The Best of Creative Computing Volume 1 (published 1976)
How One Computer Manufacturer Looks at the Data Privacy/Security Issue (Control Data Corporation, Federal Privacy Act of 1974)
ethically. Technically, safeguards can be built into a design system to limit
those having access to the system. However, as much as machines do to protect
the privacy of computerized records, they can never be reguarded as absolutely
invincible from really determined people. More than physical safeguards must be
considered. Management should not only exercise sensitive control over the
trustworthiness of their personnel, but should also make sensible decisions on
what kind of information will go into their files, and how long it will stay
there.
As the computer industry assumes a heavy responsibility in the privacy issue, so
too must the people whom it serves. The government is taking an active role in
passing new laws to provide a citizen with the ability to challenge in court the
release of private data about him without his consent. But the general public
must become involved also in thinking about and discussing the problems
generated by computerized record keeping. The weight of public opinion can do a
great deal toward influencing constructive public policies and creating
voluntary ethical codes and standards of practice among users of computer
systems.
Computerized and centralized information systems can take us in two directions.
One would lead us to a rigid,
automated bureaucracy with great knowledge and power but little regard for the
human consequences of its
program. The other would enlist the power of computers in the service of
individuals, enabling them to cope more successfully with the complexities of
modern life and increasing the opportunities for successful fulfillment of their
talents. Society has no choice but to use computer aids in solving the problems
of our age, but it now must learn how to use these products to serve the people.
lf the time ever comes when the misuse of computerized record keeping leads man
to fear being curious, daring, and willing to deviate from the norm in order to
experiment, it would not be a case of the machine triumphing over man, as some
people fear. lt would be a case of man becoming the machine.
***
How One Computer Manufacturer Looks At the Data Privacy/ Security Issue
By Curtis W. Fritze
Executive Consultant
Control Data Corporation
The issue of data privacy ... an individual's rights to control personal data
... is a highly complex and
controversial topic. lt affects not only the individual, but also the agencies
of government and the activities of business and other organizations which
require such information to meet social and economic needs. And it also affects
the design and operation of the tool most used for information processing and
storage ... the computer.
Legislation concerning data privacy is in various stages of development at
state, county and even city levels. Since passage of the Federal Privacy Act of
1974 there has been an outpouring of rhetoric and written materials concerning
individual rights versus information technology. Legislators, educators, civil
rights groups and computer manufacturers have produced volumes of statistics,
opinions and studies about the subject.
Paramount to any discussion of data privacy is "the computer," often considered
the culprit because of its
ability to rapidly store, retrieve, process and transmit information.
Consequently, computer manufacturers as well as computer users are concerned
about legislation that could drastically change administrative techniques and
computer architecture. The key issue appears not whether to discontinue computer
technology, but how to keep and extend its benefits while preserving the rights
of citizens to privacy and confidentiality without negative impact to the
manufacturers and users of computer systems.
For the computer manufacturer, data privacy automatically means providing "data
security" in the computer system. This means safe guarding confidential
information... protecting it from unauthorized disclosure,
modification or destruction, either accidental or intentional, through the use
of special hardware and software. In extreme situations, this can mean
additional expenditures by the manufacturer for research, development and
production, as well as installation, and maintenance to meet customer
specifications. On the user side, it can increase operating costs through
increased equipment Costs and additional computer time and generally add to the
cost of doing business.
Considering all aspects the studies, economies and social responsibilities,
Control Data has developed a
position on the issue; but not necessarily in support of any particular piece of
legislation at least until the details of the requirements are known. A portion
of this statement follows.
"Control Data, as a responsible corporate citizen, believes in the individual's
right to privacy and supports the basic principles recommended by the HEW Report
of June 1973. These principles are: (l) There should be no files of personal
data, the existence of which is secret; (2) There should be a way for the
individual to find out what information about him is in a file record and how it
is used; (3) There should be a way for an individual to prevent information
provided for one purpose from being used for another purpose without his
consent; (4) There should be a way for an individual to correct or contest
records about him in personal data files; (5) Any organization maintaining or
using personal data files should assure the reliability of the data and
safeguard the files against misuse."
The data privacy and security issue will undoubtedly gain momentum in the near
future, just as computer
systems will be a continued requirement of complex societies. The issue has a
mixture of technical, social,
political and legal entities. Consequently, we need sound prudent public
policies, including legislation, ethical codes and standards of business
practice.
These principles require careful implementation to avoid undue economic burden
and impact on business. Unless this can be achieved, we may "cure the disease,
but lose the patient." Continued dialogue and cooperation between government and
business is absolutely necessary.
As stated in the National Academy of Sciences study: "Man cannot escape his
social or moral responsibilities by murmuring feebly that 'the machine made me
do it'."
