Habeas Data – Datos Personales – Privacidad

Interview with Chris Hoofnagle

Posted: julio 4th, 2006 | Author: | Filed under: América del norte, Competencia judicial, General, Público en general | No Comments »

*Interview with Chris Hoofnagle*

“Chris Jay Hoofnagle”:http://choof.org/ is a privacy expert and lawyer admitted to practice law in California and DC. Currently, doctor he is non-residential fellow at Stanford University’s Center for Internet and Society and a consultant on privacy litigation. Until recently he worked at the Electronic Privacy Information Center, where he was in charge of the organization of EPIC West Coast Office. He had testified before Congress, the California Legislature, and before the Judicial Conference of the United States on various privacy issues. His academic articles on the First Amendment and privacy “are online at the SSRN web site”:http://papers.ssrn.com/sol3/results.cfm.

See “Spanish version here”:http://www.habeasdata.org/Entrevista_Chris_Hoofnagle.

*HabeasData: Can you tell us about your work in privacy? How did you started to be interested in privacy issues?*

*CJH:* Back in the 1990s, direct marketers were seen as a serious privacy threat, in part, because they might take troves of consumer transactional information and sell it to law enforcement. Officials from the Direct Marketing Association established an ethical rule barring the use of marketing data for government purposes, and emphatically argued that they would not allow their data to be sold to law enforcement. These arguments, bolstered by the “free market” types, protected the direct marketers from new federal regulation, and allowed a great trade in personal information to arise. Privacy advocates were skeptical of this trade, and I believe rightly so. I’ve always thought it naive to hold that big business poses different privacy risks than government. And, the failure to rein in data marketing companies in the 1990s led directly to the current situation, where despite past promises, almost all the companies selling personal data to the government are direct marketing operations. So, I have focused my work on commercial collection of personal information, and the nexus with law enforcement. This nexus obviously has expanded, given recent events.

*HabeasData: Privacy after 911: can you summarize, for a Latin American audience, what kind of programs/actions have been proposed/applied in the United States that may affect privacy?*

*CJH:* Rather than enumerate the various programs that have been proposed or implemented, let me just make the principal point: After 9/11, US law enforcement shifted its paradigm from a crime solving approach to one focusing on preventing crime. This principle of prevention of crime, of trying to predict and interdict criminals, drives many of the programs in the US now. There is a belief associated with this principle that technology can be used to find suspicious patterns and to identify possible criminals. Report after report has concluded that there is no reliable terrorist profile, but officials continue to believe computers have some mystical power to solve all problems.

*HabeasData: Americans have a different view of data protection than the EU and some Latin American countries. Can you explain us why?*

*CJH:* The first exhibit in the Holocaust Museum in Washington, DC features a “Hollerith Machine”:http://www3.iath.virginia.edu/holocaust/infotech.html a census tool that aggregated personal information. The Germans collected personal information on punch cards that were then fed through the machine, and used the data to increase the efficiency of the Holocaust. Historical analyses of the Holocaust showed that the Germans were more effective in states where there were high rates of participation in censuses. The history of the Holocaust informed Europeans’ views of the relationship of personal information to state control.

In the US, we did have the opportunity to adopt a comprehensive set of protections for personal information. The US started by enacting the Privacy Act of 1974, which created procedural and some substantive protections for personal information in the hands of the federal government. A study commission created by the law concluded that those protections should be extended to corporations, but Congress never enacted this recommendation.

At the same time, companies that used personal information organized and strongly opposed privacy laws. In recent years, data companies have become very sophisticated in their opposition to all privacy law. There is a marked difference between privacy laws enacted in the 1980s and early 1990s and those considered today. I remain convinced that the Fair Credit Reporting Act of 1970, which incorporates all Fair Information Practices, would not even get a hearing in today’s Congress. The industry is simply too well organized and well funded, and they want to limit privacy to giving consumers “privacy notices” and “choice.”

*HabeasData: The differences in privacy protection between the U.S. and some Latin American countries may have lead to more protection in those countries. However a company like “Choicepoint was able to gather and sell personal data from Latin Americans”:http://www.epic.org/privacy/choicepoint/#documents to the U.S. government. How did it started? Where are we now?*

*CJH:* It got started because they could collect the data. Business practices and technology are far ahead of the public’s understanding of the issues and the legal framework. If there are ambiguities in the law, or where there is no law, information companies are going to take advantage of the situation and collect personal data.

But, I am convinced that Choicepoint will be the big winner from the security breach and resulting Federal Trade Commission settlement. From a legal perspective, Choicepoint has a more sophisticated infrastructure, and many of its competitors will trip over the standards set by the FTC settlement. Ten years from now, Choicepoint will be the leading data broker, and it could be the case that its entire business operations will operate under the Federal Fair Credit Reporting Act.

*HabeasData: Why the US have not yet recognized a constitutional right to privacy in information?*

*CJH:* In “a 1976 case”:http://caselaw.lp.findlaw.com/cgi-bin/getcase.pl?navby=case&court=us&vol=425&invol=435, the Supreme Court held that individuals do not have a right of privacy in information voluntarily given to others. This is what we refer to as the “secrecy paradigm,” the idea that information is only private if no one else knows about it.

Practically, this means that the government can go to businesses and request personal information about customers without a subpoena or warrant. In fact, since 9/11, many businesses have volunteered to provide their databases of personal information to law enforcement.

Why is this the case? Criminal procedure and First Amendment rights experienced a great expansion from the 1950s-1970. Following this period, our Supreme Court became more conservative, and attempted to limit many of these rights.

*HabeasData: Who do you fear more in terms of privacy threats in the next years: the public or the private sector? Why?*

*CJH:* I do not believe that there is a distinction between public and private sector privacy threats anymore. The private sector has shown itself more than willing to give customer data to the government. One cannot trust the private or public sectors to balance privacy interests of consumer/citizens out of goodwill. Private actors’ first loyalty is to increasing shareholder wealth, and public actors do not want to place limits on their power to use personal information.

*HabeasData: DRM & Privacy: you* ´ve researched this nascent area of law. Are we heading towards a world of non anonymous consumption of content?*

*CJH:* DRM is threatening anonymity, but so is the lack of payment systems that provide privacy. There is very little economic incentive for businesses to create anonymous DRM or payment systems. We’re moving towards more electronic transactions (credit/debit card use surpassed cash in 2003). We have to find a way to build more privacy into transactions generally.

** · Thank you for you time,*

Pablo A. Palazzi
Foro de Habeas Data

Leave a Reply

You must be logged in to post a comment.