Agencies under fire to assess privacy impact of federal actions

Liberals and conservatives alike at a hearing Tuesday praised a measure that would require federal agencies to assess the privacy implications of any future rules and regulations.

After briefly extolling the provisions of the Defense of Privacy Act, witnesses, including past and present lawmakers and privacy and civil liberties advocates, moved on to more specific federal programs that they consider threats to privacy today. They called on lawmakers to hold hearings on technology's effect on existing privacy measures enacted in 1974-the Privacy Act and the Freedom of Information Act.

The Defense of Privacy Act, co-sponsored by Reps. Steve Chabot, R-Ohio, and Jerold Nadler, D-N.Y., was introduced during the previous two Congresses, but never enacted.

"We have seen attempt after attempt by federal agencies to implement ominous regulations that allow the government to invade the privacy of American citizens," Chabot said before the House Judiciary Constitution Subcommittee. "From financial information to medical records, the federal government has sought access to highly sensitive information without regard to the privacy implications."

Sen. Chuck Grassley, R-Iowa, testified that Congress needed to strike a "delicate balance" between protecting citizens from terrorism and invading privacy, and said "rigorous and effective congressional oversight" is the best solution.

Grassley said he was willing to give the Defense Department the benefit of the doubt on its controversial Terrorism Information Awareness (TIA) program, provided that an audit by the inspector general finds the program will be used for foreign intelligence purposes only and not "snooping around" in Americans' private records.

Other witnesses said the privacy threat from TIA and other recent programs was more drastic, especially in light of federal agencies' use of commercial databases as a means of collecting information exempt from Privacy Act restrictions.

"In the 1960s, we had scandals in which government agencies collected data on citizens involved in the anti-war and civil rights movements," said former Georgia Rep. Bob Barr, who sponsored the bill in the 107th Congress.

"The extent to which information technology can collect and sort vast amounts of data underlies why we are here today," he said.

James Dempsey, executive director of the Center for Democracy and Technology, said the FBI has achieved since 1992 a 9,600 percent increase in the use of proprietary commercial databases, ranging from credit reports, frequent shopper data and scuba diving certification records. It is unclear, Dempsey said, what guidelines, if any, apply to the FBI's use of this information.

"Americans' right to privacy is in peril," said Laura Murphy, director of the Washington office of the American Civil Liberties Union. "Individuals' personal information is being collected through an ever-expanding number of computer networks and being stored in formats that allow the data to be linked, transferred, shared and sold, often without consent or knowledge," she said.

Barr, Dempsey and Murphy said they feared that new security databases, such as the Transportation Security Agency's CAPPS system and Defense's TIA, would become victims of "mission creep" and expanded into greater law enforcement programs absent significant congressional oversight.