In May, while President Clinton was at the G-8 meeting in England, the administration suddenly launched a double-barreled, high-level blitzkrieg on privacy. Speaking at the New York University commencement in Washington Square, Vice President Al Gore, whose reputation as a technologist has always made him a good candidate to embrace the concept of privacy in an electronic world, announced a new privacy initiative. Speaking to 8,000 students and their families, Gore said, "You should have the right to choose whether your personal information is disclosed. You should have the right to know how, when and how much of that information is being used, and you should have the right to see it yourself to know if it's accurate."
Gore said Clinton signed a presidential memorandum to agency heads calling for a review of privacy practices, and they called upon Congress to pass medical privacy legislation. He also announced that the Federal Trade Commission (FTC) would establish an "opt-out" site on the agency's Web site, which would include instructions on how people can prevent companies from reviewing their credit reports, prevent their driver's license information from being sold, and remove their names from marketing lists.
The Clinton memo reads as an affirmation of the importance of existing privacy protections, particularly the Privacy Act of 1974, and notes that, "as development and implementation of new information technologies create new possibilities for the management of personal information, it is appropriate to re-examine the federal government's role in promoting the interests of a democratic society in personal privacy and the free flow of information." The memo essentially instructs agencies to review their dissemination practices to ensure that they comply with the Privacy Act and other privacy-protection statutes. It particularly stresses the importance of assessing the kinds of personal information agencies may be making available on the Internet.
While the Clinton administration has been marginally more concerned about privacy issues than the previous Republican administrations, its track record both on important issues and in actual actions taken is not particularly good. The administration has allowed law-enforcement and intelligence agencies to lead the debate on encryption policy -- which most privacy advocates believe is the commonsensical answer to many electronic privacy communication issues. The intransigent position taken by those agencies that encryption software must include the capability for legitimate government surveillance has placed the administration in a position where it is diametrically opposed by the software industry and many businesses contending that encryption is a key component to protecting their confidential communications. The impasse has led Commerce Secretary William Daley, whose agency is responsible for controlling the export of encryption software, to indicate his disagreement with the current administration position. While there are several versions of medical privacy legislation ranging across the spectrum, the administration has not backed a particular piece of legislation. However, its congressionally mandated report recommending the general tenor of any medical privacy legislation Congress should pass includes law-enforcement accessibility beyond that advocated by anyone on the privacy side of the debate.
Finally, Independent Counsel Kenneth Starr is still investigating the hundreds of FBI files that turned up in the White House security office, and a class-action suit is proceeding in district court on the same issue. At least one federal statute that seems to have been clearly violated is the Privacy Act, although the FBI appears to be the only agency on the hook for such violations, since almost everyone familiar with the Privacy Act does not believe it applies to the White House itself. However, U.S. District Court Judge Royce Lamberth is not currently counted among that number; he ruled last year that the White House was covered by the Privacy Act. Further, in a column in the New York Post, former Clinton political advisor Dick Morris alleged that the Pentagon intentionally disclosed Linda Tripp's security clearance application to a reporter in violation of the Privacy Act; Defense Department spokesmen have claimed publicly that the disclosure was an honest mistake.
Viewed in that light, the Clinton administration has not been a strong supporter of privacy. However, polls continue to indicate the public is concerned about the loss of privacy and would likely welcome positive steps to provide greater safeguards against the inappropriate collection, use and disclosure of personal information. Politically, the administration's initiative makes sense, particularly since it offers up a commitment to the principle of privacy without committing the government to any new programs to enforce that commitment. Dave Banisar, staff counsel to the Electronic Privacy Information Center in Washington, told MSNBC that "more than half the stuff they're already legally required to do. It appears that Gore's commitment to privacy is more of a public-relations effort than a substantive attempt."
When the privacy package is looked at more closely it becomes apparent that Banisar is right. The major elements of the package are already in place, and Gore is largely saying that agencies will either comply with existing laws or enforce others that they are already supposed to be enforcing. There are no new grand steps here. The Fair Credit Reporting Act already allows access to your own credit records and aims to protect consumers from abusive credit practices by businesses, many of them stemming from the misuse of credit information. The administration is not currently a major player in the medical privacy debate, and the initiative promises no strong push from the administration to ensure that medical privacy is protected.
Instead, it urges Congress to do something about it, pretty much where the issue is now. While the Clinton memo is unusual in its presidential recognition that the collection, use and disclosure of personal information by government agencies should be governed by fair information practices, the memo, in essence, tells agencies nothing more than to comply with the Privacy Act -- a statutory obligation agencies already have. It goes a tiny step further in alerting agencies to consider the Privacy Act's application to information collected on the Internet, but, then again, most agencies already were aware of potential problems.
Perhaps the most positive step the initiative takes is to provide an "opt-out" page for consumers who want to get off mailing lists and other databases that may be sold or traded. The page won't allow consumers to accomplish these transactions, but it will provide the necessary information so that consumers will be able to take care of the problem themselves. Although the address for getting off a mailing list has been publicized in Dear Abby, Ann Landers and various consumer publications, finding it quickly at a single location is certainly useful. As to information about protecting one's driver's licensing information, that right already exists under the Drivers Privacy Protection Act and is implemented by the states. The presence of that information on the FTC Web site provides no more rights, although it does serve to publicize an existing right of which many people are probably unaware.
The political strategists in the Clinton administration have long been credited with crafting bite-size initiatives that have been pre-approved through polling or focus groups. The privacy initiative seems to be yet another concoction along the same lines -- lots of fluff, but very little substance. Privacy deserves better, but a little bit of fluff may be better than nothing at all.
Harry Hammitt is editor/publisher of Access Reports, a newsletter published in Lynchburg, Va., covering open government laws and information policy issues.
August Table of Contents