sensitive." Id. The term "security" has been used in a broader sense throughout this article.

3 See, e.g., Response of United States Department of Justice (Mar. 5, 1968), filed in Computer Inquiry, FCC Docket No. 16.979.

e See Irwin, supra note 49, at 360-61 (1969); Miller 1099-1103.

65 However, if the carriers utilize separate subsidiaries to engage in computer service operations which would be subject to regulation by the industry association if performed by computer companies not related to communications common carriers, such carriers or their computer service subsidiaries should be subject to industry regulation in the privacy area.

Even if the FCC might be able to act pursuant to its existing general powers under the Communications Act of 1934, 47 U.S.C. §§ 151-609 (1964), there may be considerable advantage in spelling out the FCC's jurisdiction in this situation and perhaps providing for special streamlined procedures.

If the FCC is to become involved in a significant way in this situation, perhaps it should be the agency to review actions of the computer industry agency although Congress might wish to consider other alternatives before determining whether to give such jurisdiction to the FCC. See note 56 supra and accompanying text.

67 This description of the NASD and its activities is taken from the 1968 NASD President's Report. 1968 NASD Ann. President's Rep. Of interest to the computer industry in formulating its system of self-regulation might be the NASD's statement of purposes: (1) To promote. the investment and securities business, to standardize its high standards of commercial honor, and to promote among members observance of Federal and State securities laws; (2) To provide a medium through which its membership may . . . consult, and cooperate with governmental and other agencies in the solution of problems affecting in vestors, the public, and [this business]

principles and practices, to promote

(3) To adopt

and enforce rules of fair practice [in the securities business] and in general to promote just and equitable principles of trade for the protection of investors;

(4) To promote self-discipline among members, and to investigate and adjust grievances between the public and members. CCH NASD Manual ¶ 1003.

With some slight change in terminology, many of these statements might be substantially adopted by the computer industry.

[From the Congressional Record, Senate, Oct. 10, 1972]

INTERNATIONAL DECLARATION OF PRINCIPLE ON COMPUTERS AND

PRIVACY

Mr. ERVIN. Mr. President, for many years the Constitutional Rights Subcommittee has been studying the impact of computers and Government data collection on individual rights and privacy. The subcommittee's studies have resulted in a series of hearings, recently published, entitled "Federal Data Banks, Computers, and the Bill of Rights." It was at those hearings that the subcommittee, among other issues, investigated the Army surveillance program.

The hearings attracted an extraordinary amount of public interest. Since that time it is clear that the public is beginning to focus on the potential dangers to individual privacy posed by the introduction of new technologies to aid Government in its insatiable curiosity for information about citizens. It is illustrative of this public concern that the platforms of both major parties this year take stands which recognize the issue and promise steps to prevent unwarranted invasions of privacy by Government data banking.

"Computers and privacy" is not only an issue to Americans. Other Western countries also see that computers can have a profound impact on economic, social, and political conditions, and that they can disturb the existing relationship between Government and citizen to the detriment of individual freedom.

In recognition of these potential consequences, a French foundation, L'Institut De Ia Vie-or, the Institute of Life-scheduled a conference on "Man and the Computer" last month in Bordeaux, France. The institute is dedicated to insuring that the science and technology are used for the benefit of mankind.

The institute's Conference on Man and the Computer, its second, was particularly concerned with the impact of computers on individuals. The Conference brought together over 150 experts in medicine, law, sociology, government, law enforcement, industry, communications, education, and other fields from over 22 countries, including 14 nations from Western Europe, plus Turkey, Algeria, Mexico, Israel, Canada, and even Yugoslavia, Japan, and the Soviet Union. Five special reports were prepared-on education, medicine, urban affairs, planning, and on individual life. Among the noteworthy results of the Conference was a declaration of principle on fundamental human rights. The declaration of principle stresses first of all the individual's right to privacy. In its words:

"The Right to Privacy. We believe that there is an interest shared by all people to have some control over the information that is collected, stored, and circulated about them. We believe it essential that consideration of this issue be an integral part of the creation of any information system."

A second right, and one which is not underlined in the United States as often as it should be, is the right to information. Since information can be considered a resource, the monopolization of information is to be avoided just as we prohibit monopolization of any other natural resource.

The declaration outlines a series of operating principles which should be observed in the creation of every computer data bank. These six principles are: "The need to determine whether information to be collected is relevant to the purpose for which it is sought and whether it is required to be collected at all; "The need to give the individual notice of and access to information stored about him;

"The need to limit information systems to specific uses;

"The need to regulate the use and transfer of information in such systems; "The need to check and update information contained in these systems, supervise operation of the systems, and monitor their expansion into new areas or enlarged data-sharing operations; and

"The need for sanctions to enforce the safeguards established."

Finally, the declaration recognizes that in order to effectuate these principles, there must be first, acceptance on the part of those who operate data banks of the rights to privacy and to information; second, full public knowledge and review of all important aspects of every record system by a public authority charged especially with protecting individual rights; and third, the creation of a forum for the resolution of individual complaints arising from these systems.

This declaration of principle is unique not only because it states in clear, simple and moving terms the rights which are clear to every American, but because it demonstrates the universality of the concern for privacy. It is noteworthy that this declaration of principle was drafted by a group with widely divergent cultural and political traditions. Yet the result is one which can serve as a guide for the United States in its treatment of the problems of computers and privacy.

I ask unanimous consent that the declaration of principle adopted by the Institute De La Vie at its Conference on Man and Computer be printed in the Record.

There being no objection, the declaration was ordered to be printed in the Record.

[The dedication follows:]

CONCLUSIONS AND RECOMMENDATIONS

Presented at the final session of La Conference Internationale, "L'Homme et L'Informatique", L'Institut de la Vie, Bordeaux, France, 16 September, 1972.

DECLARATION OF PRINCIPLE

We believe that there are fundamental human rights which deserve reaffirmation in the comuuter age. It is not that threats to human rights are new in the computer age but rather that the computer is changing the economics and nature of the information processing systems of society in ways that could lead to increased encroachments on these rights. In reaffirming these rights, we do so with the hope that by making the possible opportunities and dangers more visible, the use of computer technology will result n the enhancement of these rights rather than their diminution.

Among these rights are the following:

The Right to Privacy. We believe that there is an interest shared by all people to have some control over the information that is collected, stored, and circulated about them. We believe it essential that consideration of this issue be an integral part of the creation of any information system.

The Right to Information. We believe that information gathered and stored in computers wil become as important a resource as any man has sought to employ. In each country there needs to be an integrated national policy on the availability of this resource. We believe that the individual has a fundamental human right to have access to information, not only about himself, but about his community and government and other things that impact upon his life.

At the same time, we recognize that the individual's right to privacy can conflict with society's right to know and use information. Similarly, the right to informaton of one individual can conflict with the right to privacy of another. The balance to be struck between these conflicting interests will depend on the setting, the nature of the information, and the use to be made of it. The ultimate

accommodation of interests will vary from culture to culture and country to country as values differ.

In developing information systems, we believe the following principles should be among those considered:

The need to determine whether information to be collected is relevant to the purpose for which it is sought and whether it is required to be collected at all The need to give the individual notice of and access to information stored about him contained

The need to limit information systems to specific uses

The need to regulate the use and transfer of information in such systems The need to check and update information contained in these systems, supervise operation of the systems, and monitor their expansion into new areas or enlarged data-sharing operations

The need for sanctions to enforce the safeguards established.

To transform these principles into operation requires

The creation of a consciousness on the part of managers of record systems about the rights of privacy and access to information

A process of public review of the goals, organization, procedures, and safeguards of record systems, preferably by a legislative body or administrative authority charged with insuring full consideration of the issues of individual rights

An appropriate forum, judicial or administrative, before which individuals can bring complaints in particular cases.

We believe that the capabilities of computer technology can and should be taken full advantage of in the design of the protective mechanisms we have recommended. Once these measures have been taken, we look toward the fruitful use of information systems to help governments and private organizations carry out the responsibilities for public policy and social progress with which they are charged. The principle we recommend should lead to the growth of greater public trust in the use of properly controlled information systems. Without this trust, the benefits of information systems cannot be realized in democratic societies.

We view the evolution of legally enforcable rights and effective remedies as being as important for the future application of computer technology as the successfull development of the technology itself.

[From the Congressional Record, June 17, 1974]

THREAT TO PRIVACY

(By Senator Charles H. Percy of Illinois)

Mr. PERCY. Mr. President, on Tuesday morning, the Government Operations Committee, in conjunction with the Constitutional Rights Subcommittee will begin hearings on a subject of critical importance to every American: personal privacy.

The focus for our hearings is a bill introduced by the Committee's distinguished Chairman Senator Ervin, Senator Muskie and myself to establish every American's right to keep personal information private and to safeguard that right with criminal and civil protections.

The bill is companion to one introduced in the House by Congressman Barry Goldwater, Jr. and Congressman Edward Koch, whose efforts I commend. It is the result of a deepening public concern about privacy invasions. These invasions are fast becoming the rule-not the exception-in American life.

The burgeoning abuse of the right of individual privacy results partly from a greatly increased capability of even a moderately endowed private or public organization to obtain, store and use vast quantities of information about people. This phenomenal technical information-handling ability is abetted by the absence of regulation (except in the area of credit information). The result is a tremendously increased potential for damaging misuse of personal information-data that the person under scrutiny does not know is so readily available. But even more important is the startling. ominous propensity of an increasingly powerful government to use information in ways that hurt individuals direct and dramatically.

In Mendham, New Jersey, a young high school student, at the suggestion of her social studies teacher, wrote the Young Socialist Alliance in New York City 37-583-74-pt. 2- -21

asking for information. Several weeks later an FBI agent visited the school's principal and other people who knew Lori Paton, to make inquiries about her. The FBI made a "notation" in its files about Miss Paton's innocent inquiry, and its agents wrote a memorandum for FBI files recording their "investigation" of Miss Paton. The FBI claimed that its knowledge of the student's inquiry was obtained from surveillance on all incoming mail to the Young Socialist Alliance. Under the law, such a "mail watch" is legal if it does not delay the mail and if it is confined only to data drawn from the outside of the envelope. The critical issue here is the potential lifetime damage to the reputation and career of a completely innocent teenage girl about whom an FBI "notation" and "memorandum" will always exist, unless she succeeds in having it expunged from the files of the FBI.

This is an example drawn from the more normal course of events. The FBI must make hundreds, perhaps thousands of such "notations" (we regrettably cannot know) each week.

POLITICIZATION OF THE IRS

What about malicious, politically-motivated invasion of the right of privacy? One of the most insidious abuses is attempted use of Internal Revenue Service data for political purposes.

Certain member of the present Administration at the outset of tis first term, made strong efforts to make the Internal Revenue Service "politically responsive." A memorandum from White House aide, Tom Charles Huston to the Assistant to the Commissioner of the IRS of August 14, 1970 refers to a July 1, 1969 White House request that IRS review the operations of "Ideological Organizations." Huston's August 14 memo asked IRS to report on its implementation of that request. The IRS response, signed by then IRS Commissioner Randolph Thrower and dated September 19, 1970, explains the operations of a so-called "Special Service Group" that had been established in IRS to monitor the tax status of "organizations and individuals promoting extremist views and philosophies." Thrower's rationale for creation of that outfit was that it was necessary "to avoid allegation that extremist organizations ignore taxing statutes with impunity." Mr. Thrower's September 1970 report indicated that by then approximately 1,025 organizations and 4,300 individuals had already been examined by the IRS.

On September 21, Huston wrote to Assistant to the President, H. R. Haldeman indicating strong dissatisfaction with IRS action on the President's July 1969 request. He noted then that "What we cannot do in a courtroom via criminal prosecutions to curtail the activities of some of these groups, IRS could do by administrative action."

Subsequently, an undated "IRS Talking Paper" was developed, outlining, from the perspective of the White House, the case against the IRS and its lack of political responsiveness. The document suggests that "Walters (who succeeded Thrower) must be made to know that discreet political actions and investigations on behalf of the Administration are a firm requirement and responsibility on his part." Another suggestion of the "talking Paper" is that Counsel to the President, John Dean, should have "assurance that Walters will get the job done."

On June 12, 1972, Charles Colson, Special Counsel to the President, wrote Dean asking for an IRS check on Harold J. Gibbons, a Teamsters Union Vice President in St. Louis, whom Colson described as a "McGovernite, ardently antiNixon." This document would suggest that a connection between Dean and IRS had indeed been established and that IRS had become more "politically sensitive" in the manner outlined in the "IRS Talking Paper."

It is unclear whether there is evidence showing that the IRS did become politically responsive in a manner demanded by the White House. However, we do know that the issue was pressed.

The Joint Committee on Internal Revenue Taxation, which has direct oversight over the IRS, has filed an interim report on its investigation of the matter. This report shows that the subjects of special audits and investigations have not been treated more harshly than other taxpayers. But the Joint Committee was denied access to files of the Special Service Group. This renders the Joint Committee's study virtually useless. But, the fact that the politicizing of the IRS was attempted is beyond doubt.

The success of the effort to compromise this key agency's integrity is still in question. But the central question is not the attempt to politicize this agencydreadful as that is. It is the doubt created in the minds of the American people—

justifiable concern that information of an extremely personal nature-might be made available to other agencies, including the White House, for political purposes.

The bill I have introduced with Senator Ervin to establish and protect personal privacy rights would remedy such abuses.

In the case of the Mendham High School student, the bill would provide her and her parents with ready access to the FBI files about her. She would have the right to examine the records and prove, if she can, the incorrectness of anything in her file. A correcting statement would be added to her file.

To eliminate politically motivated punishment by the government, the bill would require the IRS to make notations of each instance in which a file was made available to another government organization or outside person, not having regular access authority. A record of such accession or transfer must be kept.

The privacy right that S. 3418 establishes for individuals is comprehensive.

It establishes the right of a citizen to be informed whether he or she is the subject of private organization or government files. If the bill passes, in two years each individual must be told that he or she is the subject of a data file. At any other time that an individual asks, he must be informed of the fact that he is a "data subject".

The bill establishes the right to inspect all personal information contained in one's file, to learn the nature and sources of the data, and the identity of each recipient of personal data.

The bill establishes the right of every data subject to challenge, correct, or explain personal information, to demand an investigation of disputed information, to demand purging of inaccurate information and to include a 200-word personal correction of one's file.

The bill establishes the right to be informed and to give or withhold consent before personal data is given to anyone not having “regular access authority." It establishes the right to be apprised of the intended use of information and the consequences of giving or not giving permission.

The bill establishes the right to have one's name removed upon request from any organization's mailing lists. The purpose of this section is to protect citizens from unwarranted harassment.

S. 3418 defines standards for the collection, use and disclosure of personal information by government and private organizations. These standards include the following:

Personal information collection is limited to what is necessary for a "proper" function of an organization.

Information should be collected from the individual himself whenever possible. Categories of confidentiality must be established, with various levels of controlled access to information.

Data files must be policed for accuracy, completeness and pertinence by the organization maintaining them.

The organization must maintain a list of users having regular access authority.

A complete record of the purposes of every access to any personal information in a system, including the identity of the special access user, must be kept. Personal information must never be disclosed without specifying security requirements (e.g., the level of confidentiality), and obtaining reasonable assurance that those requirements will be observed.

No personal information concerning political or religious beliefs or activities should be collected if it will be put into a government-operated information system.

Income data shoud not be keyed to zip codes or postal districts.

Federal agencies are prohibited from requiring disclosure of personal data or requesting voluntary disclosure unless authorized by law.

The bill establishes a five member Federal Privacy Board that can make and enforce privacy rules for personal data files. The Board is required to establish an annual directory of every personal data system in the country; it is empowered to ensure that standards are met and to assist organizations to comply with privacy safeguards. It can make site visits, compel production of documents, hold hearings on violations, issue cease and desist orders, delegate authority to states and hold open hearings on exemptions. It is required to report annually to Congress.

S. 3418 is an excellent beginning for hearings and for the legislative process, and we in the Government Operations Committee will prepare this bill very carefully but expeditiously for floor action during this session.