|
PRIVACY Forum Archive Document
|
From: Marc Rotenberg <Marc_Rotenberg@washofc.cpsr.org>
Date: Tue, 28 Jul 1992 16:43:22 EDT
Subject: CPSR Testimony
"Proposed Privacy Guidelines for the NREN"
Statement of Marc Rotenberg,
Washington Director
Computer Professionals for Social Responsibility (CPSR)
Open Forum on Library and Information Service's Roles in the
National Research and Education Network (NREN)
National Commission on Libraries and
Information Science (NCLIS)
Washington, DC
July 21, 1992
Thank you for the opportunity to testify today before the National
Commission on Library and Information Science (NCLIS). My name is Marc
Rotenberg and I am the Director of the Washington Office of Computer
Professionals for Social Responsibility (CPSR). CPSR is a national
organization of professionals in the computing field.
I would like to speak with you about privacy protection and the
future of the NREN. This is item 6 identified in the NREN research agenda.
Richard Civille will speak with you next about CPSR's work to promote Local
Civic Networks.
During the past few years CPSR has coordinated several national
efforts to promote privacy protection for network communication. From
cryptography to Caller ID, we have sought to ensure that the rapid
developments in the communications infrastructure do not diminish the
privacy we all value. We believe that the future of network communications
depends largely on the ability to make certain that sufficient privacy
protection is available for all users of the network.
In this effort we have worked closely with the library community. It
became clear to us that library organizations have a special appreciation
for the importance of privacy protection. For many, privacy is the critical
safeguard that protects intellectual freedom and promotes the open exchange
of information. The American Library Association, the Association of
Research and other library organizations have all shown their support for
privacy protection through codes of conduct, policy statements, and research
conferences.
We have also worked closely with telecommunication policy makers in
the United States and around the world. The New York state Public Service
Commission issued a policy on telecommunication privacy which set out
several principles for network communications. These recommendations have
been followed in several states. More recently, the Minister of
Communications in Canada issued a series of principles on communications
policy. Meanwhile, the Commission of the European Communities has put
forward a draft directive on Data Protection in Telecommunications.
The European Commission made a critical point about future network
development. It said that "the effective protection of personal data and
privacy is developing into an essential precondition for social acceptance
of new digital networks and services." This view is shared by agencies in
other countries that have looked at the implications of advanced networking
services. For example, the Ministry of Posts and Telecommunications in
Japan recently concluded a study on the protection of personal data in the
telecommunications business and recommended a series of privacy guidelines
to accompany the introduction of new network services.
In the United States, however, we find ourselves in the midst of the
greatest privacy debate in a generation. In the absence of a coherent
federal policy to protect privacy, consumers have been left to fend for
themselves, and the response is not encouraging. From Pennsylvania to
California, telephone companies now face widespread and well-founded
consumer opposition to new telephone services. Part of the reason for this
is that there has been little effort in the United States at the federal
level to develop privacy principles for new network services.
CPSR would like to see an agency in the United States take on the
task of developing and promulgating privacy principles for network
services. We have already recommended the creation of a data protection
board which could, among other tasks, develop appropriate principles for
network communications. There is a proposal before Congress to establish
such an agency, but is unclear whether it will be enacted this year.
Meanwhile, the Federal Communications Commission (FCC) has been
unwilling to address the privacy implications of new network services. We
are also somewhat disappointed that neither the Computer Science and
Technology Board (CSTB) of the National Research Council or the Office of
Technology Assessment (OTA) has addressed privacy concerns for network
users. Both the CSTB and the OTA are well qualified to tackle this problem.
In the interim, NCLIS could take a leadership role, and help develop
and promulgate privacy principles for the emerging communications
infrastructure. It is clearly in the interest of the library and
information science community to ensure adequate privacy protection, but
unless some agency takes on this responsibility it appears unlikely that the
work will be undertaken.
CPSR believes that it is in the long-term interest of our country
and of computer users around the world to ensure protection for networked
communication.
The failure to develop such policy may impose very high costs on all
network users, and may ultimately reduce greatly the value of the network to
users.
Speaking academically, the absence of adequate protection for
electronic communication is a substantial gap in NREN policy that should
soon be addressed if the full potential of the infrastructure is to be
realized. Speaking practically, if we don't get some good policy soon, we
may all be buried in a blizzard of electronic junkmail the likes of which we
have never known.
I would like now to make three points about the current state of
privacy protection for NREN, and then propose a series of principles for
privacy protection. These principles may help "get the ball rolling" and
encourage the development of other initiatives. I hope that NCLIS will
recommend that the Office of Science and Technology Policy (OSTP) give these
principles full consideration.
FINDING 1:
Commercialization of the NREN will exacerbate existing privacy
problems.
Without a clear mechanism to protect privacy, user concerns will
increase. Much of the discussion surrounding the NREN today focuses on the
opportunity to develop commercial services and to provide network access for
private carriers. We do not oppose efforts to provide commercial services.
Clearly, there is an important opportunity to develop new services and to
offer products through the network. At the same time, it is apparent that
the commercialization of the NREN will create new pressures on privacy
protection.
In the current network environment, made up primarily of researchers
and scientists, there is little incentive or opportunity to gather personal
data, to compile lists, or to sell personal information. This is likely to
change. Once commercial transactions begin to take place on the net, the
information environment will resemble a hybrid of credit card and telephone
call transactions. Records of individual purchases will be available and
will possess commercial value. The NREN community will face a whole new set
of privacy issues.
We anticipate that there will be three different types of privacy
problems as the NREN continues to evolve. First, as commercial
organizations become users of the network, they will gather personal data,
and wish to sell lists. The address files for list servers could be sold,
and users may find themselves "subscribed" to lists they have no interest
in. These activities will raise traditional privacy concerns about the
restrictions on disclosure and secondary use, the opportunity for users to
obtain information held by others, and the need to minimize the collection
of personal information.
Second, efforts to promote competitiveness in the delivery of network
services may also lead to the disclosure of network data which will
compromise user privacy.
This problem is already apparent in the current rules for the
operation of the telephone network. The Federal Communication Commission
requires telephone companies to provide records of customer phone calls to
other companies so that competing companies may analyze calling patterns and
sell their services. Large companies objected to the disclosure of this
sensitive information. As a result the FCC required that telephone
companies obtain authorization before releasing these numbers. But this
restriction only applies to telephone customers with more than 20 lines.
The disclosure of Customer Proprietary Network Information (CPNI)
has already surprised many telephone customers who now receive calls from
companies with whom they have no prior relationship. These companies are
able to describe the customer's telephone calling habits in great detail.
Users of NREN services are also likely to object to the disclosure of network
information.
The third problem is that law enforcement agencies are likely to make
"greater demands" on communication service providers to turn over records of
electronic communications to the government and to provide assistance in the
execution of warrants. I say "greater demands" with some reservation since
the recent proposal from the Federal Bureau of Investigation to require that
all communications equipment in the United States be capable of wiretapping
seems about the greatest demand conceivable. Still, we should anticipate
that the government demands for access to the contents and records of NREN
communications are likely to increase.
FINDING 2:
Current privacy protections are inadequate.
Electronic communications are provided some protection against
unlawful interception by the Electronic Communications Privacy Act (ECPA) of
1986. This law extends the very important guarantees contained within the
1968 wiretap statute to digital communication and stored electronic mail.
But this protection now appears inadequate. As a general matter, the wiretap
law protects the contents of an electronic message against unlawful
disclosure; it does not protect the record of the transaction against
disclosure.
ECPA also does not appear to protect critical personal information,
such as a person's telephone number, from improper disclosure. For example,
the Calling Number Identification (CNID) service is probably a violation of
the wiretap statute and clearly a violation of the wiretap law of several
states. Nonetheless, the service has been offered over the objection of
consumer groups, technical experts, and legal scholars.
FINDING 3:
Technical safeguards provide only a partial solution.
There are some in the network community who believe that technology
will provide a solution to these emerging privacy problems. New techniques
in cryptography provide ways to protect the contents of an electronic message
and even to protect the identity of the message author. An article that
will appear next month in Scientific American titled "Achieving Electronic
Privacy" describes in more detail how it may be possible through technical
means to recapture some privacy.
CPSR has supported many efforts to improve technical means for
privacy protection. In fact, CPSR has been of the leading proponents of the
widespread us of cryptography to protect electronic communications. We have
opposed restrictions by both the National Security Agency and the Federal
Bureau of Investigation on the use of cryptography.
We have also supported the development of privacy-enhancing technologies,
such as telephone cards which are widely used in Europe and Japan, and
recommended that policy makers explore technical means to protect
information.
Nonetheless, we do not believe that technical safeguards will provide
sufficient protection for networked communications. Our right of privacy is
based on Constitutional principles and our national history, and reflects
our commitment to certain political ideals. The protection of privacy is
ultimately a policy decision that must be resolved through our political
institutions. Clearly, technology provides useful developments that we
should incorporate into future networks, but it would be a mistake to assume
that technology alone will provide sufficient protection.
This point was made two decades ago by former White House Science
Adviser Jerome Wiesner who also served as president of MIT. In testimony
before Congress on the privacy implications of databanks, Professor Wiesner
said:
"There are those who hope new technology can redress these invasions of
personal autonomy that information technology now makes possible, but I
don't share this hope. To be sure, it is possible and desirable to provide
technical safeguards against unauthorized access. It is even conceivable
that computers could be programmed to to have their memories fade with time
and to eliminate specific identity. Such safeguards are highly desirable,
but the basic safeguards cannot be provided by new inventions. They must be
provided by the legislative and legal systems of this country. We must face
the need to provide adequate guarantees for individual privacy."
We believe that the development of NREN privacy policy should be
conducted in this spirit: looking for opportunities to incorporate
technical safeguards while recognizing that the ultimate decisions are
policy-based.
PRIVACY GUIDELINES
Before discussing the proposed privacy principles, I would like to
say a few words about the desirability of developing these principles.
Privacy protection in electronic environments is a particularly complex
policy problem. There is legal jargon and technical jargon. There are rapid
changes. And there are certainly a wide range of opinions about how best to
achieve privacy, even about what privacy means.
Privacy principles have helped to clarify goals and to convey
objectives in non-technical terms. Well developed polices are "technology
neutral" and are adaptable as new technologies emerge. Professional
organizations have made widespread use of such principles for codes of
ethics and for public education.
There are a number of such polices in the privacy realm. Some of
these polices have been extremely influential in the development of public
policy, national law, and international agreements. For example, the Code
of Fair Information Practices was the basis for the Privacy Act of 1974, the
most extensive privacy law in the United States. The Code was developed by a
special task force created by the Secretary of Health, Education, and
Welfare in 1973. Other codes have formed the basis for data protection law
in Great Britain.
All of these codes seek to establish certain responsibilities for
organizations that collect personal information, and to create certain
rights for individuals.
In developing these telecommunication privacy guidelines, we examined
existing codes and particularly the principles developed by the Organization
for Economic and Cooperative Development (OECD) in 1981. We also
incorporated several additional principles that we believe are necessary to
protect personal information in communication environments.
Taken as a whole, the principles are intended to improve privacy
protection for network communications as the NREN continues to evolve.
RECOMMENDATION 1:
The confidentiality of electronic communications should
be protected.
The primary purpose of a communication network is to ensure that
information can travel between two points without alteration, interception,
or disclosure. A network that fails to achieve this goal will not serve as
a reliable conduit for information. Therefore the primary goal should be to
guarantee the confidentiality of electronic communications.
RECOMMENDATION 2:
Privacy considerations must be recognized explicitly in the
provision, use and regulation of telecommunication services.
The addition of new services to a communications infrastructure will
necessarily raise privacy concerns. Users should be fully informed about
the privacy implications of these services so that they are able to make
appropriate decisions about the use of services.
RECOMMENDATION 3:
The collection of personal data for telecommunication services
should be limited to the extent necessary to provide the service.
Users should not be required to disclose personal data which is not
necessary for the rendering of the service. In particular, the use of the
Social Security number should be avoided. In no instance, should it be used
as both an identifier and authenticator.
RECOMMENDATION 4:
Service providers should not disclose information without the explicit
consent of service users.
Service providers should be required to make known their data
collection practices to service users.
Service providers have a responsibility to inform users about the
collection of personal information and to protect the information against
unlawful disclosure. Personally identifiable information should not be
disclosed without the affirmative consent of the user.
RECOMMENDATION 5:
Users should not be required to pay for routine privacy protection.
Additional costs for privacy should only be imposed for extraordinary
protection. The premise of the federal wiretap statue is that all users of
the public network are entitled to the same degree of legal protection
against the unlawful disclosure of electronic communications. This
principle should be carried forward into the emerging network environment.
Segmented levels of privacy protection are also likely to introduce new
transaction costs and create inefficiencies. Where special charges are
imposed for privacy, it should be for "armored car" service.
RECOMMENDATION 6:
Service providers should be encouraged to explore technical means to
protect privacy.
Service providers should pursue technical means to protect privacy,
particularly where such means may improve the delivery of service and reduce
the risk of privacy loss.
RECOMMENDATION 7:
Appropriate security polices should be developed to protect network
communications.
Security is an element of privacy protection but it is not
synonymous with privacy protection. Appropriate security policies should
be put in place to protect privacy. However, it should be recognized that
some security measures may compromise privacy protection. Network
monitoring, for example, or the collection of detailed audit trail
information will raise substantial privacy concerns. Therefore, security
policies should be designed to serve the larger goal of privacy protection.
RECOMMENDATION 8:
A mechanism should be established to ensure the observance of these
principles.
Good principles without appropriate oversight and enforcement are
insufficient to protect privacy. This has been the experience of the United
States with the Privacy Act of 1974 and of the European countries with the
OECD principles of 1981. In both instances, fine principles lacked
sufficient oversight and enforcement mechanisms.
Additional principles may be appropriate and these principles may
well need modification. But we hope that they will provide a good starting
point for a discussion on communications privacy for the NREN.
[Attachments: "Protecting Privacy," Communications of the ACM, April 1992;
"Communications Privacy: Implications for Network Design," Proceedings of
INET '92, Kobe, Japan)]
Radio, Television, and Press Contact Information
Copyright © 2005 Vortex Technology. All Rights Reserved.