Privacy in a Free Country: In Search of Reasonable Principles

Prepared Remarks of Solveig Singleton 

Senior Policy Analyst, Competitive Enterprise Institute A Congressional Briefing on Privacy Issues Friday, April 27, 2001 8:30 a.m.-11:00 a.m. National Press Club Ballroom

Privacy is a generic term, with a plethora of definitions drawn from constitutional law, medical ethics, and other miscellaneous sources. But as a policy issue, privacy has no generic solution. If we continue to rely on vague emotional impulses in addressing the thing called privacy, whatever it is, we will end up with regulatory overkill. All information technology will be regulated with the same broad brush that has been used to paint the picture of a privacy crisis in the media and on the Hill.

This talk will emphasize two points of the study we are releasing today. First, privacy as a generic issue is barely coherent and has no generic solution. Second, new information technologies offer benefits that in the majority of contexts—perhaps even in the sensitive area of medicine—will far outweigh the risks.

Consider first the question of whether privacy problems as a whole can be solved by a single set of principles to act as a sort of universal solvent.

The usual candidate universal solvent is the set of Fair Information Practices—notice, choice, access, and correction. The rules were first developed for to govern medical information stored by government, however, and they will not necessarily apply outside of that context. The rules’ appeal is in their simplicity and in the control they promise—a tempting antidote to our fears of the unknown impact of new electronic databases. But that same simplicity should be a red flag. Imagine if someone were to claim that they could arrive at the best solution to intellectual property issues using four simple principles; it would be right to treat such a claim with skepticism. Yet an expansion of privacy law is an even more complicated issue.

The study we are releasing today looks at privacy in four areas—government, consumer protection, in the workplace, and in medicine. The discussion compares the different legal, historical, and economic distinctions among privacy problems in these areas. And the analysis of each area breaks down further into very different types of privacy problems, with very different solutions.

One example is the question of privacy and government. In the study, I broke down the risks of government information collecting into three:  

  • The risk of the rogue employee, who uses information obtained in the course of his work for personal purposes. ·        
  • The risk of the abusive regime, where the entire government uses information to violate human rights. 
  • The risk that the methods that government will use to collect information will be brutal or unfair, such as a search without a warrant.

Most of the problems with searches and seizures have been effectively limited in the United States by the Fourth and Fifth amendments to the Constitution, which make the police accountable to the judicial branch when conducting a search and that prevent confessions by torture. The risk of the abusive regime is something quite different that requires yet another type of constitutional solution—it relates to the holding of information, not to the methods by which it is collected. But the risk of the rogue employee is not easily susceptible to any constitutional solution—the best solution there is to make sure that employees are really held accountable for abuses of information—by being fired, for example.

Another example of how privacy problems should be broken down to find their most effective solutions comes from privacy as consumer protection. The dangers to consumers from electronic databases range from the wildly speculative and highly unlikely to the real threat of crimes such as credit card fraud. The benefits to consumer of information sharing are only now beginning to be measured. Accountability mechanisms are different in the private sector than in government. The greatest need in the consumer protection area seems to be for new enforcement institutions to be developed so that police and prosecutors can more effectively enforce existing laws against fraud. The risk to consumers from ordinary business use of information is very low.

So, when one looks at privacy with an eye towards understanding exactly what people’s concerns are, one sees a wide variety of quite different problems with a very wide range of effective solutions. Some of these alleged problems are trivial, particularly when compared with the potential benefits.

This leads us to my second point, that is, to offer an optimist’s picture of the potential of information technology to counter the unreasoned suspicion that seems to be driving the private debate.

It seems that we have lost our sense of wonder about computers, the Internet, and other information technology. It is only a few years old, and already it is being taken for granted. The eager early adopters are on board, and much of the fuss is being made by the most-technology resistant or anti-business segments of the population, or in the most sensitive areas, like medicine. But technology and innovation will not continue to grow if policy is made based on the most fearful among us.
Let me put our fears of electronic databases into a broader perspective. When I was at Comdex several years ago, I heard one of the speakers describe an amazing mechanism for gathering information. It collects auditory signals on a narrowband channel at 640,000 bits/second. It registers heat, cold, and pressure at 13 Megabits per second. It tracks visual images with no motion at a billion bits per second. It tracks motion at 7 Gigabits per second. It creates a full spatial model of reality at 880 Gigabits per second.

What is this terrifying information processing mechanism? Should it be regulated? Should it be banned? Let me tell you first what it is. It is a human being. This is how capable our sense of hearing, sight, and touch are at processing information.

Electronic databases are just extensions of these five senses. They are capable of being places that a human being can’t be, and can store information in a more permanent format. Why do we need such extensions? For the same reasons that we need such powerful senses. That is, human beings are born into the world essentially ignorant of our own nature and that of people around us. Humanity has been banging its head against a wall of ignorance for centuries. In economics, most small businesses fail—often because they have made a guess about how their customers or clients will respond to what they have to offer, and the guess turned out to be wrong. This problem of the misconceived business model is hitting the dot com world hard now. In medicine, we have barely begun to understand the links between behavior, genetics, and disease.

Internet businesses are already operating at a disadvantage compared to “real-world” shopkeepers. Suppose you are a shopkeeper in a mall where the lights are on–but your eyes are covered by a blindfold. Your ears are blocked so you can't casually respond to comments customers make about your display. You don't know whether any given customer looks like a shady character–maybe a shoplifter. You can't even guess whether he's a local or a tourist–a one-time visitor or a regular, businessman or housewife, German or Spanish, old or young, where he goes in the store and how long he stays there. This is what electronic commerce is like without information tracking.
Our desire to learn about other people in friendship, business, in the workplace, and in other contexts as well is a perfectly natural and legitimate desire, not fundamentally sinister. There are risks in the new electronic world, but on the whole the picture is a tremendously promising one, even in a highly sensitive area like medicine.

To conclude, we should beware of simplistic solutions to privacy problems such as the thesis that people own information about themselves, or the Fair Information Practices. When we set privacy policy, the rules should not be dominated by the concerns of the most fearful among us, or technology will be forced into rigid, conservative molds. The American approach to privacy has been that freedom of information is the rule in everyday life, business, and journalism. Privacy is the carefully crafted exception for special areas like medicine. There is no reason to abandon this approach because our information-gathering tools are new. Human beings will rarely benefit from turning their backs on information.