In developing safeguard requirements, we have divided personal data record-keeping systems into two broad categories, (i) administrative systems, and (ii) systems maintained exclusively for statistical reporting and research. The distinction between the two is in their purpose vis-a-vis individuals. Administrative systems are intended to be used to affect individuals as individuals; statistical reporting and research systems are not. According to this classification, intelligence records are properly considered administrative records.
A chief characteristic of intelligence records is that they are compiled for purposes that presuppose the possibility of taking adverse action against an individual. Their focus is on providing a basis for protecting the data-gathering organization, or other organizations that it serves, against the individual. There are many examples of intelligence-type personal-data record-keeping systems. From a historical standpoint, the original and classical intelligence records were those compiled and maintained about individuals who were viewed as possible enemies of the state. The most obvious and perhaps most common ones today are those compiled by the criminal intelligence systems of Federal, State, and local law enforcement agencies about individuals suspected of being engaged in criminal activities, of being threats to public safety or national. security, or of being suitable objects of surveillance and investigation for less clearly definable reasons. There are, however, many other examples of intelligence-type records, including investigative records of credit-reporting agencies, private detective agencies, industrial security organizations, and so on. It is hard to know how many types of intelligence data systems exist because their function leads as a rule to careful concealment.
In framing our proposed safeguard requirements for administrative personal data systems, we did not focus on intelligence records as such. We realize that if all of the safeguard requirements were applied to all types of intelligence records, the utility of many intelligence-type records for the purposes they are designed to serve might be greatly weakened. In some instances this would clearly not be a desirable outcome from the standpoint of important societal interests, such as the apprehension and prosecution of individuals engaged in organized crime. It does not follow, however, that there . is no need for safeguards for personal-data intelligence recordkeeping systems. The risk of abuse of intelligence records is too great to permit their use without some safeguards to protect the personal privacy and due process interests of individuals.
The mere gathering of intelligence data can be a serious threat to personal privacy and should be carried out with strict respect for the Constitutional rights of individuals. Once criminal intelligence data have been compiled, their use in connection with law enforcement prosecutions is safeguarded by all the Constitutional requirements of due process and by laws that establish limitations on the exercise of the police power, including civil and criminal remedies and penalties that may be imposed to enforce such limitations. We have not attempted to assess whether protections now afforded individuals from abuses of intelligence records as used in criminal law enforcement should be strengthened.
We are concerned, however, about the use of criminal intelligence data, and intelligence records maintained by organizations other than law enforcement agencies, for many purposes that involve determinations about the qualifications, character, opportunities, or benefits of individuals to which the protective requirements of due process may not apply or for which they may not be fully effective. Such determinations include suitability for employment, especially in public service or in positions of critical fiduciary responsibility; clearance for access to classified national security information held by the Federal government and its contractors; and eligibility for various public benefits, permits, and licenses.
Enactment of the proposed Code of Fair Information Practice for administrative personal data systems will afford an excellent opportunity to determine precisely what protections for individuals should be applied to intelligence record-keeping systems. Any exception from a safeguard requirement that is proposed for any type of intelligence system must be specifically sanctioned by statute and then only if granting the exception would serve a societal interest that is clearly paramount to the interest served by having the requirement imposed.
The process of considering exceptions for intelligence systems will entail a careful review of existing policies, laws, and practices governing the creation, maintenance, and use of intelligence records about individuals. The- need for such a review has seldom seemed more urgent in the history of our Nation.
1In our brief review of the history of record keeping in Chapter 1, we took note of the origins and existence of intelligence records. These should be thought of as a type of administrative personal data system, since intelligence records are maintained about people for the purpose of affecting them directly as individuals We have not, however, examined intelligence record-keeping systems as such, and it was not with such systems in mind that we developed the safeguard recommendations set forth in this chapter. At the end of the chapter, we have included a brief statement about the application of our safeguards to intelligence records.
225 U.S.C. 552 (1970).
3 The remaining two exemptions refer to information that is: "specifically required by Executive order to be kept secret in the interest of the national defense or foreign policy;" and "specifically exempted from disclosure by statute." Legal prohibitions against disclosure of information in these two categories are not affected by the Act.
415 U.S.C. 1681-1684t.
5The Federal Trade Commission has the basic responsibility for enforcing the Act, but where specific types of institutions are already regulated (for other purposes) by other agencies, those agencies are charged with enforcing the Act; e.g., the Comptroller of the Currency (national banks), the Federal Reserve Board (member banks of the Federal Reserve systems other than national banks), the Interstate Commerce Commission (common carriers), and the Civil Aeronautics Board (air carriers).