informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/politics/cpsr-pri

395 lines
20 KiB
Plaintext
Raw Normal View History

Initial commit
2021-04-15 11:31:59 -07:00
Statement of Marc Rotenberg,
Washington Director
Computer Professionals for Social Responsibility (CPSR)
Open Forum on Library and Information Service's Roles in the
National Research and Education Network (NREN)
National Commission on Libraries and
Information Science (NCLIS)
Washington, DC
July 21, 1992
Thank you for the opportunity to testify today before the
National Commission on Library and Information Science (NCLIS). My
name is Marc Rotenberg and I am the Director of the Washington
Office of Computer Professionals for Social Responsibility (CPSR).
CPSR is a national organization of professionals in the computing
field.
I would like to speak with you about privacy protection and the
future of the NREN. This is item 6 identified in the NREN research
agenda. Richard Civille will speak with you next about CPSR's work
to promote Local Civic Networks.
During the past few years CPSR has coordinated several national
efforts to promote privacy protection for network communication.
>From cryptography to Caller ID, we have sought to ensure that the
rapid developments in the communications infrastructure do not
diminish the privacy we all value. We believe that the future of
network communications depends largely on the ability to make
certain that sufficient privacy protection is available for all
users of the network.
In this effort we have worked closely with the library
community. It became clear to us that library organizations have a
special appreciation for the importance of privacy protection. For
many, privacy is the critical safeguard that protects intellectual
freedom and promotes the open exchange of information. The
American Library Association, the Association of Research and other
library organizations have all shown their support for privacy
protection through codes of conduct, policy statements, and research
conferences.
We have also worked closely with telecommunication policy
makers in the United States and around the world. The New York
state Public Service Commission issued a policy on
telecommunication privacy which set out several principles for
network communications. These recommendations have been followed
in several states. More recently, the Minister of Communications
in Canada issued a series of principles on communications policy.
Meanwhile, the Commission of the European Communities has put
forward a draft directive on Data Protection in Telecommunications.
The European Commission made a critical point about future
network development. It said that "the effective protection of
personal data and privacy is developing into an essential
precondition for social acceptance of new digital networks and
services." This view is shared by agencies in other countries that
have looked at the implications of advanced networking services.
For example, the Ministry of Posts and Telecommunications in Japan
recently concluded a study on the protection of personal data in the
telecommunications business and recommended a series of privacy
guidelines to accompany the introduction of new network services.
In the United States, however, we find ourselves in the midst
of the greatest privacy debate in a generation. In the absence of
a coherent federal policy to protect privacy, consumers have been
left to fend for themselves, and the response is not encouraging.
>From Pennsylvania to California, telephone companies now face
widespread and well-founded consumer opposition to new telephone
services. Part of the reason for this is that there has been
little effort in the United States at the federal level to develop
privacy principles for new network services.
CPSR would like to see an agency in the United States take on
the task of developing and promulgating privacy principles for
network services. We have already recommended the creation of a
data protection board which could, among other tasks, develop
appropriate principles for network communications. There is a
proposal before Congress to establish such an agency, but is
unclear whether it will be enacted this year.
Meanwhile, the Federal Communications Commission (FCC) has been
unwilling to address the privacy implications of new network
services. We are also somewhat disappointed that neither the
Computer Science and Technology Board (CSTB) of the National
Research Council or the Office of Technology Assessment (OTA) has
addressed privacy concerns for network users. Both the CSTB and
the OTA are well qualified to tackle this problem.
In the interim, NCLIS could take a leadership role, and help
develop and promulgate privacy principles for the emerging
communications infrastructure. It is clearly in the interest of
the library and information science community to ensure adequate
privacy protection, but unless some agency takes on this
responsibility it appears unlikely that the work will be
undertaken.
CPSR believes that it is in the long-term interest of our
country and of computer users around the world to ensure protection
for networked communication. The failure to develop such policy
may impose very high costs on all network users, and may ultimately
reduce greatly the value of the network to users.
Speaking academically, the absence of adequate protection for
electronic communication is a substantial gap in NREN policy that
should soon be addressed if the full potential of the
infrastructure is to be realized. Speaking practically, if we don't
get some good policy soon, we may all be buried in a blizzard of
electronic junkmail the likes of which we have never known.
I would like now to make three points about the current state
of privacy protection for NREN, and then propose a series of
principles for privacy protection. These principles may help "get
the ball rolling" and encourage the development of other
initiatives. I hope that NCLIS will recommend that the Office of
Science and Technology Policy (OSTP) give these principles full
consideration.
FINDING 1:
Commercialization of the NREN will exacerbate existing privacy
problems. Without a clear mechanism to protect privacy, user
concerns will increase.
Much of the discussion surrounding the NREN today focuses on
the opportunity to develop commercial services and to provide
network access for private carriers. We do not oppose efforts to
provide commercial services. Clearly, there is an important
opportunity to develop new services and to offer products through
the network. At the same time, it is apparent that the
commercialization of the NREN will create new pressures on privacy
protection.
In the current network environment, made up primarily of
researchers and scientists, there is little incentive or
opportunity to gather personal data, to compile lists, or to sell
personal information. This is likely to change. Once commercial
transactions begin to take place on the net, the information
environment will resemble a hybrid of credit card and telephone
call transactions. Records of individual purchases will be
available and will possess commercial value. The NREN community
will face a whole new set of privacy issues.
We anticipate that there will be three different types of
privacy problems as the NREN continues to evolve. First, as
commercial organizations become users of the network, they will
gather personal data, and wish to sell lists. The address files
for list servers could be sold, and users may find themselves
"subscribed" to lists they have no interest in. These activities
will raise traditional privacy concerns about the restrictions on
disclosure and secondary use, the opportunity for users to obtain
information held by others, and the need to minimize the collection
of personal information.
Second, efforts to promote competitiveness in the delivery of
network services may also lead to the disclosure of network data
which will compromise user privacy.
This problem is already apparent in the current rules for the
operation of the telephone network. The Federal Communication
Commission requires telephone companies to provide records of
customer phone calls to other companies so that competing companies
may analyze calling patterns and sell their services. Large
companies objected to the disclosure of this sensitive information.
As a result the FCC required that telephone companies obtain
authorization before releasing these numbers. But this restriction
only applies to telephone customers with more than 20 lines.
The disclosure of Customer Proprietary Network Information
(CPNI) has already surprised many telephone customers who now
receive calls from companies with whom they have no prior
relationship. These companies are able to describe the customer's
telephone calling habits in great detail. Users of NREN services
are also likely to object to the disclosure of network information.
The third problem is that law enforcement agencies are likely
to make "greater demands" on communication service providers to
turn over records of electronic communications to the government
and to provide assistance in the execution of warrants. I say
"greater demands" with some reservation since the recent proposal
>from the Federal Bureau of Investigation to require that all
communications equipment in the United States be capable of
wiretapping seems about the greatest demand conceivable. Still, we
should anticipate that the government demands for access to the
contents and records of NREN communications are likely to increase.
FINDING 2:
Current privacy protections are inadequate
Electronic communications are provided some protection against
unlawful interception by the Electronic Communications Privacy Act
(ECPA) of 1986. This law extends the very important guarantees
contained within the 1968 wiretap statute to digital communication
and stored electronic mail. But this protection now appears
inadequate. As a general matter, the wiretap law protects the
contents of an electronic message against unlawful disclosure; it
does not protect the record of the transaction against disclosure.
ECPA also does not appear to protect critical personal
information, such as a person's telephone number, from improper
disclosure. For example, the Calling Number Identification (CNID)
service is probably a violation of the wiretap statute and clearly
a violation of the wiretap law of several states. Nonetheless,
the service has been offered over the objection of consumer groups,
technical experts, and legal scholars.
FINDING 3:
Technical safeguards provide only a partial solution
There are some in the network community who believe that
technology will provide a solution to these emerging privacy
problems. New techniques in cryptography provide ways to protect
the contents of an electronic message and even to protect the
identity of the message author. An article that will appear next
month in Scientific American titled "Achieving Electronic Privacy"
describes in more detail how it may be possible through technical
means to recapture some privacy.
CPSR has supported many efforts to improve technical means for
privacy protection. In fact, CPSR has been of the leading
proponents of the widespread us of cryptography to protect
electronic communications. We have opposed restrictions by both
the National Securit y Agency and the Federal Bureau of
Investigation on the use of cryptography. We have also supported
the development of privacy-enhancing technologies, such as
telephone cards which are widely used in Europe and Japan, and
recommended that policy makers explore technical means to protect
information.
Nonetheless, we do not believe that technical safeguards will
provide sufficient protection for networked communications. Our
right of privacy is based on Constitutional principles and our
national history, and reflects our commitment to certain political
ideals. The protection of privacy is ultimately a policy decision
that must be resolved through our political institutions. Clearly,
technology provides useful developments that we should incorporate
into future networks, but it would be a mistake to assume that
technology alone will provide sufficient protection.
This point was made two decades ago by former White House
Science Adviser Jerome Wiesner who also served as president of MIT.
In testimony before Congress on the privacy implications of
databanks, Professor Wiesner said: "There are those who hope new
technology can redress these invasions of personal autonomy that
information technology now makes possible, but I don't share this
hope. To be sure, it is possible and desirable to provide
technical safeguards against unauthorized access. It is even
conceivable that computers could be programmed to to have their
memories fade with time and to eliminate specific identity. Such
safeguards are highly desirable, but the basic safeguards cannot be
provided by new inventions. They must be provided by the
legislative and legal systems of this country. We must face the
need to provide adequate guarantees for individual privacy."
We believe that the development of NREN privacy policy should
be conducted in this spirit: looking for opportunities to
incorporate technical safeguards while recognizing that the
ultimate decisions are policy-based. PRIVACY GUIDELINES
Before discussing the proposed privacy principles, I would like
to say a few words about the desirability of developing these
principles. Privacy protection in electronic environments is a
particularly complex policy problem. There is legal jargon and
technical jargon. There are rapid changes. And there are
certainly a wide range of opinions about how best to achieve
privacy, even about what privacy means.
Privacy principles have helped to clarify goals and to convey
objectives in non-technical terms. Well developed polices are
"technology neutral" and are adaptable as new technologies emerge.
Professional organizations have made widespread use of such
principles for codes of ethics and for public education.
There are a number of such polices in the privacy realm. Some
of these polices have been extremely influential in the development
of public policy, national law, and international agreements. For
example, the Code of Fair Information Practices was the basis for
the Privacy Act of 1974, the most extensive privacy law in the
United States. The Code was developed by a special task force
created by the Secretary of Health, Education, and Welfare in 1973.
Other codes have formed the basis for data protection law in Great
Britain.
All of these codes seek to establish certain responsibilities
for organizations that collect personal information, and to create
certain rights for individuals.
In developing these telecommunication privacy guidelines, we
examined existing codes and particularly the principles developed
by the Organization for Economic and Cooperative Development (OECD)
in 1981. We also incorporated several additional principles that
we believe are necessary to protect personal information in
communication environments.
Taken as a whole, the principles are intended to improve
privacy protection for network communications as the NREN continues
to evolve. RECOMMENDATION 1:
The confidentiality of electronic communications should be
protected.
The primary purpose of a communication network is to ensure
that information can travel between two points without alteration,
interception, or disclosure. A network that fails to achieve this
goal will not serve as a reliable conduit for information.
Therefore the primary goal should be to guarantee the
confidentiality of electronic communications. RECOMMENDATION 2:
Privacy considerations must be recognized explicitly in the
provision, use and regulation of telecommunication services.
The addition of new services to a communications infrastructure
will necessarily raise privacy concerns. Users should be fully
informed about the privacy implications of these services so that
they are able to make appropriate decisions about the use of
services. RECOMMENDATION 3:
The collection of personal data for telecommunication services
should be limited to the extent necessary to provide the service.
Users should not be required to disclose personal data which is
not necessary for the rendering of the service. In particular, the
use of the Social Security number should be avoided. In no
instance, should it be used as both an identifier and
authenticator. RECOMMENDATION 4:
Service providers should not disclose information without the
explicit consent of service users. Service providers should be
required to make known their data collection practices to service
users.
Service providers have a responsibility to inform users about
the collection of personal information and to protect the
information against unlawful disclosure. Personally identifiable
information should not be disclosed without the affirmative consent
of the user. RECOMMENDATION 5:
Users should not be required to pay for routine privacy
protection. Additional costs for privacy should only be imposed for
extraordinary protection.
The premise of the federal wiretap statue is that all users of
the public network are entitled to the same degree of legal
protection against the unlawful disclosure of electronic
communications. This principle should be carried forward into the
emerging network environment. Segmented levels of privacy
protection are also likely to introduce new transaction costs and
create inefficiencies. Where special charges are imposed for
privacy, it should be for "armored car" service. RECOMMENDATION
6:
Service providers should be encouraged to explore technical
means to protect privacy.
Service providers should pursue technical means to protect
privacy, particularly where such means may improve the delivery of
service and reduce the risk of privacy loss. RECOMMENDATION 7:
Appropriate security polices should be developed to protect
network communications
Security is an element of privacy protection but it is not
synonymous with privacy protection. Appropriate security policies
should be put in place to protect privacy. However, it should be
recognized that some security measures may compromise privacy
protection. Network monitoring, for example, or the collection of
detailed audit trail information will raise substantial privacy
concerns. Therefore, security policies should be designed to serve
the larger goal of privacy protection. RECOMMENDATION 8:
A mechanism should be established to ensure the observance of
these principles.
Good principles without appropriate oversight and enforcement
are insufficient to protect privacy. This has been the experience
of the United States with the Privacy Act of 1974 and of the
European countries with the OECD principles of 1981. In both
instances, fine principles lacked sufficient oversight and
enforcement mechanisms.
Additional principles may be appropriate and these principles
may well need modification. But we hope that they will provide a
good starting point for a discussion on communications privacy for
the NREN. [Attachments: "Protecting Privacy," Communications of
the ACM, April 1992; "Communications Privacy: Implications for
Network Design," Proceedings of INET '92, Kobe, Japan)] &