[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CDT Policy Post 2.37 - Privacy Issues Wrap-Up

      _____ _____ _______
     / ____|  __ \__   __|   ____        ___               ____             __
    | |    | |  | | | |     / __ \____  / (_)______  __   / __ \____  _____/ /_
    | |    | |  | | | |    / /_/ / __ \/ / / ___/ / / /  / /_/ / __ \/ ___/ __/
    | |____| |__| | | |   / ____/ /_/ / / / /__/ /_/ /  / ____/ /_/ (__  ) /_
     \_____|_____/  |_|  /_/    \____/_/_/\___/\__, /  /_/    \____/____/\__/
     The Center for Democracy and Technology  /____/     Volume 2, Number 37
        A briefing on public policy issues affecting civil liberties online
   CDT POLICY POST Volume 2, Number 37                      November 5, 1996
   CONTENTS: (1) End of Session Wrap-Up of Online Privacy Issues
             (2) P-Trak Update
             (3) How to Subscribe/Unsubscribe
             (4) About CDT, contacting us
    ** This document may be redistributed freely with this banner intact **
          Excerpts may be re-posted with permission of <editor@cdt.org>
           ** This document looks best when viewed in COURIER font **
  With Congress adjourned and the campaign season behind us, we have a chance
  to step back and look at online privacy issues.  While there were some
  disappointments during the year, there were also signs of progress.  The
  issue of personal privacy itself was consistently on the public radar screen
  over the past year.  The media's spotlight is increasingly focused on
  information privacy.  CDT's privacy demonstration site continues to receive
  over 1000 hits a day, and a number or recent studies indicate growing public
  concern with the loss of privacy.
  Numerous federal agencies have launched privacy intiatives focused on the
  impact of new technologies.  Several members of Congress introduced
  legislation on privacy issues ranging from the protection of medical
  information, to the development of privacy-enhancing technology.  The
  Administration appears poised to create a yet-to-be-defined "privacy
  entity" that would, at least, coordinate the Administrations' privacy
  efforts or, at best, advocate on behalf of individual privacy.
  In addition, there has been some market response to public outcries over the
  loss of personal privacy --- forcing one company to revise a product and a
  number of other companies to step forward with a policy to provide consumers
  with a bit more control over their personal information.
  Progress made in protecting personal privacy:
  *  LEGISLATION:  Provisions in three recently passed laws begin to address
     privacy concerns in personal information regarding individuals' telephone
     usage, individuals personal health information, and personal information
     held by credit bureaus.
       unknown part of the recently enacted Telecommunications Reform Act of
       1995 is a win for personal privacy.  The CPNI provisions limits the
       use and disclosure of CPNI -- information which relates to the
       quantity, technical configuration, type, destination, and amount of use
       of a telecommunications service by a customer and is available to the
       carrier solely by virtue of the carrier-customer relationship -- to the
       telecommunications service for which the information was collected or
       for other services that are necessary to or used in the provision of
       that service.  The law also provides individuals a legal right to access
       their own CPNI.
          The CPNI provisions are an important step forward in recognizing
       an individual privacy interest in transactional information.  Similar to
       the provisions regulating law enforcement access to transactional data
       under the Digital Telephony Bill (CALEA), the CPNI provisions recognize
       that individuals have a privacy interest in transactional data, akin to
       the privacy interest in the actual contents of their communications.  In
       addition, the CPNI rules set an important precedent by regulating the
       private sectors use of transactional information.  The Federal
       Communications Commission (FCC) issued a proposed rule in June, 1996 and
       received comments.  The final rule on the implementation of this
       provision should be issued shortly.
          HEALTH INFORMATION:  The recently-passed Kennedy-Kassebaum "Health
       Insurance Portability and Accountability Act of 1996" included the first
       guarantee of a federal policy to govern the privacy of health
       information in electronic form.  While provisions of the Act mandating
       the speedy development and adoption of standards for electronic
       exchanges of health information are troublesome given the lack of
       strong, enforceable laws protecting patient privacy, the law contains a
       mandate that privacy rules be enacted by either the Congress or the
       Executive Branch within the next four years.
          CREDIT INFORMATION:  The public outcry over the sale of personal
       information by Lexis-Nexis's P-Trak service prompted Congress to request
       a Federal Reserve Board study examining the risk of fraud raised by the
       disclosure of personal information.  In addition, the P-Trak furor may
       have played a roll in nixing an industry-backed exemption to the Fair
       Credit Reporting Act (FCRA) which would have allowed credit reports to
       be used to generate target marketing lists.  This type of credit report
       use is currently against FTC rules interpreting the FCRA.
     Privacy-related bills introduced during the 104th Congress:
          HEALTH INFORMATION:  Late last year, Sen. Robert Bennett (R-UT) and
       Sen. Patrick Leahy (D-VT) introduced S. 1360, the "Medical Records
       Confidentiality Act".  A complimentary bill was introduced by Rep. Jim
       McDermott (D-WA), the "Medical Privacy in the Age of New Technologies
          ONLINE PRIVACY:  This past June, Congressman Ed Markey (D-MA)
       introduced the "Communications Privacy and Consumer Empowerment Act".
       This bill was designed to address concerns over the collection and use
       of personal information generated and collected online.  Late in the
       session, Rep. Bruce Vento introduced "The Consumer Internet Privacy
       Protection Act of 1996", also aimed at protecting the privacy of
       information collected and generated during online activities.
          CHILDREN'S PRIVACY:  A hearing was held on Rep. Bob Frank's bill,
       "The Children's Privacy Protection and Parental Empowerment Act of
       1996."  As noted by CDT, People For the American Way, the Electronic
       Frontier Foundation, and Voters Telecommunications Watch, the CPPPEA
       raises a number of privacy and First Amendment problems for the
  *  GOV'T AGENCIES FOCUS ON PRIVACY:  Federal agencies, such as the Federal
     Trade Commission (FTC) and the NTIA (National Telecommunications and
     Information Administration), have turned the spotlight on the impact of
     technological advances on individual privacy.  In June, the FTC held a
     workshop on online consumer privacy.  Privacy advocates, industry
     representatives, and FTC officials gathered to discuss the privacy issues
     posed by the evolving online world, and potential policy and technology
  *  PUBLIC CONCERN AND NEWS COVERAGE:  The mainstream media's coverage of
     privacy issues has increased dramatically.  The Lexis-Nexis P-Trak
     controversy and the threats to medical records privacy garnered national
     headlines.  A number of recent reports, such as a Georgia Tech survey
     and Louis Harris poll, point to a growing public concern with the loss of
     personal privacy in and out of the online world.
  *  CDT PRIVACY DEMO AND CLEARINGHOUSE:  Launched in June, CDT's Privacy
     Demonstration and Privacy Policy Clearinghouse seeks to educate the
     public about the extent to which personal information can be revealed
     online.  When an Internet user visits the Privacy Demo, it displays
     information about the user such as the kind of web browser and type of
     computer they use, even the user's location and e-mail address.  The
     Privacy Demo continues to receive an average of 1,000 hits a day.
  *  MARKET RESPONSES:  In some instances, the market has responded to public
     outcries over threats to personal privacy.  This summer, information
     service Lexis-Nexis was forced to revise a new online database, P-Trak,
     suppressing social security numbers.  A number of Internet companies,
     including Four11, I/PRO, and Match.com, formed a group called "Privacy
     Assured" -- the members of the group agreed to a set of privacy
     principles relating to the personal information that is collected, used,
     and disseminated at their web sites.
  *  FEDERAL GOV'T PRIVACY ENTITY:  Last month, Sally Katzen, head of the
     Office of Management and Budget's Office of Information Regulatory
     Affairs, announced that the Administration was considering various
     options for the creation of a federal privacy entity, or coordinating
     function, within the Executive Branch.  Pressure from privacy advocates
     and the public, coupled with the European Union's Data Protection
     Directive has created a climate where privacy issues may be given the
     consideration and deliberation they deserve at the national deserve.
     A report discussing the options will be made available for public
     comment after the elections.
  Privacy setbacks:
  *  HEALTH INFORMATION:  The failure to enact comprehensive privacy
     legislation to protect health information, such as the proposed
     Bennett-Leahy "Medical Records Confidentiality Act", was a
     disappointment.  The push to automate our health information embodied
     in the Kennedy-Kassebaum "Health Insurance Portability and
     Accountability Act of 1996," raises the stakes in the battle to protect
     personal health records.
     concern over attacks on personal privacy, Congress passed legislation
     that will escalate the collection of personal information by the
     government.  Pressure to prevent fraud, to more effectively allocate
     sparse government dollars, and to ensure that people are who they claim
     to be, led to the enactment of laws that track and monitor the behavior
     of individuals in order to identify "dead-beat dads", illegal immigrants,
     welfare cheats and others defrauding the public trust.  Massive record
     sharing, extension of existing data systems and the creation of new
     highly-intrusive people tracking systems are core components of recently
     passed welfare and immigration laws.
  *  CELLULAR PHONE TRACKING:  A battle is being waged to ensure that our
     nation's telecommunications system does not become the tracking device
     of law enforcement.  The FBI recently requested technical specifications
     that would require cellular carriers to have the capability to track and
     monitor the whereabouts of anyone carrying a phone -- whether it was in
     use or not -- and provide location and other information to law
     enforcement on demand.  The proposed standards were rejected by the
     cellular industry in September, but other battles over law enforcement's
     desire to increase its wire-tapping capability continue, promising to
     keep privacy advocates on the watch.
  When Congress is sworn in this January, CDT will be ready to work with
  other privacy advocates in building upon this past year's progress on
  privacy issues.  For more information and updates about these privacy
  issues, please visit CDT's Privacy Issues Page:
  This past summer, information service Lexis-Nexis offered a new database
  to its subscribers called P-Trak.  For a per-use fee, subscribers can use
  P-Trak obtain personal information about an individual that can include
  name, current and prior addresses, maiden names, birth month and year, and
  current telephone number.  Social Security numbers were initally available
  on P-Trak, however in June, Lexis-Nexis stopped displaying Social Security
  numbers in response to complaints from consumers, privacy advocates, and
  As news about P-Trak spread over the Internet, more and more people
  expressed concern over the availability of their personal information
  online.  In response to a September 20 letter from Senator Richard Bryan
  (D-NV), the Federal Trade Commission (FTC) immediately recommended that
  Congress take action to protect the privacy of personal information by
  amending the Fair Credit Reporting Act (FCRA).  The recommendations called
  for strengthening the Fair Credit Reporting Act to limit disclosure of
  information such as social security number, mother's maiden name, prior
  addresses, and date of birth.  (See CDT Policy Post 2.33)
  Despite the recommendations, Congress adjourned without taking action on
  them.  However, Congress added an amendment to the Omnibus Appropriations
  Bill which directs the Federal Reserve Board to examine whether the sale
  of "sensitive consumer identification information" creates "an undue
  potential for fraud".  Although this is a half-hearted response to the
  FTC's recommendations and the public's cry for action, it is a small tribute
  to the power and importance of the Internet in turning public opinion into
  Following passage of the bill, Chairman of the Senate Committee on Commerce,
  Science and Transportation, Sen. Larry Pressler (R-SD), ranking minority
  member Senator Ernest Hollings (D-SC), and Senator Richard Bryan (D-NV),
  sent a letter requesting the FTC to conduct a study of online and database
  privacy issues.
  While no legislation was enacted, the outcry over P-Trak proved useful in
  two other areas.  First, the P-Trak furor may have played a roll in
  eliminating an industry pushed exemption to the FCRA which would have
  allowed credit reports to be used to generate target marketing lists --
  currently against FTC rules interpreting the FCRA.  Second, the recent
  announcement by "Privacy Assured", a group of Internet companies that
  include Four11 and I/PRO, to voluntarily comply with a series of privacy
  protective information practices is clearly tied to a desire to respond to
  public concerns over individual privacy.
  For more information, including the text of the Senators' letter to the FTC
  and the text of the bill requesting the Federal Reserve study, please visit
  the CDT Privacy Issues page:
  Be sure you are up to date on the latest public policy issues affecting
  civil liberties online and how they will affect you! Subscribe to the CDT
  Policy Post news distribution list.  CDT Policy Posts, the regular news
  publication of the Center For Democracy and Technology, are received by
  nearly 10,000 Internet users, industry leaders, policy makers and
  activists, and have become the leading source for information about
  critical free speech and privacy issues affecting the Internet and other
  interactive communications media.
  To subscribe to CDT's Policy Post list, send mail to
  with a subject:
       subscribe policy-posts
  If you ever wish to remove yourself from the list, send mail to the
  above address with a subject of:
       unsubscribe policy-posts
  The Center for Democracy and Technology is a non-profit public interest
  organization based in Washington, DC. The Center's mission is to develop
  and advocate public policies that advance democratic values and
  constitutional civil liberties in new computer and communications
  Contacting us:
  General information:  info@cdt.org
  World Wide Web:       URL:http://www.cdt.org/
  FTP                   URL:ftp://ftp.cdt.org/pub/cdt/
  Snail Mail:  The Center for Democracy and Technology
               1634 Eye Street NW * Suite 1100 * Washington, DC 20006
               (v) +1.202.637.9800 * (f) +1.202.637.0968
  End Policy Post 2.37                                            11/5/96