 | |
| |
TechnologyDaily Mobile
The Digital Privacy Paradox
When it comes to laying down rules governing information privacy, the Clinton-Gore administration has been guided by a paradox: while simultaneously pushing for tough regulations on financial and medical data, it has been cheerleading for the self-regulation of online privacy.
Top administration officials, including privacy counselor Peter Swire and Vice President Al Gore's chief domestic policy adviser David Beier, — as well as former White House e-commerce czar Ira Magaziner — insist that the bifurcated policy is no contradiction.
Because of the greater sensitivity attached to financial and medical information, they argue that it makes sense to pass laws and write regulations that make it harder for businesses for share bank account or health data — while concurrently allowing Internet merchants and Web seal programs provide their own privacy guarantees to consumers.
The Internet industry seems to be grateful, but critics include privacy advocates seeking online privacy legislation and lobbyists from the health care and financial services industries upset that the administration's privacy priorities run up against their businesses.
But with the concern about the loss of personal privacy consistently rated by pollsters as one of voters' top concerns, privacy experts doubt that President Clinton's balancing act on the subject will survive the next administration. Whether Al Gore or George W. Bush becomes the next president, these experts argue, the key questions with regard to online privacy are what and when — and not whether — the next administration will support online privacy legislation.
Democrats Sense an Opening
Although still not high on his list of general campaign priorities, Democratic Party nominee Al Gore has attempted to cast himself and his party as the defender of consumer privacy. In one of his two references to the Internet in his acceptance speech Thursday, Gore said, "I'll fight to toughen penalties on those who misuse the Internet to prey on our children and violate our privacy." Likewise, the Democratic platform made specific reference to "the challenge of protecting Americans' personal privacy online as well as the medical and financial information that can all too easily be intercepted and abused by others."
Referring to widely-referenced remarks that Gore made at the 1998 New York University commencement address, the platform continued, "Al Gore has called for an Electronic Bill of Rights for this electronic age — including the right to choose whether personal information is disclosed; the right to know how, when, and how much of that information is being used; the right to see it yourself; and the right to know if it is accurate."
Sensing an opening, Gore and the Democrats have made financial privacy rather than online privacy their focus, although that could change as the campaign proceeds. Unlike the online world, where partisan differences on the subject haven't gelled, the battle over financial privacy extends a conflict that reached its flash point in the debate over last year's Gramm-Leach-Bliley Financial Services Modernization Act, S. 900.
Although that law included several major privacy restrictions — including the requirement that banks permit their customers to "opt-out" of information sharing between the bank and a separate company — privacy advocates denounced it as insufficient. And notwithstanding outlying Republicans like Sen. Richard Shelby, AL, and Rep. Joe Barton, TX, the fight was seen as a partisan battle in which conference maneuvering by Senate Banking Committee Chairman Phil Gramm, R-TX, defeated both House and Senate Democrats.
Clinton fired back in May with the Financial Information Privacy Protection Act, legislation promptly sponsored by 10 Democrats that would require banks to obtain customer consent before sharing personal financial information — even within the bank's own insurance and brokerage units. Republicans have ignored the bill, which American Bankers Association Senior Federal Counsel John Byrne called a "political document."
Democrats have been happy to oblige them. During a press conference in which he was joined by Treasury Secretary Lawrence Summers, National Economic Council Director Gene Sperling and leading Congressional Democrats, House Minority Leader Richard Gephardt, D-MO, said, "protecting the financial and medical privacy of all Americans has been at the top of the Democratic agenda, and this legislation reflects that priority." Rep. Jay Inslee, D-WA, reiterated that point last week during the Democratic National Convention in Los Angeles, highlighting the financial privacy battle and arguing that Democrats were the "party of privacy."
"What they are doing with Gramm-Leach-Bliley and statements they have made on medical privacy is a good indication that the government under Gore is going to have a very active role with respect to regulating personal information," said Gary Clayton, founder and CEO of the Privacy Council, a Dallas-based consulting group. He said that Gore's focus on those issues, together with his proposals designed to curb identify theft by banning the sale of Social Security numbers, showed the marks of a "savvy politician."
Origins of Self-Regulation
But if Gore and the Democrats are successful in positioning themselves as the defenders of privacy — including an evolving position toward the Internet that could favor regulation — would a victory on that front come at the expense of being seen as the party that successfully ushered in the Internet revolution?
The administration's long-standing reluctance to take the side of privacy advocates pushing for tougher online privacy laws can be traced at least as far back as the July 1997 "Framework for Global Electronic Commerce" that Magaziner shepherded through the executive branch. The document called for a laissez-faire attitude toward an array of e-commerce issues, including a moratorium on Internet taxation, no restrictions on Internet content, and a self-regulatory approach to privacy.
"The Administration supports private sector efforts now underway to implement meaningful, consumer-friendly, self-regulatory privacy regimes," the document read. "We believe that private efforts of industry working in cooperation with consumer groups are preferable to government regulation, but if effective privacy protection cannot be provided in this way, we will reevaluate this policy."
That also used to be the view of the Federal Trade Commission, the federal agency that has taken the greatest interest in data privacy. Although successfully pressing for legislation limiting information-collection practices on children's Web sites in 1998, FTC Chairman Robert Pitofsky resisted endorsing similar measures for all Web sites in May, when the commission reversed itself and voted 3-2 to call for sweeping legislative authority over Internet privacy.
That puts the agency on the opposite side of the fence from the Commerce Department, which has taken the administration's lead on e-commerce and Internet privacy since Magaziner's departure in December 1998. Former Secretary William Daley — who left Commerce to chair the Gore campaign bringing with him general counsel Andrew Pincus — politely disagreed with Pitofsky over the FTC report. Daley and Pincus also played key roles in encouraging self-regulation for Web sites and Internet advertisers — and successfully fought to the get the European Union to ratify that those systems lived up to strict European data standards.
But despite some advisers currently opposing legislation in the online space, Gore may find privacy too tempting a target to hold back from, said Columbia University law professor Alan Westin, who is also the founder of Privacy and American Business, a think tank and newsletter on the subject. "It is a very strong concern with women, who are 10 to 20 [percentage] points more intense in their concern with privacy than men are," Weston said, adding that he expects Gore to make one or two speeches on the subject.
"If Al Gore gets in, I would find it hard to believe that at the end of a four-year term, we would not have privacy legislation for the Internet, whether it is in one or three or five years," Westin said.
Republican Counter-Attack?
Westin, however, said that Congress is now driving the debate and when it must be fully addressed, a Bush administration "will not want to be in a position to say no."
"A Bush administration would help the business community get legislation that is practical and reasonable," he said. But he said business groups would be mistaken if they "count on Bush to veto something that had enough practicality" because of the difficulty of going against a tide of popular opinion on the subject.
Further complicating the volatile privacy issue during this presidential campaign year is the array of complaints — from Republicans and Democrats — over the FBI's "Carnivore" e-mail surveillance systems, as well as revelations that the White House Office of Drug Control Policy used software "cookies" to track other Web sites visited by its users.
Privacy advocates who focus their efforts on government-intrusions say that Bush should use the privacy issue to counter what they call big-ticket privacy invasions by the Clinton administration.
"Bush is making a huge mistake by not talking about privacy because Gore's record is so bad," said Lisa Dean, technology analyst with the conservative Free Congress Foundation. "When it comes to protecting medical and financial privacy, Gore has never done anything that has been in favor of privacy," she said, citing Gore's support for a national identification card, a medical health identifier and the now-abandoned mandatory key-escrow system, which required that a third-party escrow agent be given a spare key to an encryption code as a condition for loosening government controls.
"If [Bush] really wanted to be effective, he should be talking about a lot of the privacy violations by government," Dean said, citing the example of former Republican candidate Steve Forbes, who in December outlined a 10-point privacy platform at the Free Congress Foundation devoted to curbing government's use of personal information.
Clayton of the Privacy Council agrees that Bush camp has been cautious on the subject. "It is a can of worms that they are reluctant to open because they don't know how to control it," Clayton said, noting that Bush had declined while Gore had accepted an invitation to speak at his group's upcoming privacy summit.
But while Bush has not come forward with specific proposals on privacy, the Republican platform calls personal privacy "the single greatest concern Americans now have about the Information Revolution. Citizens must have the confidence that their personal privacy will be respected in the use of technology by both business and government," it reads, while praising self-regulatory and educational campaigns conducted by businesses.
Ironically, both Bush and Gore may now end up closer to promoting privacy legislation than the man who originally put the Clinton administration's policies into place. Although Magaziner said that he believes "that industry self-regulation hasn't gone far enough fast enough, I still would not favor an omnibus regulatory approach" because of the intrinsic difficulties of enforcing such policies on the Internet.
"Even if you pass a government law, that law is not effective if you can't enforce it. We were concerned that we couldn't enforce it well and that it would bog down the growth of the Internet" by passing laws with specific technological solutions.
"Look at what has happened in Europe where they have strong data protection laws," Magaziner said. "Those laws are not being enforced. I would say we have more privacy" in the United States under self-regulation.
 | - by Drew Clark |
NEW FEATURE
-Advertisement-
-Advertisement-
-Advertisement-
