- By Ari Schwartz
- Jan 23, 2000
Americans' privacy fears have always been focused first and foremost on
government intrusions. The Founding Fathers tried to allay these fears in
the Fourth Amendment; Congress passed laws, including the Privacy Act of
1974 and the wiretap law; and court decisions also have tried to protect
More recently, Americans have become increasingly concerned about the
impact on privacy of technology in general and the Internet in particular.
While much of this focus has been on the lack of protections for personal
information in the private sector, Americans continue to be deeply suspicious
of what the government does with their personal information.
The clash between privacy and the new digital technologies surfaced
in 1998 when Congress adopted the Government Paperwork Elimination Act (GPEA).
The primary goal of GPEA was to make government service delivery more efficient
by promoting online interaction with government agencies. Electronic service
delivery offers taxpayers savings of time and money. However, in some of
these online transactions, authentication will be an issue: The government
will need to know that it is dealing with the right person. GPEA encourages
agencies to use electronic signature techniques to verify a person's identity.
But a greater reliance on identity-based electronic authentication could
lead to larger storehouses of information collected by the government and
its private-sector contractors. To address this concern, Sen. Spencer Abraham
(R-Mich.) and Sen. Patrick Leahy (D-Vt.) added a section to GPEA requiring
the protection of personal information generated in the course of using
digital signatures. However, as agencies implement GPEA, it is unclear whether
electronic service delivery will provide individuals with greater privacy
protections or greater privacy concerns.
Under GPEA, agencies in general must provide for the optional use of
electronic documents and signatures by October 2003. The Office of Management
and Budget must set guidelines by April 2000 for how agencies will use electronic
signatures. A draft of OMB's guidance, released for comment in March 1999,
frames privacy appropriately, instructing agencies on the best way to comply
with the privacy component of GPEA. While the proposed guidance reflects
OMB's growing engagement in privacy, it needs to further integrate privacy
into all parts of how agencies will execute GPEA.
Meanwhile, agencies are moving forward with online service delivery projects envisioned before GPEA was even introduced. In fact, last month, President
Clinton announced that he expected 100,000 digital signatures governmentwide
by December 2000. The projects that will use these signatures will need
to address privacy concerns in their very design if they are to give citizens
the level of trust necessary to use the new technology.
— Schwartz is a policy analyst at the Center for Democracy and Technology.