nomic bankruptcy process whereby an individual can gain a “discharge" from his past. Just as the commercial process cannot function without a procedure enabling participants to attempt a fresh start, the social system cannot function without a procedure enabling individuals to obliterate the residue of their past errors. Finally, every person about whom personal data is stored should be notified of that fact and given access to his dossier to check its accuracy and propriety. Under a new federal statute, the Fair Credit Reporting Act, subjects of credit investigations must be notified that they are being investigated, but they have no right under the statute to see their reports. One way of starting this mammoth notification task would be to compile an exhaustive citizens' guide to files of personal information in the federal government. A remedial program with these general features would begin to reduce the danger to freedom inherent in the dossier society. The alternative is to march bravely toward a new world in which privacy and freedom are replaced by suspicion and security, and the secret computer printout reigns supreme. Mr. STEELMAN. Mr. Speaker, the congressional commitment to privacy must hard-hitting, immediate, and two-edged. For too long unjustified secrecy and privacy have proliferated throughout government, and for too long the government has, in the name of efficiency and law and order, and sometimes unintentionally, violated the citizens inherent right to privacy. These two democratic rights, the right to know, and the right to privacy, have helped build that vital dimension of difference that sets America apart from most other nations of the world. When the Freedom of Information Act was enacted in 1966 we were all confident that a new era of Government accessibility was being ushered in. But those of you who have tried, or have read about the unsuccessful and arduous processes involved, know that the Freedom of Information Act does not always work. There is still too much information being withheld, and there is still too much delay in responding to requests for information. There is no persuasive logic, certainly no commitment to democratic principle, in those arguments, that claim that without secrecy and covertness, modern and efficient government cannot function. Are we not, by such arguments, trying to preserve our democracy, by methods that by their very nature threaten its health and well being. These matters are serious, and that is why I am working on legislation that will amend title 5 of the United States Code, to make freedom of information a fact, and not just an act. But as my honorable colleague from California has emphasized, the right to know is only half the issue, the right of privacy is its necessary complement. With the increase in the use of the social security number as a standard universal identifier, and the indiscriminate and uncontrolled assimilation of personal information into hundreds of data banks, there is a grave threat that national dossiers will become a fact. At best, this is a frustrating and annoying invasion of privacy, and at worst, it may threaten a denial of status and benefits without due process of law. I ask that we create an alliance of commitment to insure that our right to privacy, and the right to know are not empty words, but strong, powerful realities. Mr. HEINZ, Mr. Speaker, I express my thanks to my colleagues Mr. Horton and Mr. Goldwater for giving the Members of the House this opportunity to express our commitment to privacy. One natural outgrowth of an increasingly technological society is the dangerous proliferation of computerized personal records on every individual. Such devices, while perhaps well intentioned, deprive people of the privacy that should be their right. In addition, while it is quite easy for incorrect or misleading information to creep into one's file, once there it is considerably more difficult to get it removed. To cite some examples: Last year a professor's wife in Texas lost her auto insurance because her credit bureau listed her as an alcoholic. She never drinks. In New York a young woman has been fighting a Civil Service Commission order that she be fired from her job as a substitute postal clerk. It had been learned from her FBI computerized file that while a student, the woman, exercising her first amendment rights had taken part in a campus demonstration while at Northwestern University, and that she had been a member of SDS, a legally constituted organization. In Massachusetts last year Gov. Francis Sargent had given a full pardon to a former felon who had kept his record clean for 10 years. He moved to a State 1,000 miles away and enrolled at a community college. However, after running a routine police check with the new State's computer file and having learned of the man's past conviction, the president of the college expelled him. The listing did not include the full pardon. Even after Massachusetts officials had verified the facts of the case, the president refused to readmit the man to the school. There have even been cases of employees stealing computer files on magnetic tape and using such information for their own purposes. Whether it be protection from unfair credit reports, from unwanted pornographic materials, from needless harassment by junk mail, or protection against unfair discrimination based on one's background, each citizen has a right to expect that the government will take whatever action is necessary to insure individual privacy. This trend toward centralization of personal information at the expense of individual rights must be stopped! On January 3, 1973, I introduced legislation, H.R. 632, that in my opinion, goes a long way toward protecting individuals against invasions of privacy. This bill would prohibit the sale or distribution of mailing lists and other information without the consent of those people whose names appear on the list. Other bills concerned with privacy are also pending before the Congress, and I hope that strong action will soon be taken. Clearly, it is long overdue. An employee of the Book-of-the-Month-Club-membership 1.5 million-reports: "The saddest thing of all is reading letters that begin, 'Dear Computer, I know there are no humans there.'" I urge this Congress-with action as well as with words-to go on record as being determined to help make this society a little more human, and a little less machine. People must come first. It is up to us to see that they do. Mr. RANGEL. Mr Speaker, the steady and uncontrolled invasion into the private lives of American citizens must not continue unchecked by Congress. The use of information obtained for one purpose which subsequently becomes part of a data bank for entirely different purposes is a process we must closely watch and tightly control. I would like to submit the following article which identifies a potentially dangerous invasion into the privacy of American citizens in methadone programs in the Washington, D.C., area. [The article follows:] [From the Washington Star-News, Oct. 28, 1973] FOOTPRINTS "IDENTIFY" METHADONE PATIENTS (By Lawrence Feinberg) Under a sign of a large green foot, Washington's narcotic treatment administration has collected about 5,000 footprints during the past two years in an effort to keep track of the methadone it dispenses. "They laughed at us when we started," recalled Ronald J. Nolfi, who heads the agency's footprint project. "What's a footprint? But now they see it works." The agency promises to keep the names of the heroin addicts it treats confidential. But Nolfi said it also needs a way to make sure that the same person using more than one clinic to collect methadone, an addictive, inexpensive heroin substitute. "A lot of people have a lot of emotional problems about giving fingerprints,” said Dr. William Washington, NTA's acting director, "even though we assure them they won't go to the police." The solution, since early last year, has been to collect footprints, which like fingerprints, are different for every individual but which the FBI doesn't keep. Nolfi and two assistants classify every footprint they take. They use the right foot only and file the prints by the large green foot which is really a bath towel. Their office also has a foot-shaped ashtray, and a foot-shaped note pad, called "Footsie Notes." Each day the footprints of addicts signing up for treatment are checked in the files. If the same prints are there already, NTA counselors try to sort out the identity problem and make sure no one is getting more than one dose of methadone a day either to use themselves or sell illegally. Since the footprinting started, Nolfi said, about 20 addicts have been caught trying to go to more than one clinic. About 250 others, he said, have been found trying to get back into the program after dropping out without telling that they had been in before. Even though many hospitals take footprints of babies to make sure they won't be mixed up, Nolfi said nobody classified footprints and stored them until NTA set out to do so. The system for classifying was worked out by the National Bureau of Standards. It uses the lines and swirls on the ball of the foot. The patterns under the big toe are called the core area. They are divided into seven basic types. For patients that don't fit into a basic group, there is an eighth category called "accidental patterns." The lines under the four smaller toes are called the secondary area, and they are divided into nine basic patterns. To finish the classification the distance is measured in millimeters from the center of the core area to the point where the lines diverge. To do the classifying takes about a minute, said James Schmidlin, a technician at the NTA center at 20 H St. NE. To search the files takes about 10 minutes more. There are no names in the files to make sure they are confidential, just code numbers, which are matched elsewhere. But on the back of each footprint card there is basic information about the patient, his drug habit and treatment. Schmidlin said only one patient has refused to go through with the footprinting, and very few raise any objections. One reason for the lack of fuss, he said, is that the files really are kept confidential. Another is that the footprinting is made part of the regular medical exam, and is quick and clean. It's not done with ink, but with a clear liquid which reacts with a chemical coated on the card without leaving any stains on the foot. The cost of each print is about 15 cents, but overall the program has cost $50,000, provided by the Law Enforcement Assistance Administration. Since this summer the five other programs dispensing methadone in the Washington area also have been taking footprints of their patients and checking them against the NTA files. The White House Special Action Office on Drug Abuse prevention is trying to have footprint files by drug treatment programs elsewhere in the country, but so far no one outside the Washington area is doing it. Mr. MYERS. Mr. Speaker, resolving the issues related to right to privacy requires expert assistance. I am pleased that the National Bureau of Standards. Institute for Computer Sciences and Technology has taken privacy and security in computer systems as a main focus of their mission. Two conferences have been sponsored by the Institute bringing together several hundred computer specialists and information users in the Federal and State scene and the private sector. By way of introduction to defining and reestablishing privacy rights, Dr. Ruth Davis led a group of speakers who described the nature and scope of these problems. I believe this summary of their presentations would be of value to my colleagues and include herein. [The summary follows:] PRIVACY AND SECURITY IN COMPUTER SYSTEMS There is a tendency to confuse the issues of privacy, confidentiality and security with respect to recordkeeping and computers. Dr. Ruth Davis, Director, Institute for Computer Sciences and Technology, National Bureau of Standards, outlined the essential differences between these issues and established a framework for unambiguous discussion and solution of these problems. Privacy is a concept which applies to individuals. In essence, it defines the degree to which an individual wishes to interact with his social environment and manifests itself in the willingness with which an individual will share information about himself with others. This concept conflicts with the trend toward collecting and storing personal information in support of social programs of various importance. The government's role often makes the supplying of this information mandatory-thus, creating a direct and acute compromise of the individual's privacy. Under this circumstance, the burden of protecting personal data is all the more important. Confidentiality is a concept that applies to data. It describes the status accorded to data and the degree of protection that must be provided for it. It is the protection of data confidentiality that is one of the objects of Security. Data confidentiality applies not only to data about individuals but to any proprietary or sensitive data that must be treated in confidence. Security is the realization of protection for the data, the mechanisms and resources used in processing data, and the security mechanism(s) themselves. Data Security is the protection of data against accidental or unauthorized destruction, modification or disclosure using both physical security measures and controlled accessibility techniques. Physical Security is the protection of all computer facilities against all physical threats (e.g., damage or loss from accident, theft, malicious action, fire and other environmental hazards). Physical security techniques involve the use of locks, badges (for personnel identification), guards, personnel security clearances and administrative measures to control the ability and means to approach, communicate with, or otherwise make use of, any material or component of a data processing system. Controlled Accessibility is the term applied to the protection provided to data and computational resources by hardware and software mechanisms of the computer itself. From these definitions, it is possible to see that there is no direct relationship between privacy (a desire by individuals, groups or organizations to control the collection, use or dissemination of information about them) and security (the realization of the protection of resources), although they are interrelated. Several speakers pointed out that a perfectly secure computer could be used in such a way as to violate individual privacy. However, this should not be construed as an excuse for not creating secure computer systems since the thrust of earlier remarks was to the effect that legislatively defined rules for assuring privacy are now levying a security-oriented environment on government (and possibly private) data systems. 2.3 SOCIAL IMPLICATIONS Dr. James Rule, Professor of Sociology, State University of New York at Stony Brook, presented a sociologist's view of the privacy question. He observed that the issues of privacy are social-political-human rather than technological and that the question of how far to go in computer-based recordkeeping on people is a political/social question in which the rights/needs/interests of the individual must be weighted against the rights/needs/interests of "institutions (social, political, commercial, etc.). In his view, determining the proper balance between individual privacy and institutional needs and interests will involve even more agonizing choices in the future than it does now. To illustrate his point, he described a hypothetical situation revolving around the use of computerized recordkeeping control of crime. In the hypothetical (but potentially feasible) situation, statistical methods of behavior analysis are used to predict individual criminality before it occurs. Assuming that such a system could be assured of evenhanded administration, would such a system be desirable and would it justify the extensive recordkeeping on all individuals necessary to make it work? 2.4 LEGISLATIVE ACTIONS As a result of the early warnings and studies of the privacy issue that have taken place in this country over the past 7-8 years, a number of legislative actions have taken place or are contemplated. For example, three Federal Acts have been passed in recent years relating to the issue of privacy. These are the Freedom of Information Act, which provides for making information held by Federal agencies available to the public unless it comes within a category exempted by the Act; the Federal Reports Act, which establishes procedures for the collection of information by Federal agencies and the transfer of confidential information from one agency to another; and the Fair Credit Reporting Act, which requires consumer credit reporting agencies to adopt procedures which are fair and equitable to the consumer with regard to confidentiality, accuracy, relevancy and proper use of such information. The Fair Credit Reporting Act also established the right of the individual to be informed of what information is maintained about him by a credit bureau or investigatory reporting agency. In addition to these pieces of legislation, numerous bills have been introduced in Congress which propose to strengthen the rights of individuals with respect to confidentiality of data, prevent invasion of privacy, establish standards for the collection, maintenance and use of personal data, or limits the uses to which personal data can be put without written consent of the affected individual. It was also reported at the Conference that the Department of Health, Education, and Welfare (DHEW) is implementing (internally) the recommendations contained in the Report of the Secretary's Advisory Committee on Automated Personal Data Systems. The 50 State governments have pending numerous bills concerned with protection of individual privacy and data confidentiality. Massachusetts and Iowa have already passed significant legislation in these areas, providing higher standards of personal privacy protection than the Federal Government. Still other States have extensive legislative proposals that would impose extensive regulatory and technological constraints on the operation of personal data systems. At the local level, a number of municipalities have passed ordinances to provide protection of computerized personal data. While all of this legislative activity is not completed, it is indicative of the political response to the aforementioned public awareness and concern over individual rights and privacy. 2.5. THREATS Threats to individual privacy and technological threats to computer-based information systems were the two themes repeatedly stressed by the various speakers. While the threat to individual privacy and liberty was predominant and seen to be mostly associated with the unregulated collection and use of personal data, a number of the speakers cited the technological threats as being those most bothersome to the operators of information systems. Most of the speakers agreed that the threat to privacy was one that required legal and regulatory remedies and was not basically a technological problem. All speakers agreed, however, that technology was required to help enforce the legal and regulatory steps. Furtermore, a number of speakers noted that unless there were sound technological foundations for controlled access to computer systems, the legal and regulatory actions would be largely wasted. In addition to the basic and somewhat diffused threat to individual privacy posed by the collection and use of personal data, several speakers cited an additional problem of misappropriation and misuse of data by people who are authorized access in connection with their jobs. While the problem of misuse of data would appear to be one solved by legal measures providing stiff penalties for violators, several speakers indicated that it was in part technological since the contemporary systems have so little in the way of controlled access mechanisms that it is difficult to restrict access within a data base and to account for its access and usage. The degree of difficulty and the cost associated with providing security and controlled access to computer-based recordkeeping systems is a function of the type of access being permitted, the capabilities of those performing the access, and the type of computer system (whether dedicated, shared, local or remote access, etc.) on which the recordkeeping system is based. Mr. HUDNUT. Mr. Speaker, today I am pleased to join my colleagues in a special order regarding the congressional commitment to privacy. I am glad to have the opportunity to express my personal concern for retaining and restoring this vital individual liberty in America. In this computer age, it is easy to obtain information about an individual. Much concern has been voiced over the extent to which citizens' privacy is being invaded. We see this in the accumulation of personal data in computer banks and other such means which constitutes a threat to the privacy of every American citizen. There are some who look upon individual tax returns as the greatest source of such information. The assurance provided the American people that information voluntarily given on Federal tax returns will be carefully protected from disclosure and improper use is one of the basic concepts underlying this country's system of collecting taxes and I want to assure that protection. I am cosponsoring legislation (H.R. 10977) which will further restrict accessibility to taxpayers' tax returns. Even though the matter which precipitated this bill; namely, the move to check tax returns of farmers' ostensibly for the purpose of obtaining information on which to base farm programs, has been resolved, it is my hope that the Ways and Means Committee will grant early and favorable action so the authority for inspection of individual tax returns by Federal agencies will be severely restricted. Mr. ASHBROOK. Mr. Speaker, during my seven terms in Congress I have been deeply concerned about the increasing centralization of power in the Federal Government and the tendency of that Government to intrude more and more |