PREMIUM SEARCH Search by job title, geography and build a list of executive contacts
When 2001 dawned, it looked like defenders of privacy rights in the U.S. finally had the momentum to roll back some of the intrusions brought about by the high-tech revolution. A Gallup poll in June revealed that 66% of Americans favored new laws to protect privacy. And Washington lawmakers by the dozen were backing bills on everything from restricting data collection on the Internet to forbidding unwanted marketing via cell phones.
Then came September 11. Fears of another terrorist attack flipped public opinion in favor of tighter security. Congress rushed to boost information-sharing among government departments and fund high-tech spy systems. Face-recognition technology -- the same technology that spurred fiery debate when it was introduced onto the streets of Tampa's Ybor City district last summer -- is now being implemented in airports across the country. And Federal Trade Commission Chairman Timothy Muris declared in October that he wouldn't push for new privacy protection legislation.
But privacy advocates need not despair. This is still a hot topic of discussion among policymakers. The action has just moved to the state level, where legislators from New York to California have passed new privacy rules over the last few months aimed at limiting data collection by government agencies. Even Congress, which pushed through the largely antiprivacy Patriot Act, passed a measure to limit the collection of personal information on schoolchildren.
Where are the battlegrounds for 2002? Here are four to watch:
National IDs
George W. Bush has said he isn't interested in introducing a national ID card, but the debate is sure to continue. On Jan. 14, the American Association of Motor Vehicle Administrators (AAMVA)-- the trade group for state departments of motor vehicles -- will recommend that states add "biometric" identifiers, such as digital fingerprints or iris scans, to all licenses. The group also wants to link the DMV databases of all 50 states with those of the State Dept. and the Immigration & Naturalization Service to help track terrorists and illegal aliens.
If that happens, the result would be a de facto national ID -- your driver's license. "This is a hardening of the driver's license that could ultimately lead to a national ID system, without actually creating or debating a national ID card," says Marc Rotenberg, executive director of the Washington (D.C.)-based Electronic Privacy Information Center (EPIC).
AAMVA spokesman John King thinks the battle is over. Your driver's license, he says, "is already the de facto identifier in this country. That's why financial institutions require it to cash a check, and airports require it when you get on a plane." King adds that the AAMVA's proposal, which would cost upwards of $70 million, has "significant" support in Congress.
Such a system would help prevent ID fraud and stop errant drivers from getting multiple licenses -- real concerns for the DMV. But if these next-generation licenses create a huge tracking system of the 187 million Americans with driver's licenses, Congress shouldn't stand silently by while administrators implement such a plan. Legislators should either vote down the plan or move swiftly to develop rules about how and when such ID cards can be used, and whether that information can be stored and distributed (see BW Online, 10/4/01, Don't Let Privacy Become the Next Victim Of Terror).
Phone Privacy: Opt In vs. Opt Out
In December, Qwest Communications sent its customers a privacy notice informing them that unless they tell the company otherwise, Qwest will share information about their calling habits both internally and with its marketing partners. The decision sparked concern from customers and privacy advocates, who fear that such personal information could lead to a blizzard of unwanted marketing.
Already 39 state attorneys-general have joined with consumer groups to endorse the opposite -- an opt-in approach -- for calling-information disclosure. The FTC is expected to rule sometime this spring on whether the sharing of phone records requires opt-in approval.
Such policies may seem obscure, says EPIC's Rotenberg, but the issue is at the "cutting edge of the opt-in debate." The question of opt-in vs. opt-out is as old as the privacy debate itself. Should companies be forced to ask consumers before the marketing department shares customer data? Or should companies simply do what they like until a consumer chooses not to participate?
Opt-in solutions, which are more privacy-friendly, allow consumers to be proactive about how and when their personal information can be used. But even if privacy advocates win this battle, opt-in won't likely become the standard. For one, unlike lists or names and addresses, phone records often contain detailed personal information. More important, Big Business has a keen interest in making sure that data-sharing remains unrestricted. "Companies feel that opt-in is a costly business practice," says Larry Ponemon, CEO of the Privacy Council, a Dallas-based consultancy. Instead, expect to see the issue decided in court.
Creeping Surveillance
One of the clearest impacts of the September 11 attacks has been the rise of new surveillance systems. Several U.S. airports are experimenting with facial-recognition software that attempts to match passengers with an FBI database of fugitives and felons. Banks and Internet service providers are complying with new rules that make it easier for law-enforcement officials to subpoena their records. And the Justice Dept. has persuaded Congress to lower the standard of evidence necessary to tap the phones or computers of suspected terrorists.
Who will watch the watchers? Not Congress. Privacy analysts on both sides of the debate say it's unlikely that any new laws to rein in surveillance will be passed. The subject is just too politically volatile. Such timidity is troublesome.
Take facial-recognition software, which analyzes features by comparing 80 points between the nose, cheekbones, and eyes to those stored in a database. The evidence that it actually works in identifying criminals and terrorists is murky. On Jan. 3, the American Civil Liberties Union's Florida chapter issued a scathing report charging that the technology had failed to make a single match during its six-week trial.
Yet, no one -- especially an elected official -- wants to dismiss a technology that just might help deter terrorism. "The likelihood of any legislative effort on privacy issues is in direct proportion to whether there's some data disaster," says Stephen Keating, executive director of the Denver-based Privacy Foundation. Congress should take a hard look at these new technologies. If they don't work, the result could be less privacy without more security.
Internet Privacy
Legislation that required financial-services companies to send out privacy notices outlining their data-collection practices overwhelmingly failed. "Acres of trees died to produce a blizzard of barely comprehensible privacy notices.... We can do better," declared FTC Chairman Timothy Muris in October, when delivering his first official speech on privacy policy.
Turns out the FTC may fill the void. Muris has promised to step up enforcement -- and he appears to be delivering. The Privacy Council's Ponemon says regulators have actively initiated audits of corporate data practices in recent months. In 2002, Americans will see results. An FTC lawsuit or settlement could put pressure on companies across the board to get their privacy house in order.
Consumers, too, should start to better manage their privacy. That means reading those long and dense privacy notices, getting around to installing an encryption program for e-mail, and signing up for "do not call" telemarketing lists. If that happens, 2002 may be remembered as the year when privacy protectors began to fight.
Black covers privacy issues for BusinessWeek Online. Follow her twice-monthly Privacy Matters column, only on BusinessWeek Online
Edited by Douglas Harbrecht
Get BusinessWeek directly on your desktop with our RSS feeds.
Add BusinessWeek news to your Web site with our headline feed.
Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video.
To subscribe online to BusinessWeek magazine, please click here.
Copyright 2002 , by The McGraw-Hill Companies Inc. All rights reserved.
Printer-Friendly Version
