A great deal is going on in Massachusetts in the privacy arena. There are three things worthy of special note. First, Massachusetts was, I think, the first State in the Union to legislate with regard to computerized criminal recordkeeping. A statute was passed in 1972 that is designed to manage what is called criminal offender record information that will be in a fully automated criminal justice information system that will service all of the law enforcement agencies in the Commonwealth. This statute created two adminis trative units. One is the Criminal History Systems Board, which has operating control over the criminal justice information system. It is a regulatory body composed of representatives of the data users-law enforcement officials, rehabilitation officials, and court officials. It is an in-house professional group. In addi tion to the Board, there was created a Security and Privacy Council consisting of nine members, seven public members who work on a pro bono basis, and representatives of the Attorney General's office and the chairman of the Criminal History Systems Board. I serve as chairman of this Council. The Security and Privacy Council's function is to study, monitor, audit, and present recommendations to the Board with regard to matters bearing on security of the system and the privacy of the criminal justice files. It really has no power-none whatsoever other than the power of recommendation. All power resides in the Board. Fortunately, the Council seems to have captured the good will of the Board and the two organizations are working in reasonable harmony.

In the period between the enactment of the statute and the present, very, very detailed regulations have been drafted by the Board with the advice of the Council. These deal in great detail with regard to such matters as security of data, access to data, dissemination of data, the purging and sealing of data. Anyone interested in seeing a fully developed regulatory system would be well advised to look at the regulations proposed for the Massachusetts criminal justice system. In my judgment, it represents a rather reasonable balance between the needs of the law enforcement community and the rights of the individual, although I do not agree with everything in the current draft. Of course, these regulations are reinforced by a strong statute that prohibits the movement of criminal justice information outside the criminal justice community and those governmental organizations authorized by statute to have access to criminal justice information. If properly enforced, this is a very limiting standard. There is no legal way an employer, an insurance company, or a credit-rating or credit reporting agency will be allowed to gain access to the Massachusetts criminal justice system.

The second development in Massachusetts is the

appointment by the Governor of a Commission on Privacy and Data Protection. In many ways, this Commission is modelled after the HEW Committee. Its charge is about the same and its composition reflects the same wide angle of experience and expertise that characterized the HEW group. It is a commission composed of private citizens who are not compensated. I serve as its chairman. We are just getting underway by investigating the state of recordkeeping in Massachusetts, the level of security that exists, the amount of technological attention being given to matters of privacy and security. We expect to take testimony from citizens and to respond to individual complaints. We already have started to receive them and they follow the usual pattern of objections to the use of the social security number on driver's licenses, the lack of file security in welfare offices, the selling of lists of customers or members to consumer reporting and mail list companies.

The third development in Massachusetts symbolizes what I said earlier this morning when I suggested that the privacy issue has come of age. The computerprivacy issue has the enormous political sex appeal. Not to be outdone by the Governor, the General Court of the Commonwealth of Massachusetts, which is its legislature, has appointed a commission to study priv acy. Of course, its efforts will be largely duplicative of the Governor's commission, although it probably will be more action oriented because it is composed of nine State representatives and three public members. It, too, is just underway in its work.

I have described the Massachusetts scene simply to indicate to you that considerable activity is going on at the State level and the object will be to place a bill before the entire legislature. The executive and legislative branches of dozens of States already have become active in trying to deal with this problem. One of the really significant problems that face policymakers, in particular those at the operating levels of government, such as many of you people, is to avoid the zealots, both the zealots of government efficiency on the one hand and the zealots of civil liberties on the other. Unfortunately, many of the proposals that are appearing are technologically unsound, administratively unworkable, or placebos that really accomplish little because they offer people no effective procedural mechanism either in terms of gaining access to their files or in terms of challenging inaccuracies in the file. If there is a single important role for governmental policymakers, it is to help the legislators find a mid-course between the extremes; otherwise we will end up with extremely bad legislation. I think you must face the fact that given the appeal of the privacy issue, there will be legislation and the real question is how good can be make it.

was only one number different from that indicating non-Communist. Were any of those codes incorrect? The Senator wonders and so do I. For the consequences of disseminating such erroneous information would be horrendous on an individual's career and life.

It concerns me, as a mother of a daughter who has attended college during recent times. Is it possible that she might have been seen standing innocently near a gathering which turned violent and someone noted in a file somewhere that she was an active participant? An error could have been made and somewhere a computer could contain such erroneous information which will prevent her from being employed or obtaining credit. She has no way of knowing, nor do I.

An error of observation or a mistake in coding could, through improper dissemination, destroy her life without any sort of attendant guilt or her part. Do any of us know in which data banks our names might appear or what information about us is stored away by such machines or, finally, what uses are made of the information?

Clearly, the dangers indicated require that action be taken for our protection. The final question then becomes: What action? The committee on which Sen

ator Aronoff and I served, made several specific recommendations. Senator Ervin's subcommittee on constitutional rights has made others. I would not attempt to list the various proposals suggested nor to read the list of legislative measures which have been proposed, for my purpose here today has been to discuss the problem from the point of view of the individual citi. zen. All of the proposals require our careful consideration, however, and more importantly, the careful consideration of the Congress.

Mr. Justice Brandeis spoke of the problem in the 1928 case of Olmstead versus the United States when he said:

"Experience should teach us to be most on our guard to protect liberty when the Government's purposes are beneficent. Men born to freedom are naturally alert to repel invasion of their liberty by evil-minded rulers. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning, but without understanding."

I am hopeful that now, 46 years later, positive action will be taken for protection of rights so long and flagrantly abused by those who govern us.

Thank you very much, Arthur. You ought to know from the Harvard faculty that there's nothing more virtuous than a convert and I freely confess to being just that. That was my function, at least for 14 of the 23 meetings of the HEW Committee. For some period of time, after each witness that came forward, I generally asked the question. "What's all the fuss about?" "What are we trying to hide?" Or, "you haven't scared me yet."

Some place around the 14th meeting, I noticed a big change in my own questioning technique and by the end I was raving for action and demanding that there be a shield of privacy that each of us may use and have if we get stored in the bowels of the computer.

I might say in starting out that I am anti-technology or anti-computer. Frankly, I can't envision any modern life without the sophisticated use of computers. So, it's merely a balancing act that I'm inter ested in. An act that protects an individual's rights on the one hand and does not inhibit the justifiable use of computer technology. I realize I have a very learned audience and I hope you won't consider me totally boring if I identify for you in very short form what is listed in the HEW Report. If you're going to have a Code of Fair Information Practice, then you have to start at the beginning and identify what are the unfair information practices that are going on now

that promote such a code. Do they justify the kind of strict legislation that I hope you will be an advocate.

Number One: The unfair information practice of getting too much information. Here are some of the examples that we get out of the Committee after hundreds of hours and mounds of testimony. Take the Credit Bureau as an example. We all know the neces sity for credit; we all know that there are computer banks storing credit information, the largest one being in Atlanta. But, aside from the earning capacity, is it necessary for the neighbors to be asked whether an individual entertains at late parties, drinks, takes drugs, and all kinds of information such as that, subjective information, which then gets stored into the computer even though it's hearsay? We had an example of a man in New York who had his insurance cancelled because his son had long hair. Because the son had long hair that meant to the neighbor that everybody was on drugs in that family, they were "bad risks"! Therefore, the insurance company cancelled and it took a period of time for the man to get his insurance back. Annoying, but something we should all consider after we look at our children, or look at ourselves.

Or examine the guaranteed student loan program. The purpose of that program is to give money to needy children in order for them to get an education.

But in one state which testified before the Committee, other questions were asked, such as, "project your grades," or "project the kind of sex activity that you'll be getting into at the University." Well, what does that have to do with a guaranteed student loan program; and when we asked the interviewer why the question was asked, she just said, "I thought I'd like to know about that." There's no way of stopping that kind of "I'd like to know about" on questionnaires that are prepared countless times in all kinds of professions and Government.

Unfair information practice Number Two: Using information for purposes other than those for which it was originally gathered. There was an example that came before the Committee of a man that walked into the home of a young GI just after he had gotten out of the Vietnamese war, reached into his pocket and flicked out an envelope. When the young GI picked it up and opened it, there was $10,000. Well, $10,000 for what? This man was being contacted and given $10,000 in order to kill an underworld figure. He was being contacted by organized crime in order to become a contract killer. Why? Because somehow they had gotten hold of his army record and found that this guy had been involved in a number of "kills" in the Vietnamese War.

What about the simplest example that happens to us all-junk mail. I am a politician in the State of Ohio. I received this in the mail last week (showing exhibit). "Senior Citizen. Computerized mailing list of over 7 million over-65 adults." It was compiled from all kinds of things: medicare policies, adult retirement, and it goes on for a few other things; then it says, "marital status: couples only, widows, etc.; home ownership, retirement income level; age and date of birth in selected States"; and finally, "five digit zip codes on test orders under 10,000 names"; then in yellow underlined and I did not do this: "political campaigns for use of senior citizen voters." (Arthur, you might want to use this in the next compilation that you have.) Again, we all are victims of junk mail. Some of it we like and some of it we don't. In the State of Ohio, I raised holy hell because the State was proudly saying that when you go to buy an automobile license each year we take your name and we sell it. Well, terriffic! The State of Ohio made $65,000 that way and then from that point on, somebody else owns your name and you get advertisements for this kind of thing for your new car and that kind of thing for your new car; and they, in turn, sell the list to somebody else and ultimately you have the progression here. The State of Ohio no longer does that.

Unfair information practice number three: Using incorrect or incomplete information. Here I think we have the example of the arrest record which has been talked about over and over and over again, and I merely would say that the statistics that came before the Committee indicate that a substantial percentageand I forget the exact percentage but I know it was shocking all youth under the age of 25 will have been arrested and charged with a crime. Yet a great majority, a preponderant majority, will not even make

it to court. The question is do we want correct records! I think what's going on in Washington gets at that point.

But I think another more tragic type of example is one where a young person had just recently gotten out of the war. He and his wife, after a long conversation, had decided to adopt a young child from a foreign country, until the report came back that this fellow was "morally unfit." Why was he morally unfit? He had been labeled a "heroin addict" on his way out of the military service. Now I don't know if you all remember when you were discharged from the Army, but I remember the mustering out process and some of the guys that were doing it, and I ask you whether it's possible that somebody in that line might make an error and label someone a heroin addict when the person was not. It obviously is possible and in this case it happened and it took the Red Cross a year to solve the problem and there were still problems in a Domestic Court thereafter.

A fourth unfair information practice is: being haunted by paper ghosts of the past. In 1974, the idea of "Go West, young man and start a new life" is ridiculous. Your records get there long before you do. We can't escape to your State anymore, Mr. Cullen. If we try to leave Ohio, or Massachusetts, you'll catch us out there or the record will.

And we had an example before the Committee of a person who did not accept promotion in a rather large retail chain. This man was black, and it would have been a good promotion. But it would have meant revealing a minor misdemeanor on the east coast some 25 years before. The problem that he had was that it might have cast some disparagement on his race when he was reaching a high level. The question has to come up whether there should be some statute of limitations on stale information.

And finally, I suppose the most important of the unfair information practices, the denying of an individ ual, the denying of you and me of the effective control of our record. I guess the simplest example that we all have is when we take an insurance examination. We get an examination from an insurance doctor. Before going to the Committee, I was naive and thought that that was an examination just for that insurance company; I didn't realize that it was stored in a master bank. Although the insurance industry has told me countless times since then that one company or another company never has an opportunity to look into that bank. If a person has been denied coverage by one company and the other company knows it, I ask you whether or not that has some bearing. But more importantly, you don't have an opportunity to look at your medical record if you are stored there. (Note, this has now been changed.) And I think that's the key. If there's nothing to be afraid, when why shouldn't you have a chance to look at your record and see if there are some corrections that should be made.

The 55 mile speed limit will catch us all from time to time. It used to be that when you were stopped for speeding, your friendly police officer came up to you and said, "Now, Stan, you're going a little fast" and

you have a conversation back and forth and you usually got the ticket anyway after you tried to talk him out of it. That's not the case now. Now you're stopped. You give your driver's license with your social security number. The police officer goes into his car and he dials the regional computer center of a certain area which in turn plugs into Washington and then back it comes with your record. Not only your automobile record, but your whole criminal record. And instead of catching Arthur Miller, you may get "Jack the Ripper." And law enforcement officers are very proud if they catch somebody by doing that. But what about the incorrect record and the problem that these are collected from local governments the theory of "garbage in, garbage out.'

Well, I think I've talked enough so that I at least ought to get to the bill. And the bill I've introduced into Ohio is very similar to the Congressional bills that you heard. It is similar in other respects to the California bill, but I hope it has some individuality of its own. I hope we'll have a chance of its passage.

On the one hand, it describes individual rights. What rights do you have if you get into a computer? And i describes them. You have to be informed in writing if you're legally required to give the data. You have to be informed in writing whether you're the subject. of the data in a system and, upon request, that data must be made available to you. You have to be assured in writing that no use of the data will be made beyond the stated purposes of the system as reasonably understood by you. You have to be informed upon request of the uses made of the data concerning you. Procedures to allow you to contest the accuracy, the completeness, the pertinence and the timeliness of the data. must be made and the bill outline a procedure to make

corrections.

And finally, although I do not know whether this will remain in the bill, it prohibits the use of the social security number unless specifically authorized by Federal law.

On the other hand, there's a set of do's and don't's for computer managers-a kind of "code of ethics." First of all, every person or firm operating an automated, personal data system must file with our State of Ohio in a designated agency a statement of purposes and uses of the data system; must obtain the prior informed consent of an individual-you-before making use of data, must appoint one person responsible for the security in information in the system and inform all employees using the system of safeguards established pursuant to the act; specify disciplinary measures to be applied against anyone who is discouraged from reporting if something is wrong; take precautions to protect the data from unauthorized use; make no transfer of individually identifiable data to another system without the prior consent of the individual concerned; maintain a complete, accurate record of every access and use made of data in the system; and maintain the data in the system with such accuracy as to fairly reflect the individual's current qualifications and characteristics. Finally, eliminate the stale data.

The act gives civil and criminal penalties, injunctive relief, and a variety of court actions that say, in effect, that these are not just words written by the Ohio legislature; but if a person has been aggrieved, then that person has a method for redress.

It's tough stuff and hearings start next Tuesday. Some of the people here are going to be witnesses I believe and I hope to be able to come back to you and give you a progress report. Thank you.

In November of 1972 California voters responded to the question of protection of individual privacy by amending the California Constitution to include priv acy as an inalienable right of all people.' By that action the people of California were providing their legisla lature with a very clear message which reflected a general dissatisfaction with the erosion of the personal privacy.

They had come to the sudden realization that, like the bald eagle and the peregrine falcon, privacy was itself an endangered species too easily taken for granted. It had been allowed to dwindle to the degree that it had become more of a concept than a reality.

1 California Constitution, Article 1, Section 1.

And just as the eagle and the falcon are integral parts of our natural ecology, so is privacy an integral part of our social ecology, and the people of California are asking that the assault on it be halted.

We in the California Legislature have responded to that mandate and have taken, and are in the process of taking, a number of steps which will assure that the privacy of Californians does not become a myth.

One of the more pervasive elements in the assault on privacy has been the increasing employment by gov ernment and the business sector of electronic data processing (EDP) technology. The California Legisla ture has focused on the uses (and abuses) of this technology in its attempts to come to terms with the issue of privacy. It is apparent that the right of an individ

ual to privacy is contingent on a modern day factor, that is, computer-related security. Neither constitutional assertion of privacy as a right nor statutory reaffirmation of this right will enhance its chances for survival unless provisions are made for security of data which is contained in automated systems.

California's long time pioneership in governmental application of EDP technology has provided our legislature with the background to cope with EDP. The State's commitment in this area is evidenced by an annual expenditure of $135 million attributed to computer-related costs (and these costs keep rising). This figure excludes the millions of Federal dollars spent on computer services in health, welfare, criminal justice and the California University Systems.

In retrospect, the California Legislature's long standing and active interest in the development of EDP systems in State Government has served to equip it with sufficient understanding to enable the legislature to respond quickly and realistically to the issue of privacy in EDP applications.

For some years, the budget enacted each year by the legislature has contained in supplemental language the requirement that the pursuit of maximum EDP effectiveness in State Government" . . . not jeopardize or compromise the confidentiality of information as provided by statute or the protection of the right of individual privacy as established by law."2 The key is, of course, the dependence on established law.

As California's EDP representative to the National Conference of Legislative Leaders, I have shared my experiences of 1971-72 where I was the Assembly representative on a joint California Legislative Committee that developed and painstakenly nurtured through both houses urgency legislation, passed in 1972, providing for State Information Security Officers. The legislation also served as a basis for requirements added by the legislature in supplemental language to the Budget ACT of 1972. This language required that (1) designers of information systems include in their analyses the recognition of the use of confidential information; (2) strict controls be developed to prevent unauthorized access to data maintained in computer files, including the physical security of program documentation, data files and data processing facilities as well as electronic controls to prevent accidental or intentional unauthorized access to data, (3) each state department designate an information security officer responsible for implementing state policies and standards regarding the confidentiality and security of information for that department, (4) the Department of Finance (which has statewide control of EDP in California State Government) continually review the adequacy of State policies and procedures with regard to confidentiality of data and report to the legislature on progress in this area, and (5) any contractor engaging in EDP-related work for

2 "Supplementary Report of the Committee on Conference relating to the Budget Bill" (beginning with the 1970-71 fiscal year). SB 1503 (Teale 1972), California Government Code Section 11775-11785.

the State must agree in appropriate contractual language to hold confidential the details of the work performed. We stipulated also that any EDP-related contract entered into by any State entity provide for the contracting staff to be physically on the premises of the data center or State entity concerning systems design, programming, documentation, conversion, training and all other aspects for which the contractor is hired. Further, because California is moving in the direction of consolidating our EDP resources into five large-scale consolidated data centers, we required that each consolidated data center also designate an information security officer; that the RFP for each center contain mandatory objectives to be placed on the vendor in the areas of confidentiality and privacy. Legislative review of the RFP was a requirement prior to issue.

As a direct result of legislative concern over the enhancement of the assault on privacy made possible through electronic means, the 1972 Legislature also added supplemental budget act language which prohibited the transmission of data from one data center to another by any wire, line or other communications device. The one exception allowed has been the transfer between two data centers of stolen vehicle information for law enforcement purposes.

The Legislature's 1972 decision to consolidate the State's computers into 5 Data Centers has caused concern. However, it is the consensus that, through data consolidation, protection of privacy will be improved through systematic control over all phases of security for each center. In one of the State's consolidated data centers, it is expected that more than one billion input/output calls will be made each year. Much of the information will concern personal data associated with organizations such as the State Personnel Board and the Employees Retirement System. The biggest problem is to equate privacy protection costs to realistic operational costs. Regardless of the ultimate protection afforded in each of the Consolidated Centers, the constant recognition of the protection of personal privacy should keep the personnel involved with systems operations alert.

These actions taken by the legislature have in turn. caused the Executive Branch of California State Government to take action to implement the legislative mandate. For example, we now have information security officers in State departments and in consolidated Data Centers. We now have in the process of development an EDP facility auditing program of which an integral part is the auditing of EDP security and confidentiality. We now have continuously updated security guidelines and checklist package for use by State Agencies in the establishment and maintenance of appropriate safeguards for the physical and confidential protection of data. Most importantly, the full attention of the legislature has been directed toward this most vital area. This attention must continue because the relative inexpensiveness now associated with the collection, manipulation and dissemination through. electronic means of inordinately large amounts of personal data has effectively removed the economic