FC: How will did the Clinton administration do on privacy rights?

[Declan McCullagh <declan () well com>]

Following is a dialogue about the Clinton administration's successes and 
failures on privacy, from three people:
 - Jamie Love, who works for Ralph Nader at the Consumer Project on Technology
 - Peter Swire, formerly chief counselor for privacy at the White House
 - Dave Banisar, a senior fellow at the Electronic Privacy Information Center

-Declan

**********

Date: Sat, 20 Jan 2001 16:51:58 -0500
From: James Love <love () cptech org>
Organization: http://www.cptech.org
To: declan () well com
CC: politech () politechbot com, swire.1 () osu edu,
        "Banisar, Dave" <banisar () epic org>
Subject: Re: FC: Clinton administration report on bankruptcy & privacy,
 fromP.Swire

So what did Peter Swire accomplish as the White House privacy Czar?
Jamie

--
James Love
Consumer Project on Technology
P.O. Box 19367, Washington, DC 20036
http://www.cptech.org
love () cptech org
1.202.387.8030 fax 1.202.234.5176

************

Date: Mon, 22 Jan 2001 14:49:27 -0500
To: Dave Banisar <banisar () 2rad net>
From: Peter Swire <swire.1 () osu edu>
Subject: Re: FC: Clinton administration report on bankruptcy 
&  privacy,fromP.Swire
Cc: Declan McCullagh <declan () well com>, James Love <love () cptech org>,
        politech () politechbot com
Declan:

        Perhaps you can post this in light of Jamie Love's question about 
what I (as part of the Administration) did to protect privacy.  David 
Banisar also wrote some critical comments that I do not happen to think are 
fair.  I do not wish to make a big fuss, but here are some items to 
consider.  In helping to make policy within the Administration, I saw my 
job as trying to build privacy protections into the Information Age, while 
also trying to understand the role of other values, including economic 
growth and the First Amendment values that you (Declan) mentioned.  In 
terms of public statements criticizing the Administration of which I was a 
part -- that was emphatically not part of my job.  There were, however, 
many policy initiatives proposed within the Administration that would have 
posed privacy problems, and my office working with others helped to ensure 
that those initiatives were amended or stopped.

        Medical privacy.  President Clinton announced final medical 
privacy rules in December, applying to all health care providers and 
insurers in the country.  Privacy advocates, including in the New York 
Times, described these as the largest single set of privacy protections in 
U.S. history.  The rules were accompanied by an Executive Order limiting 
the ability of prosecutors to bring actions against patients when a 
hospital's records are reviewed in an oversight investigation.

        Financial privacy.  The Administration was crucial to ensuring 
that the financial modernization bill enacted in 1999 contained Title V 
protecting personal privacy.  We believed that the bill did not go far 
enough, and the Administration proposed additional financial privacy 
legislation last April, which drew very favorable reviews from privacy 
advocates.

        Government privacy.  In April, 1999 only about a third of federal 
agencies had privacy policies clearly posted on their web sites.  A year 
later, all federal agencies had such policies posted, and privacy policies 
had spread to many other federal sites.  This summer, the Administration 
adopted a new presumption against the use of persistent cookies on federal 
web sites.  New data sharing guidelines to protect privacy were issued last 
month by OMB, among other things encouraging use of privacy impact 
assessments as part of the development of federal IT systems.

        Encryption.  I participated in the White House announcement of the 
change in encryption policy in September, 1999, emphasizing on behalf of 
the Administration the importance of strong encryption for assuring 
security and privacy on the Net.

        Public records and electronic authentication.  The study released 
last week on bankruptcy, privacy, and public records makes detailed 
recommendations on the difficult issues of how to allow both public access 
and privacy in an era of E-government.  In another project, I secured 
funding for the National Academy of Sciences to sponsor a project on how to 
achieve both privacy and authentication for electronic transactions.

        Internet privacy.  The Clinton Administration tried to seek 
multiple goals here.  In pushing the private sector to do better, we saw an 
increase of 14% in 1998 to 88% in 2000 of commercial sites with privacy 
notices posted.  The Administration and the FTC negotiated with DoubleClick 
and the rest of the Network Advertising Initiative in the summer of 2000 
for a new code of conduct allowing online advertising while subjected the 
advertising companies to enforceable privacy promises.  The trick has been 
how to move both toward privacy and the growth of the Internet.  In a 
balancing act of that sort, opinions will inevitably differ greatly.

        Safe Harbor.  We reached agreement with the European Commission in 
2000 on a safe harbor approach.  U.S. companies that sign up to significant 
privacy promises can flow data freely from Europe to the U.S.  Again, a 
balancing act, but companies that adopt the safe harbor will create systems 
of privacy protection that go significantly beyond U.S. practices.

        Social Security Numbers.  The Administration proposed in 2000 a 
bill to protect against identity theft and otherwise limit the sale or 
purchase of SSNs.   The Congress came close to passing an alternative bill 
sponsored by Senator Gregg.  After much controversy, the Gregg provision 
was defeated.  Ed Mierzwinski of U.S. PIRG praised the Administration for 
its "steadfast" work on the issue.

        Genetic discrimation.  Last February the President issued an 
Executive Order prohibiting the use of genetic information in federal 
hiring or promotion decisions.  The Administration supported the 
Daschle-Slaughter bill to extend these protections to the private sector.

        Internet wiretapping.  Last summer I staffed John Podesta in the 
Administration's bill to update the Electronic Communications Privacy 
Act.  The Administration proposal, issued after an exhaustive clearance 
process that included the Department of Justice and many other agencies, 
included a number of pro-privacy provisions including stricter standards 
for trap and trace orders and for intercepting the content of email 
communications.  David Banisar, the ACLU, and others have criticized the 
bill sharply for favoring law enforcement too much.  I think the debate an 
extraordinarily important one, and I am likely in the future to give my 
personal views in the area.  But this Administration did take the highly 
unusual step of itself proposing legislation that would be more restrictive 
on law enforcement in important respects than the status quo.

        In short, I think this record shows a strong record of privacy 
protection during my two years in office (whatever I did was in tandem with 
many, many others within and outside of the Administration), while also 
seeking other important societal goals.  Many of the relevant documents are 
available at http://www.cio.gov/docs/privacylist.htm.  A profile of my work 
is available at http://www.usatoday.com/life/cyber/tech/cti036.htm.

        Thank you,

        Peter Swire


Peter P. Swire
Professor of Law
Ohio State University College of Law
Formerly: Chief Counselor for Privacy
United States Office of Management and Budget
www.osu.edu/units/law/swire.htm

***********

Date: Mon, 22 Jan 2001 16:46:21 -0500 (EST)
From: Dave Banisar <banisar () 2rad net>
To: Peter Swire <swire.1 () osu edu>
cc: Declan McCullagh <declan () well com>, James Love <love () cptech org>,
        politech () politechbot com, Dave Banisar <banisar () 2rad net>
Subject: Re: FC: Clinton administration report on bankruptcy &
 privacy,fromP.Swire
In-Reply-To: <4.3.2.7.2.20010122144453.00a905f0 () pop service ohio-state edu>
Message-ID: <Pine.LNX.4.10.10101221621110.11416-100000 () radserver1 2rad net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-UIDL: 6b3424e948782b792b819621dcc252a5

hmm. dont remeber saying anything publicly about you peter but i'll bite
since I seem to be at the top of your list.  Here's a different view of
some of those "sucesses.'

Doubleclick - perhaps you've seen the startling success to FTC
has had in working for privacy. They chickened and ran from DoubleClick
today: http://www.ftc.gov/os/closings/staff/doubleclick.pdf

Medical Records - The regs alow for broad use for marketing purposes that
require people to opt-out only after their information has been transferred
to the entity. A real success there.

Financial Records. Virtually unlimited use inside companies of the use of
personal information. So weak that even President Clinton said that it was
not adequate and now a whole bunch of states are adopting better laws. And
lets not forget the "know your customer" rules.

Safe Harbor. 12 whole signatures (which includes non companies such as
Truste and several applications from the same company). I'm sure that the
DOC staff is overwhelmed filling those out approvals.

Govt policy - according to the GAo, most still dont even follow the crappy
FTC fair information practices, much less the OECD guidelines that the US
agreed to in 1981 or the 1974 privacy act.

Encryption. 7 years of trying to throw cryptographers in jail, restrict
development and get the govts around the world to follow suit.  Still have
dumbass, unclear regulations.

Wiretapping. Laughed out of congress but now we have the DOJ sponsored
Council of Europe cyber-crime convention to do the same things intl.
Nothing like some good policy laundering when you cant get what you want in
the US, go overseas.

Nice job.

Dave

***********

Date: Mon, 22 Jan 2001 11:22:07 -0500
To: declan () well com
From: Andrew Shen <shen () epic org>
Subject: Re: FC: Clinton administration report on bankruptcy & privacy,
 from   P.Swire
X-UIDL: c8443c670527089176920f101593eec9

>Date: Fri, 19 Jan 2001 10:34:38 -0800 (PST)
>From: peter swire <peterswire () yahoo com>
>Subject: New study on privacy, bankruptcy, public records
>To: declan () well com
>Cc: swire.1 () osu edu
>
>Declan:
>
>Here is an item that may be of interest for your list.
>
>Today, OMB, Treasury, and the Justice Department
>released a study on bankruptcy and privacy.  The press
>release is available at
>www.treasury.gov/press/releases/ps1136.htm.  (I'm not
>sure if the full report is posted yet.)
>

FYI, the report referenced by Swire is available at:

http://www.treas.gov/press/releases/docs/bankruptcy.pdf


Andrew.

***********




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if it remains intact.
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------