INTEREST OF AMICUS
Computer Professionals for
Social Responsibility ("CPSR") is a non-profit membership organization,
incorporated in the state of California, with offices and full-time staff
in Palo Alto, CA and Washington, DC. CPSR's membership includes a
Nobel Laureate and four recipients of the Turing Award, the highest honor
in computer science. CPSR's activities include the review of federal
computing policies to determine their possible impact on civil liberties
interests. Among its other activities, CPSR has prepared reports
and presented testimony on computer technology and privacy issues at the
request of congressional committees.1
The misuse of the Social
Security number ("SSN") and its unnecessary proliferation epitomizes the
risk to public safety and the threat to personal privacy of careless information
practices. The code of ethics of many computer asso�ciations and
related professional organizations clearly state the importance of privacy
protection in the design of computer systems.2 Automated information
systems, by virtue of their great processing capability, pose an ongoing
risk to personal privacy. For this rea�son, the computer science
community has long argued that adequate safeguards must be estab�lished
to protect personal information. Computer scientists have also played
a prominent role in congressional proceedings and the de�velopment of key
reports that gave rise to many of the privacy laws in the United States
today.3 And computer privacy remains a cen�tral concern at regular
meetings of computer pro�fessionals.4
As the leading organization
in the United States concerned with the impact of computer technology on
personal privacy, CPSR has a substantial interest in legislative and judicial
proceedings addressing the confidentiality of the SSN and has contributed
its views and expertise to congressional committees considering the issue.5
SUMMARY OF ARGUMENT
At issue in this case is
whether the Internal Revenue Service's practice of openly displaying Social
Security numbers on mailings sent to taxpayers violates the Privacy Act
of 1974. A review of the Act's legislative history, as well as other
relevant legislative and judicial pronouncements, shows that the public
disclosure of this identification number has long been a matter of serious
concern. Indeed, Congress explicitly recognized the particular risk
to privacy that could result from the unnecessary disclosure of the Social
Security Number and therefore enacted restrictions on its use.
The extent of the privacy
invasion at issue here becomes apparent when one considers that the Social
Security number is used as an identification code for databases containing
a wide range of financial, medical, educational, and credit information.
It is like a master key that once obtained opens many doors. The possession
of such a key must be carefully controlled. In recognition of the
substantial risk that the unnecessary disclosure of the SSN might pose
to public safety and personal privacy, this Court and others have protected
the confidentiality of the number. Amicus believes that the Court
should continue to provide that protection in this case.
ARGUMENT
I. The Unnecessary Disclosure
of the SSN
Raises
Substantial Issues of Personal Privacy
Our legal system has long
recognized and protected the right of personal privacy. The drafters
of the Constitution "conferred, as against the Government, the right to
be let alone -- the most comprehensive of rights and the right most valued
by civilized man. To protect that right, every unjustifiable intrusion
by the Government upon the privacy of the individual, whatever the means
employed, must be deemed a violation" of constitutional principles.
Olmstead v. United States, 277 U.S. 438, 478 (1928) (Brandeis, J., dissenting).
Justice Brandeis recognized
that the First Principles enunciated in the Constitution have the "capacity
of adaptation to a changing world" and must be applied to "new conditions"
and technologies. Id. at 472. In the Olmstead case, Justice
Brandeis anticipated that technological change would pose new challenges
to the courts, and that the protection of liberty in this realm would require
great vigilance. Justice Brandeis's formulation of the privacy problem
that results from rapidly changing technologies was eventually adopted
by the Supreme Court in United States v. Katz, 389 U.S. 347 (1967).
While the Court's analysis
of Fourth Amendment claims under the Katz test has raised substantial questions
about the impact of technological change upon "the reasonable expectation
of privacy,"6 where Congress has sought explicitly through statutory authority
to regulate an information practice, the privacy protection must be broadly
construed.
As the Supreme Court recently
noted, "both the common law and the literal understandings of privacy encompass
the individual's control of information concerning his or her person."
Department of Justice v. Reporters Committee for Freedom of the Press,
109 S. Ct. 1468, 1476 (1989). See also A. Westin, Privacy and Freedom
7 (1967) ("Privacy is the claim of individuals ... to determine for themselves
when, how, and to what extent information about them is communicated to
others").
Protection of privacy rights
is particularly important when the administrative convenience afforded
by computer technology may obscure the underlying privacy interest in controlling
the collection, use and disclosure of personal information. The courts
must be vigilant in the face of bureaucratic tendencies to ignore appropriate
measures for safeguarding personal information, particularly where multi-use
identifiers such as the SSN are likely to exacerbate the privacy harm that
would result from unlawful disclosure. The Supreme Court has recognized
the risks to personal privacy created by "unwarranted disclosures" in the
computer age.
We are not unaware of the threat to privacy implicit in the accumulation
of vast amounts of personal information in computerized data banks or other
massive government files. The collection of taxes, the distribution
of welfare and social security benefits, the supervision of public health,
the direction of our Armed Forces, and the enforcement of the criminal
laws all require the orderly preservation of great quantities of information,
much of which is personal in character and potentially embarrassing or
harmful if disclosed. The right to collect and use such data for
public purposes is typically accompanied by a concomitant statutory or
regulatory duty to avoid unwarranted disclosures.
Whalen v. Roe, 429 U.S. 589, 605 (1977) (emphasis added). See
also 429 U.S. at 607 (Brennan, J., concurring) ("The central storage and
easy accessibility of computerized data vastly increase the potential for
abuse of that information ...").
Indeed, the Supreme Court
has noted that the Privacy Act, under which this case arises, "was passed
in 1974 largely out of concern over 'the impact of computer data banks
on individual privacy.'" 109 S. Ct. at 1478 (citation omitted).
That concern looms large when -- as in this case -- individuals' Social
Security numbers are indiscriminately disclosed.
A. History of the SSN and Restrictions on its Use
Although the Social Security
Number ("SSN") has been with us since 1936, the use of the SSN for purposes
unrelated to the administration of the Social Security system is a relatively
recent phenomenon. The number was first intended for use solely by
the federal government as a means of tracking earnings to determine the
amount of Social Security taxes to credit to each worker's account.
Over the years, however, the SSN has been used by government agencies and
the private sector for other purposes, often over the objection of independent
experts and the general public. See, e.g., A. Westin and M. Baker,
Databanks in a Free Society 399 (1972) ("adopting the Social Security number
officially as a national identifier or letting its use spread unchecked
cannot help but contribute to public distrust of government").
The government was permitted
to use the SSN for tax reporting purposes when Congress authorized the
Internal Revenue Service ("IRS") to use SSNs as taxpayer identification
numbers. P.L. 87-397 (Oct. 5, 1961). However, it was recognized
at that time that this expanded use of the SSN would raise substantial
privacy risks.
Public opposition during
the 1960s to the misuse of the Social Security Number was evident during
a series of hearings held on privacy and information collection.
See, e.g., Federal Data Banks, Computers and the Bill of Rights: Hearings
Before the Subcommittee on Constitutional Rights of the Senate Judiciary
Committee, 92d Cong., 1st Sess. Part I, 775-881 (1971). As Health,
Education and Welfare ("HEW") Secretary Elliot Richardson testified in
1971:
There would certainly be an enormous convenience in having a single
identifier for each individual ... [making] more efficient the acquisition,
storage, and use of data .... It is the very ease of assembling complete
records, of course, which raises the specter of invasion of privacy.
Id. at 784.
Two years later, an HEW
advisory committee issued a report recommending the development of extensive
legal safeguards for the record systems maintained by the federal government.
The Secretary's Advisory Committee on Automated Personal Data Systems,
U.S. Department of Health, Education and Welfare, Records, Computers and
the Rights of Citizens (1973) (hereinafter cited as "HEW Report") at 121.
The advisory committee warned that the use of the SSN as a personal identifier
"would enhance the likelihood of arbitrary or uncontrolled linkage of records
about people, particularly between government or government-supported automated
personal data systems ..." Id. at 122 (footnote omitted). In
recognition of that risk, the advisory committee recommended the enactment
of restrictions on the disclosure and dissemination of the SSN. The
HEW Report recommended that:
¥ Uses of the Social Security
Number be limited to only those purposes required by the federal government.
¥ Federal agencies should not
require the use of the Social Security Number absent statutory authority.
¥ Congress evaluate any proposed
use of the Social Security Number
¥ Individuals have the right
to refuse to provide their Social Security Numbers, and should suffer no
harm for exercising this right.
¥ Organizations required by
Federal law to obtain the Social Security Number use the number solely
for the purpose for which it was obtained and not make any secondary use
or disclose the Number without the informed consent of the individual.
Id. at 124-25.
Congress adopted those recommendations
the following year through passage of the Privacy Act, P.L. 93-579,
88 Stat. 1896, (1974). See S. Rep.No. 1183, 93d Cong., 2d Sess.
reprinted in 1974 U.S. Code Cong. & Admin. News 6916, 6944-46 (citing
HEW Report). The Privacy Act makes clear that Congress gave special
recognition to the need to control the misuse of the SSN. Section
7 makes it unlawful for any agency to deny any right, benefit or privilege
to any individual "because of such individual's refusal to disclose his
social security account number." It further provides that any agency
requesting an individual to disclose his or her SSN must "inform that individual
whether that disclosure is mandatory or voluntary, by what statutory or
other authority such number is solicited, and what uses will be made of
it." P.L. 93-579, ¤ 7, 88 Stat. 1896, 1909 (1974), reprinted in
5 U.S.C. ¤ 552a note (1982).
In Section 3 of the Act,
Congress provided that
[n]o agency shall disclose any record which is contained in a system
of records by any means of communication to any person, or to another agency,
except pursuant to a written request by, or with the prior written consent
of, the individual to whom the record pertains, unless the disclosure would
be [in compliance with several specified exceptions not applicable here].
5 U.S.C. ¤ 552a(b). A "record" is defined as
any item, collection, or grouping of information about an individual
that is maintained by an agency, including, but not limited to his education,
financial transactions, medical history, and criminal or employment history
and that contains his name, or the identifying number, symbol, or other
identifying particular assigned to the individual ....
Id., ¤ 552a(a)(4).
In enacting these protections,
Congress sought to prevent the privacy violations made possible by the
proliferation of the SSN.
Citizens' complaints to
Congress and the findings of several expert study groups have illustrated
a common belief that a threat to individual privacy and confidentiality
of information is posed by [expanding use of the SSN]. The concern
goes both to the development of one common number to label a person throughout
society and to the fact that the symbol most in demand is the Social Security
number, the key to one government dossier.
*
*
*
A cross-section of such
complaints appearing in the subcommittee hearings shows that people are
pressured in the private sector to surrender their numbers in order to
get telephones, to check out books in university libraries, to get checks
cashed, to vote, to obtain drivers' licenses, to be considered for bank
loans, and many other benefits, rights or privileges.
S. Rep. No. 1183, 93d Cong., 2d Sess., reprinted in 1974 U.S. Code
Cong. & Admin. News 6916, 6944.
Amicus believes that the
SSN privacy concerns Congress addressed in 1974 have even greater
force today. Technological advancements and the computerization of
public and private sector databases have hastened the trend toward unnecessary
reliance on the SSN. As a congressional oversight committee recently
noted,
[t]he extensive use of computers
has resulted in the wide-spread private sector use of the social security
number as an identifier. Many merchants require a customer to provide
a social security number as a condition of doing business. Credit
bureaus use the social security number to maintain individual credit files
and routinely sell this information to almost anyone who requests it.
The ability of the private sector to gather information such as credit
history, grocery store purchases, medical records (including pre-natal
information), family medical histories and genetic makeup has raised fears
that in the near future unregulated companies will serve as national identity
bureaus collecting and dispersing an individual's most private information.
Use of Social Security Number as a National Identifier: Hearing Before
the Subcomm. on Social Security of the House Committee on Ways and Means,
102d Cong., 1st Sess. 2-3 (1991) ("Use of SSN") (Subcommittee hearing notice).
Amicus' concerns are also
shared by the Social Security Administration, which issues the SSN but
lacks the authority to curtail its proliferating use. As Gwendolyn
S. King, Commissioner of Social Security, testified before the subcommittee,
[the Social Security Administration] and the Congress have historically
had fundamental concerns about the possibility that the SSN might become
a universal identifier in this country. These concerns center on
questions of individual privacy and the increased possibility of the invasion
of that privacy if all records pertaining to an individual could be accessed
under one number. ...
The need for a unique number for individual
records in computer systems means that use of the SSN is likely to continue
to expand in the years ahead. While the Social Security Administration
is not, and we believe should not be, responsible for use of the SSN in
the private sector, we have a deep concern that individuals not be harmed
through carelessness in the use of the SSN.
Id. at 25 (Testimony of Gwendolyn S. King, Commissioner of Social Security)
(emphasis added). At issue in this case, we believe, is precisely
the sort of "carelessness in the use of the SSN" that the Commissioner
opposed.
B. The IRS Practice of Placing the SSN on a
Mailing Label Creates an Unnecessary Privacy Risk
Willis H. Ware, the Chairman
of the 1973 HEW Advisory Committee on Automated Personal Data Systems and
a widely recognized authority on computer security,7 has recently stated
that:
I regard the IRS's inclusion of SSNs on tax-form mailing labels as a
risky and careless practice that has the effect of unwarranted and needless
disclosure of sensitive personal data to casual or potentially malicious
eyes. Granted the essential utility of the SSN to improve the accuracy
of IRS recordkeeping, there are certainly means for concealing a portion
of the label from sight and maintaining the confidentiality of the SSN.8
Apart from the many privacy
risks in the unlawful disclosure of the number described supra, the inherent
problem with the use of the Social Security number as an identifier is
that it allows organizations to obtain information about individuals with
whom there may be no prior relationship. This tends to diminish an
individual's ability to control information about himself or herself and
leads to the compilation of elaborate dossiers often without the knowledge
of the individual.
When an individual discloses
an account number to a particular business or institution, the information
that is disclosed is only that necessary to identify the person to the
particular institution. The disclosure of personal information to
a particular company for a specific purpose establishes an expectation
of confidentiality. Numbering schemes that are designed for particular
businesses help promote confidentiality because they strengthen the ties
between the individual and the institution and create an expectation that
information which is transferred to the institution will not be used for
other purposes.
Similarly, single-purpose
identification cards without universal identifiers can actually enhance
personal privacy by restricting the extent of a person's identity that
must be disclosed to interact with a large institution. Library cards
and driver's licenses are examples of such limited purpose cards.
In those information systems, privacy protection should focus on the subsequent
use of the information by the information-holding institution, but the
number by itself is unlikely to create a privacy problem.
Multi-purpose identification
numbers for which the purpose is open-ended may be more problematic.
An institution that obtains the number presumably will have access to all
the information that the document holder would have. This access
allows the institution to create more elaborate picture of the document-holder
than the single-purpose document.
For this reason, special
weight must be given to efforts to restrict the misuse of the number.9
C. The Need to Restrict the Use of
Personal Identification Numbers is
Widely Recognized in Other Countries
The particular privacy problem
of multi-use identification numbers, such as the SSN, have been amply demonstrated
by the experience of other countries. In Canada, "the abuse of the
Social Insurance Number is the only privacy issue that has regularly commanded
the attention of members of the House of Commons in the last twenty years."
D. Flaherty, Protecting Privacy in Surveillance Societies 281 (1989).
The Canadian government has taken steps to prevent the Social Insurance
Number from becoming a universal personal identifier; at considerable cost,
a separate employee identifier is being introduced for federal employees,
and the matching of computer files is being reduced.10
In France, the memory that
identification numbers on government records were used to round up Jews
during Nazi occupation has played an important role in the efforts to restrict
the use of the SSN. At a meeting of European data protection commissioners
in 1980, the French CNIL prevented the development of international identity
cards, the use of the social security number, and the assignment of a new
unique number to each recipient. Its solution was to attach a number
to the card and not the person, so that if a card was lost, the individual
received a new number.11 The use of the card became a matter of national
debate in 1981. In an election statement on informatics, Francois
Mitterand stated that "the creation of computerized identity cards contain
a real danger for the liberty of individuals."12
Today, as the Europeans
consider the development of a European wide standard for data protection,
controlling the possible misuse of unique identifiers remains a central
concern. Portugal's new constitution forbids the interconnection
of files save in exceptional cases, and it is clear that 'citizens shall
not be given all purpose national identification numbers.' Greece
has instituted a system of national identity numbers for certain
public sector data files, but the linkage of these files is forbidden by
law. In Australia, the Privacy Act of 1988 forbids the use of the
tax file number as national identification system by 'whatever means.'13
II. Unnecessary Disclosures
of the SSN Jeopardize
the Confidentiality of Personal Information
Given the widespread misuse
of the SSN in the United States, access to the number provides a window
into the activities and lifestyle of any person. Commissioner King
recognized this in her congressional testimony. "An individual's
Social Security number is the key to accessing a variety of information
about that individual. That fact has shaped [the Social Security
Administration's] current policy [of not disclosing SSNs without the individual's
consent]." Use of SSN at 22.
The unnecessary disclosure
of an individual's SSN creates the risk of confidential information being
disclosed to any person or institution in possession of the individual's
SSN. Because so much information is now retrievable by a person in
possession of the SSN, the risk that personal information can be unlawfully
obtained has greatly increased.
This problem of aggregated
personal information was well stated by Congressman Frank Horton who said
almost twenty-five years ago:
One of the most practical of our present safeguards of privacy is the
fragmented nature of personal information. It is scattered in little
bits across the geography and years of our life. Retrieval is impractical
and often impossible. A central data bank removes completely this
safeguard.
The Computer and the Invasion of Privacy: Hearings before the Special
Subcommittee on Invasion of Privacy of the House Committee on Government
Operations, 89th Cong., 2d Sess. 6 (1966).
Similarly, the Supreme Court
has recognized that the aggregation of personal information heightens the
degree of protection that must be afforded. In Reporters Committee,
the Court affirmed the withholding of an individual's criminal "rap sheet"
under the Freedom of Information Act. The Court noted "the power
of compilations [of information] to affect personal privacy that outstrips
the combined power of the bits of information contained within."
109 S. Ct. at 1477.
In practice, the proliferation
of the SSN has greatly diminished the "fragmented nature of personal information"
and has, in effect, created the "central data bank" Congressman Horton
warned against and Congress sought to prohibit through the passage of the
Privacy Act of 1974. The SSN, once disclosed, is the key to that
vast repository of information. As the Supreme Court recognizes,
"the power of compilations [such as those accessible through an SSN] to
affect personal privacy" mandates that the courts be particularly vigilant
in protecting the security of aggregated personal information.
A recent news story illustrates
the threat to personal privacy created by the indiscriminate disclosure
of an individual's SSN. According to the Wall Street Journal, Fidelity
Investment offers a toll-free telephone service that -- upon entry of a
Social Security Number -- provides an audio summary of a customer's investment
portfolio. The system, which does not use a
single-purpose, personal identification number ("PIN")14 to verify a
caller's identity, permits anyone knowing the SSN of any Fidelity customer
to access that individual's confidential account information. Clements,
"Finding Out How Your Neighbor Invests is a Free Phone Call Away,"
Wall Street Journal, February 4, 1991, page C1. The HEW advisory
committee recognized the problem in 1973, noting that "[a]s long as the
SSN of an individual can be easily obtained ... , both individuals and
the organizations that use it as a password are vulnerable to whatever
harm may result from impersonation." HEW Report at 132.
The Court should regard
the disclosure of the SSN as a critical problem of public safety and information
privacy. The number is akin to the combination of a safe containing
an individual's most intimate possessions. Sensible information practices
would mandate that the use of the number be carefully controlled.
The non-consensual disclosure of an SSN is tantamount to the disclosure
of highly personal information.
III. The Courts have Recognized
that Disclosure
of an SSN Violates Personal Privacy Rights
This court, as well as several
other courts, has recognized that substantial privacy interests are implicated
in the disclosure of SSNs. Without exception, every court that has
had occasion to consider the issue has reached the conclusion that the
non-consensual release of an SSN by a federal agency would constitute "a
clearly unwarranted invasion of personal privacy." See, e.g., IBEW
Local No. 5 v. Department of Housing and Urban Development, 852 F.2d 87,
89 (3d Cir. 1988).
In cases decided under the
Freedom of Information Act ("FOIA"), 5 U.S.C. ¤ 552, the courts
have held that disclosure of SSNs is precluded by Exemption 6 of the FOIA,
which restricts the release of "personnel and medical files and similar
files the disclosure of which would constitute a clearly unwarranted invasion
of personal privacy." Id. ¤ 552(b)(6). See, e.g., Painting
and Drywall Work Preservation Fund, Inc. v. Department of Housing and Urban
Development, No. 88-5076, slip op. (D.C. Cir. June 21, 1991); Local 3,
IBEW v. Nat'l Labor Relations Board, 845 F.2d 1177 (2d Cir. 1988); Oliva
v. United States, 756 F. Supp. 105 (E.D.N.Y. 1991); Painting Industry of
Hawaii Market Recovery Fund
v. Depsrtment of the Air Force, 751 F. Supp. 1410 (D. Hawaii 1990).15
In IBEW Local No. 5, a union
sought the release of, inter alia, the SSNs of non-union employees working
for a federal
contractor.16 This Court began its analysis by noting that "there
is a presumption in favor of disclosure" in FOIA cases. 852 F.2d
at 89.17 Nonetheless, this Court found that "the disclosure of the
Social Security numbers would constitute a clearly unwarranted invasion
of privacy and is therefore barred by Exemption 6." Id. The
Court looked to the congressional policy embodied in the Privacy Act.
The employees have a strong privacy interest in their Social Security
numbers. Congress has recognized this privacy interest by making
unlawful any denial of a right, benefit, or privilege by a government agency
because of an individual's refusal to disclose his Social Security number.
Moreover, in its report supporting the adoption of this provision, the
Senate Committee stated that the extensive use of Social Security numbers
as universal identifiers in both the public and private sectors is "one
of the most serious manifestations of privacy concerns in the Nation."
Id. (citations omitted).
Having recognized an individual's
"strong privacy interest" in his or her SSN, this Court cited the risk
that the SSN, if disclosed, could be misused and noted that "once a number
is public knowledge, it could wind up in anyone's hands." Id. (emphasis
added).18
Once an SSN "wind[s] up
in anyone's hands," the potential privacy ramifications are substantial.
While the disclosure of this multi-use identifier might not cause immediate
harm to the individual, it is the subsequent use that might be made of
the SSN that is determinative. As the D.C. Circuit emphasized in
protecting the names and addresses of federal annuitants from disclosure
under FOIA,
[i]n virtually every case
in which a privacy concern is implicated, someone must take steps after
the initial disclosure in order to bring about the untoward effect.
Disclosure does not, literally by itself, constitute a harm ....
Where there is a substantial probability that disclosure will cause an
interference with personal privacy, it matters not that there may be two
or three links in the causal chain.
National Ass'n of Retired Federal Employees v. Horner, 879 F.2d 873,
878 (D.C. Cir. 1989).
The judicial authority recognizing
an individual's privacy interest in the confidentiality of his or her SSN
-- and in the information to which the SSN is a key -- provides strong
policy arguments against the practice of the IRS challenged here.
That authority also belies the district court's conclusion that an SSN
is not a "record" within the meaning of Section 3 of the Privacy Act.
In IBEW Local No. 5, this
Court -- like the other courts that have considered the issue -- affirmed
the withholding of SSNs on the ground that they are exempt records, not
on the ground that they are not "records" within the meaning of FOIA.
Id. at 88. See, generally, Forsham v. Harris, 445 U.S. 169 (1980) (discussing
the definition of "record"). The cited opinions also recognize that
an SSN, in conjunction with the number holder's name (as contained on the
address labels at issue here), is a personally identifiable record which,
if disclosed, would constitute a "clearly unwarranted invasion of privacy."
In light of the fact that the Privacy Act prohibits the disclosure of personal
information unless, inter alia, "disclosure of the record would be required
under [FOIA]," 5 U.S.C. ¤ 552a(b)(2), amicus submits that the non-disclosability
of SSNs under FOIA is highly relevant to the court's inquiry here.
CONCLUSION
The indiscriminate disclosure
of Social Security numbers constitutes a substantial invasion of privacy,
as Congress, the Social Security Administration and this Court have recognized.
In enacting the Privacy Act, Congress was motivated, in large part, by
a desire to curtail the proliferating use and disclosure of the number.
The practice of the Internal Revenue Service at issue here clearly violates
that intent. The decision of the district court should be reversed.
Respectfully submitted,
MARC ROTENBERG
DAVID L. SOBEL
Computer Professionals for
Social Responsibility
666 Pennsylvania Avenue, S.E.
Suite 303
Washington, DC 20003
(202) 544-9240
KATHRYN ANNE KLEIMAN
Law Student Assistant
Counsel for Amicus
1 See, e.g., "Computer Privacy and the Need for the Establishment
of a Data Protection Board," the Subcommittee on Government Information,
Justice, and Agriculture, Committee on Government Operations, U.S. House
of Representatives, May 16, 1990; "The Redesign of the National Crime
Information Center (NCIC)," the Subcommittee on Civil and Constitutional
Rights, Committee on the Judiciary, House of Representatives, May 18, 1989
reprinted in FBI Oversight and Authorization Request for Fiscal Year 1990,
101st Cong., 1st Sess. 512 (1989); "The Computer Security Act
of 1987 (P.L. 100-235) and the Memorandum of Understanding Between the
National Institute of Standards and Technology (NIST) and the National
Security Agency (NSA)," the Subcommittee on Legislation and National Security,
Committee on Government Operations, House of Representatives, May 4, 1989
reprinted in Military and Security Control of Computer Security Issues,
101st Cong., 1st Sess. 80 (1989); "Amendments to the Fair Credit Reporting
Act, before the Subcommittee on Consumer Affairs and Coinage of the Committee
on Banking, Finance and Urban Affairs, House of Representatives, June 12,
1990, reprinted in Amendments to the Fair Credit Reporting Act, 101st Cong.,
2d Sess. 774 (1990).
2 The Association for Computing Machinery (ACM) Code
of Professional Conduct states that:
Ethical Considerations:
EC5.1 An ACM member should consider the health, privacy, and general
welfare of the public in the performance of his work.
EC5.2 An ACM member, when�ever dealing with data concern�ing individuals,
shall always consider the principle of indi�vidual privacy and seek the
following:
To minimize the data collected;
To limit authorized ac�cess
to the data;
To provide proper secu�rity
for the data;
To determine the re�quired
retention period of the data;
To ensure proper dis�posal
of the data.
The Data Processing Management Association (DPMA) Code of Ethics, Standards
of Conduct and Enforcement Procedures states:
"In Recognition of My Obligation to Society I Shall: Protect the privacy
and confi�dentiality of all information entrusted to me"
The preliminary code of ethics for the International Federation of Information
Processing (IFIP) makes data protection a cen�tral provision of Individual
Professional Ethics:
1.2 Protection of Privacy
Information Technology Professionals have a fundamen�tal respect for
the privacy and integrity of individuals, groups, and organizations.
They are also aware that com�puterized invasion of privacy, without informed
authoriza�tion and consent, is a major, con�tinuing threat for potential
abuse of individuals, groups, and populations. Public trust in informatics
is contingent upon vigilant protection of estab�lished cultural and ethical
norms of information privacy.
20 Computers & Society 36 (March 1990) (Emphasis added).
3 Willis H. Ware, a noted computer scientist at the Rand
Corporation and an advisor of CPSR, chaired the Secretary's Advisory Committee
on Automated Personal DatasSystems of the Department of Health, Education
& Welfare. That Committee pro�duced Records, Computers and the
Rights of Citizens (1973), a landmark report which out�lined the privacy
risks of automated record sys�tems, recommended various safeguards, and
gave rise to the Privacy Act of 1974, the most comprehensive privacy law
in the United States. Joseph Weizenbaum, an emeritus pro�fessor of
Computer Science at MIT and a member of CPSR, was also a member of the
Advisory Committee.
Subsequent reports by the
Office of Technology Assessment have often relied heav�ily on computer
scientists to assess the privacy risks on automated information systems.
See, e.g., Defending Secrets, Sharing Data: New Locks and Keys for Electronic
Information (1987). See also National Research Council, Computers At Risk:
Safe Computing In the Information Age (1991).
4 See, e.g., Rein Turn, "Information Privacy Issues for the 1990s,"
1990 IEEE Symposium on Security and Privacy 395.
5 See, e.g.,Use of Social Security Number as a National
Identifier: Hearing Before the Subcommittee on Social Security, House Committee
on Ways and Means, 102d Cong., 1st Sess. (February 27, 1991)(testimony
of Marc Rotenberg, Director, CPSR Washington Office).
6 See, e.g., Rakas v. Illinois, 439 U.S. 128, 431 n. 12 (1978).
See also Amsterdam, Perspectives on the Fourth Amendment, 56 Minn. L. Rev.
349 (1974) ("the government could diminish each person's subjective expectation
of privacy by announcing half-hourly on television that 1984 was being
advanced by a decade and that we were all forthwith being placed under
comprehensive electronic surveillance.").
7 Dr. Ware currently chairs the
Federal Computer Security and Privacy Advisory Board established by the
Computer Security Act of 1987. 15 U.S.C. ¤ 278g-4. The
board is responsible for overseeing the computer security and privacy policies
for federal agencies. Id. Dr. Ware is also a member of the
System Security Stdy Committee of the National Research Council.
8 Electronic mail from Willis H. Ware to Marc Rotenberg
(Thu, 08 Aug 91 17:25:36 PDT) ("RE: SSNs on IRS mailing labels").
9 See, Use of Social Security Number as a National Identifier:
Hearing Before the Subcommittee on Social Security, House Committee on
Ways and Means, 102d Cong., 1st Sess. 61 (February 27, 1991) (testimony
of Marc Rotenberg, Director, CPSR Washington Office).
10 Privacy Laws & Business, February 1989, at 4, quoted in
M. Spencer, 1992 And All That: Civil Liberties in the Balance 60 (1990).
See also Access Reports, July 11, 1990, at 6.
11 D. Flaherty, Protecting Privacy in Surveillance
Societies 227 (1989).
12 Id.
13 M. Spencer, 1992 And All That: Civil Liberties in the
Balance 60 (1990).
14 Personal identification numbers ("PINs") refer to any
identity number associated with a card. In the United States, an
individual may have many PINs: a bank ATM card, a telephone charge card,
a workplace access card. In other countries such as Sweden and Australia,
the term "PIN" is often used to refer to a universal tax number, similar
to the SSN in the United States, and therefore raises much of the same
concern as the SSN.
15 Amicus' research has uncovered no case in which a court
has authorized disclosure of SSNs under the FOIA.
16 In that case, the Union sought payroll records from the United
States Department of Housing and Urban Development (HUD). HUD released
the payroll records, including the employees' work classification, hours
worked, rates of pay, and gross and net pay levels. However, HUD
withheld the employees' names, home addresses, and Social Security Numbers.
17 Significantly, the Court held in IBEW Local No. 5 that
the disclosure of the names and addresses of the employees would not constitute
an unwarranted invasion of privacy. 852 F.2d at 92; see also Department
of Navy v. FLRA, 840 F.2d 1131 (3d Cir. 1988). Thus, this Court has
recognized that the disclosure of an individual's SSN implicates far greater
privacy interests than does the disclosure of his or her name and address.
18 This Court, in the administration of its own records,
recognizes the need to be cautious in the use of the SSN. The Registration
Card that is completed by all attorneys admitted before the Court provides:
Disclosure of an attorney's social security number is requested solely
for purposes of verifying the identity of the attorney as a member of the
bar of this court. It will remain part of your confidential file.
Your willingness to furnish this information is entirely voluntary.
