CFP'92 - Private Collection of Personal Information
Thursday, March 19, 1992
Chair: Ronald Plesser, Piper and Marbury
Panel: Janlori Goldman, Privacy and Technology Project,
John Baker, Equifax
James D. McQuaid, Metromail
James Rule, SUNY-Stony Brook
Mary Culnan, Georgetown University
Pat Hadley, Citicorp
PLESSER: Thanks, Peter. I've got some ground rules that will probably take me a little bit of time, and then we want to rapidly get into this. Today's topic is "Private Collection of Personal Information," and we've all been on a lot of panels at conferences talking about private sector records, information, what good policy is, bad policy, concerns, what's outrageous, and what's not outrageous. The one issue we always wind up with is, What should the role of government be? Should there be a role for government as intermediary, mediator, regulatory body? Should government in this country have a role in the privacy debate?
In Europe, of course, data protection commissions are the rule and not the exception; there is even one in Canada. Although it does not have any jurisdiction on private records, it does have jurisdiction on public, or governmental records. Throughout Europe, there are data protection commissioners and data commissions. I might add that hopefully we will be able to hear from Kevin O'Connor, the Data Commissioner of Australia, who I trust is in the audience, at the end of this session. It is quite an honor for us to play this out with a real, live data commissioner in our midst -- maybe a little scary as well.
The idea of a data board is not new -- it was part of the recommendations of the Privacy Protection Study Commission that were issued in 1977. We have had passed out to you legislation, HR 685 see sidebar, which is the current version of legislation sponsored by Congressman Wise of West Virginia. Bob Gelman, who many of us know and hopefully is here, has participated in writing this. It occurred to us, that rather than having the kind of 15-minute talking head presentation on privacy, it would be fun to try to see "what if" -- what if there was a privacy board, a Data Board in the United States? What would be the impact in the context of the private sector records? So, if, as we go through our introductions, you want to take a look at HR 685, you'll see that it is extremely broad with a lot of flexibility in terms of the type of investigation, the type of inquiry, the type of authority that this board has.
In order to set the stage, we have decided that the timeframe is that the legislation has been adopted. In the discussion, we may go back and forth on timeframe, but I think the one working assumption here is that it has been adopted. The panelists will be playing roles -- most of those roles are close to their real-life interests. In some cases, the virtual is different from the actual reality, and for press and for public attribution we request that that be acknowledged. Each individual disclaims responsibility -- the statements that they may say are not necessarily their own statements. If there are members of the press who want to quote somebody, I would really request that they come back again at the end of the session to talk to panel members, because what may be said up here is not what they may say in their real roles. I hope that we can play with the roles. If you're uncomfortable with that, you can leave us. (laughter)
GOLDMAN: Do you think that in some people's cases there might be an exception?
PLESSER: What do you mean by an exception?
GOLDMAN: In my case, you can probably take for granted that if I were a general counsel for a government agency, this is what I would say.
PLESSER: Yes, but I want people to play out the role and not be worried about being quoted as their own position.
It is really a great honor to introduce the panel. I think we have really gotten a very representative group of the privacy debate that is going on in the United States.
We have with us Pat Hadley, who's assistant vice president of Citicorp. He's in the General Counsel's office, concentrating on communications issues. His role today will be a representative company that we will call Metrobank, which is producing the product that we are discussing.
James McQuaid is president of Metromail out of Chicago. Metromail is a very large list developer and direct marketer in this country. Jim will play the role of the person using the product -- let me say that the product here is a supermarket point of sale system -- and Jim will be representing really two roles, one is the mailing list industry, the people using the mailing list and how that information might likely be used and marketed. We've also asked him to double up and give the point of view of the supermarket which is collecting the information and what their rights and interests are.
Dr. Mary Culnan is a professor at Georgetown University, a recognized expert on privacy. She will today play the role of a consumer advocate.
Janlori Goldman of the ACLU, who is the director of their Privacy and Technology Project, has been assigned the role of counsel to the Federal Data Board.
Our two Data Board members are Dr. James Rule, who's a professor of sociology at State University of New York at Stony Brook. Jim has really written many of the seminal works on privacy going back many years. His point of view has always been a very important one to me in the development of the issue.
And finally there is John Baker, who is the Senior Vice President of Equifax in Atlanta. He will also take the role as a board member.
The premise is as follows: Metrobank is developing a program that will be implemented at supermarkets around the country that will allow the computer systems of the supermarkets to capture all of the items purchased by a shopper and store them in the computer. They will be retrievable either by the name of the consumer or on the basis of lists according to certain categories. If you wanted to know everybody who bought Maxwell House coffee, you could do that; everyone who bought coffee three times a month, you could do that; or you could theoretically get a retrieval on the basis of the person's name. The customer identity could be obtained from check-cashing cards -- the credit cards used by the consumer. The data could also be obtained as the result of the consumer's joining a buyers' club. In exchange for joining, the consumer obtains discounts and access to special promotional efforts. For the purpose of this discussion, we will discuss both a situation where the notice to the consumer is sufficient and constitutes informed consent, and where the notice is not sufficient and does not constitute informed consent. I think we will primarily discuss the buyers' club situation where the consumer is put on some kind of notice that the information is being collected. Metrobank has agreed to a joint venture with Citimail to market lists derived from this data. Let me remind you if you don't live in the Washington area, or other similar areas, that prescription drugs are also sold at these stores.
Pat, let's start with you. You're developing this product. Can you describe briefly what the product is, and what kind of initial privacy concerns or issues have come to you, as your people developing the product come to you and asked your advice? What are your concerns, and can you give us a little description of the product?
HADLEY: Certainly. It's a great opportunity to come and present Metrobank's Supermarket Shoppers Club to you. We're excited about this product because we believe that it will allow the grocery store to move back into the relationship with the customer that it's had prior to the period of mass marketing, when supermarkets just have marketed to a broad spectrum of customers. We believe that this product is going to allow supermarkets to have more tailor-made marketing strategies, more personalized service for their customers. We believe the program is going to benefit shoppers. It will also benefit retailers, or the grocery stores themselves, and participating manufacturers. What I'm going to do is quickly describe how the program is set up, the benefits of the program, how the program would work, and also discuss some of the privacy concerns that we know are important, and that we have attempted to address in our development of the program.
There are a couple of elements to setting up a program. One is that the bank has gone to retailers, or to grocery stores, offering them the opportunity to link up their checkout scanners via telephone lines to our mainframe computers using our software. The customer purchase data would then be collected in our computers. The grocery store owners would then be able to obtain that data from us, and other parties in the field would also be able to obtain that data from us. Once I get into the privacy discussion, I will describe more about what conditions would be on companies obtaining that data. Secondly, there's the aspect of shoppers. We also go to shoppers who shop at the participating grocery stores and offer them the opportunity to sign up for the program.
PLESSER: Excuse me, let me interrupt for a second. How do you get the supermarket to agree to do this? What is the basic deal in terms of getting the supermarkets to agree to allow you to collect this data?
HADLEY: Well, we collect the data, the service is ours, the equipment is the supermarket's. The benefit that the supermarket derives from the program is that they gain more personalized, more direct, more targeted information about the consumer, so they can market directly to the consumer. If a consumer's purchase levels start going down, or if the consumer stops purchasing, then the store is able to be more responsive and direct a promotion or coupons to that consumer. So the store is able to benefit in that fashion. Also, the stores are able to stop, or minimize, the inefficiencies that are involved in distributing a large number of coupons that ultimately aren't used. One of the benefits of the program is an electronic coupon service. By using a magnetic strip personalized ID card when they make their purchases, shoppers can gain the benefits of whatever coupons or products are on sale for that particular day. So in return for getting those benefits, those savings, the store gains information on the customer, what products they are buying, and can more efficiently respond to that.
PLESSER: Can I get Jim to jump in? Jim, you're running the supermarket. Why would you let this happen? Why is this a good thing for you as representing a supermarket?
McQUAID: I think it gives me for the first time a real chance to know who my customer is individually, as opposed to a neighborhood around the store. I can now begin to identify, in a fashion similar to what the grocer did many years ago, my individual customers by name, their families, and what their needs are. Now my customer base is much larger and it's harder for me to do that personally. This gives me an electronic version of that, where I can start to identify with my individual customers.
PLESSER: The point of view as a person who's going to use the list, another marketer, or a national name brand, or somebody who's compiling a list -- what is the general interest in doing this kind of service? Is this a breakthrough in direct marketing? If so, why, and how will it be used?
McQUAID: Well, I think the information which is being gathered is the same type of information which has been gathered by direct marketing merchants for years. Catalog companies, for example, do know what their customers buy, how often, and what types of products, merchandise, sizes, and so on. But with the advent of this kind of information being collected in a vehicle such as a food store where there's much more traffic by a much larger portion of the population, suddenly the breadth of the information, in a sense of how many consumers can be gathered, and the recency of the information is much improved. Specific buying habits and purchases are a much better predictor of what people's needs are than just general demographics.
PLESSER: What kind of applications can be made of this? Who's likely to be interested in this information from a marketing perspective and how will it be used?
McQUAID: Well, I think manufacturers of broad-scale products that are sold through vehicles like the grocery stores have for a long time wished there was another way to get the attention of their customers, particularly if it's a brand that doesn't appeal to everybody, but only a certain segment of the general public. I think this would be of very big interest to them. I think there's also a possibility for direct marketers who are looking to provide products or services that appeal to a certain segment group, such as Weight Watchers programs and things like that which could be of interest to people who are trying to reduce their weight. I think there's also the possibility that information on people buying magazines at the checkout counter would be helpful for the magazine companies to use in getting those customers to become full-time subscribers.
PLESSER: That's great. Pat, you guys have gone through this theoretically and you've identified some initial privacy interests. How about the concern, are you ever going to let this list of names and information, this data bank, get out of your possession? How are you going to allow Jim's customers and people to access to it? How's it going to work at that end?
HADLEY: There's really kind of a two-pronged approach, one to the privacy element, focusing on the consumer. We give full disclosure to the consumer when they sign up for a program as to how the program works, and the different types of uses the information. There's also an option for the shopper to opt out of the program. If they want to be part of the program and gain some of the discounts and benefits, they can also elect not to have their information given to third parties or any other parties for non-related uses, or non-shopping uses. In addition, because the bank owns the data, we control the names and addresses. We only give those out under a contract relationship with a reputable company under a very stringent confidentiality agreement, such as we have with Citimail.
PLESSER: Jim, representing the supermarket, if you can put your apron on for a second. Do you agree with Pat's statement that he owns the data?
McQUAID: No, I don't. I think that he just happens to be an intermediary who has come along and helps to gather it. As the supermarket, I believe that the customers who shop in my supermarket are my customers, and I'm entitled to that. I might have contractually agreed that he can also use the data, as he's described, but I don't think he can dictate to me how I can interface with my customer. I'll develop that relationship myself with what I think is the proper role.
PLESSER: Pat, what do you do with this product? It's getting close to roll-out; obviously there are some privacy interests and concerns about it. Do you take it to the Data Board and see what they think about it before you roll it out? Do you try to get kind of a testing of the product to see what the concerns are? Do you go to Mary Culnan, a privacy advocate, or do you go to the federal government, to a data board, to try to get their views on it before you take it out to the public?
HADLEY: One of the things that we do very seriously is a lot of testing, such as customer focus groups, before we roll the product out. The Board itself serves a useful function in going through the statute. Its role is not that of a body that authorizes or rejects different products. Because we have done so much planning, preparation, and study on the privacy issues, unless there were a complaint filed -- and we don't envision that -- we would probably not lean toward taking it to the Board in the absence of some other reason to do so. We wouldn't want to have a situation where other parties could come in and use that forum to harass or slow down the process, or where a competitor could use that as an alternative means of keeping down competition.
PLESSER: Mary, you start to hear about this. Roll-out starts, grocery stores start to ask customers to sign up to this funny buyers club -- kind of a new thing all of a sudden. What do you make of it? What are your arguments? As an advocate, whether you eventually go to the board or not, quickly and concisely, what are the issues for you?
CULNAN: I can at least give you the questions that I would want to raise. In Washington, in fact, Safeway is running such a program, which is not affected ...
PLESSER: This is supposed to be hypothetical.
CULNAN: We have a hypothetical store in Washington... (laughter) The first question would be, What kind of informed consent do the consumers give when they sign up? And do they really understand how this whole process works -- that in fact everything they buy may be kept forever and ever by the bank and made available to other people? Do they have any right to control this information use beyond the checkout? I'd like to read you the disclaimer here. One thing that would be interesting would be to see to what extent people think this is informed consent or not, and how comfortable people would feel about signing one of these. It says, "I understand and agree that the Hypothetical Store, Inc. may record, make use of, and disclose to other persons or entities any and all of the information I have furnished on this application form and information about the products I purchase as a member of the Hypothetical Savings Club." And then it says, "Since we are recording your purchases, we can provide you with special offers, but if you don't want to get coupons, you still get the special discounts at the checkout," -- that's one of the benefits of the program, you get discounts on your groceries -- "you may check this box." On the front they ask for your name and your address, your social security number, home phone, work phone, birthdate, driver's license or passport number, how many children are in your household, number of people, what are the ages of the children, where do you do most of your shopping, and where else do you shop, and you don't have to provide this. And then -- not required for program participation, because this is also being used as a check cashing card -- the deal is also you can no longer cash checks at the grocery store if you choose not to participate.
This disclaimer would raise a number of questions in my mind, and I would like a little more information on how the information is going to be used:
- In fact, what kinds of lists are going to be sold?
- Can someone go in and ask to see my profile, and in fact, would that happen?
- Is there going to be good security?
- Are your employees going to see opportunities to sell this information to private investigators, as we've seen happen recently at the Social Security Administration, where the rules say no, this can't happen, but in fact, it does and could cause problems for people?
- Do people have a right to not to have items scanned that they consider sensitive, and would the store tell them this, that, in fact, if you are checking out with pharmaceuticals or adult magazines, or alcohol or tobacco, or other things you just don't want to go into the system, do you have the right to say, "The scanning stops here, even if I don't get any discounts on these kinds of things?"
- Are you going to provide regular notice to people if the rules of the game change? Are people going to hear periodically that in fact the public thinks they are playing football, and now the bank and the direct mail company have started playing lacrosse? We're all on the same field throwing the ball around, but really it's pretty different.
- And one thing would be, just so people can sense that, in fact, there is no problem -- I know you all believe that the mail they're going to get is valuable -- is would you be willing to identify on the mail coming into people's homes that resulted from this database that in fact it was generated as a member of the Hypothetical Store Savings Club? It gives a ...
PLESSER: Jim, how do you respond to that?
CULNAN: ... And I have more later.
McQUAID: Well, first of all let me make clear that I think it's an exception for Washington, DC that's not true of the rest of the country that we would ask for your passport number. (laughter) But, I think as the grocer, I don't mind at all telling my customer that this mailing that you are receiving is because you signed up, and all these benefits that I'm offering you are a result of your participation in the program. I think it works both ways -- I think it enhances the participation, I think it justifies the rewards, and it will trigger you to come into my store. As a third party, I don't think it's going to be very logical for me to print on the envelope because it's going to detract from the message that I'm trying to give. It's very important to me as a person trying to get you to open the envelope that the message, the product, the service are where all the emphasis is. If I detract from that, I tend to lower the response rate to the point where it's not economical for me to do it.
PLESSER: Let me stop action for a second. Some questions... some hands came up before. I'd like to hold them until the end, because I think it will be just more effective that way. I would like a little audience participation, though. I'm going to ask for a vote now and then I'll ask for a vote at the end, because we are about to talk to the board members here. Before we do that, how many people are in favor of a data board? How many people think that the United States should have a data board? I'm going to ask you the question again at the end of the conversation.
AUDIENCE QUESTION: Could you just summarize the legislation briefly?
PLESSER: It's in the handout. Vote yes or no. You'll know more about it after the conversation. (audience noise) Everybody in favor of the Wise legislation? Everybody opposed to the Wise legislation? Everybody neutral? (audience noise)
Jan, Mary Culnan calls you up, writes you a note, tells you about the stuff, starts to bring some material together to your attention. As an initial matter, as general counsel of the Data Board, what do you do with it? And at what point do you tell Mr. Rule and Mr. Baker of this problem? What are your initial steps and questions and authority that you have to look at and investigate this matter?
GOLDMAN: My first reaction in hearing from Mary is I might be a little disappointed that Pat would be reluctant to come to the Board initially and really let us know about what his plans are. This is a friendly board, we're not necessarily hostile. Congress has given us some power to do something. Maybe we can't make our own laws, but we can conduct some research, hold some hearings, gather some testimony, develop guidelines, recommend regulations. We can even investigate some complaints, so it might be better to come to us first before we're in the process of investigating complaints. We can even issue subpoenas. We might even be in the position of getting a subpoena to look at your phone records between yourself and Jim to find out about some of these conversations you've been having. What I would say to Mary is, let's take a look at this. It would certainly be the kind of issue that the Board would look at. The Board does have fairly broad powers, as I said, in researching and investigating complaints and trying to set some kind of standards or put some principles in place in terms of how technologies are developed, and how they would impact on individual privacy. So I would say, come on in, bring all the papers that you have, let's get Jim and Pat in a room and let's talk a little bit about what this product is going to look like. Let's try to take care of some of these issues before it hits the market and we're then in the process of having a more formal and maybe less friendly kind of conversation.
PLESSER: What's the next step? At what point do you bring the public in? At what point to you create a public dialogue or a public discussion? Do you see yourself operating, at least initially, in the quietness of the government office? What time do you recommend a hearing or an investigation? When does that start to happen?
GOLDMAN: I think where it makes sense to bring the public in -- certainly Mary as a representative of consumers and someone who's raising the privacy issues is in some sense the public -- I think the only way for the Board to really know how this is going to affect people is to ask them. Whether it's in holding a public hearing, something as formal as that, and saying to them, "How would you participate in the this process? Would you at all? Would it offend you if...?" And basically get the public's response. Or in a less formal process, to try to go out and find out. To ask people. If the goal of this product is to create a more friendly and personable atmosphere in the grocery store, to go back to the old-fashioned days of a more friendly relationship between the grocer and the customer, then we certainly think we could be in the grocery store trying to find out if that's what the customer perceives this product to be.
PLESSER: Commissioner Baker?
BAKER: I think I would tend to ask Jan to ask Pat... (laughter)
GOLDMAN: Here we are in a bureaucracy -- I love it!
BAKER: We've created a bureaucracy already. I think the main question I would have is, How do we make this Board a positive force and how do we get Citimail and Metrobank to want to come in and talk about this future product? My guess is they won't want to do it if it's not confidential. So I think the first question I'm going to ask is, What kind of contracts or assurances could we give to these two companies so that we can discuss something that's in the development stage without slowing it down, and without broadcasting it all over so that they're reluctant to come to us? Now if it's already out in the public domain, then I think that's a different matter. Then there's a hearing, perhaps, or it's wide open. Maybe at some stage even in the earlier process, before it becomes public, there's a hearing or there's a public opportunity. I think we have to be very careful of that, and I'd want to hear from the bank and the retailer what would make them comfortable so we can get some really good information.
PLESSER: I'd like to hear from your co-Board member as to that as an initial issue. How about the informal stage and how do you deal with confidentiality in that process, at that point?
RULE: It seems to me the logic of a board of the kind we are imagining, thinking of its operation over a period of time, is that parties like our hypothetical ones would as a matter of course gravitate to a board of this kind. Even if this Board only has powers of demonstration, even if it only has the power to make a fuss -- one hopes an intelligent fuss, as is the case in many countries where these boards exist -- no parties considering a venture of this kind want to learn only after the fact that what they've done warrants a public fuss. So inevitably, whether intended or not, there will be a kind of common law tradition that will grow up as to what constitutes a reasonable or unreasonable series of data practices. People in these positions will want advice, which I think could be confidential advice, as to whether they should expect to be made a spectacle of by virtue of doing what they're planning to do. As a Board member, I would have a number of questions to ask in the course of trying to clarify my response, but maybe I should hold off until later on.
PLESSER: Let's get a couple of the questions, because I want Jan to come back on confidentiality. I think it helps to know the kinds of things you are interested in, the subject matter that you want to know, before we can move away from confidentiality. So why don't you give us those questions?
RULE: Well, Mary's already raised one of them, and that is, In what sense do people give informed consent as to what their participation means, what consequences it really brings? Is their participation limited as to time? Is there any opportunity to specify how long consent lasts, that is, the consent not to participate, but to have one's data participate, so to speak, after one may have stopped participating oneself? Is there any restriction as to the range of consumers? Must the consumers of the data be specified in advance, or may they be limited only by the imagination and entrepreneurial zeal of those who control the data bank? Another question, which is subtler, but I really recommend it to your attention is, Is there anything in the construction of the data bank or the conception of it which in the long run might make it impossible for people who do not participate in such relationships to take part in the customer relationship at all? That may sound very far- fetched, but just think how far you'd get in the world that we live in without a credit card. All right, it's not a public document, but the variety of your life is limited, let us say, if you decide to opt out of that system. Clearly a question like that is going to have to be asked even though any answer, obviously, has to attempt to peer into the future. These are the kinds of questions which I think would be very salutory if we could encourage those sponsoring privacy-related activities to entertain them in advance.
PLESSER: John, do you think those are hard questions?
BAKER: Yes, I do. I think those are the right ones and you probably could add about four or five more. I think the construction of the technology is very important, because you also want to know what the capabilities are going to be down the road for finding out more information than just product purchase information. For example, can you track the time and place of different purchases, and will that be available or not? I do think that we would want to look at, and hear about, whether survey results indicate that people really do understand how the product works. I think Mary makes an excellent point about the choices -- there should be certain kinds of products that perhaps shoppers could exclude from the list, certain types of uses, certain types of decision processes. Is there, in fact, an assurance that this is really for marketing purposes only, or could cigarette purchase data end up in the hands of insurance companies, for example?
PLESSER: Jan, your advice is asked on setting together the informal stage before formal roll-out. You all hear about this. The commissioners say, "Get these people in, we want to talk to them; no formal hearings yet, let's just see what's going on." You call Pat, Pat says, "I'll be happy to, but it's off the record, it's confidential business information. At this stage we don't want it disclosed." What can you do?
GOLDMAN: Well, the first thing I would have to do in my role as a counsel would be to inform all the parties about the Freedom of Information Act, and that as public officials we would be very hard-pressed to promise confidentiality, even in informal discussions. It's not that we would necessarily invite the press to the first meeting, or invite anyone who wanted to show up from the public, but I think that we have to be very careful about promising confidentiality even in those early meetings. We might be able to say whether or not there will be a formal proceeding, or at what point it becomes public, but I think we have to be very careful about that.
PLESSER: So what's your advice?
GOLDMAN: My advice would be that we can't promise confidentiality.
PLESSER: Do you try to encourage informal conversation?
GOLDMAN: I would definitely try to encourage informal conversation, because we wouldn't be ready to do anything formal until we had some early information about what the companies envisioned these products looking like, what they had in mind, what they're already talking about. In informal conversations, we might even be able to come to some kind of a resolution or come to some kind of an agreement. This Board is given the power by Congress to have all kinds of experts, to seek expertise, to do research. It can even have social scientists on the board. (laughter)
PLESSER: It's hypothetical, now. It's overly hypothetical.
GOLDMAN: It's in the bill -- social scientists, expertise.
PLESSER: I think Mr. Rule was in mind. Go ahead.
GOLDMAN: He probably was. But we're able to bring a lot of expertise to bear for these companies and we would hope that they would see us in that role.
PLESSER: Pat, does this make you any more comfortable to get in at an earlier stage? Or are you still pretty worried about it?
HADLEY: The thing we need to make clear from our standpoint is our business doesn't go anywhere and can't be successful if we don't have the trust of consumers, if the consumers don't trust that we'll take care of their information and if they cannot trust us with their privacy. If going to the Board is the kind of thing that would enhance our image or the product that we are providing, then it would be in our interest to do that. With that understanding, we would not reject the opportunity to go before the Board, as long as it wasn't presented as a situation that could be used in an anti-competitive way or something like that.
PLESSER: Mary, you brought this to their attention. They've gotten Pat and Jim to come in and talk to them. You heard Jan -- she's going to work a deal out with them, and work out what's good for the public, right? And then there's going to be an announcement that the Data Board and these two companies have come to an agreement. They're actually going to design this product along these lines and make some adjustments because the Data Board thought it was a better way to do it. Meanwhile, this has all been an informal process. You have not, you or the public, had an opportunity to get your concerns about this on the record. How do you react to that? A leading question...
CULNAN: We'd be pretty unhappy about this, and say that we're being asked to trust you, and we're not sure we can really do this, given some things that have happened in the past, that we've seen with other companies, not these two. And we would still...
CULNAN: ...like to be involved in the discussion and have our views made clear. For example, another concern we would have is the fact that we are working with a large bank that may have other kinds of relationships with some of our consumers, and in fact will these files be allowed to be merged? Will the mailing company, which has access to large files of information on people, be allowed to overlay their files with the consumer information from the supermarket? Consumers think the only information they are providing is for the supermarket, and in fact the mailing company could build a rather complete dossier. Even if it's only used for marketing purposes, do people know this? These are some of the issues, again, we would like the Board to address along the lines of some of Jim Rule's...
PLESSER: Some Board members seem to want to comment. Jim, would...?
RULE: Yes. Actually, the more I hear about this, how rich and attractive the whole system sounds, the more concerns I'm beginning to develop about privacy. It makes me think of the use of bank records by the IRS and other law enforcement agencies. Banks routinely permit access to one's backlog of account records, including one's record of checks, which are routinely microfilmed for law enforcement use. Something to bear in mind, in case you hadn't...
PLESSER: That's a good question. Pat, let me roll to you for a second. Let's say a law enforcement official comes in, or serves a civil subpoena for a divorce lawyer who wants to know what kinds of purchases the opposing parties are making, how much money they are spending on groceries -- pretty helpful information in a divorce -- if they're buying alcohol, if they're buying birth control devices during a separation period -- very interesting stuff for a divorce. Or, the IRS comes in and wants to do an asset investigation - - somebody has reported a certain income, and then their grocery purchases indicate that they're spending half their declared income in the grocery store -- kind of makes you scratch your head. How do you respond to those requests? Forget that you're a bank for a second, forget the fiduciary responsibility of a bank and the Right to Financial Privacy Act. You're just a database company running this data for the supermarkets and marketing it. What's your policy? How do you prepare to respond to that?
HADLEY: Our general policy is that, first, we don't release information that we believe would be detrimental to customers or consumers. Secondly, we don't release any information on specific individuals that is requested unless it is with that customer's consent or pursuant to a court order. Now, some of those situations...
PLESSER: Let's say you get a court order. You get a court order, or a subpoena, and it's legitimate. You give it to counsel, and counsel says that it's valid. And you've got to respond to it in ten days. Do you call the customer up? Do you notify the customer and let him know what's going on?
HADLEY: That would probably be our policy. That's what we would look at doing. But in that situation we wouldn't have a lot of choice in terms of releasing information.
PLESSER: Mary, what do you think about that situation?
CULNAN: Well, I think this is clearly something people need to know about. If the disclaimer on the back of the form lists all of these possibilities, I think consumers are probably not going to want to sign up for it, either, and there comes the rub in terms of the more people know, the less happy they might be about participating in this.
RULE: What if the relevant federal agency is investigating food stamp fraud? It seems to me this is a gold mine of information about people's use of food stamps.
PLESSER: Jim, has there been an example in the marketing business of that kind of access to the normal kind of marketing records? Has that been a problem for the industry, or for ...?
RULE: I don't think there has, because grocery receipts are not individually identifiable thus far, so far as I know. But there's been some interesting speculation about the use of "smart cards" for payments in grocery transactions. Of course, in those cases, different categories of purchases can be treated differently according to how the money is deposited in the smart card.
PLESSER: Jim McQuaid?
McQUAID: The only incident I'm aware of happened some years ago when the IRS came to our industry and said they thought that all this wealth of information could help predict which people were not paying enough taxes, and which people were not paying any taxes that should be. Our industry pointed out to them that that was a good way to end our industry, and we didn't think it was the kind of use of the information that we had in mind, and that our customers had in mind, when they agreed that we could use it. Secondly, the kind of information we had could not really predict what they were trying to surmise. That's the only case I know of, and as far as I know, they did do some kind of modeling testing on their own and discovered that it did not work. I don't recall any specific incidents, although as I mentioned earlier, there is a much broader coverage of information being contemplated here than is normally true with a direct marketing company where it's more of a sampling of a universe.
PLESSER: As a footnote to that incident, I think one of the things they did was try to get subscriptions lists of magazines like Car & Driver and Road & Track. I'm not sure which ones. There were a lot of hits -- a lot of people who didn't file tax returns -- so they really thought they were onto something. They didn't realize how many 14- and 15- year-olds buy Road & Track. It wasn't very effective. I'd like to shift... Jan?
GOLDMAN: The point here is one that I think the Board would really have to consider, which is that no matter how many benefits the consumer might get from this initially, or how much the grocery store owner is going to benefit, when you create a database filled with this amount and this level of sensitivity of information, the temptation to use it for something else is really going to become irresistible. You have to think about some of the consequences and some of the risks before even putting this information together in any kind of an easily-usable form. That's one of the risks in looking at the system.
PLESSER: But of course that's a tradeoff with the benefits in our scenario. There are benefits for joining the pool -- discounts, benefits, and some kinds of privileges.
BAKER: I think you're back to, and Mary said this, I think you're back to the type of disclosure and understanding on the part of the participants. Do they know that they're going to be notified if, in fact, the uses change over time? How often are they reminded of the program? And, in fact, are they notified that there is some exposure here? That this data is subject to court order or subpoena? They ought to be made aware of that. I agree with Mary also that all this notification tends to limit the desirability of the program if it's in big letters right over the front of the application. Can I go back to another point, Ron, because I think we got off onto a specific fact situation, and what we are really concerned about is the informality versus the formality of the process. ...
PLESSER: Well, I want to shift to that right away.
BAKER: I'd just like to say that I think an informal process is risky for Mary, but Mary, you ought to be in there representing the consumer groups informally. It's risky for the bank and the store. It's risky for the Data Protection Board, which has just been established, because we could really not do it right and may not. I'm sure we're going to be subject to a lot of criticism if we don't document the record properly and conduct ourselves properly. It's a risk probably worth taking, because if we can't get to a point where we encourage someone before they come out with a product to come to us, I think one of the major objectives of the Board is not going to be accomplished. I think Citi and Metro have probably spent $100 million or more, or will be spending that, before they can go public with this product. They really need some assurance that they're not going to get this plastered all over the papers and lose all of their investment, developmental money, because somebody gets a jump on them or the product or service is unfairly misrepresented. So, that's what I would have to say.
PLESSER: Let's shift for a second. Let's assume that there's been no informal contact either way, the product has been rolled out, complaints start to come in. You're starting to get Congressional inquiry as to, well, you're the Data Board -- what's going on on this? Will you look at it? Mary Culnan has written a formal letter requesting you to initiate an investigation. What I'd like, rather than my asking questions, is that the three of you play that this is a conference. Now that you know about the issue, how are you going to proceed into a more formal stage? It's already out there -- Metrobank has said that they will be cooperative, but they really aren't very forthcoming. What's the conversation between the two Board members and General Counsel? How does the Board proceed? What are our rights? Could you spend a little bit of time talking about what the role of the commission is in terms of what Congress intended for you to do in this kind of circumstance? How do you start to proceed? Why don't you guys just do that among yourselves?
BAKER: The legislation is broad. Are there any guiding privacy principles? I guess we already met to discuss those, didn't we?
GOLDMAN: We already met to discuss those. Congress gave us a pretty broad mandate, and I think we can -- at the risk of letting Congress know we said this -- pretty much do what we want, short of passing legislation. One of the things that we can do is propose guidelines. We can give advice, we can recommend where these companies should go with a product. What Congress didn't do, which gives us a tremendous amount of flexibility, was to tell us what those privacy principles are. There is nothing in the law which says these are the principles we should follow. So how are we going to know what to do? I would suggest the first thing that the Board members can do is to read the Fair Information Practices and Principles that HEW set out in 1973. Look at some of the existing privacy laws; look at some broad principles in terms of information collected for one purpose not being used for another purpose. The interest we have at heart here is the consumers' right to privacy and right to control personal information. Setting those broad principles, then, gives us a better opportunity to gather information and see if these products fit.
RULE: In thinking about the experience of other regulatory bodies, I've got to worry. Suppose this hypothetical system passes our scrutiny. Suppose they even extract from us a letter saying that we've listened carefully to what they've proposed and it sounds all right to us so long as they do this and that. Then we clamp down either on them or on somebody else a year or five years from now. Are we liable to be sued or are we subject to retribution of some kind simply because what we overlooked in the first case then became a matter of controversy in the second or third case? The process of regulation obviously cuts both ways --it commits the regulated to do the things that the regulators initially demand. But it also creates precedents which are then used to defend practices which no one may have envisioned to begin with. And that's of course why we have a general counsel, to keep us out of this kind of trouble.
BAKER: Let me just ask you. My understanding is that we're more of an advisory board, and we don't really have the power to make rules, write regulations, enforce things, assess penalties, or resolve disputes. And I'm not sure we can clamp down, to use your term. We can certainly write nasty letters, as well as positive letters to indicate to a company that we think it adheres to reasonable or even laudatory privacy principles, but I don't know if we can do more than that. Can we, Jan?
GOLDMAN: You can do a lot more than that, John. You should start to feel the power of working for the federal government. (laughter) You talk about writing letters on reasonableness. Come on! We're role-playing here. You're sitting on the board of a government agency -- this should be big stuff! I see Pat back there going, how powerful is this? (laughter) Let's go with this.
BAKER: You want to go with a hearing? You want to create a public record?
GOLDMAN: One of the things Jim said...
BAKER: Can you just answer my question?
GOLDMAN: I'll answer your question. No, seriously, what one of the Board members, Jim, has raised is a really good question, which is, How do we set the tone? Do we lock ourselves into a certain situation? We might want to look at the FDA under its recent commissioner as a model for how you issue guidance and propose that certain kinds of action be taken in the private sector, without necessarily using the force of law, and you can have a very positive impact. And so I think the concern about giving the seal of approval, the Good Housekeeping Seal of Approval, from this Board too early on could get us into difficulty.
PLESSER: What do you do about creating a public record? Do you want to have a hearing? Do you want an investigation? What do you do? How do you document this? What is your role, then, in the fact-gathering process? What do you do? I know what we did when we ran the general Privacy Commission. Jim Rule was around at that point. Jim, what are the kinds of things you think the commission needs to do?
RULE: I just don't see how any board of this kind, whether it has a lot of formal power or a little formal power, can avoid creating precedents. They might be precedents that have enormous teeth in terms of law, or they might simply be precedents in terms of what will create a public scandal and what will not. But the very fact of making precedents, then, we hope, will shape future behavior on the part of the regulator. It will also creates a body of common law, either in fact or in name, which bears on the regulators. I think any line of policy that is developed by a body of this kind becomes weighty over time, regardless of how extensive the powers are that are allocated to the board.
GOLDMAN: But also the Board members are political appointees, and if the administration doesn't like what the Board is doing, then they won't be reappointed ostensibly for the next term. While it would create a public record and there would be precedents, it's not like a court where they're bound by precedent. Agencies, because they are political institutions, can reverse themselves from administration to administration, or board member to board member.
BAKER: I want to ask at this point what the companies are willing to turn over to us in the way of documentation, how much they will have an open discussion, and what they won't do or what they will hold back on.
PLESSER: What do you want? What's your request for us?
BAKER: I'd like to see the different forms that are used. I'd like to have the mechanisms of the system -- the technology -- described, and be able to confirm, not necessarily from documents, but perhaps from a visit, that in fact the technology works the way it has been described. I'd like to see the pledges that are made to the consumers about future uses of information, and all the things basically that we talked about when Jim and I raised the questions that we felt needed to be answered. Is there anything that we talked about that is not available in the way of the questions that we've asked so far? I want to exercise our power, but I'd like to avoid being prematurely unnecessarily adversarial.
PLESSER: I like that. Prematurely adversarial. Pat?
HADLEY: All that information is available. In terms of the technology information particularly, some of that might be confidential and we might like to have an understanding that that wouldn't necessarily be on the public record, if it was something that was a new competitive product or a new competitive system that we were using. But we would certainly be able to provide that to the Board. The forms, all of that material, would be available. We probably wouldn't want to get into a situation where we were in conflict with the Board or in opposition to the Board. We would want to work together with the Board. That would fit with what we are trying to do, as long as we got the sense that there wasn't going to be the kind of free-for-all that sometimes happens in some regulatory agencies.
PLESSER: It seems to me that the Board has several choices. One choice they have is to proceed on this specific issue, look at this issue, and try to come up with an advisory view or opinion, or even create a public record on this issue. The other choice they have perhaps is to look at some of the larger questions that this issue develops, and look at other things that are raising similar problems. Perhaps they could come out with some general views that may not product specific but are more in the way of general guidelines. Do you see a choice there?
BAKER: Just let me pick up on that. We may find -- and this is I think what we want to hold out to Citi and Metro -- some techniques that are good models for proper privacy guidelines for the future that could be applied elsewhere, and we may find ones that are lousy. We should be ready to commend what we see as a creative approach that's useful elsewhere, and I think critical of what we find lacking when we look back to our touchstone principles.
PLESSER: Jim McQuaid?
McQUAID: As you noticed, my grocery store apron says that I represent the Warm and Nice Nebraska Supermarket. Once again I'm amazed at how the bureaucrats in Washington have decided that what they have to do is get in the middle between my customer and myself and tell me what to do. I can appreciate that when this information leaves my store and goes somewhere else, you might think there is some concern and there are privacy issues and the consumer advocate should be involved. But I just can't believe that you are going to call me to Washington and ask me to tell you what I am about to do, so that the Cold and Bold National Supermarket's resident lobbyist is now going to call his home office and say, "Here's how we get those guys in Nebraska before they do it."
GOLDMAN: Look at the museums you could go to. Look at the places. (laughter)
McQUAID: You have to distinguish between whether you're entitled to know what I am doing as a user of this information for my customers who come in my store and fill out a form and say they want to do business with me this way, and at what point in time I'm going to now take this information and make it available to third parties.
BAKER: Of course, you and the bank already don't agree about whose data this is.
PLESSER: Mary, whose data is it?
CULNAN: I think that's a good question. I think at this point it's clearly not the consumers' data any more. But if I were on the Board, I would also want to see the agreements that...
PLESSER: Are you going to advocate that? Are you going to advocate that it's not the consumers' data?
CULNAN: No, I think it should be the consumers' data. That's one of the issues -- that by signing one of these forms, people essentially give up all future control over how the data are used. They have no choice. This is where you get into problems. But I would also want to know...
PLESSER: Can you acknowledge that by signing the form it really is your data?
CULNAN: Not the forms that I've seen for these systems as they exist. They're really open-ended, and you're basically saying do what you want with it. But if I were on the Board, I would want to see what agreements were struck among the various third parties to get to the data ownership issues and what kinds of procedures were allowed. I think the store's point is a good one. One of the interesting things about this particular system is in fact, why did you get tangled up with all these other folks if all you really want to do is serve your own customers better?
RULE: I think if the Warm & Nice folks in Nebraska are as earnest as we've heard them, they certainly shouldn't object to a group of data auditors making a visit there, if only to make sure that the data are really being held by the store as billed.
PLESSER: Let's talk about data auditors. The Data Commission in Canada has developed a model of auditing, at least for public entities. Would you guys do that? You have 50 staff -- what are you going to do with all the 50 staff? How are you going to organize the 50 slots you have for investigation? And I guess the other question is, are you going to try to be proactive in terms of finding out about these problems before they develop -- before they're rolled out? How do you use that 50 staff? Do you do audits of different industries?
RULE: I despair of it. What I hear about the homologous process in France is that the regulators are completely swamped. Just by claiming or pretending to take an interest in the activities of all these data banks, they have created demands which they cannot possibly fulfill. We're going to need something like the staff of the Department of Agriculture in order to keep track of all these activities across the country.
BAKER: I think we're going to need some auditors, but I don't think we should try to investigate every single system out there. I think we should try to find the emerging new uses of data, look at them carefully, and have a number of people who are really good data technologists on the staff. Through a review of selective uses of data, we should establish some principles and find those principles from the people like Citi and Metro, if they're there, that can be used elsewhere in society. I just don't think we can have all 50 people running around trying to find everything, and then we don't have time to give it good attention.
GOLDMAN: I think one of the most positive things we can do with our staff of 50, besides have great potlucks, is to ask basic questions about the technology. We shouldn't be viewed as somehow anti-technology, or that what we're trying to do in looking at data protection is to stand in the way of the development of new technology. But we should say that technology should be used in a way that is most flexible for the individual. If people want to protect the privacy of their grocery store records, the technology should be available so that they can do that. If they also don't care if people know if they buy broccoli or alcohol or prescription drugs, the technology should be flexible enough so that they can say they don't care. The technology should let people make those decisions, even within one system. That way, we don't have to be in the business of saying we're going to try to impose, or suggest, one rigid standard. That way, we can put those 50 people to some pretty good use. Industry hopefully will come to us and say, how can we do this in the most flexible and consumer-protective way? Somehow consumer privacy is going to be viewed as good for business, and then they'll see us as a resource.
BAKER: I agree 100%.
PLESSER: What do you do in this case? The decision has come -- I keep on pushing toward public hearings. No one wants to take me up on public hearings.
BAKER: Those are important. The establishment of a public forum for discussions once a product is out will hopefully be conducted in as positive a vein as possible. But airing issues is a very important part of our activity. I just think we have to choose the circumstances of when that happens very carefully.
GOLDMAN: There's a lot of virtue, obviously, to holding a public hearing; you hold the public hearing at the point at which you are really ready to create a record. Once you've done a lot of investigations, and gathered a lot of information, then you can ask questions on the record. Five or ten years later, or even two months later, you can look back at that record and say, did we achieve what we tried to achieve? Did the company do what they said they were going to do? How have our principles changed? You can really create a public record that gives people a sense of how to protect privacy.
PLESSER: Jim, you seem to get progressively more concerned here. At the end of the process, what do you decide to do? Do you recommend any prohibitions or restrictions? Are you comfortable with the process of protection, the notice and the opt-out or whatever, or do you think there is some real basis to start talking about proscribing some of these activities?
RULE: I would like to see a common law tradition that creates certain ground rules of a self-limiting kind; that is, just as no person can sell himself or herself into slavery, notwithstanding freedom of contract, there are always limits of time for which one may release one's data. If there were to be a board of this kind, I think an absolutely essential principle might be to specify how long and how sweepingly one may release one's own data. Obviously any contract of that kind could be renewed, but it is desirable that there be processes that bring these questions back for re-examination periodically. It is also very important that protections be established for those who want to remain outside of the data bank purview altogether. We want to be very sure that nothing in the process of some people's choosing to participate means that those who do not participate are subjected to some special scrutiny, either by the institutions involved in setting up the data bank, or by the forces of law and order or other public agencies.
BAKER: Well, I mean, that's fine. My sense is more along the lines of what Janlori expressed earlier. I really think that we want to take a view that we need to be concerned about increasing data uses and technology, but there are opportunities there. Let's find out how those opportunities are emerging. Let's make sure that the protections are in there, but I wouldn't want to set, a priori, some kind of standard outside of a fact situation. I would first want to hear about a complementary fact situation coming in that showed where an abuse specifically was going to occur and where there was going to be blood. I don't think that we should set arbitrary rules until we really look at the facts of situations. And that's one of the things I would ask both Citi and Metro when we get into the details of the product. I really want to know the details, but I also really want to know the details of concern, rather than generalized concerns. Mary, I would really like to see some hard scenarios on what abuses can occur and how people can be damaged, and where the blood on the floor is going to be.
RULE: But I hope my colleague isn't suggesting we wait for Chernobyl before we start considering the risks inherent in nuclear power.
GOLDMAN: Balance on the Board.
PLESSER: I want to throw it open to the audience. I'm going to give you ground rules on the questions first -- I really don't want speeches. Let's make this work.
CULNAN: Consumer participation, I love it!
PLESSER: You've got 60 seconds. Here's the Board -- you can ask a question, you can examine a witness, keep it hypothetical. Or you could give a comment to the Board in terms of what you think they should be doing.
ANONYMOUS SPEAKER: I think this is a very interesting idea, and I think I'd like to nominate as the first chairman of this board ex-Senator Joe McCarthy. (laughter) I think with the same sort of powers, he really showed what you can do with an organization like this that can subpoena people, can set up its own staff, and publicize its results. I think this is right on.
AUDIENCE MEMBER: Jan, since we are role-playing, I'm going to take the role of a sitting Congressperson. (laughter) Thank you for that chance. Jan, this is a private phone call here. I've received a lot of E-mail from constituents that are worried about the fact that this grocery store is going to be having all the ATM cards, all the PINs, and their bank balances. My constituents online across the country are concerned that the grocery store is going to have this information. Besides, it's near election time and I've got this 20-year-old son who likes to buy these bad magazines that are really nasty stuff. You know, I'm afraid that maybe it's going to show up on my record, and maybe it's going to come out. My son used my card at the grocery store to buy those magazines, and I'm concerned that it's going to affect my re-election.
PLESSER: Jan, you want to respond?
GOLDMAN: Well, that's what we're trying to do here. One of the things you have to do is make a decision about whether you want to be involved in this program. Before we either get a law passed, or the companies voluntarily go along with whatever it is that we advise, you have to make a decision whether or not it's worth it to you to be involved in that program. If you're concerned about your son's purchases and he wants to get the benefits of the program -- he wants to get a discount on those magazines -- then let him get his own card and tell him not to use yours. That's one thing that you can do, and you have to make a decision. We'll take your complaint, we'll take it into account, and we'll try to advise about some kind of restrictions on how that information is used.
BAKER: You've got one card for the whole family. How do you separate who bought what?
GOLDMAN: You should get your son to use his own card.
RICHARD NEUMEISTER: Richard Neumeister. Members of the Board, I would like to suggest that if you go back to Congress to revise the law, take out the private sector. Now let me tell you the reason why, and I think it's a very important thing to look at. As you know, there are a lot of kinds of substantiated information about us, whether it be in state files or in federal files. It's a helluva hard thing to get any errors corrected. There needs to be a good process for accuracy, and complete information about how to get inaccurate and incomplete information corrected, so it's accurate when it's shared with tax people, particularly on the state level, whether it's child abuse investigations or whatever. So, what do you as members of the Board think about de-emphasizing the private sector and emphasizing the data that the feds already have that are pretty much inaccurate in some situations? And also setting up a process for individuals to correct errors.
PLESSER: You think the Board should concentrate its efforts on governmental privacy issues and not spend their time on private sector issues? Is that what you're saying?
BAKER: Well, as a matter of fact, the functions of the board as defined indicate that we shall do that and may do what we're talking about in this forum. So the prime directive, if you will, is to look at the Privacy Act and look at the Freedom of Information Act, then look at the systems that different governmental agencies are using, make reports to Congress, and then give advisory opinions about a number of federal record-keeping systems. We can propose legislation on data protection, and then -- finally -- may conduct surveys and research into the private sector. You're suggesting that we focus entirely on the public sector and on the Privacy Act. That's not the guidance here, but I hear what you're saying.
AUDIENCE MEMBER: I think one of the problems when you constitute a board is who gets appointed. I think the act accounts for an appointment of seven years. Looking also at other federal regulatory commissions, you will often see people who have been in the industry are appointed to those very boards that are regulating the industries. I wonder what safeguards are in the bill, if any, that would prevent this type of fraternal propagation. Also, without any mandate for public hearings, what defines who is the consumer that is bringing the complaint? Often we see the Freedom of Information Act being used by lawyers to push disclosure, and to be used by businesses to force other confidential business information out. Won't this be used by businesses to prevent competition and data about themselves? And without these safeguards, what safeguards would you as Board members build in that would give the consumer a little more confidence in your representing them?
PLESSER: Can we get a response?
GOLDMAN: I think that you raised a really good point, and it's certainly a concern that we on the Board would have in terms of our public image. There are some safeguards already built into the bill -- the Board has to be bipartisan, and members can be picked from a wide range of people, whether they are civil libertarians, social scientists, or industry experts. I think that the concern is really a good one, and one that a lot of people in the public will have -- that somehow the board may rubber-stamp certain kinds of products or certain kinds of services and not really be an activist or critical board. This may be cynical as a government employee, but I don't think that there's any way to get around that problem. I think that you just have to hope that whoever it is who's appointing the Board members is the right person. I don't think there's any way to get around that.
PLESSER: We'd like to do about ten more minutes of questions, and then I'd like to go to the Australian Data Commissioner for a wrap-up. I was told I should give the lines warning of what our timing is.
ERIC HUGHES: I'm Eric Hughes. I work at DigiCash, a Dutch company which is creating smart-card-based systems to allow for private and anonymous payment systems over electronic networks and point-of-sale systems. It's my opinion, and our company's position, that you should make some technical means of defending your own privacy so that you don't have to give it away by contract. In fact, our systems are set up so that the information can't be derived unless you allow it. The technical means is an opt-in situation. The question I have for the legal minds on the board and the other people who wish to comment is, do corporations have First Amendment rights to speak their corporate memories about the transactions that they've made? In other words, if I were a one-person shop, a single proprietor, and I had a very good memory about what my customers had bought, I have the freedom of speech right to say that to whomever I want and hypothetically to collect money for it.
AUDIENCE INTERRUPTION: If you're a database or a database publisher as defined in the First Amendment.
HUGHES: Does the corporation have the same free speech right as the individual does to speak its corporate memory? It's a very depressing comment, because I think the answer is that they do.
PLESSER: I think this is the first panel that I've participated in in a long time -- I think this is very interesting -- where the majority are non-lawyers, which I think is very unusual for me, in any event. Any of the non- lawyers... Mary, what do you think about that? Mary knows about the First Amendment.
CULNAN: A little bit. I'm not a lawyer.
HUGHES: I'm not either -- I'm a mathematician, actually.
PLESSER: Oh, there's a lawyer in the house. Don't worry about that. Somewhere. There must be. (laughter)
CULNAN: The thing that strikes me is probably if someone took that to court, it probably would hold up. But I think that doesn't bode well for the public -- the public interest -- and just the idea that we are all individuals, the whole idea of trust. There should be trust. In my view, if I knew that shop people were doing this with my information, then I'd go shop someplace else. I mean, privacy really ought to be good business.
PLESSER: Jim, how about... ?
BAKER: Let me just say, you have a right, I think, to use your corporate memory as to what you gained in the transaction and what you learned in the transaction. But what we've been talking about here is a situation where additional information is being given that isn't necessary for the transaction, and it's being given as a part of an information bargain. And in that case, you've got a contract. I think that's what we've been talking about.
PLESSER: Jim McQuaid, do you want to ...?
McQUAID: Well, I think...
PLESSER: Is the data yours?
McQUAID: I think the data belongs to the person who collects it, if is done with the understanding that they are collecting it. I think, in America anyway, what protects us is that for the most part we are doing it for the good of the company. It would be a very short windfall -- the first time you go real public with it, your competition would make an issue of it. I think the big thing is that most of this information is collected, and particularly in this case with the grocery store, the grocer's business is selling groceries. He's not going to do something that's going to put him out of the grocery business because he suddenly has a little bit of information.
PLESSER: Jan, one second; I have one second; we have to move on to the next question.
GOLDMAN: This question about First Amendment rights for businesses is a pet peeve of mine because I've spent many, many years on many, many panels with people from, for instance, the Direct Marketing Association, who claim that they have a First Amendment right to sell personal information about people, and who refer to privacy rights as so-called "ephemeral abstract." I think that you have to go a step back from the First Amendment argument and say, where did the information come from? And if the customer, for instance, didn't give you permission to even get the information in the first place, then that initial transaction has already made a profit. In order to make a second profit from that information, from that disclosure, you need to get their permission. But this is not a First Amendment issue.
PLESSER: There's also a Fifth Amendment issue in terms of taking -- if the database is an asset of the company, if they're limited in how they use it, there may be a governmental taking. Next question.
AUDIENCE MEMBER: I'd like to pose a hypothetical question to this hypothetical Board. Let us assume that you approve, with the appropriate restrictions, this operation that's been proposed. And then let us suppose that I am the owner of a video store chain, and I come to you and I say, "Look, you approved these people selling information about their transactions, and yet I'm restricted by the Bork bill from doing the same." How would you respond to that?
RULE: By the logic that we've been invoking, you would be at liberty to make whatever contract you wanted with your own customers. If they're the sort of folks that like to spread around what they buy at the video store then...
BAKER: No, it's a matter of public policy -- the country has decided, the Congress has decided, that there are certain kinds of information exchanges that it's going to absolutely prohibit. So, in that case, I don't think you can override that kind of situation with a contract. I'd like to go on to the next question.
TOBY NIXON: I'm Toby Nixon from Atlanta. We're already running a $400 billion a year federal budget deficit, so whenever someone talks about creating yet another federal board or government function, I always have to ask, are there any alternatives? I'm really concerned about whether this Board needs a subpoena power, as John mentioned, and the power to fine people or throw them in jail if they don't abide by the decisions. With regard to the use of information in private industry, couldn't we just have voluntary industry standards, promulgated by ANSI or some other voluntary organization, and enforce it by publicity the way, say, Lotus Marketplace went down in flames, rather than having people have to be threatened with being thrown in jail or fines?
PLESSER: Do we have a quick response?
BAKER: It's amazing -- I was here a year ago talking about Lotus Marketplace, and here a year later I'm on the Data Protection Board. (laughter) But I'm willing to take a cut in pay -- I think we all would take a cut.
PLESSER: I want to get a couple more questions in.
AUDIENCE MEMBER: One thing that hasn't been brought up is that we're all talking about people doing this as an industry -- selling data as an industry, doing this as a business. The amazing thing about Cyberspace is that someone could do amazingly complex database work for free. It could be a hobby, it could be a bulletin board. The hackers or the Legion of Doom could keep a database of all police officers known to investigate computer crime, where they live, and what hours they're at work. You could keep all kinds of databases for all kinds of purposes and they could be free. Would you want a board to be able to call someone in from Hawaii to come to Washington when he's running something and not doing it for a profit? And the $4000 cost or $10,000 cost of defending himself in Washington would essentially mean, do nothing?
BAKER: We'll go to Hawaii. (laughter)
AUDIENCE MEMBER: Good answer.
GOLDMAN: The issue that you raise is a good one. I think there's an important issue about how easy it is to get information that's in databases, and you're talking about getting information from different places and running your own system. The issue for me is to put some protection on the database. It may be an illusory one if you can get into the database, but at least put some legal protection on the database so that breaking into it, or getting into it and using it for any other purpose would be against the law.
AUDIENCE MEMBER: No, I'm just talking about when somebody just gives it away to everybody.
GOLDMAN: But the issue is where you got it.
AUDIENCE MEMBER: Clipped it out of the New York Times, whatever.
GOLDMAN: Oh, then it's a public record, it's not a private piece.
AUDIENCE MEMBER: But it's on a database -- it's the membership of your secret society.
PLESSER: It is a good question. Go ahead.
PETER WHITE: My name is Peter White. Last night I was watching television and there was a report on what's been strangely named "independence cards," which are credit cards used to pay welfare benefits. One of the assumptions behind today's discussion is that participation in these schemes is voluntary. You can protect yourself from participation by paying cash, but here we have a group of people who have no ability to use cash and are forced to use credit cards with the appropriate record keeping behind them. Do you think there might be data protection laws which are appropriate to overcome these kinds of problems?
PLESSER: Jim Rule?
RULE: I would be very loath to see any type of restriction that would stigmatize the user by virtue of the payment mode. I think the anonymity of public transactions is a value in itself that even may override the economies that would be incumbent in a method like you mentioned. But it is, as you say, extremely attractive to make payments to people that can only be used in certain ways. And the plan for that has gone much further than most of us realize.
PLESSER: One more, two more questions. Quickly.
JIM SETTLE: Jim Settle from the FBI. The government's been thumped on a little bit in the last day and a half, and I'd like to say up front that it's proper, and it does keep us on the straight and narrow, so I don't have any problem with that. I have a big personal concern -- and this is strictly my personal feeling -- the government has a lot of databases and I pretty much know what's in there regarding me. (laughter) The problem I have is in the private sector -- I don't know what databases there are. Secondly, the ones that I do know exist have zero checks and balances, or almost none. The question I have for the panel is, who is thumping on private industry, as opposed to the government, and secondly, who really believes that the supermarket in this case is going to change its interaction with its customers? (laughter) Is it not really a source of income for both parties involved?
BAKER: Where's Simon Davies when I need him? I think there are a number of laws that thump on private industry, to use your term. There are a number -- I'm just thinking of the Fair Credit Reporting Act, the Equal Credit Opportunity Act, well, it's being amended, Fair Debt Collection Practices Act. There are a number of specific sectors of activity that have been singled out for legislative treatment in the private sector.
PLESSER: We've got a special treat, and after any other quick comment I want to get Mr. O'Connor up.
AUDIENCE MEMBER: First of all, this Board does not have regulatory power over the private sector, right? You can have a hearing...
PLESSER: Over any sector.
AUDIENCE MEMBER: You can have the hearing on the private sector. You can establish guidelines. You can make recommendations, and they can completely ignore your recommendations. All they can do is provide a hearing on whether it can do something. I think, second of all, that there are data protection boards in other countries -- they are by no means perfect, and they cause a lot of problems sometimes, but they've also accomplished some very important goals in the name of data protection. I think the most important thing is that if there ever is a data protection board in this country, the way it works or how good it will be depends on us and what kind of pressure we put on it to make it be a good and responsible data protection board. Finally, I think on the issue, we do have an absence of rights in this country; because of the Bork bill we have a right of some control over video records, but we don't have a right over our medical records. We don't have a right to see what direct marketers are holding on us. I think we need to close some of those gaps and give people individual rights on an individual basis, and then the data protection board could actually work on more systemic issues.
PLESSER: We've got a real opportunity -- we've got the Data Commissioner of Australia, Kevin O'Connor. How'd we do? Is this anything like real? How does it work? What are your comments about what us Yanks are trying to show here?
O'CONNOR: Well, I think it's certainly like real. I mean, they ticked off the issues that one would tick off in this kind of discussion. In my own case, if I was extrapolating my staffing resources to the population of the United States, I'd have about 400 staff, not 50, and I don't think if I was the U.S. Data Protection Board, I'd take the case. It seems too small, and it has a high level of voluntariness involved in the transaction in question. What I'd be doing is giving them some material, pamphlets or brochures, and sending them off to a local structure involving a local grocery store, the local branch manager and some consumer groups, and maybe a couple of local politicians and let them sort it out. It's just too small. I mean, the big issues in the privacy debate are the issues to do with compelled or need-compelled disclosure of information, or information that's gathered by surveillance. Your 50 staff will be totally tied up with those issues -- the top-drawer issues which are basically the public sector issues. I'm not saying the private sector ones aren't important.
PLESSER: So you would agree with the person who said the concentration ought to be in the public sector?
O'CONNOR: I think it has to be on transactions that involve effectively-compelled disclosure of information, and you can have those in the private sector. There are some settings where monopolies operate or when people can only go to one place for the relevant services. Or there are situations where third-party bureaus are developed, such as credit bureaus, that, in fact, collect information on the whole country. That was my feeling -- that it's not in fact a case that I could give a high priority to, and that's a real bureaucrat's approach to the subject. But the issues are important issues, and I think you dealt with them quite well.
PLESSER: Well, thank you very much. One last comment?
AUDIENCE MEMBER: I'd address that to Mr. Baker from Equifax. I'm from Canada, in Quebec. You seem worried that some information would get into the hands of the insurance companies, and yet the insurance companies are one of your best customers, as are governments, and Equifax is not only a credit bureau. In Canada recently, Equifax sent a letter to the private sector, saying, give me any five of these nine pieces of information on anybody, and you'll have access to the credit file free. How's that for respecting customers?
PLESSER: Well, thank you, we've got ten seconds...
BAKER: Yes, we do serve insurance companies, but we would not want to see insurance companies get the kind of information from this particular service without the consumers who are voluntarily presenting information knowing about it. When we provide information to insurance companies today, under the Fair Credit Reporting Act, there has to be at the time of application for insurance a pre-notification that information is going to be gathered on that person, as I think exists in Canada.
PLESSER: I really would like you to continue afterwards. I promised Peter that we would close this right on time. We have a reception afterwards with EFF. I want to thank the panel, I think it was a very helpful conversation. (applause)
Return to CPSR conferences page.
Return to the CPSR home page.
Send mail to webmaster.