Computer-Based Surveillance of Individuals
Wednesday, March 27, 1991
David H. Flaherty
Susan Nycum, Chair
Copyright (c) 1991 IEEE. Reprinted, with permission, from The First Conference on Computers, Freedom and Privacy, held March 26-28, 1991, in Burlingame, California. Permission to copy without fee all or part of this material is granted provided that the copies are not made or distributed for direct commercial advantage, the IEEE copyright notice and the title of the publication and its date appear, and notice is given that copying is by permission of the Institute of Electrical and Electronics Engineers. To copy otherwise, or to republish, requires a fee and specific permission.
Published in 1991 by IEEE Computer Society Press, order number 2565. Library of Congress number 91-75772. Order hard copies from IEEE Computer Society Press, Customer Service Center, 10662 Los Vaqueros Circle, PO Box 3014, Los Alamitos, CA 90720-1264.
NYCUM: Good afternoon and welcome to this particular session. ... We're going to talk about computer-based surveillance of individuals in this session.
I must say that one of the things that arises out of reading some of the prepared papers that you have is that there's a balance that seems to have to be struck ... between the need to know and the need to keep information from being known.
My own experience in that, in the computer environment, goes to the time when as the director of the campus computer facility at Stanford years ago I learned that there was potential hacking going on and wondered how we were going to be able to stop it. We found that there was a carefully written program called "Spy" on the system, by one of the forerunners of the ... then-current staff. And this enabled us to see who was signing on to the remote terminals and to dis-enable that person before he could cause any great damage.
But at the time I realized that we had a "baby and some bath water" here, because just as we were able to find out who the people were trying to use the system for the wrong reasons we were also able to find out who were the people were who were using the system for the right reasons and what they were doing with it. And that "horns of a dilemma" has remained with me as, personally, I have addressed those issues over the years.
This afternoon we're going to have four speakers with us. You'll notice there is going to be a substitution. A Mr. Shipman, a fellow attorney [Epson e-mail privacy plaintiff attorney], is not able to be with us. When queried this afternoon his office said that he was with a client. ... Since his office is in Los Angeles and it was queried about an hour before, it seems ... highly unlikely that he will be able to join the group.
But we're very, very, very lucky because we have an absolutely smashing person who is going to be speaking to us, instead: Judith Krug.
Judith is the director of the Office for Intellectual Freedom for the American Library Association [ALA] and she's also Executive Director of the Freedom to Read Foundation... which serves as the First Amendment legal defense arm of the ALA Intellectual Freedom Program. And she will be speaking about the issues of surveillance in the library context. Judith?
KRUG: Good afternoon. Its nice to be up here, I think! I hadn't exactly planned to be up here but, as I told Jim Warren and Les [Earnest], I've never known an open microphone that was offered that I didn't love. So here I am!
I want to talk to you today about the FBIs Library Awareness Program, which I suspect most of you are familiar with. The FBI Library Awareness Program began we're not sure when. It became public in 1987 when ... two FBI agents, both of whom were female, walked into the Math/Science Library at Columbia University and asked the clerk at the circulation desk if she would keep track of what foreign nationals, particularly those from hostile foreign countries ... (Russia at that point), ... were reading and report such reading habits back to the FBI.
It was really a stroke of sheer luck that the director of the library, whose name is Paula Kaufmann, was walking through the public area at the time these agents were at the circulation desk. And Paula, being Paula, invited them into her office and proceeded to lecture them for 40 minutes on the First Amendment, privacy and confidentiality, our responsibility as librarians, [applause] to keep non-public, to keep private and confidential the information about what the public reads, the uses that they make of the library.
Our position, which goes back to 1970 - and I will go back to that in a moment - comes from a basic perspective of the library profession ... that it's nobody's business what you read but yours, and we have in this day and age of high technology extended it to say, "It's nobody's business what use you make of the library, whether it's materials or services or facilities." That's your business.
This whole thing came about in 1970 when the Internal Revenue Service visited the Milwaukee Public Library and subsequently several other public libraries throughout the United States. A lot of you are very young and may not remember the Democratic National Convention in Chicago in 1968. For those of you who are in my generation you will remember that was the famous Democratic Convention when our own Richard J. Daly - we have to say "J." because our mayor now is Richard M. Daly, who is really very good - when Richard J. told the Chicago police to shoot first and ask questions later.
But following the Democratic Convention - and by virtue of the huge number of fringe individuals who had joined that convention - the Weather Underground set up a little enclave in Chicago for the next several months and at one point ran rampant through the city, causing great destruction both ... to property and to individuals. Some of these people did stay in Chicago and, subsequently, almost a year later, a woman by the name of Leslie Bacon was thought to have finally made her way to the campus of the University of Wisconsin, Madison, and in the process blew up the physics laboratory.
The bomb went off at 5 a.m. and under normal circumstances probably no one would have been harmed, although the facility would have been destroyed. Unfortunately, there was a student using the lab at that point and he was killed. There was, of course, an intensive manhunt, or woman-hunt, and among the investigatory tools that were used the IRS did go to the university library.
Why did the IRS go to the university library? Well, it seems that in order to make bombs and other incendiary devices you need a tax stamp. It was pretty much a "given" that whoever had set off that bomb did not have a tax stamp, and therefore - as one of the lines of investigation - the agents wanted to identify who had taken out materials dealing with ... the making of bombs and other incendiary devices from the library.
It was out of that incident and several incidents related to the Leslie Bacon hunt that the American Library Association developed its basic policy on the confidentiality of library records. And it is basically that policy which is still extant today and on which the librarian at Columbia University told the agents that they would not be able to get any records which identify individual users with specific library materials.
We do, of course, have a basic First Amendment position in the library profession of this country. We also have a very strong article in the Librarians Professional Code of Ethics which indicates that it is our responsibility to protect the privacy and the confidentiality of our users' use of the library.
In addition to the First Amendment, our basic policy on confidentiality and our ... Code of Professional Ethics, there were - and still are in this country - states which have protected statutorily the individual's use of the library. Now when the agents went into Columbia in 1987, we had, I believe, 37 states which statutorily protected the confidentiality of library records. ... We now have 44 states which protect the confidentiality of library records.
Some of the state statutes are better than others. Some are affirmative statutes. ... Actually, there is a statute that protects the confidentiality of these kinds of records. Some of the state statutes are exemptions to a state open-records law. In any case, in 44 states and the District of Columbia what you read in a library is protected.
We are now attempting not only to bring the last six states into the fold but we are also attempting to expand the confidentiality statutes that are already on the books in order to include not only materials but also services and facilities - services because you're talking there about the use of databases, the use of reference services and so on.
There are two states [with excellent statutes], one being Maryland, which by the way is where the first confidentiality statute was passed way back in 1973 and [which] has recently revised its statute to broaden the coverage of it. The other very good state statute is in the state of New York, and that also is a revised statute. In regard to the other statutes, we are of course attempting to broaden their impact.
Now, having said all that, I should also indicate that librarians are very law abiding. If there is a legitimate reason for ... requesting these records, the last thing that most of my colleagues are willing to do is to stand in the way of such legitimate activity. And so we have established a threshold, and that threshold is a court order that shows cause and is in proper form.
Depending on the state you are in, such a court order can be a bench order or a warrant, and in some states a subpoena. If we receive a subpoena we can move to quash the subpoena, and whether or not the particular library takes that action depends basically on what is asked for and the manner in which it is asked for and if good cause is shown. That basically is the Library Awareness Program.
We did go through - well, its been my annual non-event since 1987. Naturally we attempted to ... get the records from the FBI. We eventually had to file a Freedom of Information Act request. And subsequently we filed another Freedom of Information Act request, because apparently the first one wasn't specific enough, which I found sort of amusing if not ironic. In any case, over a period of two years we received from the FBI approximately 1,200 pages of documentation.
One of the interesting parts of this whole story is that the ALA Intellectual Freedom Committee in September of 1988 did meet with five high-level officials of the FBI in Washington, D.C. As part of this meeting we worked out a deal, and the deal was this: the American Library Association would prepare a statement identifying our concerns with this kind of activity in a library. And we would make it available to the FBI so that they could distribute it to their agents ... so that the agents understood why, if and when they walked into libraries, the librarians were somewhat less than willing to abide by the request even if they flashed their badges.
In return, the FBI was going to prepare a statement which identified the kinds of guidelines that were given to agents when they went into libraries.
Well, being the American Library Association, we dutifully prepared our statement and sent it off to the FBI, and I will tell you, it went through a lot of drafts. I mean, I looked at every word in that statement, as did our chairman at that point. ... Our chairman during this entire situation was Jim Schmidt, who happens to be sitting right back there. So if there's anything that I can't answer, Jim can answer it. And, thank heavens, that was a real case of the right person in the right place at the right time. And when they looked him square in the eye, he looked them right back square in the eye, and his voice was deeper, so it was great.
In any case, we sent off this statement and we never got anything from the FBI. And first I wrote a letter, and then Jim wrote a letter, and then the executive director wrote a letter and we got nothing.
When we got the final release of documents from the FBI in October of '89, as I was going through them I came across a set of guidelines marked "secret." Those are the guidelines that were prepared for us. We never got them except through our FOIA request. [laughter] A lot of really strange things.
It was a fascinating experience. It certainly raised the awareness of librarians to their professional responsibilities. I am extremely proud of my colleagues in the library profession. We ... can verify that 22 libraries were visited during this period: three public libraries, 19 academic institutions.
The FBI told us that they had been conducting this kind of a program for decades, plural. And that hundreds of librarians had willingly cooperated, to which we responded, "Prove it." Naturally, we never received any proof.
Now this issue is no longer front-page news, of course. But I will say that in the last six months ... in ... two institutions [we] have had visits from the FBI. The requests have been very focused. None of the information has been given because the legal order was either nonexistent or was not in proper form and did not show good cause.
But, the issue is there, the activity is there and I suspect that, as usual, on a cyclical basis the libraries in this country will again be rediscovered as investigative tools. And I suspect that the librarians in this country will continue to dig in their heels and say, "No. If you really want the information, this is how you get it and if you don't really want it then you're not going to follow the guidelines we have set down and that at least 44 states have agreed with and have put into the law in state statute." Thank you. [applause]
NYCUM: Well, that was extremely interesting, Judith, and I'm sure it will provoke some questions. With respect to questions, we're going to ask you to write your questions and just make it clear that you've got one and people will be around to pick them up. And then we'll address those questions at the end of the four presentations. So we'll hope that you have some. I'm sure you do.
Our next speaker is Karen Nussbaum. Karen is the Executive Director of 9to5. Yes, it really is the inspiration for the movie "9to5." Karen is a former office worker herself and founded the first local group of office workers in Boston in 1973.
Today there are 20 chapters and members in every state. "9to5" combines activism, research and public education to win rights and respect for office workers. Karen is also president of District 925, the Service Employees International Union. She is co-author of a newly released book, Solutions for the New York Workforce: Policies for a New Social Contract, and she is co-author of, 9to5 - The Working Womans Guide to Office Survival, which I am very much interested in reading, too. Karen.
NUSSBAUM: Thank you. Today I want to talk about workers, the people who are the objects of the electronic surveillance and computer monitoring and who, ... undoubtedly, you've heard less about in this conference and probably have less contact with as you engage in these issues. These computer workers - not computer professionals but the lower-level workers - have their freedom, privacy and pursuit of happiness challenged daily.
And whether you know it or not, you've come in contact with them quite a bit just getting to this conference. If you had to call directory assistance to get the phone number for the hotel, for instance, the operator had 29 seconds to give you your answer. I hope you didn't have any questions or were confused, because you would have cut into her "handle time" and that can cause her a problem in her evaluation, which could take place almost simultaneously.
If you said, "Thank you," you probably didn't hear her say, "You're welcome," because she's not allowed to say, "You're welcome," because that's unnecessary discussion. If you chatted with her, then she would be disciplined because her supervisor could have heard it as she was listening in, monitoring that phone call.
If you made airline reservations to get here, well, your airline reservation clerk had 106 seconds to take your flight arrangements, less than two minutes. If you asked for a later flight or if you had trouble deciding which flight to take, you cut into his "TATT" - Total Average Talk Time. That leads to demerits which can lead to discipline and can lead to a loss in pay.
If you called back to change your flight, well, then that was a problem for your airline-reservation clerk because she's expected to get a booking 90 percent of the calls that she takes. So you brought down her booking average.
If you're staying at the hotel, I hope you're not a slob because the maid, when she comes in, activates a computer by pushing buttons on the phone in your room, so that her supervisor knows exactly where she is every moment of the day and how long it's taken her to clean your room. So have some consideration.
And then I hope you're not taken sick while you're here, because your nurse is monitored, too. She carries a black box on her belt. She ... punches in exactly what time she's spending with you and what procedures she's taking. So if she's lacking in bedside manner its only because she's being monitored.
Twenty-six million employees nationwide, from telephone operators to elevator mechanics, have their work tracked electronically. Ten million have their work evaluated and their pay set based on computer-generated statistics. And though most of my examples are about clericals and other lower-level workers, ... this phenomenon is not affecting clericals only.
One reporter told me that when he worked for Gannett Papers, management timed reporters on how long it took them to write a story. He'd be working on a story and afterwards his supervisor would say to him, "It took you 35 minutes to ... write that story. You know the guy next to you, it only took him 20 minutes." Another reporter told me of composing on her machine and ... being interrupted on the screen with a message from her supervisor reading, "I don't like that lead." [audience sounds]
Computer monitoring is not just neutral collection of data. ... It's an invasive management technique. And there are two essential problems with it. The first is that it monitors not just the work but the worker, the personal habits of the worker. And secondly, that the power of the technology is significantly different. It's not just like supervision because it is constant and it's in real time.
Take Mary, another airline reservation clerk. She handled a phone call from an abusive caller well. No one actually objected to the way she handled the call. But when she hung up, she made a remark to her co- worker about what she thought of the guy. Immediately, she's called in to the supervisor and disciplined for the personal remark she made [to] her co-worker. Before that, they didn't even know that conversations between co-workers were monitored. When she objected to the discipline, she was sent to the company psychiatrist and ultimately fired.
A data processor in New York called in to a radio call-in show that I was on to tell me that her screen periodically flashes, "You're not working as fast as the person next to you." [some laughter] Others are bitter that their work speed and productivity are publicly posted by the day or by the hour.
An ad in PC Week magazine for networking software boasts to management that their product, quote, "Brings you a level of control never possible. You decide to look in on Sue's computer screen - Sue won't even know you're there. All from the comfort of your chair."
A personnel director of a big company in North Carolina called the "9to5" job-problem hotline and told us she quit her long-term job as supervisor because she thought that the company's use of computer monitoring was sadistic.
Workers at TWA-Chicago had this to say about monitoring when asked by a co-worker to write up notes: "...enslaved to a machine, demoralizing, inhumane, computer sweatshop, corporate plantation." Another said, "...degrading, not trusted, unjust." I have never heard a worker say he or she appreciated this feedback. The workers we hear from feel humiliated, harassed and under-the-gun.
Monitoring is only one of a growing list of surveillance techniques used in the workplace. The congressional ban on polygraphs a couple of years ago only heightened the frenzy for other methods, including drug testing, and I was mentioning that we even have professional librarians ... where the library management wants to do drug testing on them. And you think, "What are they afraid of? That they'll suggest the wrong books?" [laughter]
[There are] extensive background checks, handwriting analysis - that's big - and what they now call "integrity tests." Now are these seen as necessary evils by reluctant managers? No, for the most part. I spoke at a conference of managers of call-in centers, you know places like catalog houses or airline-reservation clerks or car-rental places and so on. These managers insisted that their workers loved monitoring. One of them..., in response to a rather controversial talk I gave, ...
rose to her feet and ... said, "We had to close down the monitoring for a few months and my employees came to me begging that we start it up again" ... to wild applause from her colleagues.
A leading maker of monitoring-program software says, "Monitoring helps employees. It's the only way we can get everything on the permanent record." Well, to workers, that sounds frightening. Management sells monitoring on the grounds that it provides an objective evaluation of employees. The computers don't lie.
But employees say otherwise. For example, Sherry: When Sherry became involved in a union-organizing drive, the computer was used to fire her. She says that her "good runs," the good results, were deleted and other people's poor results were added to her record. After many years of outstanding performance, she was told that her numbers were too low and she was fired.
Or another case in Oregon: ... A woman was fired based on files that were in her computer. She maintained that her supervisor sabotaged her by inserting that information into her computer, but was unable to prove it. ... The assumption though is that the computers don't lie so it must be the worker.
Management's other argument is that computer surveillance is needed to improve productivity. But studies prove otherwise. Monitored workers have consistently higher levels of stress and other diseases and injuries, especially repetitive-strain injury. In one extreme example, three workers at United Airlines in Cleveland, just two years ago, ... died of heart attacks, two at their desks - in just one year at one facility.
In a review of time sheets of her co-workers, one monitored employee found a distinct pattern of several high-performance days followed by a much longer period of low-performance days. And performance levels are [set] very high. At one company, achieving a 96- percent rating is considered grounds for discipline. You have to perform at 99 1/2 percent to get a number 5, the highest rating.
One worker's daily time sheet that she showed me showed that she'd had a real bad day. Her TAACW (Total Average After-Call Work) - this is the information that she has to key after she finishes talking to you - at 23 seconds was too high. Her UNM, her Un-Manned Time, was unacceptably high because she had a 14-minute unexplained absence from her desk. Now, have you ever had a 14-minute unexplained absence from your desk? Who knows? Maybe she got a call from a sick child or a frantic babysitter, or maybe she had an unscheduled trip to the bathroom.
In any case, her overall rating of 93 1/2 percent that day had her supervisor unhinged. "There is no excuse for this bad time management," the supervisor wrote across the time sheet with exclamation points. "You have complete control. Please make the necessary improvements immediately."
So what accounts for this? What's the phrase, "cognitive dissonance"? Management says that what it wants is productivity and motivation but what it gets is control and fear. Well, monitoring is not a technological fluke. It's the logical extension of a management strategy that says the way you improve productivity is you put the squeeze on workers. You speed 'em up, lower wages, eliminate benefits and get rid of the notion of commitment. Management is getting just what it wants - control and fear.
Computer surveillance is not a necessary part of the workplace and, in fact, it doesn't even exist in most of the rest of the western world. We do not have individual monitoring in Europe or in Japan or in Australia, and in fact they are horrified when they hear the stories that we tell.
Senator Paul Simon just introduced a bill that would prohibit the abuses of monitoring and seven or eight states are also considering similar legislation. Unions are beginning to include language which would protect workers from ... the abuses of monitoring. And [there are] even some management consultants - I know of one at least - who are advising against going all the way.
One monitored worker wrote to me. She said, "Vulnerable employees must be deeply humiliated before they find the courage to speak out or reach for help." And that's beginning to happen now.
I'd like to just end with a story of Harriette Topitzes, who is a computer worker. She works at an airline in Chicago. She's been in TWA for 30 years. She's an excellent employee, but over that time just about everything has happened to her and her co-workers. She herself suffers from a serious stress-related disease. ... Several workers have become seriously ill. One died from stress-related diseases in the group of people in her workplace. They have been listened in on, they have been timed, they keep these timesheets that I described, everything. Its a horrible place to work.
Harriette called our hotline and we worked with her and talked with her and as a result she told her story to some reporters. And one reporter said to her, "Gosh, ... it sounds like you can't even stand up." And she realized, "That's right. We can't stand up for ourselves, figuratively, and we also don't even stand up for ourselves, literally."
So the next day she walked into the office and she said ... to her co-workers, "At 10 o'clock we're all going to stand up." 10 o'clock comes, ... all of a sudden all the workers in the room stand up. They're still plugged in. They're talking to people. And they all do the big wave. [laughter]
Well, management is in their booth. And they're looking. They can't figure out what goes on. And the top management wasn't ... there that day. But the next day when top management comes, 10 o'clock, they're all doing the big wave. He says to the other guy, "What's going on here?" And they say, "Oh, its just their 10 o'clock break. They just do this now." [laughter] Harriette says that it's their way of saying, "You don't own us."
... They also don't know when they're going to stand up next. This act of resistance is so small it hurts and so big its breathtaking. And as we debate computers, freedom and privacy, I think we owe it to Harriette and the millions and millions of workers like her to keep the freedom and privacy of workers top on our agenda. Thank you. [applause]
NYCUM: ... I can't help but observe that I'm in a profession, the law, where it's the clients who keep the stopwatches on us. [laughter] And I'm tempted to say the next time I'm on a call where someone's timing at his end as well as the clock at my end .... [laughter] Oh, well.
Well, just to show that there are gentlemen on our panel as well, we will now turn to Professor Marx, who will speak to us. Gary is professor of sociology at MIT, in the Department of Urban Studies and Planning. He's the author of the book, Protest and Prejudice, and the book, Undercover - Police Surveillance in America, among other things that he has written.
Undercover received the Outstanding Book Award from the Academy of Criminal Justice Sciences. Professor Marx was named the American Sociological Association's Jensen Lecturer for 1989 and 1990, and received the Distinguished Scholar Award from its section on Crime, Law and Deviance. His works have been translated into numbers of languages other than English, and have appeared in over 80 books in addition to his own. He has authored numerous periodicals and he has been a distinguished lecturer in many universities and had opportunities for participation in conferences, both in the U.S. and abroad. [It's a] pleasure to introduce Gary Marx. [applause]
MARX: Thank you Susan. It's great to be here to preach to ... many of the converted. In listening to Karen's fascinating talk, my eye was drawn to something on my right. [timer clock] And I hope we all realize it, although she spoke of monitoring of what she referred to as non-professionals, we get monitored, too, and in some ways we internalize it. It's subtle, we're not even aware. But it's woven into the fabric of everyday life.
We self-monitor. Can we get the camera to pick that one up right over there? [points to computer displaying speaker's remaining time] Can you guys pick up the Apple device that shows in huge letters 14:51, 14:50, 14:49. [some laughter] ... Anyway, one of the aspects of much of this is that it's so subtle. It's like fish in water. It happens very gradually. ... We're not aware of it and one of the things that a sociologist can do or a person from outside a conventional culture is try and help us to be aware of some of it.
... I always begin my classes with [a] cartoon which shows ... Woody Allen and a Diane Keaton cartoon figures and they're at the circus. And the Diane Keaton figure says, "I always wonder how they get all those clowns into one little car." And the Woody Allen character says, "That's the difference between us. I always wonder why." [some laughter] And the kind of question that a social analyst or academic asks in a liberal arts setting is of course, "Why?"
"Why?" not only in technical or scientific terms, but "Why?" in human terms, "Why?" in terms of values, and - what we certainly have heard throughout this conference - value conflicts. "Why?" in terms of the kinds of images that are held about human beings. "Why?" in terms of the assumptions that are made about the impact of the technology. And "Why?" certainly in terms of where these gradual, benign technologies will in fact lead us, where we as a society are heading.
Computer-based surveillance involves a wide array of forms of what I call extractive technologies, and I'll give a few juicy examples. But let me become a little bit analytic first. And in thinking about the characteristics of computer-based surveillance, I argue that something new is in fact occurring, both qualitatively and quantitatively. (I'll be happy to send this material to anyone who is interested in it.)
But I suggest that the new forms of computer-based surveillance have at least nine characteristics, and it's why they're so terribly important in terms of public policy, but also important culturally and in terms of our understanding of our social world - and what it means to be human. They transcend boundaries of time, distance and darkness [and] physical boundaries such as walls and skin that traditionally protected privacy. They permit the inexpensive and immediate sharing and merging and reproducing of information on scales that are simply astounding.
They permit combining discrete types of information, whether it's voice, computer data, fax, electronic mail, video. They permit altering data. They involve remote access, which is crucial in terms of accountability questions. They may be done invisibly, leaving no footprints. They can be done without the subject's knowledge or consent. They are more intensive, they probe deeper. They reveal previously inaccessible information. They're also more extensive and they cover broader areas.
... Some examples: I'm writing on this and I have a systematic categorization of types of abuse and things that can go wrong. But I'll spare you that because the examples are ... more fun.
... The technology becomes ever more penetrating and intrusive, and as that happens information is gathered with both laser-like specificity and sponge-like absorbency. And, my friends, that's a scary combination. If we visualize the information-extracting or information-gathering net as a kind of fishing net, then the net's mesh has become finer and the net itself has become much wider.
Now it's easy to get carried away with science-fiction fantasies about things that might happen. But we don't have to wait for the widespread use of videophones, of paperless electronic safety-deposit boxes, of wafer-thin portable-communications devices, of satellite monitoring of individuals via implanted transmitters.
There are now systems where you can implant your animal, and Americans love pets and we spend more on pet food than on lots of things that probably ... we should be spending money on. But you can implant your pet with an electronic device so if it's lost you can find out where in fact it is.
But that will soon be available inexpensively for humans. It involves satellite technology and it's possible, according to one company that I spoke with, to give every human being a distinctive electronic signal. And you could imbed this device in the skin and send it off a satellite. You'd always know where everyone is. And that's really terrific, especially if you've done nothing wrong. If ... the bank is robbed, you can prove that you weren't robbing the bank because you were having an affair over ... - a business affair. [laughter] Anyway, ... you know, things like DNA fingerprinting, biometric monitoring.
But I want to consider some actual examples. Some of these you may recall.
A college student secretly videotapes sexual encounters with a girlfriend. After breaking up with her, he played the tape for members of his fraternity. He had violated no criminal statute in making that recording.
During a toy manufacturer's television ad, a clown asks children to place their telephone receivers in front of the television set. The studio then broadcast a dial-tone signal and displayed an 800 number, which resulted in kids dialing the number involuntarily. OK? Because the 800 number had automatic number identification [ANI], it recorded the children's phone numbers. The purpose was to create advertising lists, OK?
We know ... that the telemarketing industry is growing at 30 percent or more a year, and everybody has stories. One of mine is a friend who went on vacation. On returning, he had only one message on his answering machine. Shortly after his departure a synthesized voice interviewer called to ask if he would consent to being interviewed. Since he did not hang up, the system assumed he had agreed to be interviewed and proceeded to ask him a series of questions, pausing after each to let him answer. The interview continued the full length of the answering machine's tape. Of course, in some cases citizens have won lawsuits because they've had to get access to 911 and couldn't because they couldn't get rid of the..., you know.
Now we are aware also of the variety of communication devices such as cordless and cellular phones. We have room monitors for infants, which can be easily ... intercepted - and often legally - by scanners, FM radios, older TV sets with UHF channels. If you tune 'em between 80 and 90 or something like that you can pick up people's ... cordless phones that have the same frequency.
Speaker phones, of course, amplify communication. A conversant can never be sure who's listening. And a recent example, President Bush was unaware that his off-the-cuff remarks were overheard by a large audience listening in via speakerphone.
Karen spoke eloquently about work monitoring and I won't add anything other than to mention one program, called - well, I won't mention the name. But it offers the possibility of initial-screen repaint which permits the watcher to see what was on the target's screen before the program was activated.
Home phones can be made "hot on the hook." You can buy an infinity transmitter. It's legal. You attach it to a telephone or as part of an answering machine. What it does is makes the phone hot on the hook. It converts the phone into a microphone. The individual dials in on the phone, the phone doesn't ring and essentially you can listen to anything that's going on within the room. You can do this legally, if, you know, you attach it to your own phone. And of course you want to monitor the babysitter and things like that, as well as.... OK.
The caller ID we're all familiar with. Electronic-mail systems can certainly be monitored. In a case in Colorado Springs, , the mayor of Colorado Springs read electronic messages exchanged between members of the city council. And that nicely illustrates the tensions between openness in government and the need to protect private communication.
Palm Beach, Florida, announced a plan to use cameras on bridges to make a video record of every car, truck, bike and pedestrian entering the city. You know, ... I'd love to just talk about examples.
In July '89, a Los Angeles television actress was shot and killed by a fan. He had obtained her home address from a private investigator who found it in a public file maintained by the California Department of Motor Vehicles.
There's lots of proposed stuff, some of which is still around. A key expression for people concerned with civil liberties is that there are no permanent victories.
... Let me become a little bit more professorial, or let me, ... in the sense of being balanced, ... take a devil's-advocate position and say I'm here, it's fascinating, but in fact you're not being fair to the business people. You're not being fair to the people who are victimized by crimes. You're not being fair to the entrepreneurs. You're not being fair to the manufacturers who worry about health costs. ... The kinds of controls that some people have advocated at this meeting you might say really ... violate the free-enterprise system. They violate freedom of speech. They ignore the fact that we're concerned about declining productivity, we're concerned about AIDS, we're concerned about crime, drugs and terror. And you could say, "So what? Why worry?" Remember the Alfred Newman, cartoon, you know, "What, me worry?"
And there are a number of arguments: That we live in a world of strangers. It's not a homogeneous rural community. The Supreme Court has said that privacy was protected only when it could be reasonably expected that it would be protected. As technology changes, expectations change. Most privacy invasions, on some broad statistical sense, are not illegal. Given a free market, you can also buy wonderful counter- technologies to protect privacy. Companies have an obligation to stockholders to make as much money as they can. If you protect privacy, it's expensive. It can deter innovation. Consumers want specialized services. Economic viability requires pinpoint or segmented marketing.
Those unconcerned about privacy also remind us that we live in a society that believes in visibility. A fundamental American principle is, "Visibility brings accountability." In terms of the 1960s, Judith mentioned ... something about people over a certain age and Mayor Daly. But a valued legacy of the 1960s, and it's carried over into aspects of the computer culture, is personal openness and honesty. And in that sense, you know, controls are seen as off-putting. And of course, the idea: The only people who worry about privacy are those who have something to hide. Right? Wrong! OK.
There are at least 10 reasons that privacy and anonymity are important. You've heard them before but let me say it because perhaps it's because they are in the air it's important to reiterate them.
... I get involved in a lot of discussions with people and they say, "Well, what's really wrong with this or that?" They know something's wrong with caller ID. They're troubled by aspects of drug monitoring or worker monitoring. They're not sure why. And I can't, you know, remember these. But when it's written down ... I can. There are at least 10 reasons why privacy is important. Again, I'll be happy to send this to anyone who is interested in it.
- The ability to control information about the self is linked to the dignity of the individual and sense of personhood.
- Anonymity is socially useful. It encourages honesty, risk-taking, experimentation.
- Confidentiality can improve communication flows.
- Privacy is a resource in interpersonal relations.
- We maintain group boundaries partly by control over information.
- Privacy is important to the American idea of starting over. It can offer the solitude and peace necessary for mental health in a busy society.
I think there's a broader, all-encompassing, symbolic meaning of practices that protect privacy. These practices say something about where we as a nation stand - what we stand for - and they're vital to individualism.
And, by contrast, a thread that runs through every totalitarian system is lack of respect for the individual's right to control information about the self. It's been said that the mark of a civilization can be seen in how it treats its prisoners. It might also be seen in how it treats personal privacy.
I want to say a little about some elements of the culture, and I have a section on what we ought to do. But an important piece of that is in fact to be aware of our culture and the latent assumptions ... that we make. And, as a sociologist, I listen, and I often hear observations which I find, you know, deeply, deeply troubling. And let me just turn directly to those.
This is what I call the need to avoid a "tarnished silver bullet," techno-fallacies. OK. And we live in a cultural climate again where it's sort of in the air. I will give you an example of some of these fallacies in response to things that I hear, and I feel they're wrong, whether empirically, logically or normatively - much as a musician knows certain things that are off key.
- Turn the technology loose and let the benefits flow.
- Do away with the human interface.
- When you choose to make a phone call, you're consenting to have your telephone number released.
- Only the computer sees it.
- Those of us who are involved in consumer marketing are the best agents for protecting the consumers' privacy.
- That's never happened.
- The public interest is whatever the public is interested in watching.
- There's no law against this.
- The technology is neutral.
- The fallacy of assuming that only the guilty have to fear the development of intrusive technology. Or if you've done nothing wrong you have nothing to hide.
- The fallacy of the free lunch, or painless dentistry.
- The fallacy of the short run.
- The fallacy of quantification.
- A key fallacy for our friends, the lawyers: The fallacy of always assuming, in the words of Justice Potter Stewart, that just because you have a legal right to do something it's the right thing to do.
- The fallacy of assuming that pragmatism and efficiency should outweigh other values.
- Lowest-common-denominator fallacy.
- Big fallacy of assuming that personal information on customers, clients and cases in the possession of a company is just another kind of property to be brought ... and sold.
- The fallacy of assuming the facts speak..., - You know, this is ridiculous. [laughter]
- Anyway, the notion that experts know best.
- The notion that the people know best.
- The fallacy that the means will never determine the end. One of the great tragedies about technology, at the end of the 20th Century is that we've lost the broader public vision of what goals technology should serve. It's become highly individualized ... .
- There's the fallacy of technical neutrality. Somebody said to George Orwell, "Well, technology's neutral, isn't it?" And he said, "So is the jungle." ...
- The fallacy of permanent victory, of 100-percent-fail-safe system
- The fallacy that we don't live in a conflictual world.
- The fallacy that the environment is somehow going to be passive and non-react.
- The fallacy of delegating authority which humans should have - I'll stop, too - to a machine.
And finally, and in light of some of the discussions that I've heard here the last couple of days, I would emphasize this:
- The fallacy of rearranging the deck chairs on the Titanic instead of looking for icebergs. [applause]
OK, let me.... I'll stop. I'll just, I'll just pop two of these up here. OK, let me.... [some laughter]
... I've used this in a final exam actually for my students because they think the visual stuff is important. It's a New Yorker cartoon, and it shows a man coming to a house with a white picket fence, and there's a sign there, and the sign says, "Beware of the Technology." And I say to the students, "If you can identify the two meanings of the sign in the cartoon, the course has been a success and the future of the republic is assured." And the two meanings of the cartoon are, of course: first, the good use of the technology. The technology is a functional alternative to the dog. A dog might get, you know, rabid and bite somebody. You don't have to feed the tech..., you do have to feed the technology. But the technology clearly has, you know, very, very positive uses. But there's also the second, deeper meaning: Beware of the technology.
Finally, on a personal note ... about the most horrifying memory I have from growing up. ... [it's] from the Wizard of Oz, OK?... [some laughter] As a child I was horrified by the Wizard and by the deep, scary tones of the voice, and by the thunder and lightning. It was a horrible experience. Nice thing to subject kids to, but that's a second kind of issue. But what happens at the end [is] the little dog, Toto, pulls the screen away. And anybody remember what he says?
AUDIENCE VOICES: "Don't look at that man behind the curtain."
MARX: That's right. "Pay no attention to the little man behind the curtain." But I think we have to pay attention to the men and women behind the technology screen. Thank you. [applause]
NYCUM: As Gary was going 90 miles an hour, I reminded myself of "If" by Rudyard Kipling, ... that one couplet in there that says, "If you can fill the unforgiving minute with 60 seconds worth of distance, run!" And he sure did. [laughter]
Well, batting clean-up today is Professor David Flaherty, who is Professor of History and Law at the University of Western Ontario in Canada. Professor Flaherty started an illustrious career nearly 30 years ago when he was research assistant to Alan Westin in that monumental book, Privacy and Freedom, just published in the '60s. And he has remained a towering figure in this area ever since.
He has a book, Protecting Privacy in Surveillance Societies: The Federal Republic of Germany, Sweden, France, Canada and the United States, which is a book on privacy and how privacy and data-protection laws for the public sector are working in practice.
It's a very great pleasure to introduce Professor Flaherty, who is an awful nice guy as well as a good scholar. [applause]
FLAHERTY: I'll return the compliment by saying how nice it is to be on a panel with a majority of women on it. I've looked at too many totally male-dominated panels the last few days. [applause] I also have to admit to participating in one yesterday. [audience sounds]
Some of you know that I tried to impersonate George Bush yesterday. There's been some pressure to try another impersonation. I have to tell you that one outing as George Bush is enough. [audience sounds] I've also been criticized [for] failing to end my talk with, "God bless you," so I apologize for [laughter] that omission. I'm also not going to try to follow Judith, Karen and Gary by giving you more horror stories.
I think there's no need to document further the fact that we're living in surveillant societies. When I published my book almost a year and a half ago, I talked about [how] ... our societies were becoming surveillant societies - societies in which databases of various sorts were watching us.
I think I was being typically optimistic in that statement, and that in fact what we have to do is turn to considering what some of the options are to try to remedy the situation in which we find ourselves. It would be easy to say it's a hopeless ... cause; we really can't do much. It's sort of a typical characteristic or trait of a capitalistic society in the late 20th Century. It's probably only going to get worse rather than better.
But I hardly think that the kinds of people who have gathered here for this conference are willing to accept that kind of hopeless counsel of despair.
It's arguable that the situation is hopeless but I think we have to try to do something about the types of surveillance that we're all being subjected to. I think, in the first instance, the mere fact that people have been willing to hiss in this conference ... seemed to me one of the livelier aspects of it [some laughter] because it demonstrates the fact, like the women standing at 10 o 'clock in the morning for the wave, that resistance begins by both individual and collective action. And that, as I said yesterday in my Bush impersonation, the consciousness-raising has to be at the very individualistic level with respect to the preservation of individual privacy.
You can't protect your privacy all by yourself. That's why we need somewhat more systemic solutions. But we all have to make regular choices on a daily basis as to what we're going to give up about ourselves.
I also don't believe that systemic solutions are essential. You know that I happen to think that it would be a nice idea to create a data- protection board or a privacy-protection commission federally in the United States. I'd like to see one in each of the 50 states, and I'll talk about California in a few minutes.
However, it is also clear from the variety of data-protection and privacy problems that we've discussed in this meeting so far that ... a classic American solution is sectoral data protection. That means applying fair-information practices to each type of personal-information system, whether it's video records or video film rental records, or library records, or whatever it is.
And that is one area in which the United States has had, for a long time, almost unchallenged ... leadership in the formulation of specific rules and regulations for various types of information systems.
However, look at the areas where we haven't made progress, [where] we - in Canada or in the United States - have not made real progress. Look at the whole health-information field. Look at the hospitals. Look at the medical doctors' offices. Look at personnel records. Look at university-student records, and faculty and personnel records. Library records we've heard about today. Police records.
Most of these kinds of personal-information systems are inadequately protected and regulated with respect to fair-information practices. These fair-information practices have been talked about a number of times in this gathering. They're very simple things but very difficult to implement in practice.
We're talking about ... minimizing intrusiveness in personal life - collecting only data that ... you actually need to collect; only collecting essential information; only keeping it as long as you need it; destroying it or archiving it when that is over (and we're talking here about both manual and automated records); establishing what the disclosure and use policies are at the time of collection of information from individuals; requiring informed consent (one of the thorniest issues in this entire area).
These are the kinds of fair-information practices that each and every one of us have, in my view, a constitutional right to expect - in Canada and in the United States.
Now, unfortunately, it's not enough in 1991 to simply have these Good Housekeeping kinds of fair-information practices. You also have to have mechanisms to make sure that they work. I believe that, whether these are advisory rules or in regulation or statutory form, there have to be some sanctions for non-compliance.
There should be civil remedies and criminal sanctions, certainly for public-sector databases, for people who do not abide by fair-information practices. There has to be a complaint-handling mechanism. If you as a consumer, as a resident of a state or someone who even pays your taxes to the federal government are in federal databases, and you're all in there, let me assure you. The U.S. Federal Government is the largest custodian of personal information in the world. A great claim to fame.
If you have a problem, you ought to have somebody to complain to. You need some type of an ombudsperson or ombudsman concept that you can go to. There's no such animal federally or in any of the states with respect to data-protection practices. This is an area in which Canada and the leading Western European countries and Australia are, and Japan - well, exclude Japan - are well in advance of the United States, as has been mentioned by other people in this gathering.
I'd like to tell you how the Privacy Commissioner of Canada works. Now I happen to be a Canadian who's lived a long time in the United States, and I know: You mention Canada, eyes start to glaze over, it's late in the afternoon.
But it is possible, believe me, to learn something occasionally from foreign countries. ... [some laughter] Most of the time we borrow from Americans. You know, whatever you're doing will happen soon in Canada, whether it's good or bad things. But there are times when we have exported pretty good ideas south of the border, not least of them our system of medical insurance and medical care. But that's not what I'm talking about today.
The Privacy Commissioner of Canada ... is a small bureaucracy. He's an independent official who works for Parliament. The government can't tell him what to do. He has considerable power but it's advisory power. He's not a regulator. He's not like the French or the Swedes who can - the data protectors in those countries can - actually issue orders.
There's some question whether a lack of regulatory power is adequate. The Information and Privacy Commissioner for the Province of Ontario does have some regulatory power for both freedom of information and data protection in the public sector, and that may be the cutting edge of the future.
You may have to have a fundamental arbiter in this area with some regulatory power. And if you've taken as long as the United States has had to create data-protection commissions at the federal and state levels, the argument would have to be: you better be at the cutting edge by the time you invent one of these peculiar animals.
The Canadian Privacy Commissioner has a staff of auditors. They visit every institution in government. They see whether they're complying with fair-information practices. They do it with notice, with advance notification, people know they're coming, and so forth. But they actually try to see whether fair-information practices are being ... complied with. They do studies, they give advice. They watch every lousy piece of legislation going through Parliament.
Try to think of a piece of legislation that doesn't have implications for personal privacy. It's a pretty rare piece of legislation. The Privacy Commissioner's office, which I don't work for and I'm not one of their - I sound like their public relations flack but I'm not really. They have built up a body of expertise since they came into existence in 1977. They published a study called, Drug Testing and the Privacy Act. One result is that drug testing is on the run in Canada. We don't have federal drug testing. [applause] We have a very good situation, and it's regarded as scandalous to drug test in the private sector. Although the Privacy Commissioner has no jurisdiction in the private sector, we certainly take a dim view of some of our banks who want to drug test new employees and the like.
...They've also done work on AIDS and the Privacy Act. They've done work on computer monitoring in the workplace. In fact, five or six years ago, I was sitting next to the Privacy Commissioner and a prominent judge who was interested in privacy issues when we first heard about computerized workplace surveillance. It was some of the telephone operators and reservations clerk in Canada telling us about it. And the Privacy Commissioner and the judge, we all turned and looked at one another and said, "Do we want to live that way?"
And for people who are in the elite of society, it was a useful reminder that we don't want to work that way. If we're going to monitor workers in that fashion, I think we should monitor university professors, for example. [one person applauds] Most of us are never in our offices so it would be a rather useless activity. [some laughter]
Now, in terms of solutions, what can we do in California? You know, this is a state that's as big as Canada. It's 20 percent of the American population. It's very progressive. You're one of the few American states that has a constitutional right to privacy, something that I think is very, very important. Every Californian who can afford it can go to court and claim their privacy is being invaded. I think that's a fundamental right and it's an admirable one, and it's explicit in the California Constitution.
But go beyond that. Why is there no privacy-protection commission or a data-protection board in the State of California? I know you've got budgetary problems. You know, when you're closing schools, it's hard to make a serious argument for a small bureaucracy to represent privacy interests. But look at all the other things you pay for. I gather that you've got a Fair Political Practices Commission with a staff of 100 that's existed for 30 years that does next to nothing, according to last Sunday's newspaper. Why not abolish that, which is a healthy thing to do with any of these small bureaucracies, and create a Privacy Protection Commission in return?
When you're thinking about creative things you can do out of a gathering like this, in the next 24 hours I hope you'll turn to some systemic solutions. Then if you read my book, of course, you'll discover that I'm really pessimistic about how well these systemic agencies will actually do their jobs. [some laughter] But it's easier to do that once they exist because then privacy advocates can stand around with a whip in their hand telling these people we're watching them: "We're trying to make sure you do do your job."
Finally, let me leave another idea with you. In many countries in Europe, there is not only a constitutional right to privacy, there is also a constitutional right to data protection. At least a half-dozen European countries have written that into their constitution: Portugal, Sweden (being one of the more recent ones), Germany certainly the same way. In addition, the Germans have gone a step further. And you know I'm talking here about privacy as the whole world: right to an abortion, avoid wiretapping, all the rest of it.
Data protection is the small area; the whole ball-of-wax [is] the privacy that deals with the collection and use of personal information. But since personal information is ubiquitous in both the public and private sector, that's a lot of work for somebody, and for us, whose information is caught up in that system.
The Germans, in the famous 1983 census decision [of] their federal constitutional court - in a decision that I compare to Brown v. Board of Education in the United States in terms of its ultimate significance - developed the concept of "informational self- determination." It's an even bigger mouthful in German, let me assure you.
"Informational self-determination." It means what it says. It says every individual should have the right to determine what is done about the data that he or she gives up - obviously a very optimistic and somewhat naive notion in the late 20th Century.
What it means in practice is that governments and the private sector in West Germany (and that includes all the states, and they have a very well-integrated system of federal and state data protection which we've imitated in Canada, which I think is worthy of imitation in the United States) every government and private-sector data-collection activity has to be in compliance with a law of some sort, has to be in compliance with public policy.
And it's only at that point, when the legislature in a democratic society has stipulated, "Yes you can ... collect that personal information," it's only at that point where the individual right to self determination is overridden by a collective interest as established in the liberal democratic process.
I think that that concept of informational self-determination needs a lot more ventilation in the North American sphere. At the very least, people should try to assert their rights to determine the fate of information that they choose to give about themselves, to see what is done with it. Then we've got some creative people in the legal profession, in the public- policy area in this country. And I certainly think it would be interesting to try to see how we could institutionalize the concept of informational self- determination as a legal and constitutional right in our respective societies. Thank you. [applause]
QUESTION & ANSWER PERIOD
NYCUM: And thank you, sir. Well, that was a very good wrap up indeed. Now we have time for questions since everyone on the panel was so good about it. ... We will start by answering the questions here from the panel. ...
What I suggest we do is start with a question each to the panel and go through the questions one at a time. One would be directed to Judith, the next one to Karen, and so forth. And see how far and how well we do on this. So if ... you want to choose one, Judith, and read it ... and let us have your answer.
KRUG: The first one comes from Jeff Johnson from CPSR, and thank you for reminding me about this. Jeff points out that the San Francisco City Library has a system on its computer whereby the name of the individual who has checked out any material is expunged when the material is returned.
And this is a mechanism that the American Library Association has been suggesting for about 15 years. Of course, it's a lot easier to expunge a record when the record is computerized than it is when you were writing your names on cards ... slipped in the back of the book. So that is more and more becoming the practice of libraries. And I don't know of any library which has computerized at least it's circulation records that has not added this expungement (if that's a word) mechanism to it.
NUSSBAUM: I have two questions that are similar. One is, "Do we object to all forms of supervision?", and "Would you agree that the issue of computer monitoring is one of good management manners? What's your precise objection to, for instance, audit trails of financial transactions made by computers or profitability ranking of employees?"
No, we don't object to all supervision and we also don't object to all collection of data. The issue is, "What is the purpose of the collection of data and how is it used?" And I would agree that, yes, this is ... an issue of management. It's not an issue of technology. It's how management is using this technology and the extra power that the technology gives management.
It doesn't have to be done this way and there are examples both in the United States - only a handful - and more importantly in other countries. So, for example, when I was in Japan and I met with, actually, management from the telephone company there and asked him about the issue of computer monitoring, ... he said, "We don't have a problem with monitoring because we don't do it."
Or in Sweden, where the data is collected by the month and by the department. It's not collected on individuals. But data is collected to find out how the work is going, identify problems, and then work with members of the team to solve the problems. That's very different from cracking the whip. And cracking the whip is what American management is doing for the most part. ... I'm in favor of supervision in training: "How do workers learn?" And I think that if we did more supervision in training instead of surveillance and control we would have a more productive workforce. [applause]
MARX: There's a video floating around that contrasts the use of technology in work in the United States with Sweden. And it dealt with the printing industry. And the approaches were, you know, completely opposed. In Sweden, partly because ... the unionized sector is 95 percent of the society, when management thought that it might be worthwhile to bring ... the latest technology into the printing process it sat down with workers and talked about how to do this. And the question it asked was, "How can we use this technology to enhance the workers' sense of creativity and productivity, and to enhance the quality of the work experience as well as the quality of the work?" And that's really opposed to the way new printing technology has been introduced in Great Britain and in the United States, where the focus is almost exclusively on, "How can we increase productivity?" and the worker is seen as simply another item to be quantitatively analyzed.
A question from the floor, without a name, that's addressed to the panel: But since we're going in order, I agreed to take it: "Should California news organizations be forbidden by law from publishing or broadcasting the names of private individuals who use large amounts of water despite drought conditions. If not, doesn't this violate privacy? If so, doesn't it violate the First Amendment?"
Well, you know, there's that Chinese expression, curse: "May you live in interesting times." And there are clearly value conflicts here.
It seems to me that the criteria for news agencies reporting people's water-lifestyle behavior ought not to be very different from their reporting other aspects. And there is the issue of the public-utility question of it and the coercive power of the public utility to have that information. But I suppose if the information being released we had reason to think ... was valid and reliable, if there was some juridical or supervisory process where we didn't go from an automatic report from a machine to having it be in, you know, the San Francisco Chronicle, I would not be so troubled.
It seems to me that the consumption of water - I mean lawyers are brilliant in their ability to twist things - but to see the consumption of water as a First Amendment issue, I think for my money that's probably pushing it a bit. You could say it's a lifestyle question, but you know the First Amendment was really about expressing religious and political kinds of beliefs.
I think there are some interesting parallels to that question. For example, a number of municipalities publish the name of people who are arrested for soliciting prostitutes. Some even publish the license numbers of cars that are parked in areas where people are arrested for soliciting prostitutes. Some judges have required that, as a condition of probation or parole, those arrested for drunk driving have a big sign in the back of their car saying, "I was arrested for drunk driving." You know, those are interesting issues and value conflicts.
FLAHERTY: Being on the end of the panel, I think some difficult questions get bumped down to my end. [some laughter] Either that or I'm now Karen. [some laughter]
NUSSBAUM: I was only being fair.
FLAHERTY: Thank you. I'm delighted to get them. I'll just read what they say. They're related. ... "I was surprised that no one in this session seems to have addressed the issue of employer monitoring electronic mail, i.e. the Epson case. Although this is primarily an issue for computer professionals and not computer workers, does "9to5" have a position on incidental personal uses of employers' e-mail systems?"
I'm not going to answer for "9to5," clearly.
And then there was another one about, "What about the claimed right of workers to make private use of the company's computer system or phone system against the wishes of the employer, on the grounds of privacy?"
Let me say two things about that. I regard it as scandalous that only in Canada and the United States is the private sector unregulated almost completely (except for fair-credit reporting) with respect to data protection. In Europe, the private sector.... - even in England, God bless the country, Margaret Thatcher, in 1984, introduced a somewhat draconian data-protection act which regulates and subjects to fair-information practices all automated databases in both the public and private sectors.
There are some negative aspects to the legislation. It actually requires registration of databases but they don't do much else. So both the French and the British collect a lot of paper to no good effect, in my view.
But the point is that our private sector can do ... almost anything it wants with respect to the collection and use of personal information, and these are personal-information kinds of issues even though we're dealing with electronic mail and the right use of the telephone or computer system.
I think that - as I said in my presentation - you have to apply fair-information practices. How do you find out what are fair-information practices? The Swedish Data Act explicitly requires consultation with the stakeholders, the people who are going to be affected by this. This shouldn't be management fiat. You have to ... negotiate some kind of intelligent balance in these kinds of areas between the interests of management and the interests of people who work there.
In a sense it's close to the kind of "information bargain" that Alan Westin talked about yesterday. And I'm not using it in the sense of selling your privacy but establishing a reasonable balance within a private-sector concern between the interests of the collectivity and the human rights of the individual. I don't know whether you want to say more about "9to5."
NUSSBAUM: We don't have a position on it, which is why I bumped the questions down.
KRUG: OK, I'm going to run through a couple of these real fast. I have a question here which asks, "Which states have no statutory protection of library records?" ... It's Texas, Kentucky, Utah, Ohio, Hawaii [and Mississippi]....
If you are interested in participating in the process, please drop me a note or give me a call. And my address and telephone numbers are on the ... roster of all the participants. If you do that, I will put you in touch with the people on the state level who have already begun the process of developing these state statutes.
Ohio's [statute] is now going through the legislature for what feels like the 27th time but I'm sure it's only the third or fourth. But there are people already working in each of the states, and your assistance would be wonderful if you would work with them. To add another statute or start pushing on your own could sort of undermine what's already been done.
OK. ... I have two questions that deal with how private-industry libraries face questions from law-enforcement officers, be they FBI or local or so on. I honestly don't know. Private libraries are somewhat removed from the main core of the American Library Association members.
There is an organization called the Special Library Association, and by and large that's where the libraries of private concerns are, that's where they go. We have had some correspondence with Dialog. I don't believe that - and Jim, you may be able to help me on this one - as I recall that correspondence, Dialog was not willing to buy into our position on privacy and confidentiality. But that may be an incorrect answer. Linda, you may know; Jim, you may know.
JIM SCHMIDT: [Regarding] special libraries, i.e. libraries in private companies, there are a couple of variables at work. Some of them may be subject, in their disclosure policies with respect to users and usages of the library materials, to the state laws in question.
The state laws, the 44 that Judith mentioned, vary considerably in their scope, which is to say the nature and kinds of the libraries covered. And they vary considerably in what I call their range, and that is the nature and kind of the library records that are covered. So some of the special libraries in some states may be covered by a state statute and others may not.
Special libraries, corporate libraries, have another complexity. First, they may also be keepers of proprietary information, proprietary to the company in question, and legitimately ... proprietary.
They may have to have record apparatus to assure that that information is handled in the way that it's supposed to be handled. Additionally, the nature of the contracts that the company has might put those libraries in possession of certain classified materials, and in that circumstance they are required to abide by whatever the appropriate protocols are for assuring that that which is classified remains so and is used according to the protocols that are established for the use of classified information.
What's left then is a hole, and that is special libraries not affected by a state statute, not affected [by] proprietary-information policies and not affected by classified-information policies. And in that event I'd have to say to you all who work in such places, potluck.
NUSSBAUM: This question is, "What do you propose that programmers and software engineers do if they were assigned the project to develop a monitoring software?"
I don't know enough about your process for your work, but if you're in a position to question, you know, what is the purpose of the work and to suggest how would the software be used and to pose that as one of the issues in developing it, then that's what I would recommend. ...
How things get created depends on what they're to be used for, what questions are you answering, and there you could introduce a new set of questions.
MARX: "How do you balance the need for privacy with dangers such as drugs or fraud, that can be used when the right to privacy is abused?" And that's a very, very important question. I think the issue is not only that you may be ignoring a fraud but that the technology clearly can protect liberty, privacy and security. And I think one of the things that many people who are sympathetic to this broad issue are insufficiently aware of are the ways in which technology, extractive information technology, has benefitted.
Let me just ask you a couple of rhetorical questions. What would have happened to former President Nixon if there had not been secretly recorded tapes that were highly incriminating? OK, he would have, I think, remained in office and gone out as a person who made major contributions, especially in terms of foreign policy.
What would have happened to Daniel Ellsberg in the Pentagon Papers if we had not had the [copy] machine or the ability to photocopy? More recently, what would happen to our knowledge about the Iran/Contra affair if Oliver North had understood more about NSC files, and there had not been the back-up files there that he thought that he, in fact, erased?
Aerial surveillance can monitor compliance with pollution standards. It can help verify arms-control treaties. Transmitters can help locate lost children or hikers, in avalanches, or even in shopping malls. The worst experience of my life was losing my son in a shopping mall in Tucson about 25 years ago. It was unbelievable. I don't think it would happen today.
Devices that permit firefighters to see through smoke may save lives. Remote health monitors can protect the elderly living alone. In one system an alarm is sent if a day goes by without the refrigerator being opened.
But it's clearly a Greek tragedy - the technology's unique power is also it's tragic flaw.
The question was really about balance, and we have the institutionalized mechanisms for balance. Courts are a major mechanism. And I think it's also important, where there are adversarial settings, to have committees so that workers and management together discuss the potentials of the technology. I think public hearings are crucial.
Let me just add, because I didn't have [time], in spite of talking fast. ... We've heard a lot of principles and I support them all, but there are some additional principles that I think are important that go beyond the ones we had from '73 from a terribly important U.S. Department of Health, Education and Welfare policy statement.
And one is the principle of minimization, which we heard last night in a different context.
A second that's just crucial, especially in something like caller ID, is a principle of restoration, so that in a communications-monopoly context those who alter the privacy status-quo should bear the cost of restoring it.
I think we need a safety net or equity principle. The same way to a minimal extent we have that about poverty and welfare in the United States. We need it, we need a minimum threshold of privacy which should be available to all.
I think we need a principle of timeliness with respect to data, a principle of joint ownership of transactional data.
I think we need a principle of consistency, and I didn't get the chance to make a comment this morning when one of the...
[Background laugh and voice]: You are now.
MARX: ...You want me to stop? [some laughter]
NYCUM: We have reached ... that magic hour, and we've been all so good that I think....
MARX: What, are you going to defer to that machine? ...We're not humans? What is this...? Let me make my last point. ...
NYCUM: Well, I do want to get one thing said that was raised here and that was, "Why didn't we talk about the Epson case?" And the answer to that was that the person who was meant to do so was unable to be here, the attorney for the lady who was involved in that matter. So we're sorry about that but we did try. Now go on, ....
MARX: I think we need a principle of consistency so that broad ideals rather than the specific characteristics of a technology should determine privacy protection. That we need broad principles. So it's simply ... crazy ... to have ... a different standard of protection for cordless phones than you have for cellular phones. You can overhear one of those legally and you can't the other. It doesn't make any sense. ... It's not the technology, it's the principle. Thank you. [applause]
Return to CFP'91 Index page.
Return to the CPSR home page.
Send mail to webmaster.
Created before October 2004