Privacy
Last Update: March 5, 2007
Introduction
What people read, research or access remains a fundamental matter of privacy. One should be able to access all constitutionally protected information and at the same time feel secure that what one reads, researches or finds through our Nation's libraries is no one's business but their own.
There are many privacy bills that have been introduced into recent Congresses relating to business, health, student and other records. The expansion of e-government, e-commerce, and other forms of electronic transactions, including library services, raises serious questions for the library community in protecting individual privacy, especially the privacy and confidentiality of library patron records.
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated." -- Fourth Amendment of the U.S. Constitution
Privacy-Related Legislation
REAL ID Act
News
March 2, 2007
ALA signs on to letters to the House and Senate expressing support for efforts to repeal the REAL ID Act of 2005
- Letter to Congressman Tom Allen - February 26, 2007 (PDF)
- Letter to Senators Akaka and Sununu - February 28, 2007 (PDF)
As of March 1, 2007, the proposed legislation to repeal Real ID (H.R. 1117, T. Allen and S. 717, D. Akaka), has been referred to Committee. The ALA opposed the REAL ID Act (P.L. 109-13) in 2005 and supports current efforts for its repeal. The Act creates a de facto national ID and, because most individuals use drivers licenses to apply for library cards, increases opportunity to access library use records, threatening individuals' free expression and access to ideas, as well as, the right to privacy and confidentiality with respect to information sought. The legislation also presents opportunity for mining individual library user records across states.
- ALA's Resolution on Privacy and Standardized Driver's Licenses and Personal Identification Cards
The Act requires standardization of drivers licenses and increased data elements, to be shared across states, with common machine-readable technology, and results in the accumulation of large amounts of personal data on individuals that could be used for unintended purposes such as profiling and identify theft, especially since the privacy safeguards are generally considered to be inadequate.
Several states have opposed the Act. Most recently, Maine passed a non-binding resolution stating the legislature refuses to implement the Act and asks Congress to repeal it. Their main reasons are cost ($185 million) and “compromising privacy.” Montana, Georgia, Massachusetts, and Washington have similar legislation pending.
Background
- The Act, signed into law May 2005 and scheduled to take effect on May 11
- The legislation was voted down in 2004 and then reintroduced in 2005 as part of an unrelated must-pass emergency military funding legislation, the “Emergency Supplemental Appropriations Act for Defense, The Global War on Terror, and Tsunami Relief Act.” It was enacted with no hearings and minimal debate, and many cosponsors of the legislation to which REAL ID was attached, do not necessarily support this bill. At that time, over 600 organizations expressed opposition to the legislation.
General Criticisms
The legislation was poorly conceived, enacted with minimal debate and is generally considered unworkable, expensive, and unfair. In addition, it creates new security and identity theft risks and presents civil liberties, especially privacy concerns. The Act requires the collection of large amounts of personal data, but lacks adequate privacy safeguards; it turns DMV employees into immigration officials; it exceeds 100 times in cost what Congress initially estimated, and instead of increasing security actually creates a greater security risk.
REAL ID Act of 2005, Section 202, February 2005
The Real ID Act of 2005 (H.R. 418) would, in Section 202, tighten driver's license and identity card requirements for immigrants. The bill is reportedly headed for the House floor on a fast track. The measure is likely to reach the House floor the week of Feb. 7.
The legislation would require people applying for, or seeking renewal of, state- issued driver's licenses and ID cards to prove their "lawful presence" in the United States. The legislation is similar in many respects to language that is included in the Intelligence Reform and Terrorism Prevention Act of 2004 (P.L. 108-458) that passed late last year. It differs by adding back in the language concerning immigrants that was struck from that bill.
The ALA has expressed concern about the move to standardized machine-readable driver's licenses and personal identification cards because of the potential privacy implications for library users.
Driver's licenses are commonly used by the public as a means of identification for obtaining a library card and driver's license numbers have been entered into the user's registration record, and could potentially result in the ability to search library use by individuals. Additionally, some states have prohibited public bodies from accepting non-U.S. identification cards for receipt of public services - including library services.
At least 10 states currently issue ID cards to people in the country illegally. Under Sensenbrenner's bill, licenses from those states could not easily be used as identification for federal purposes, such as at airports. License holders might be asked for further proof of their lawful presence before their state-issued identification would be accepted by federal officials.
Further Reading
- Electronic Privacy Information Center; extensive information on Real ID
- Bruce Schneier blog on Real ID
Data Mining
On May 5, 2004, the Data-Mining Reporting Act of 2004 (HR 4290) was introduced by Reps. Jim McDermott D-WA) and William Lacy Clay (D-MO). It would require the head of each department or agency of the Federal Government that is engaged in any activity to use or develop data mining technology to submit a public report to Congress on all such activities of the department or agency.
On December 12, 2003, the DOD Inspector General released the results of an audit of TIA conducted as a result of Congressional inquiries. The audit concluded that "[a]lthough the DARPA development of TIA-type technologies could prove valuable in combating terrorism," DARPA failed to perform any form of privacy impact assessment, did not involve appropriate privacy and legal experts, and 'focused on development of new technology rather than on the policies, procedures, and legal implications associated with the operational use of technology.' The report acknowledged that DARPA was sponsoring "research of privacy safeguards and options that would balance security and privacy issues," but found that such measures "were not as comprehensive as a privacy impact assessment would have been in scrutinizing TIA technology."
The final report of the Technology and Privacy Advisory Committee (TAPAC) for the Department of Defense was released on May 24, 2004. The TAPAC was created in February 2003 to examine the Terrorism Information Awareness (TIA) program and to develop safeguards "to ensure that the application of this or any like technology developed with DOD is carried out in accordance with U.S. law and American values related to privacy." While calling data mining "a vital tool in the fight against terrorism," the report concludes the TIA and similar government programs needs safeguards to adequately protect U.S. citizens' privacy interests and civil liberties, and prevent data mining from becoming "the 21st-century equivalent of general searches, which the authors of the Bill of Rights were so concerned to protect against."The report contains detailed recommendations "intended to help the Secretary of Defense establish the clear rules and policy guidance, educational and technological tools, and appropriate managerial oversight and advisory resources necessary to guide DOD's use of data mining to protect national security without compromising the privacy of U.S. persons."
For an excellent detailed overview of government mining of commercial data and privacy issues, click here (PDF).
Related Links
The Center for Democracy and TechnologyPrivacy.org