The Best of Creative Computing Volume 1 (published 1976)
NBS Privacy Conference (National Bureau of Standards, MITRE Corporation)
NBS Privacy Conference
From April 2 to April 4, 1975, the National Bureau of
Standards and the MITRE Corporation held a symposium
and workshop in McLean, Virginia in order to allow
computer users from business and government to exchange
their views on the impact of privacy legislation. Excerpts
from some of their talks follow:
Representative Edward I. Koch (D-NY):
... Notwithstanding the deficiencies of the Privacy Act,
I feel it represents a monumental breakthrough in the field
of personal privacy safeguards.
Millions of files that are locked away from the public
will become available in September 1975, so that one can
see one's own file, see whether the material in it is relevant,
see whether it is accurate, see whether it is current, and, if
it is not, provide the mechanism whereby corrections can
be made. Also significant is that the Privacy Act contains a
provision forbidding all agencies, including law enforcement
agencies, from maintaining a record of the political and
religious beliefs or activities of any individual unless
expressly authorized to do so by statute or by the
individual himself.
There are changes I would like to see in the Privacy Act.
First of all, the law is deficient in the area covering law
enforcement agencies.... I feel that criminal iustice
systems should be included in the Privacy Act until the
Justice Department can come forward with a proposal that
the Congress can agree upon. The second change I would
like to see would be a removal of the near blanket
exemption given to the CIA and a tightening up of the
exemptions pertaining to the FBI. The exemptions should
be limited only to those files having to do with national
defense and foreign policy, those containing information
held pursuant to an active criminal investigation, and those
maintained for statistical purposes and not identifiable to
an individual.
I feel that provisions allowing an agency to withhold
from an individual the source of confidential information in
his file should be deleted.... And, most importantly, I
would like to see the establishment of a Federal Privacy
Board which would monitor agencies' compliance with the
Act and work in somewhat of an ombudsman's capacity
and hold hearings for those individuals who want to air
their grievances.
We need a broad federal policy to set the basic standard
for privacy protection both in the public and in the private
sector. But we have to be able to move beyond the broad
approach to appreciate the specific needs of different
sectors of the government and private organizations. When
separate pieces of legislation come before the Congress for
consideration, if privacy protections can be included, I
certainly will support adding such provisions.
Joseph L. Gibson, senior attorney for Marcor, Inc.:
Recent reports have given the appearance that the
privacy issue is a national crisis which suddenly sprang forth
from the anti-Vietnam war movement and Watergate. That
appearance is not accurate. The issue of privacy has a
substantial history: current trends began a decade ago. The
issue will be satisfactorily resolved, not by restating a few
general principles, but only by devising a number of specific
solutions for specific problems.
Charles Work, deputy administrator, Law Enforcement
Assistance Administration:
I am confident that law enforcement can meet the
challenges posed by the regulation and proposed legislation.
I am also confident that in the long run, law enforcement
and law enforcement agencies will be much better for it.
Many of the enumerated requirements are not difficult to
meet; a much more difficult requirement is that the records
must be accurate, complete and up to date. We need
systems with bank-type auditing capacity so that the
defendant can be traced through the system. This is a very
significant challenge, .... because if management cannot
get the data into the systems, it will not meet the
requirements of privacy and it will not be the system's
fault. lt could also be costly, because management systems
cannot be significantly improved without a significant
increase in manpower. But in the long run, the privacy
mandate will dramatically improve the systems and must
improve the overall management of concerned agencies.
Naomi Seligman, McCaffery, Seligman & von Simpson,
management consultants:
One cannot speak of the impact of privacy legislation on
the economy as a whole, but instead must separate its
impact into three distinct sectors of data base users:
government agencies, third party services - such as credit
bureaus - and the broader run of U. S. business. The real
costs of privacy violations to the individual clearly relate to
a large number of social issues.
Almost all analyses of the issue begin with the
assumption that data is always used to an individual's
disadvantage; yet, many data bases are used to provide
privileges which would be impossible without such data.
Specific cost is very much associated with the nature of
specific data disclosed about the individual. I strongly
believe that the principles of the HEW Report can be
achieved by general business without any of the problems
or onerous costs.
Ruth M. Davis, NBS conference chairperson:
The first law that we talk about in the area of privacy
came into being in 1974, 194 to 198 years after manual
systems of handling information had been officially used by
the U. S. and by organizations operating in the U.S. The
new laws come at a time of dramatic change in electronic,
optical, and communications technology. This is the setting
in which we are trying to formulate actions.
One requirement (for action) is the "retrofitting of all
existing information systems to make sure that they meet
new legislative requirements. Second, there is a need to
determine, validate and insure compliance with the laws of
existing and new systems. Third, there is a need for
developing and introducing the technologies that will allow
the required changes in information handling so that the
systems are operationally effective, legal, and economically
possible. Last, we must dust off and refine good
information management practices.
The privacy mandate, along with its accompanying
requirements should not be taken lightly. At the same time
it should be reviewed in terms of the many kinds of effects
it can have.
