the

individual about whom the information was collected.This report

suggests that a certain modicum of control over the disclosure of

personal information should revert to the individual about whom the

information was collected.

==================================================================

TABLE OF CONTENTS

Chapter 1. Introduction. . . . . . . . . . . . . . . . . . . . .1

Description of Problem. . . . . . . . . . . . . . . . . . .1

Governmental Activities of Interest . . . . . . . . . . . .2

Reasons for Concern . . . . . . . . . . . . . . . . . . . .3

Bringing the Concerns to a Personal Level . . . . . . . . .3

Justification for Focusing on

Governmental Activities . . . . . . . . . . . . . . . . . .4

Recapitulation of Topic and

Statement of Position . . . . . . . . . . . . . . . . . . .5

Explanation for the Ordering

of the Presentation of Material . . . . . . . . . . . . . .5

Ordering of Presentation of Materials . . . . . . . . . . .6

Chapter 2. Governmental Dataveillance. . . . . . . . . . . . . .7

Introduction. . . . . . . . . . . . . . . . . . . . . . . .7

Defining Surveillance and Dataveillance . . . . . . . . . .7

Forms of Governmental Dataveillance . . . . . . . . . . . .8

Transition from Personal Surveillance

to Mass Dataveillance . . . . . . . . . . . . . . . . . . 13

Dangers of Personal and Mass

Dataveillance . . . . . . . . . . . . . . . . . . . . . . 14

Chapter 3. Privacy and Personal Information: The Relationship

Explored . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Introduction. . . . . . . . . . . . . . . . . . . . . . . 19

Terms necessary for the definition

of privacy. . . . . . . . . . . . . . . . . . . . . . . . 19

Definition of Personal Information. . . . . . . . . . . . 23

Definition of Privacy . . . . . . . . . . . . . . . . . . 24

Difficulties with Defining Privacy. . . . . . . . . . . . 25

Chapter 4. The Cultural Tradition of Privacy in American Society27

Introduction. . . . . . . . . . . . . . . . . . . . . . . 27

Public Opinions on Privacy. . . . . . . . . . . . . . . . 27

Privacy's Role in "Starting Over" --

A Cultural Basis. . . . . . . . . . . . . . . . . . . . . 34

The Role of Privacy of Personal

Information in Interpersonal

Relationships . . . . . . . . . . . . . . . . . . . . . . 40

The State and the "Balance of

Power". . . . . . . . . . . . . . . . . . . . . . . . . . 45

Chapter 5. A Brief Legal History of the Right to Privacy: A

Survey of Selected Supreme Court Cases . . . . . . . . . . . . 49

Introduction. . . . . . . . . . . . . . . . . . . . . . . 49

Reasons for Choosing the Ten Cases. . . . . . . . . . . . 50

Analysis of Cases . . . . . . . . . . . . . . . . . . . . 51

Mapp v. Ohio . . . . . . . . . . . . . . . . . . . . 52

Griswold v. State of

Connecticut. . . . . . . . . . . . . . . . . . . . . 53

Katz v. United States. . . . . . . . . . . . . . . . 55

Stanley v. State of

Georgia. . . . . . . . . . . . . . . . . . . . . . . 57

Eisenstadt v. Baird. . . . . . . . . . . . . . . . . 59

Roe v. Wade. . . . . . . . . . . . . . . . . . . . . 60

United States v. Miller. . . . . . . . . . . . . . . 62

Whalen v. Roe. . . . . . . . . . . . . . . . . . . . 64

Bowers v. Hardwick . . . . . . . . . . . . . . . . . 66

United States Department

of Justice v. Reporters

Committee for Freedom of

the Press. . . . . . . . . . . . . . . . . . . . . . 67

Summation of Cases and Problems with

Judicial Activism . . . . . . . . . . . . . . . . . . . . 70

Chapter 6. Legislative and Executive Action to Protect the

Privacy of Personal Information. . . . . . . . . . . . . . . . 73

Introduction. . . . . . . . . . . . . . . . . . . . . . . 73

The Freedom of Information Act. . . . . . . . . . . . . . 74

The Privacy Act . . . . . . . . . . . . . . . . . . . . . 76

Criminal Justice Information Control

and Protection of Privacy Act of 1974 . . . . . . . . . . 82

The Computer Security Act of 1987 . . . . . . . . . . . . 83

The Computer Matching and Privacy

Protection Act of 1988. . . . . . . . . . . . . . . . . . 85

OMB Circular A-130. . . . . . . . . . . . . . . . . . . . 88

Chapter Summary . . . . . . . . . . . . . . . . . . . . . 91

Chapter 7. Conclusion and Suggestions for Additional Legislation93

Introduction. . . . . . . . . . . . . . . . . . . . . . . 93

Recapitulation of Major Themes. . . . . . . . . . . . . . 93

Policy and Advancing Technology . . . . . . . . . . . . . 98

Government Responsibilities . . . . . . . . . . . . . . . 99

Suggestions for Additional Legislation. . . . . . . . . .101

Conclusion. . . . . . . . . . . . . . . . . . . . . . . .102

=========================================================================

Received: (from NIUCS forvia BSMTP)

Received: (from A01MLRV@NIUCS for MAILER@NIU via NJE)

(UCLA/Mail V1.410 M-RSCS8672-8672-846); Tue, 21 Sep 93 16:14:40 CDT

Received: from NIUCS by NIUCS (Mailer R2.10 ptf000) with BSMTP id 6874; Tue, 21

Sep 93 16:14:19 CST

Received: from mp.cs.niu.edu by vm.cso.niu.edu (IBM VM SMTP V2R2) with TCP;

Tue, 21 Sep 93 16:14:15 CST

Received: by mp.cs.niu.edu id AA16156

(5.67a/IDA-1.5 for tk0jut1@niu.bitnet); Tue, 21 Sep 1993 16:14:03 -0500

Date: Tue, 21 Sep 1993 16:14:03 -0500

From: jim thomas

Message-Id:

To: tk0jut1

Last updated: 16-Sep-93 by John Labovitz

This is a summary of electronically-accessible zines.The format should

be fairly self-explanatory.In most cases, descriptions are excerpted from

the masthead of the zine listed.

RECENT CHANGES TO THIS LIST

* Expanded this intro

* The Amateur Computerist: new zine (still need description)

* Arm The Spirit: added gopher site

* Armadillo Culture: added gopher site

* Athene: new zine (although now defunct)

* Blink: added gopher site

* CORE: new zine

* Cousins: new zine

* CTHEORY: added FTP