There are some important information policy issues the Act either ignores or does not address adequately. For example, in almost any discussion of the intent of the Privacy Act, mention is made of limiting the amount of information agencies actually collect about individuals. There is a commonly held belief, evident in the Act's legislative history and voiced by numerous agency personnel, that the Act was intended to reduce the amount of information the Federal government collects about individuals. Yet the fact of the matter is that the Act only establishes the outer boundaries of legitimate government inquiry, and it does so in a way that reflects rather closely the boundaries that had grown up prior to the Act's passage. Similarly, as the discussion of the routine-use provision indicated, transfers of information among agencies have only been slightly reduced as a result of the Act's passage.
While the Section 7 proscription against compelling an individual to divulge his Social Security number, unless specifically required by law to do so, has induced minimal change in agency practice, agencies commonly rely on Executive Order 9397,36 issued in 1943, when they can find no other authority for demanding the Social Security number. Additionally, once the Social Security number is collected, its use is regulated only by the other disclosure provisions of the Privacy Act or whatever other confidentiality statutes govern agency disclosures of other types of personal information.
The Privacy Act grew out of nearly a decade of congressional examination of information systems in the Executive branch, and it followed closely on the heels of the record-keeping abuses and invasions of personal privacy associated with the Watergate affair. It was passed partially as a protection against premeditated abuses of Federal agency records but, more importantly, in recognition of the fact that even normal uses of a record about an individual can have harmful consequences for him and that this potential harm can be greatly magnified by the use of emerging computer and telecommunications technology. Despite these antecedents, however, there is little in the Privacy Act to prevent premeditated abuses of power through the misuse of recorded information, particularly where internal agency uses are concerned. Although the individual's position in relation to an agency is much stronger as a result of the Act, the safeguard provisions have not been implemented in a way that adequately deters abuse by agency personnel, especially in view of the lack of internal agency compliance monitoring or auditing.
Moreover, the problems perceived by the Congress at the time of the Act's passage have turned out to be more complex than anticipated, and by and large they are independent of the problem of premeditated abuse. Actual or potential information abuses are much more likely to result from continuing growth in the government's appetite for information about individuals and in the use of that information for growing numbers and types of purposes. The real danger is the gradual erosion of individual liberties through the automation, integration, and interconnection of many small, separate record-keeping systems, each of which alone may seem innocuous, even benevolent, and wholly justifiable. Dramatic developments in computer and communications technology, which both facilitate record-keeping functions previously performed manually and provide the impetus and means to devise new ones, can only exacerbate this problem.
The Act's failure to attend to the impact of technological advances on individual liberties and personal privacy is compounded by the manual, or file-cabinet, view of record keeping that underlies it. As indicated early in this chapter, reliance on a traditional view of individual identifiers and their role in retrieving records serves to exclude certain types or forms of individually identifiable records from the Act's coverage. Because a record retrieved by attribute or characteristic, as opposed to identifier, does not fall within the definition of a "record" maintained in a "system of records," the Act's notice access, correction, and accountability requirements do not apply to it.
In addition, there is no compatible-purpose test in the Act for internal agency uses of records; hence, such uses are unregulated. One exception is the case in which there is a confidentiality statute governing the uses or disclosures of certain types of records of a particular component of an agency. Section 1106 of the Social Security Act was cited earlier as one such example. Unfortunately, however, the assortment of such confidentiality statutes is incomplete and uncoordinated.
Furthermore, it is probable, again because of technological advances, growth in government programs, and pressures to reduce paperwork, that the prediction of significant new uses of information will become even more difficult-and, hence, more difficult to deal with as a matter of public policy. A compromise which would achieve a reasonable balance between individual knowledge and agency efficiency concerns would seem to be in order.
The increased demand for information is changing the relationship between the record keeper and the record subject, as well as the character of the record-keeping relationship itself. As the Federal government has become increasingly involved in providing services and financial assistance, there have been increased pressures to ensure that all recipients are, in fact, eligible. This has led agencies into areas normally associated with civil or criminal law enforcement functions. In assessing this phenomenon, it must be remembered that much of what the agencies do in the area of record keeping and investigating is in response to direct or perceived mandates from the Legislative branch; in order to accomplish the tasks set for them, agencies need enforcement units with investigative capabilities. The recent creation of an office to investigate fraud and abuse in the Medicaid program provides an example of a unit which developed as a response to congressional direction.
Parallel to this increasing role for Federal agencies in law enforcement and investigative activities, the Federal government has begun to develop sophisticated criminal justice information systems, and to offer the services , of those systems, as well as related technical and financial assistance, to State and local law enforcement agencies. While a number of questions need to be resolved in regard to this use of technologically sophisticated information systems by Federal or State law enforcement and investigative agencies, three problems are particularly pertinent to the protection of personal privacy.
The first emerges from even the briefest consideration of how information enters criminal justice information systems and how it is used. As such systems are currently structured, there is little control over the accuracy and reliability of information when it passes from one investigative agency to another. In particular, there is minimal control over the accuracy of criminal history information-often the most revealing and potentially the most damaging recorded information routinely exchanged by law enforcement agencies. The criminal history files of the FBI's Identification Division illustrate the inability of a central record keeper to control the quality of the information in its records, since by and large the central record keeper has little enforceable authority over other agencies reporting to it. [See Menard v. Saxbe, 498 F.2d 1017 (D.C. Cir. 1974)] Further, the information in such systems is ordinarily derivative; in other words, the record maintained in an automated system is often copied from another record which in turn may be a copy of a third. The chances for error in transferring information from one record to another are great, particularly when the first transfer is from a paper record. These vulnerabilities to error create a system with inherent accuracy and reliability problems, but one which nonetheless is used to make decisions that affect individuals powerfully and immediately.
The second problem generated by these new systems grows out of the current pattern of unrestricted information flows between law enforcement and investigative agencies at all levels of government. Those flows, formal and informal, are usually justifiable, but they are also easily amenable to abuse. Easier access to information by agents within a unit, and greater facility to exchange information between units, will increase the potential for abuse and thus for the misapplications of police powers of the sort Americans experienced in the late 1960's and early 1970's. Moreover, the unsupervised information flows that facilitated improper domestic intelligence activities, and the government operations based on them, are still without oversight mechanisms to assure their accountability. As the deployment of technology increases the ease with which current information flows can be abused, the Congress should work rapidly to discover the extent and patterns of such flows and to develop statutorily mandated protections against their abuse.
The final problem that needs resolution results from Federal agencies providing computer-communications services to State and local law enforcement agencies. At one level, it is a classic problem of federalism, of the proper role of the central government in furnishing local services; at another level, however, it is a problem posed by one agency operating the information services on which other agencies depend and thus being able, at least potentially, to control the format of the other agencies' records and to use those records for its own purposes. Some of the consequences of a Federal law enforcement agency controlling the flow of State and local criminal justice information are illustrated in the continuing controversy over whether the Federal Bureau of Investigation should supply a messageswitching, or interstate data communications, service through its National Crime Information Center (NCIC).
As the operator of NCIC, the FBI would exercise central control over, and have the ability to reach into, any State or local records that were directly hooked into the system, as well as the ability to monitor the flow of information through the system. While such an ability is only a potential, the transformation of that potential into an actuality has occurred before,37 and would permit the agency controlling the system to collect and use information to which it might not be legitimately entitled. For example, intelligence might be gathered on individuals whom the Administration in power considered politically undesirable, . and be gathered by more sophisticated and comprehensive methods than those employed by the infamous Special Services Staff of the Internal Revenue Service.
Given the particularly damaging character of the information involved and the potential for misuse, any long-range decision to permit Federal agencies to provide such services should be made only if there is no alternative. Further, the Commission believes that the decision to permit Federal agency operation of such services ought to be made through the legislative process, not unilaterally by the Executive branch of government.
Perhaps the most significant finding in the Commission's assessment of the Privacy Act arises from its examination of the vehicles available for evaluating and assessing existing record systems, new systems, and agency practices and procedures. Quite simply, there is no vehicle for answering the question: "Should a particular record-keeping policy, practice, or system exist at all?" While the Act takes an important step in establishing a framework by which an individual may obtain and question the contents of his record, it does not purport to establish ethical standards or set limits to the collection or use of certain types of information. Without such standards, however, the principal threat of proliferating records systems is not addressed. Nowhere, other than in the ineffective section requiring the preparation and review of new system notices, does the Act address the question of who is to decide what and how information should be collected, and how it may be used. To deal with this situation, the Congress and the Executive Branch will have to take action.