No. 2] THE DOSSIER SOCIETY 163 each user or a magnetically coded identification card can easily be lost, stolen, or exchanged. Thus, ultimately, finger or voice prints may prove to be necessary. In addition, the system should be equipped with protector files to record the identity of inquirers and these records should be audited periodically to determine whether the system is being misused by those who have a legitimate right of access. In the same vein, it probably will be necessary to audit the programs controlling the manipulation of the files to make sure that no one has inserted a secret "door" in the protective software or modified it so that a particular password will permit access to the data by unauthorized personnel. Because it is possible to move information into or out of a computer over substantial distances by telephone lines or microwave relays connected to terminals scattered throughout the country and even beyond, it is essential that information be protected against wiretapping and other forms of electronic eavesdropping. This risk can be minimized by coding the data or using "scramblers" to garble the information before transmission and installing complementary devices in the authorized terminals to reconstitute the signal. These procedures also will prevent "piggy-backing" or "infiltrating" the system by surreptitiously attaching a terminal to an authorized user's transmission line. To insure the accuracy of computerized files, an individual should have access to any information in his dossier and an opportunity to challenge its accuracy. This principle has been recognized and is embodied in a new federal statute the Fair Credit Reporting Act. This enactment is the first step toward eliminating some of the abuses that result from the buying and selling of personal information by consumer reporting companies, most notably credit bureaus. It gives us a right of access to the files maintained on us by these organizations, provides a procedure for correcting any errors we might find, assures us of notice when adverse decisions are made on the basis of a consumer report, and places some restraints on the investigative reporting conducted by these firms. Although the act is full of loopholes, its basic philosophical premise, that an individual has a right to see his file, is sound and must be extended to other contexts. Another approach might be to send a person's record to him once a year. This suggestion obviously may prove expensive, some will argue that the value of certain information will be damaged if its existence and recordation are disclosed, and it might produce a flow of petty squabbles that would entail costly and debilitating administrative or judicial proceedings. Nevertheless, the right of an individual to be protected against the dissemination of misinformation about him is so important that some price must be paid to effectuate it. Finally, the information must not be allowed to petrify. Data that 7. Pub. L. No. 91-508, 84 Stat. 1127-36, 15 U.S.C. §§ 1601-77 (1970). 164 LAW FORUM [Vol. 1971 is shown to be inaccurate, or archaic, or of little probative value, should be deleted, reclassified, or its age brought to the attention of a user of the file. But what if self-regulation fails? Indeed, can we afford the luxury of waiting to find out? It seems clear to me that the legal profession must become more active in finding a solution to the computerprivacy dilemma. Unfortunately, we cannot be too sanguine about the existing legal structure's ability to meet the challenge. The common law of privacy traditionally has been preoccupied with the problems raised by the mass media and has concerned itself. with the commercial exploitation of a name or likeness, the offensive intrusion into an individual's personal affairs, the widespread public disclosure of private information, and the “false light" cast on individuals by media disclosures.R In the constitutional law arena, recent cases seeking the expungement of files maintained by law enforcement agencies have been largely unsuccessful. Despite strong arguments that the preservation of detailed information directly infringes the data subjects' right of associational privacy under the first amendment, no relief usually is given because of a judicial concern over the government's need to be able to deal with lawlessness. Furthermore, any privacy action based on constitutional rights will have to avoid the inhibiting effect of the Supreme Court's decision in Time, Inc. v. Hill,10 which imposes a heavy burden of proof on the party seeking relief for an invasion of privacy. The effect of that case is to give the media substantial immunity from liability for invasions of privacy in order to provide “breathing space" for freedom of expression. I think it is fair to say that this decision partially aborts the common law right of privacy's capacity for doctrinal growth. 11 The judicial vineyards are not completely blighted, however. The right of associational privacy is probably the most clearly developed of the constitutional protections for personal information. Thus, when the government attempts to gather data from an individual concerning his association with a group dedicated to the advancement of certain beliefs, it must show that the information sought is a subject of overriding and compelling state interest.12 Closely related to associational privacy is another type of privacy that the courts have protected the right to 8. See A. MILLER, supra note 5, at 173-89. 9. See Anderson v. Sills, 56 N.J. 210, 265 A.2d 678 (1970), rev'g 106 N.J. Super. 545, 256 A.2d 298 (1969). See also Menard v. Mitchell, 430 F.2d 486 (D.C. Cir. 1970). Judge Gesell's opinion on remand in the Menard case reflects a very balanced and sophisticated approach to the data bank question. Menard v. Mitchell, Civil No. 39-68 (D. D.C. June 15, 1971). 10. 385 U.S. 374, 87 S. Ct. 534 (1967). 11. See A. MILLER, supra note 5, at 190-99. 12. See NAACP v. Alabama, 357 U.S. 449, 78 S. Ct. 1163 (1958). See also Gibson v. Florida Legislative Investigation Comm., 372 U.S. 539, 83 S. Ct. 889 (1963). No. 2] THE DOSSIER SOCIETY 165 possess ideas and beliefs free from governmental intrusion. The leading case in this area, Schneider v. Smith,13 makes it clear that espousing an unpopular idea is not a scar a person must show upon inquiry for the remainder of his life. In a related field, a number of cases protect our physical privacy from unreasonable searches and seizures and guarantee us the "right to be let alone" in what have been described as "zones of privacy."14 This view is exemplified by Griswold v. Connecticut,15 which struck down Connecticut's attempt to regulate the use of contraceptive devices. However, a recent Supreme Court decision upholding the right of welfare authorities to terminate benefits if they are not given access to the welfare beneficiary's home under certain circumstances seems to look the other way.16 On the plus side, mention also should be made of Wisconsin v. Constantineau,17 which appears to have infused due process notions into the use of information by requiring that when a person's reputation, honor, or integrity is jeopardized by a governmental dissemination of personal information, a minimal level of procedural fairness must be satisified. But peculiarities in Constantineau caution us against expecting too much from it. But these decisions simply represent the outer boundaries or constitutional limits on governmental action-they do not give us the standard for achieving the balance that is desperately needed. That will have to come from the legislature. Legislative activity in the computer-privacy field might take a number of different forms. One simple and highly desirable statutory approach would be to prohibit governmental, and perhaps even nongovernmental, organizations from collecting designated classes of sensitive data. This might be reinforced by a statutory requirement that computerized files be periodically purged of all data that has become too ancient to be trustworthy. Of course, any proposal that would have the effect of impeding the government's information practices faces an uphill battle in the political arena. A somewhat different, and in many ways more drastic legislative approach, involves requiring computer manufacturers, users, and data networks to employ prescribed safeguards for maintaining the integrity of personal information. This can take the form of (1) imposing a 13. 390 U.S. 17, 88 S. Ct. 682 (1968). 14. See Stanley v. Georgia, 394 U.S. 557, 89 S. Ct. 1243 (1969); Katz v. United States, 389 U.S. 347, 350 n.5, 88 S. Ct. 507, 510-11 n.5 (1967); Berger v. New York, 388 U.S. 41, 87 S. Ct. 1873 (1967). 15. 381 U.S. 479, 85 S. Ct. 1678 (1965). 16. Wyman v. James, 400 U.S. 309, 91 S. Ct. 381 (1971). See generally Burt, Forcing Protection on Children and Their Parents: The Impact of Wyman v. James, 69 MICH. L. REV. 1259 (1971). See also Law Students Civil Rights Research Council, Inc. v. Wadmond, 401 U.S. 154, 91 S. Ct. 744 (1971). 17. 400 U.S. 433, 91 S. Ct. 507 (1971). 166 LAW FORUM [Vol. 1971 statutory duty of care on everyone connected with the data-handling process, which would encourage privacy consciousness, or of (2) enacting detailed privacy-oriented technical requirements, which would have to be followed by computer manufacturers. These would include sophisticated protective schemes involving access regulations, personnel controls, and mechanical devices that can discriminate among users and differentiate data on the basis of sensitivity that would have to be complied with by handlers of personal information. But detailed congressional legislation is difficult to draft and the best solution may be to give over the task of regulation to an administrative agency that would act as an information ombudsman or a privacy auditor. The notion of an independent information agency is not a new one. Many of the congressional witnesses and commentators on the proposal to create a National Data Center, myself included, stressed the importance of locating control of such an organization outside the existing regulatory framework.18 Administrative regulation would obviate the need to make highly detailed policy judgments in statutory form at what may be a premature time. It also would guarantee that the problem is placed in the hands of a watchdog group, hopefully composed of experts drawn from many fields, that could exercise continuing supervision over the data handling community.19 A number of Congressmen already have recognized the need for some controls and have introduced legislation to protect privacy. Unfortunately, the activity is somewhat reminiscent of Leacock's Man, who jumped on his horse and rode off in all directions at once. Bills have appeared to regulate credit bureaus, mailing list companies, the census, employee privacy, government inquiries, and psychological testing. Thus far only the Fair Credit Reporting Act, mentioned earlier, has been enacted into law. But Senator Ervin and Congressmen Gallagher and Koch have proposed broad regulation of computers and data gathering activities and we can expect continued activity in this field for some time. When the dust ultimately settles, I hope we shall have struck the necessary balance. This probably will require give on both sides. No doubt we can coerce, wheedle, and cajole an individual into giving up part, or even all, of his informational profile. But what price would we pay for it? Alienation, distrust of the government, deceptive re 18. See Hearings on Computer Privacy Before the Subcomm. on Administrative Practice and Procedure of the Senate Comm. on the Judiciary, 90th Cong., 2d Sess. (1968) (statement of Professor Arthur R. Miller); Note, Privacy and Efficient Government: Proposals for a National Data Center, 82 HARV. L. REV. 400, 404 (1968). See also Ruggles, On the Needs and Values of Data Banks, in Symposium-Computers, Data Banks, and Individual Privacy, 53 MINN. L. REV. 211, 218-19 (1963); Zwick, A National Data Center, in A.B.A. Section of Individual Rights and Responsibilities, Monograph No. 1, at 32, 33 (1967). 19. This theme is developed in A. MILLER, supra note 5, at 228-38. No. 21 THE DOSSIER SOCIETY 167 sponses, obfuscation of certain data gathering objectives (as I think may be true of the census goal of enumerating the population), numbing of privacy values, and an atmosphere of suspicion. Instead of the stick, perhaps we should rely on the carrot. Governmental and private planners must refine their information handling techniques, reduce the burden on the individual, and assure us accuracy of the files and security against improper dissemination. If this is done, perhaps we will feel less apprehensive about yielding a little of ourselves. Few aspects of life, even in a free society, can survive as absolutes-and that includes privacy. If some of my remarks seem slightly alarmist in tone, it is because I feel it is necessary to counteract the syndrome referred to by the poet e.e. cummings, when he wrote "progress is a comfortable disease."20 We must overcome the all-too-often complacent attitude of citizens toward the management of our affairs by what frequently are astigmatic administrators in both government and the private sector. The very real benefits conferred by information technology may opiate our awareness of the price that may be exacted in terms of personal freedom. It thus seems desirable to sound the klaxon to arouse a greater awareness of the possibility that the computer is precipitating a realignment in the patterns of societal power and is becoming an increasingly important decision-making tool in practically all of our significant governmental and nongovernmental institutions. As society becomes more and more information oriented, the central issue that emerges to challenge us is how to contain the excesses and channel the benefits of this new form of power. If the concept of personal privacy is fundamental to our tradition of individual autonomy, and if its preservation is deemed desirable, then I feel that the expenditure of some verbal horsepower on its behalf is justified. Unless we overcome inertia, there will be no one to blame but ourselves if some day we discover that the mantle of policymaking is being worn by those specially trained technicians who have found the time to master the machine and are using it for their own purposes. To paraphrase the French sociologist, Jacques Ellul, that it is to be a dictatorship of dossiers and data banks rather than of hobnailed boots will not make it any less a dictatorship.2 21 20. e.e. cummings, 100 SELECTED POEMS 89 (paperback ed. 1959). |