Guarding privacy

Americans' privacy fears have always been focused first and foremost on

government intrusions. The Founding Fathers tried to allay these fears in

the Fourth Amendment; Congress passed laws, including the Privacy Act of

1974 and the wiretap law; and court decisions also have tried to protect

privacy.

More recently, Americans have become increasingly concerned about the

impact on privacy of technology in general and the Internet in particular.

While much of this focus has been on the lack of protections for personal

information in the private sector, Americans continue to be deeply suspicious

of what the government does with their personal information.

The clash between privacy and the new digital technologies surfaced

in 1998 when Congress adopted the Government Paperwork Elimination Act (GPEA).

The primary goal of GPEA was to make government service delivery more efficient

by promoting online interaction with government agencies. Electronic service

delivery offers taxpayers savings of time and money. However, in some of

these online transactions, authentication will be an issue: The government

will need to know that it is dealing with the right person. GPEA encourages

agencies to use electronic signature techniques to verify a person's identity.

But a greater reliance on identity-based electronic authentication could

lead to larger storehouses of information collected by the government and

its private-sector contractors. To address this concern, Sen. Spencer Abraham

(R-Mich.) and Sen. Patrick Leahy (D-Vt.) added a section to GPEA requiring

the protection of personal information generated in the course of using

digital signatures. However, as agencies implement GPEA, it is unclear whether

electronic service delivery will provide individuals with greater privacy

protections or greater privacy concerns.

Under GPEA, agencies in general must provide for the optional use of

electronic documents and signatures by October 2003. The Office of Management

and Budget must set guidelines by April 2000 for how agencies will use electronic

signatures. A draft of OMB's guidance, released for comment in March 1999,

frames privacy appropriately, instructing agencies on the best way to comply

with the privacy component of GPEA. While the proposed guidance reflects

OMB's growing engagement in privacy, it needs to further integrate privacy

into all parts of how agencies will execute GPEA.

Meanwhile, agencies are moving forward with online service delivery projects envisioned before GPEA was even introduced. In fact, last month, President

Clinton announced that he expected 100,000 digital signatures governmentwide

by December 2000. The projects that will use these signatures will need

to address privacy concerns in their very design if they are to give citizens

the level of trust necessary to use the new technology.

— Schwartz is a policy analyst at the Center for Democracy and Technology.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected