Privacy Rights
and
Networked Computer
Systems
English 112H
Section 145
Dr. Unsworth
February 15, 1993
In order for any government to properly serve its
citizens, the laws binding that government and the stated and
implied rights of the citizens must be documented. Without such
documentation, the people cannot abide by those laws nor remain
confident that their rights will be protected. Hence, in
American society, the Constitution defines the government and
reserves the rights of its citizens in the Bill of Rights and
other amendments. However, upon close examination of the U.S.
Constitution one will find that one of the most precious rights
of the American people, privacy rights, has never been
explicitly defined. Numerous legislative attempts to preserve
the rights of privacy have been somewhat effective in their specific
immediate aims; however, with increasing advancements in
computer technology, networked databases, and information
processing, it is imperative that a federal policy dictating
users' privacy rights and the regulation of those privacy rights
in regard to networked computer systems be enacted.
In the past thirty years information processing has
leaped into new dimensions due to the advent of computer
technology, and during that time Congress has worked to maintain
the privacy rights of the American people while allowing new
informational databases to revolutionize the methods of
determining an applicant's eligibility for credit, insurance,
and even employment. Acts such as the Freedom of Information Act
(1966), the Fair Credit Reporting Act (1970), the Privacy Act
(1974), and others have been passed in an attempt to maintain
the delicate balance between the privacy rights of citizens and
the freedom of information, but all of these neglect to address
the new issues of the 1990's and beyond regarding computer networks:
What will be the determining criteria as to what is considered
private in a system user's personal directories and what will
ensure that that which is deemed private remains so?
Questions such as these must be addressed immediately.
Until these questions are resolved, users will with good reason
be cautious in their actions while connected to a network; this
caution impedes research and diminishes the network's potential.
Just as ordinary American citizens deserve full knowledge of
their rights, users of networked computer systems are justified
in their right to know what privacy rights they possess or
forfeit as a result of their utilization of the tools on the
network. Clearly, this issue must be addressed by both federal
policy and legislation encompassing both public and private
networks, and the rights of the users and the overseers of the
system must be defined by law rather than allowing these issues
to be resolved by the courts.
This paper will attempt to relate the history and
various Supreme Court rulings on privacy rights, establish the
constitutional existence of privacy rights, examine the
existing educational policy, discuss various methods of
adjudicating privacy rights, state an argument supporting the
right to anonymity on computer networks, list the types of users
of networks, their needs and the benefits of their use, define
the need for the classification of abuses of privacy rights on
the networks, and finally, take a look at the economic
ramifications and feasibility of writing and implementing
legislation on privacy rights and the computer networks.
Before dealing with the subject of privacy rights issues
involving computer networking, a common ground should be
established on which new policy and legislation regarding this
pervasive technology can be founded. First, the implications of
the term "rights" should be treated. Philosophers have regarded
rights as having different meanings and properties. One such
contrast in meanings consists of the belief that a right is a
one-sided liberty versus the idea that the right is a two-sided
protected liberty. The crux of this argument is whether a right
is only the freedom of an individual to do something (the
"one-sided" view) or that it is that freedom combined with a
moral restriction on other people not to prevent a person from
exercising that freedom (such rights are also known as
"protected rights" because of this restriction). Another
important distinction to consider when discussing rights is the
difference between positive and negative rights. Negative
rights involve the prevention of other people inflicting some
harm on the person holding the right, whereas positive rights
require some action on the parts of others. Considering the
"right to life," for example, in light of these arguments, the
vital connotations of how we define rights become clear. The
"one-sided liberty" argument would hold that a human being may
defend his life, but the "two-sided" argument would hold that a
human being has the right not only to defend his life, but to
not have it taken by anyone. Thus, one person's right
constrains another's actions. This argument has considerable
importance regarding the wording and the scope of the law and
of policy. The negative right "not to have one's life taken" is
similar to the two-sided argument, and requires no action on the
part of society. The positive right "to have one's life
preserved," however, puts considerable requirements on society,
and has implications, such as a right to unconditional medical
care in life-and-death circumstances, that may or may not be
desirable and/or feasible. These implications should be
considered in the construction of any policy or legislation
concerning rights.
The arguments involving privacy do not seem to fall into
such neat categories as those regarding rights. Privacy itself
had not been an important issue until the Industrial Era placed
humans in much closer contact. During the late nineteenth
century, the exploitation of people's private affairs by
reporters in an attempt to sell more newspapers brought
embarrassment to a number of Americans; this practice known as
Yellow Journalism raised an outcry calling for the right to
privacy to be recognized as a genuinely important human right.
Since relatively few laws existed at the time to deal with
disputes over privacy rights, problems were handled on a
case-by-case basis. At present, privacy rights cases are still
generally decided depending on the specifics of the case, with
Supreme Court rulings and some statutes in some states to act as
a more defined structure.
Privacy rights cannot be properly administered without
some insight into the actual cases that can arise. The following
two examples (both were taken from Freedman, Warren, The Right
of Privacy in the Computer Age) demonstrate the scope of cases
involving privacy and how decisions definitely depend on the
specific circumstances of each case:
In Dietemann v. Time, Inc. (449 F2d 245, 9th Cir, 1971)
the main issue was eavesdropping. The defendant, Time magazine,
was investigating medical quackery, and two undercover reporters
sought to record examples of quackery as the plaintiff,
Dietemann, administered it. One reporter posed as a patient
seeking Dietemann's treatment while the other photographed
Dietemann's home and recorded his conversations with his
"client" without Dietemann's knowledge or consent. The Ninth
U.S. Court of Appeals held with the plaintiff, stating: "Plaintiff's
den was a sphere from which he could reasonably expect to
exclude eavesdropping newsmen. He invited two of the defendant's
employees to the den. One who invites another to his home or
office takes a risk...that the visitor may repeat all he hears
and observes when he leaves. But he does not and should not be
required to take the risk that what is heard and seen will be
transmitted by photograph or recording, or in our modern world,
in full living color and hi-fi to the public at large or to any
segment of it that the visitor may select." (Freedman, 12) This
ruling has real merit in networking policy, considering that
nearly all information is automatically "transmitted and
recorded," and yet an account might be considered as private a
place as a person's den. It should be noted that this ruling
occurred in the absence of any existing statutes governing such
rights to privacy. The next example jumps across the scope to
"legal" violation of privacy. Two cases of the Alaska Supreme
Court, State v. Ravin (537 P2d 498, 1972) and State v. Erickson
(574 P2d 1, 1978), involved possession of illegal drugs in the
homes of the defendants (the drugs were marijuana and cocaine,
respectively). In the Ravin case, the court found for the
defendant, noting that marijuana was the only controlled
substance that could be legally possessed in the home. In the
Erickson case, the court found for the plaintiff, basing the
distinction on the fact that the effects of cocaine in the home,
even in small amounts, could present a significant danger to
society (Freedman, 7-8). One important idea to note is that
danger to society was considered important enough to override
the right to privacy of an individual. This idea could become
extremely important in policy and legislative decisions
involving computer networking.
Legislation involving privacy rights related to computer
networks must be able to stand in the court of law, therefore,
it is necessary to be certain that the legislation expands upon
former court decisions. The Supreme Court of the United States
has examined the right to privacy in it rulings on many cases.
In the case of Katz v. United States (1967), which concerned the
electronic surveillance of telephone conversations, the Court
defined the right to privacy as "...the right to be let alone by
other people" (United States Supreme Court Reports 19 L. Ed. 2d
578). In reference to trade secrets, in the case of Kewanee Oil
Company v. Bicron Corporation (1974), the court described the
right of privacy as "a most fundamental human right." (40 L. Ed.
2d 319). The right to privacy has been recognized by the Supreme
Court as a distinct constitutional right, and has been
supported by acts of Congress, including the Privacy Act of 1974
and the Freedom of Information Act, passed in 1966.
Although the right to privacy is not specifically stated
in the Federal Constitution, its constitutionality has been
derived by the Supreme Court from several specific
constitutional provisions. These include the First Amendment's
guaranty of free speech and press and of freedom of association,
the Third Amendment's prohibition of peacetime quartering of
soldiers in any house without the consent of the owner, the
Fourth Amendment's prohibition of unwarranted searches and
seizures, and the Fifth Amendment's privilege against
self-incrimination (43 L. Ed. 2d 876). In the case of Harris v.
United States (1947), a case which concerned the admissibility
of evidence in a criminal prosecution, the Supreme Court stated
that "The rights of privacy and personal security protected by
the Fourth Amendment are of the essence of constitutional
liberty, and the guarantee of them is as important and as
imperative as are the guarantees of other fundamental rights of
the individual citizen" (91 Law Ed. 1399). The Court recognizes
that in some cases the right to privacy may conflict with other
constitutional rights, such as the rights guaranteed by the
First Amendment. An example is the case of Erznoznik v. City of
Jacksonville (1974), in which the manager of a drive-in theater
challenged a Jacksonville, Florida ordinance that prohibits
showing films containing nudity when the screen is visible from
a public street or place. The manager claimed that the
ordinance violated his First Amendment rights. The purpose of
the ordinance, however, was to protect the privacy rights of
people in viewing distance of the film screen who were
unwillingly exposed to the films. The Supreme Court reversed the
ordinance, stressing that in such cases of conflicting values,
"each case ultimately must depend on its own specific
facts."(40 L. Ed. 2d 125, 136).
The Privacy Act of 1974 and the Freedom of Information
Act, passed in 1966, protect the individual right to privacy in
certain situations. Passed as a result of the impact of computer
databanks on individual privacy, the Privacy Act generally
states that "No agency shall disclose any record which is
contained in a system of records...except pursuant to a written
request by, or with the prior written consent of, the
individual to whom the record pertains." (Official Reports of
The Supreme Court (489 U.S. Part 3 766). However, the Freedom
of Information Act supports the disclosure of governmental
records. The act requires every agency "upon any request for
records which...reasonably describes such records" to make such
records "promptly available to any person" (489 U.S. Part 3
755). Nine categories of documents were exempted by Congress
from the broad disclosure requirements of this act in order to
protect against the unwarranted invasion of personal privacy.
In the case of United States Department of Justice v. Reporters
Committee for Freedom of the Press, a CBS news correspondent and
the Reporters Committee for Freedom of the Press sought, under
the terms of the Freedom of Information Act, to obtain criminal
identification records, or "rap sheets", from the Federal Bureau
of Investigations, claiming that the rap sheet concerning
Charles Medico contained matters of public record. The Supreme
Court ruled that "...a third party's request for law enforcement
records or information about a private citizen can reasonably
be expected to invade that citizen's privacy, and that when the
request seeks no 'official information' about a Government
agency, but merely records that the Government happens to be
storing, the invasion of privacy is `unwarranted'" (489 U.S.
Part 3 780).
The Supreme Court considers several groups of people
exempt from the basic right to individual privacy. These
include people in public places, such as public streets
(Erznoznik v. City of Jacksonville,1974), in a courthouse
corridor (Cohen v. California, 1971), on public conveyances
(Public Utilities Company v. Pollak, 1952), in theaters (Paris
Adult Theater I v. Slaton, 1973), or prisoners in jail (Lanza
v. New York, 1962) (43 L. Ed. 2d 876). Corporations and other
organizational entities do not benefit from the constitutional
right to privacy to the same extent as individuals do. Finally,
a witness before a grand jury has no right to privacy. He may
invoke his Fifth Amendment privilege against
self-incrimination, but may not refuse to answer a question in
an attempt to conceal embarrassing details regarding his
personal affairs.(43 L. Ed. 2d 876).
Clearly, the Supreme Court has established the right to
privacy as a fundamental right of a person, but how does this
determine what is private regarding computer networks? To
answer this question, one must first examine what is contained
in a network and who this information benefits.
One of the most significant benefits of a computer
network is the network's capability of storing and moving
quickly large volumes of information. But who actually
benefits? In some ways, the compiling of a large database on a
group of people benefits government and corporate record
keeping. But the use of data for a purpose other than that for
which it was obtained may violate the privacy rights of an
individual. In the cases Koppes v. City of Waterloo and
Davidson v. Dill people are arrested for trespassing and
loitering respectively, and their names subsequently placed in
a database for processing. After the people were acquitted, the
authorities wanted to keep their names in the database to
facilitate future law enforcement (Karasik, "A Normative
Analysis of Disclosure, Privacy, and Computers: The State
Cases", 1 Dec. 1990, 606). A related example is the use of
matching programs to find those people in a database who match a
particular profile. Obviously, one might fit the profile but
not be a drug dealer, criminal, or whatever else the program was
designed to match. Computer matching presumes a person's guilt
until they are proven innocent. However, under the Computer
Matching and Privacy Protection Act of 1988 the U. S. government
established an enlightened data-matching code of conduct. The
act seeks to limit the application of "routine uses" by
providing "for ministerial authorization, subject notification,
and oversight by the Privacy Commissioner" (Bennett, "Computers,
Personal Data, and Theories of Technology: Comparative
Approaches to Privacy Protection in the 1990's", Science,
technology, & human values, Wint 1991, 55).
Databases may sometimes be made of many computing
systems connected through networks. On some computing systems
there exist users with private or work accounts. In most cases
a user will pay for the privilege of owning an account on a
system. The renting of an account on a computer network
correlates directly to the renting of a place such as a locked
locker, a hotel room, or an apartment. Courts have determined
"that renters of such places ... have a reasonable expectation
of privacy protected under the Fourth Amendment." This right is
not jeopardized by the fact a "landlord possesses a key and has
maintained a limited right to enter the rental premises for
repair, inspection," etc. But in general, the landlord "may not
consent to a search of the rented premises," only the renter
(Hermann, "Search and Seizure Checklists " 1992, 1B). If the
computer account were located on an educational institution, a
search could be initiated based only on "the reasonableness,
under all circumstances, of the search." A search made by such
an institution need not be based on probable cause as stated in
the Fourth Amendment (Hermann 30D).
The users of computer accounts frequently send and
receive electronic mail. No current law covers e-mail
specifically, and it cannot be compared easily to paper
communications because of it's diverse nature, sometimes
incorporating large groups of people in conversation. The
Electronic Communications Privacy Act of 1986 protects the
unauthorized interception or disclosure of electronic
communications via cellular telephones, paging devices, and
satellite television. "Companies that disclose confidential
electronic communications are subject to criminal and civil
penalties for intentional interception or illegal disclosure or
access to stored data" (Benjamin, "Privacy, Computers, and
Personal information: Toward Equality and Equity in an
Information Age", 1 June 1991, 14). Computer networks are
entering into uncharted territory when it comes to the privacy
of the files contained in an individual's directory. The
computer replaced conventional methods of filing data in
cabinets for the same reason it changed other aspects of our
lives. The computer has allowed governments, and business firms
to compile much more data than was reasonable during the day of
the filing cabinet. As it has done so, the privacy rights of
individuals whose personal data has been stored have at times
been inadvertently violated (Karasik 627).
Since one of the greatest beneficiaries of the computer
network is the educational community, it is necessary to
acknowledge its views before any legislation related to privacy
rights can be drafted. The views held by America's educational
community on privacy policy have most definitely developed from
laws drafted and court rulings handed down in the 1970's. Two of
the most influential pieces of legislation were the Family
Educational Rights and Privacy Act of 1974 and the Hatch
Amendment of 1978. The two were created to treat students, their
families, and their records with consistency and fairness
(Marczely and O'Dell, p. 203). The Family Educational Rights and
Privacy Act, often referred to as the "Buckley amendment", was
mainly concerned with the handling of student records. The law
gives a student the right to see his or her educational
records, and it keeps the school from releasing a student's
records without the student's consent (Jaschik, p. A26). Prior
to the Buckley Amendment, access to student records was
controlled by state laws, state educational agency rules, or
local school board regulations. From state to state, access
policy varied greatly. Often schools collected information about
students and their families without their consent or knowledge,
and in some cases when consent was given, the information was
used for different purposes than the families were told
(Marczely and O'Dell, p. 203). The Buckley Amendment was passed
when concerns were raised that students could be affected
negatively if inaccurate information was included in their
records. The amendment gave students and their parents the
right to know the contents of their records and to decide to
whom the contents of the records would be released. Not long
after the Buckley Amendment the Hatch amendment extended the
privacy rights of the family by restricting the kinds of
personal student information that a school system could require
to be given (Marczely and O'Dell, p. 203).
More recently the extent of the Buckley Amendment has
been questioned. College and university crime has become a major
concern of the media, and the decision of whether or not to
release requested campus crime reports to the media has become a
very difficult one. The Education Department has been pushing
institutions to adhere to the Buckley amendment while the media
is crying for the state open-records laws to be followed. The
educational community is stuck with the job of drawing the line
where the Buckley amendment can no longer protect student
criminal records. Another facet of privacy in education has been
the issue of evaluations pertaining to both students and
faculty. In either case, the desire has long been that the evaluator's
identity and remarks not be disclosed. The idea is that if the
evaluator knows that his or her identity will be revealed along
with their evaluation then their responses and comments will
not be as candid or truthful. For example, when a teacher is
considered for tenure, peers participate in evaluations. These
peers would be less candid or perhaps even refuse to participate
if they knew that their names and what they said were going to
be made accessible (Blum, p. A17).
In addition to accounting for the views of the
educational community, new legislation must also outline methods
of adjudicating privacy rights on the network. In recent years,
the number of cases of privacy invasion has grown considerably
larger. Currently, the first step in such a case is to
determine what information ,if any, that was released led to the
claim of privacy rights violation. The second step is to rank
the harm that resulted. This harm is ranked according to a
normative graduation of wrong. On the low end of this scale is
"hurt," where the automated database obstructs one's achievement
of his or her interests or goals but still allows for the
attainment of these goals although in a more difficult manner.
An example of this is the case of Kestenbaum v. Michigan State
University. In this case Kestenbaum, a political candidate,
requested the University's student directory database with
which he would extend his electoral mail campaign. The court
denied his request ruling that this would lead to the potential
intrusion into a person's home with bothersome phone calls and
the receiving of junk mail. In the middle of the spectrum is
"harm." This occurs when the computerized information causes
one's goals to no longer be achieved. An example of this would
be the case of Doe v. Axelrod in which the New York Health
Department wanted to create a database composed of the personal
data records of all patients who use prescription drugs for
mental health treatment. If this had been allowed, it would have
led to the patients feeling socially and emotionally ostracized.
On the far end of the scale is the situation where the
collection, storage, and use of data violates our moral norms.
An example of this type would be the case of the Industrial
Foundation of the South v. Texas Accident Board. In this case
the Foundation wanted access to the Texas Accident Board's
workers' compensation database, which includes various data
about the workers' compensation claimant, including their name,
injury, employer, as well as other data. The Accident Board
feared that if the information was released, the claimants would
suffer discrimination from prospective employers. Each case has
it own set of facts which determines a unique end result.
Sometimes the disclosure value will outweigh that of the privacy
value while at other times the privacy value will outweigh that
of the disclosure value. While this method of adjudicating
conflicts of disclosure and privacy may lack certainty, it
allows for society to be flexible as its needs change through
time (Ibid, p.620). The laws regarding privacy invasions may not
be changing quite as fast as computer technology is, and the
existing laws are often ambiguous and understood by only a few.
"The ready accessibility of personal computers, telephones,
modems and dial-up services has created a vast and, some say,
legally ambiguous electronic landscape that is rapidly shaping
up as the next proving ground for personal and legal freedoms"
(Daly, James, "Group tries taming 'electronic frontier'",
Computerworld, March 25, 1991, v25, n12, p.77). A judge may toss
out a case because under existing laws the perpetrator has not
committed a crime or a jury, not understanding the the nature of
the crime and the technology itself may acquit the offender
(Alexander, Michael, "Not so fast, please", Computerworld,
August 7,1989, v23, n32, p.37). To some people the information
that is transmitted through the computer is not regulated by
the traditional rules of law. Don Ingraham, an assistant
attorney in charge of the High Tech Crime Team in the Alameda
County District Attorney's Office in Oakland California put it
best when he said, "A whole lot of jurisdictional law is based
on borders, but the borders don't matter anymore."(Daly, James,
"Laying down the law", Computerworld, March 25,1991, v25, n12,
p.77).
A very pertinent issue in the realm of privacy rights as
they pertain to networking systems is the right to anonymity.
Remaining anonymous in computer systems is usually utilized to
protect the privacy or innocence of the submitter, but
oftentimes it can be used as a tool in such cases as group
problem-solving and critiquing.
In 1991, Jessup and Tansik conducted a study involving
decision-making in an automated environment. Their purpose was
to evaluate the effects of anonymity and proximity in teams
that were attempting to solve problems over computer
communication lines. Their discoveries were intriguing. They
found that anonymity aids in deindividuation, which, in turn,
causes the reaching of accord less likely. Their research also
showed that "users" prefer an anonymous system for delivering
"bad news." Systems that also use a policy of anonymity in
critiquing have helped make critics and observers submit
evaluations that are more candid (Jessup and Tansik,
"Decision-Making in an Automated Environment". Decision
Sciences. Spring 1991, 22, 2).
Although the uses of anonymity are almost limitless, the
application of anonymity is not always prudent. Since the U.S.
Constitution does not directly deal with the issue, laws and
policies concerning anonymity rights are hard to define and
enforce. For example, in 1991, a "lockbox" system that gave
income tax evaders anonymity was ended by the IRS because it was
"blurring the line of what [was] proper and what [was]
unacceptable" (Rosenblatt, Robert A. "IRS ends L.A. lockbox
system that once gave tax evaders anonymity." Los Angeles Times,
Jan 13, 1990, 109, pD6). On the other hand, anonymity has
basically been guaranteed by the media in cases where it
infringes upon individual rights. Some state that the media
"assumes a moral obligation when they assume to protect the
identity of a news source" (edit. "Protecting a Source." The
Washington Post, June 26, 1991, 114, pA18). In 1991, the Supreme
Court made a close ruling on a case involving the media and
anonymity rights, which, for the time being, required media
sources to hold steadfast to pledges to sources who wished to
remain anonymous. However, many people claim that individual
anonymity conflicts with the rights protected in the First
Amendment.
Whether or not this issue will ever be resolved, it
remains imperative to constantly update laws pertaining to the
matter. Networking systems are more than likely to present new
questions and cause new conflicts regarding anonymity to arise.
Therefore, all participants, programmers, and policy-makers need
to be aware of the validity and repercussions of applying
anonymity. This includes not only current laws and policies, but
also uses, benefits, and ethics.
In today's world of computer technology, the issue of
privacy rights in network communications affects users of
commercial and corporate, personal and private, public, and
educational computer systems. Computer networks allow large
information systems to be accessed from any linked computer
terminal and information to be shared easily, quickly, and
readily throughout the system. For example, information
concerning medical technology can be transferred quickly and
inexpensively to less medically advanced areas via computer
networking. Networks, the libraries of tomorrow, allow detailed,
current, and accurate information to be made readily available.
In the commercial and corporate sector relations within
and outside the work place are enhanced by network
communication. Interaction among employees, employers, and outside
organizations is easier and allows more information to be
shared. For example, employers can monitor an employee's work
habits from his/her own office through networked systems. Large
corporations, such as airports, greatly benefit from network
communication allowing more efficient data processing to take
place. In the personal and private sector networks give small
PCs greater power than they would have on their own. Large
information systems can be accessed, many job responsibilities
can be carried out, and small businesses can be run all from the
sanctity of one's own home. In the public sector networks give
the "average Joe" access to information concerning anything from
governmental issues to trafficking reports. This provides for
more informed and aware citizens who can form fact-based
opinions on the current issues and will take this new knowledge
to the polls. In the education sector, computers aid in the
learning process. Already libraries, theaters, and
administrative offices are connected throughout schools.
Programs such as the Internet provide the information of the
library at students' fingertips.
A strong network privacy rights policy will define how
access is granted and information is spread by and for all users
of all systems, be they men or women, black or white, children
or adults, employees or students.
Great advances in the technology of computers within the
personal and private sector have led to much more use of the
computer in the everyday world. Today's user no longer has to
be a professional; the computer has established itself as an
user-friendly instrument that is created for the amateur. As a
result, the computer has become a widely used tool for the home
user. Everyday the computer is operated by the scientist to
store possible theories, the politician to keep a private
journal, and the neighborhood kid to write a English paper. In
addition, the computer can be used to store personal data such
as a family budget, income status, and legal documents.
Furthermore, technology has enabled the home user to gain
access to systems that store pertinent information about
individuals. The accessibility of the latter information
violates the individuals privacy rights. Privacy advocates such
as Computer Professionals for Social Responsibility (CPSR) are
now demanding that a comprehensive scheme of privacy protection
be developed. An example of victory for privacy advocates came
in the personal computer sector when Lotus Development
Corporation retracted a piece of software called Lotus
MarketPlace: Households. The package contained names, addresses,
estimated incomes, consumer preferences, and other personal
details of 120 million Americans. The software was designed to
be an inexpensive program that was available for the personal
computer user to be utilized at one's discretion. Even with the
death of MarketPlace, companies still continue to assemble
records for those willing to pay for the personal affairs and
accounts of the everyday person.
Controversy over privacy rights has resulted in a call
for the establishment of coherent policies to prevent potential
widespread abuse and misuse of personal information. Today, the
advances in the computer world offer the personal user the
abilities to exchange information and ideas, yet leaves the
user with the insecurity that his/her moves are being tracked.
Just as there has been increased use of computer
networks in the private sector in the last decade, so it is in
the public sector. With the proliferation of computers and
computer networks, we are in the midst of an astronomical
information explosion. The information age is upon us and with
advanced technology the possibilities for communication and
information trafficking are becoming endless.
Japan has for some time been revising its communication
infrastructure in order to create a massive public network
(Keyworth, George A. II. "Forget industrial policy: Give us
public data transport." Computerworld 9 March 1992. 33.) A
network open to the general public would enable a data highway
to be formed. Even more than just a mere data highway, in time,
a public network would become an infinite system of roads,
streets, boulevards, et cetera, all branching off of the main
highway. Such a network would be accessible to anyone in the
general public with a computer (Gore, Al. "Infrastructure for
the Global Village." September 1991. 150).
Through this extensive public network it would be
possible to pull up entire libraries of information right in
one's own living room. Scientists engaged in important research
would be able to confer with other specialists across the globe
without ever leaving their laboratories. Therefore, this public
network would always contain the most current materials on any
given topic making them easily accessible to all interested
parties. In the business world, multi-million-dollar
transactions, on an even larger scale than now possible, between
parties on different continents could be carried out without
either party ever having to set foot off of his native soil
(Gore 152).
On a more local level, one more beneficial to the
general public, it could allow Average Joe to become more
involved in government decisions that concern him. Through
discussions and information available on the network, people
could become more informed on current issues. "Town meetings"
might even become possible on the network. News casts could be
run through the net, as well as some forms of entertainment. It
could enable common people from around the world to carry on
everyday conversations as if they were sitting down, face to
face, talking to one another (Gore 153).
A public information network would indeed prove
extremely valuable to all who would use it. However, there are
some drawbacks. The question of privacy on the network is one of
pressing importance. If a public network were to be implemented,
substantial legislation would be required to assure each
individual user's privacy. To ensure this privacy, copyright and
patent laws would need to be set for written property on the
network, where written property is defined as the documentation
of one's original thoughts, ideas, and theories on the network
for which they should receive full credit and ownership. In
addition, access to certain areas should be restricted in order
to keep valued information confidential. A password, like those
used today, could permit entry into these restricted areas. Such
a password could be obtained from the owner of the data with
valid reasons as to the need for the information. This could
allow an individual to limit the viewing of his or her data to a
group of select individuals. These steps could be required as a
safe-guard of one's personal right to privacy, and not as a
means of denying someone else of their right to freedom of
information.
As a means of providing equal access to information and
at the same time maintaining privacy rights, this paper
proposes that all researchers on computer networks be granted
equal access to other works and data. Afterall one of the major
purposes of the network is to enhance research and learning.
This is evidenced by the large number of universities and
higher institutes of learning that are on the network. In order
to guide information seekers on the network a research related
policy needs to be implemented for the network based on the
following guidelines: 1) Researchers will not be allowed to
gather data on an individual to the point where a breach is
made on that individual's privacy rights. 2) Research is to be
promoted by allowing network users access to all relevant and
beneficial files. 3) An individual has the right to restrict
access to his or her own files. 4) It will be recommended, but
not required, that individuals possessing data beneficial to
the research of others allow unrestricted access to it.
Afterall, allowing access to data and experimental results is a
fundamental element of research guidelines. Legislation
documenting these guidelines can impose penalties which will be
enforced for violating access eligibility. Through legislation
following these guidelines it may be possible to maintain a
balance between privacy rights and researching on computer
networks.
This new legislation will need to be backboned by strong
penalties for offenses as defined by the legislation; it is
imperative that lawmakers distinguish between the classes of offenses
and determine the penalties for each class.
It is a fact that the computer networking systems cannot
ensure full privacy to its users; users' privacy rights will be
violated--sometimes by criminals, other times by law enforcement
agencies. As this new information technology grows and develops,
the government must find ways to ensure the users the maximum
amount of privacy possible. Since the systems are so public and
have such large capabilities to aid in crime, the government
must intervene with new types of legislation aimed at
efficiently regulating this new technology to provide privacy.
The goal of this governmental regulation should be to maximize
the privacy rights of the system's users. After viewing
different examples of crimes committed through the systems, it
becomes obvious that there are, indeed, degrees of abuse.
Therefore, the crimes require different and separate
enforcement and penalties. As the government works out
networking policies or laws, concerning the privacy rights of
the users', it is apparent that different classes of abuse need
to be defined and penalized accordingly. The following examples
of abuse on the computer networks and the abuse of the users'
rights that are associated with crimes on the network support
the idea of governmental regulation. In effect, these examples
will show that the government is going to be forced into
considering classifications for the different degrees of abuse
on the network so that it can determine what legislation is
relevant and applicable to this developing technology. Thus,
considering the classes of abuse allows the government to
maximize everyone's privacy rights while maintaining relative
control.
If extremes of abuse on networking systems can be
demonstrated to exist, then the
government must identify the distinct classes. For example,
consider that a group of people are corresponding to each other
via a "computer bulletin board" about any common topic such as
bonsai. Anyone that is interested in this subject is free to
join the group as long as they contribute to the topic of
bonsai. Assume addresses of group members are also posted in
this bulletin board for some reason that the group designates.
Now consider that some businessperson in the pottery business
taps into the bulletin board and takes the posted addresses of
each of the members. Then the businessperson begins to send junk
mail to these people about his pots that are well suited for
their bonsai trees. Certainly, this instance is an infraction of
those members privacy to operate a bulletin board and have only
people who are intrinsically interested in bonsai use it to
their benefit. The bulletin board that they use is not intended
to be used by a self-seeking entrepreneur with good computer
skills. In this situation the abuse leads only to annoying junk
mail.
The previous example is an abuse of the system in regard
to users' privacy rights but only a small abuse when compared
with other existing abuses on the network such as the following:
Kevin Mitnik was a dangerous computer criminal. His "hacking"
ability allowed him to disrupt the operation of telephone
companies, to disconnect the telephones of celebrities and to
break into NORAD (North American Defense) computers in Colorado
Springs. (Uncapher, Willard. "Trouble in Cyberspace" The
Humanist, September-October, p.10) During the days of May 7 and
8, 1990, government, state, and local law enforcement officials
implemented "Operation Sundevil." The intention of the crackdown
was to raid and disable computer hackers that had been
"hacking" into the national telephone system. Nevertheless, the
authorities in "Operation Sundevil" did use the same methods in
both low level and high level abuses. Allegations were made
that during the operation Secret Service agents held a
12-year-old girl, the sister of one of the suspects, at
gunpoint until her brother came home. (Uncapher p. 5) This is
obviously a case in which government officials went too far.
Their actions, though, are not entirely their fault; the
government did not supply them with relevant legislation which
would provide guidelines for enforcing the different abuses.
What these two examples show is that there are degrees of
abuse. The hard hitting tactics of the enforcement officials
were appropriate in the latter example but would not be
appropriate in the first one. This proves that different abuses
require different governmental attention. Even though the
networks cannot ensure users' absolute privacy, there should be
governmental attempts to ensure them as much privacy as
possible. Certainly from the examples it is apparent that there
are extreme cases to be considered. Also, do the computer
network users still have the same privacy rights as normal
citizens? As Willard Uncapher states in his article: "until
recently, laws have generally referred to physical places and
events, not 'virtual' ones." (Uncapher p.14) The network is,
indeed, a "virtual" place and the ways of the network
constitute a new medium for the laws to work with. Because the
network is a new medium the government needs to treat it that
way and begin looking into new methods to regulate it. These
methods should try to ensure the user his privacy rights. Also,
the government must account for the criminal population that
will be using the ever expanding networks by instituting new
laws that are more in tune to the networking systems. In order
for the network to be an efficient tool for its users, the
government must find ways to regulate it fairly. Classifying the
different abuses of the network is one way that the process can
be started. Knowing distinct classes of abuse will help the
government decide which actions are appropriate when prosecuting
cases and the limits to take those actions. By doing this they
can maximize the privacy rights of most of the network users.
As we move through the age of computer innovation and
progress, we begin to realize the many complex issues that
accompany the networking of computer systems. With this in
mind, it is possible to believe that there will not only be
social consequences that go along with networking, but that
there will also be economic ramifications. The economic world
has already been a field that has capitalized on the advances
made in the computer world, but with computer networking, the
impact upon the economic community will be monumental.
When considering what direct areas this economic change
will affect, we cannot ignore the fact that the privacy rights
of consumers will be directly targeted. To date, databanks
compiled by private organizations and by the federal government
serve to accumulate scores of personal data concerning people,
their spending habits, and even with whom they associate. In
turn, many of these databanks are cross-referenced by yet
another organization whose goal is to retrieve information
pertaining to one's own private life. More times than not, this
is done without the consumer even knowing about what is taking
place. Information has become a valuable commodity in today's
society, and with this in mind, the linkage of databanks should
be feared, for it has the potential of creating an irreversible
risk to privacy.
For the most part, today's financial institutions have
left behind the confidentiality and trust that used to go along
with personal banking. In 1978, a survey by David F. Linowes, a
professor at the University of Illinois, showed that as high as
99 percent of the requests to government agencies for individual
economic records were made informally and in turn, were granted
just as informally (Computers and Privacy, Linowes, p. 23).
From this, we can see that the information age of computers has
not only opened a pathway for information transfer, but it has
also opened an avenue for the invasion of economic privacy.
In particular, credit cards and EFT (electronic funds
transfer) systems will be directly affected by the problems
posed by the information society and the need for privacy
rights. Transactions using either of these methods can be easily
traced and accumulated, and in turn, private organizations are
many times employed to use this information to assimilate profiles
of these consumers. These profiles are passed on to yet other
organizations which use this information for credit ratings and
other forms of labeling. This may also be argued to be a direct
invasion of privacy.
Despite the fact that computer networking does carry
with it many negative connotations, it can be argued in the
favor of computers that they have allowed the economic world to
flourish. In the business world, computers are no longer a
rarity, rather they are commonplace. The sheer convenience of
transferring funds electronically has allowed a separate but
equally functional economic society to be formed behind the
screens of computer terminals all over the world. Yet, as we
become more dependent on computers, we open ourselves to new and
multiple vulnerabilities which include such things as computer
crime and invasions of economic privacy.
Computers are vital to future growth, but the policy of
being able to maintain economic privacy must be addressed before
we move onward. Policies discouraging the free distribution of
personal information must be enacted, and only after this has
happened will a computer network free of economic eavesdropping
be formed.
Finally, new legislation regarding privacy rights on the
computer networks must be written with the feasibility of the
implementation of the policies in mind. The feasibility of privacy
protection in regard to networked computer systems is a
complicated matter to examine. There are many factors to
consider, including the cost and effectiveness of the system.
The cost of a security system has many aspects. It
includes not only the original cost of the hardware and
software, but also the cost of maintaining the machinery and the
training of competent personnel to run the system. Although as
much of the security as is possible should be run by computer,
a human check is necessary. It is important that the training of
personnel for security systems be handled with extreme care,
for a security system is only as strong as its weakest link.
When hiring for the security-related jobs, a thorough check must
be run of all applicants in order to insure the safety of the
system and the privacy of its users. When delegating
responsibility for these jobs, care must be taken not to give
any one person too much power within the system.
The effectiveness of a system can be measured by how
well it completes the five
basic functions of a security strategy. These are:
1. Deterrence of computer crimes.
2. Prevention of computer crimes.
3. Detection of computer crimes.
4. Minimization of the damages caused by unpreventable computer
crimes.
5. Fulfillment of the legal requirements of privacy, tax, and
communications laws.
In this case, computer crimes refers not only to intentional
illegal or unauthorized acts, but also to negligence, human
error and incompetence, and natural disaster. As should be
noted, the first four of these functions serve the interests of
the user. The fifth serves the interest of society in general.
If these five functions are not provided for by the system, then
it would not be considered to be worth the cost.
It has been estimated that the initial cost of
implementing a security system on a large national network is
$100 million, and that the recurring costs (i.e. maintenance)
are $200 million over the "lifetime" of the system (and these
costs are rapidly declining due to the almost continual
improvements in technology). This is a little more than $1 for
every person in the United States. At this cost, it seems that a
public security system for computer networks is highly feasible.
For private systems, which are funded by a much smaller portion
of the population, the benefit of having a secure computer
system outweighs the extra cost. Therefore, the cost of
ensuring the privacy rights of users on a networked computer
system according to the above principles becomes convenient,
realistic, and feasible.
In conclusion, new legislation clearly stating the
privacy rights of users on computer networks is definitely an
idea whose time is come. In a world of computers where technology
is constantly on the threshold of new discoveries which will
enable more and more information to be collected, stored, and
transmitted, the privacy rights of people everywhere are
becoming increasingly threatened as their lives are reduced to
stockpiles of aggregate information in some database in which
their communication, spending, and living habits are detailed.
If actions are not taken now to research court rulings, laws,
and acts that have affected privacy rights in the past and at
the same time preserve privacy rights now, it may well be that
future generations will one day only be able to talk of these
rights as a relic. And while it is imperative that a remedy be
developed immediately, we must not let swift action neglect
caution in our solutions. "As John Barlow has tellingly noted:
`New media, like any chaotic system, are highly sensitive to
initial conditions. Today's heuristical answers of the moment
become tomorrow's permanent institutions of both law and
expectation. Thus, they bear examination with that destiny in
mind'" (Uncapher, p.7).