Guarding privacy

Americans' privacy fears have always been focused first and foremost on

government intrusions. The Founding Fathers tried to allay these fears in

the Fourth Amendment; Congress passed laws, including the Privacy Act of

1974 and the wiretap law; and court decisions also have tried to protect

privacy.

More recently, Americans have become increasingly concerned about the

impact on privacy of technology in general and the Internet in particular.

While much of this focus has been on the lack of protections for personal

information in the private sector, Americans continue to be deeply suspicious

of what the government does with their personal information.

The clash between privacy and the new digital technologies surfaced

in 1998 when Congress adopted the Government Paperwork Elimination Act (GPEA).

The primary goal of GPEA was to make government service delivery more efficient

by promoting online interaction with government agencies. Electronic service

delivery offers taxpayers savings of time and money. However, in some of

these online transactions, authentication will be an issue: The government

will need to know that it is dealing with the right person. GPEA encourages

agencies to use electronic signature techniques to verify a person's identity.

But a greater reliance on identity-based electronic authentication could

lead to larger storehouses of information collected by the government and

its private-sector contractors. To address this concern, Sen. Spencer Abraham

(R-Mich.) and Sen. Patrick Leahy (D-Vt.) added a section to GPEA requiring

the protection of personal information generated in the course of using

digital signatures. However, as agencies implement GPEA, it is unclear whether

electronic service delivery will provide individuals with greater privacy

protections or greater privacy concerns.

Under GPEA, agencies in general must provide for the optional use of

electronic documents and signatures by October 2003. The Office of Management

and Budget must set guidelines by April 2000 for how agencies will use electronic

signatures. A draft of OMB's guidance, released for comment in March 1999,

frames privacy appropriately, instructing agencies on the best way to comply

with the privacy component of GPEA. While the proposed guidance reflects

OMB's growing engagement in privacy, it needs to further integrate privacy

into all parts of how agencies will execute GPEA.

Meanwhile, agencies are moving forward with online service delivery projects envisioned before GPEA was even introduced. In fact, last month, President

Clinton announced that he expected 100,000 digital signatures governmentwide

by December 2000. The projects that will use these signatures will need

to address privacy concerns in their very design if they are to give citizens

the level of trust necessary to use the new technology.

— Schwartz is a policy analyst at the Center for Democracy and Technology.