Ed Note: The Sept. 11 terrorist attacks on the World Trade Center and Pentagon cast a harsh new light on the daily tradeoffs made among privacy, security and convenience. Although written before the tragedy, this article illustrates some of the issues with which policymakers and citizens will struggle as the nation searches for a balance between heightened security and established civil liberties.

It seemed like a good idea: give New York City residents an easy way to find their polling place, check their voter-registration status or download a voter-registration form.

Residents simply visit the Web site , enter their last name and birth date, and the site informs them of their voting status. In late August, shortly after the site was featured in a New York Times story, intruders struck the site's home page, defacing it with several messages in apparent protest of the fact that the site provided voters' street addresses in addition to their party affiliation and voting status.

Caught in a Conundrum

The material on the site that created the hue and cry isn't exactly private information: Anybody can walk into the city's Board of Elections, plunk down some cash to cover administrative costs and leave with as much voter-registration information as they can cart out.

People don't mind having such records available for public viewing in the dank basement of a city hall building, observers have noted, because it takes time and effort to locate those records, let alone to sift through them for particular bits of information. The fact that a small percentage of the population is actually willing to expend that time cloaks those records in an aura of unavailability. Putting once-obscure material on easily searchable Web sites changes the equation.

The voter registration Web site attracts plenty of users, according to Scott Reents, president of E The People, the nonprofit organization that operates the site. Approximately 7,500 people have used the site to check their voter-registration status.

Reents said comments posted on the site before the Times story was published generally supported the service, though some people requested that their information be removed after the story hit the paper.

"In response to that [story], we made some changes to the site," he said. "We consulted with a couple of privacy experts and changed the site so that it no longer revealed people's home addresses and party affiliations. Instead, the site now just verifies that you are or are not registered to vote, tells you who the candidates are and where your polling place is."

Reents points out that New York City residents have nowhere else to turn for this service.

"Voting can be a very frustrating process," he said. "Come Election Day, if you don't know where you need to go to vote, you don't know what your voter-registration status is, you don't know who the candidates are, it's too late to find out. Before our Web site, there was nowhere you could go online to find that information."

Reents worries that what happened after the Times story will be duplicated across the country as other organizations and even local governments add online services, including enhanced access to public information, to their Web sites.

"It's very important that the reaction to stories like ours isn't, 'OK, let's put up more barriers to this information and keep ourselves covered from criticism at all costs,'" he said. "It's not that there shouldn't be constraints on this, it's just that I hope that when people are thinking about new legislation - because there does need to be a new examination of how this information is made available - the civic applications of providing access to that data are considered."

Look Before You Leap

Kim Alexander, president of the California Voter Foundation (CVF), told the Times that the reigsteredtovoteornot.com Web site is an example of unintended consequences that can stem from digital democracy projects.

After the story ran, E The People contacted Alexander to review the site's operation and decide how to structure it to address privacy concerns.

CVF has been a staunch supporter of using technology to give the public better access to information that stimulates participation in the democratic process. However, Alexander did not support the early incarnation of the voter registration Web site.

She compared her opinion of the site to the CVF's position on Internet voting.

"When you think about these things for five minutes, they sound like a good idea," she said. "When you think about them a lot longer, you start to figure out some of the reasons why Internet voting or voter-registration data on the Internet may not be such a good idea."

She agrees that Reents is providing a service that people like and want to use, and the information is public for a good reason - to prevent voter fraud. It's what happens as a result of putting that information online that gives her pause.

"A number of people may find it to be a valuable service, but some number of people - and I suspect a great number of people - are uncomfortable and unhappy with the idea that their voter-registration information is in wide public circulation," she said. "We're moving into computerization and Internet activities without, in some cases, thoroughly thinking through the implications of those activities."

Sites that leap into offering digital democracy services run the risk of doing a disservice to the very people they're trying to attract, Alexander continued. Making public information accessible through a Web browser, makes people vulnerable - more vulnerable than they are when the information is tucked away in a filing cabinet, she said.

Governments in Hot Water, Too

As governments introduce new ways to accommodate public demand for online services and information, just how available a public record ought to be and how much citizen information a government should collect have emerged as contentious issues.

The Council of the District of Columbia entertained a resolution earlier this year under which the district's Department of Motor Vehicles would create ID cards for district school children.

If approved, the resolution would allow the DMV to visit schools to take digital photographs and gather fingerprints, then feed that information into a centralized database maintained by the DMV. Parents would have to give permission for their children to participate.

According to District Councilman Phil Mendelson, the rationale behind the resolution was to better track school children's use of government-provided benefits and school programs.

After the Washington Post reported on the plan in mid-August, a brief public uproar ensued. A public hearing on the resolution was scheduled for Oct. 3, and the measure would take effect on Nov. 16 unless the council disapproved it, Mendelson said.

"If we didn't have privacy implications; if we didn't have what I'll call 'government/Big Brother implications'; if the issue was only - and it can't be only - 'Do we want to have a good way to identify whether kids are getting the food programs and the preventive health treatment that they should;' then I would say having a card is excellent," he said. "But there are serious implications, and I am very troubled by them. I don't believe in having government ID cards, and this is a step in that direction."

Mendelson said he worries about the conflict between government's role as a service provider and government's function as an information collector.

"I'm not sure we think this through, and we should," he said. "I don't know what limits the government has right now, technologically, on what it can do with the information. But I'm confident that whatever technological limits there are today will be reduced considerably tomorrow.

"Meanwhile, the government develops this database on kids, and maybe on their parents, and I don't know what the implications are," he said. "I'm not sure that I'm as interested in exploring the implications as I am in exploring what the limits are that the government will have, the legal and technical limits."

Privacy and Security Matter

Governments struggle with the current public-records policies because they were built for a paper-based world.

"We made sensible judgments for the paper environment without having a big plan for how that would translate to the electronic environment," said Peter Swire, visiting professor at George Washington University, and the Clinton administration's chief privacy officer.

"Many state public records have included attachments that give a person's Social Security number," he said. "Deeds on property in many places have Social Security numbers. Bankruptcy records in federal courts have Social Security numbers. In the paper world, the chance that someone would go down to the courthouse just to get your Social Security number was very remote, indeed.

"In an online setting, where someone can do a search on the Internet and pick up thousands of Social Security numbers, the same system of public records can become an engine for fraud," he warned, noting that identity theft could be the biggest unintended consequence of electronic records and electronic government services. "There was practical obscurity in the paper records, and search engines like Google make it practical openness."

In government's defense, Swire said it's difficult to predict public reaction to certain electronic government services. Clearly, citizens want to interact electronically with government, but they're wary of what public agencies will do with data collected during those interactions, he said.

"What we found was that our privacy office in the [U.S.] Office of Management and Budget could often work with agencies to manage the privacy risks while still meeting program goals," he said. "Often, it makes sense for the program officials to do a privacy check and a security check before they go out with a new e-government project."

If CIOs possess this type of capability inside their offices, their jobs become a bit easier, Swire said, especially since states handle so much sensitive personal data. He also likes the idea of states creating chief privacy officer positions - a step that Iowa has taken - because it's critical that appropriate policies be put in place when a system or project is being built.

"With experience in privacy, someone can help build the system better for both privacy goals and other goals," he said, adding that state and local officials must keep introducing electronic-government applications despite the concerns. "Electronic records have enormous advantages, and it will seem bizarre to citizens if they don't have the ability to interact electronically with government."