Page 35 - Privacy in a Cyber Age Policy and Practice
P. 35
20 PRIVACY IN A CYBER AGE
The difference in the extent of secondary usages between the paper
age and the cyber age is of such magnitude that one is hard put to find
a measurement or analogy to express it. The difference is much greater
than the difference between the impact of a hand grenade and that of
a nuclear bomb. Indeed, most secondary analyses conducted via the
Internet within a very short period of time could not be carried out at
all in the paper age. Because this point is crucial to all that follows, and
because people have become so accustomed to the cyber age’s informa-
tion facilities, a simple example follows to illustrate the transformation’s
scope. Interpol’s database of lost and stolen travel documents includes
3
more than 39 million entries reported by 166 countries. When travelers
pass through airport security, authorities can determine in a split second
4
whether the passports they carry are on the Interpol list. Such an opera-
tion would have been unimaginable as recently as two decades ago. Peter
Cullen, Fred Cate, Viktor Mayer-Schönberger, and Craig Mundie, among
others, have pointed to the rising problem posed by secondary usages of
personal information and have suggested ways forward for governments
and the private sector. 5
However, most relevant court cases in the United States deal mainly
with the primary collection of personal information, much of which falls
into the category of “spot collection.” (This chapter uses the term “spot
collection” to mean the collection of a very small amount of information
about one limited facet of an individual’s conduct that is neither stored nor
cybernated in any other ways—for instance, the information collected by
tollbooths that immediately erase data once the computer has established
that the proper toll has been paid.) These cases concern whether the col-
lection of information through drug testing, wiretaps, screening gates at
airports, DNA sampling, breathalyzers, and so forth constitutes a search in
Fourth Amendment terms; that is, they concern whether collection should
be freely allowed or should require authorization by a distinct institution
6
following given procedures. Notable cases include Katz v. United States,
8
7
9
Terry v. Ohio, United States v. White, United States v. Knotts, United States
10
12
11
v. Karo, Kyllo v. United States, United States v. Jones, and Florida v.
13
Jardines, among others. The courts, in these and other such cases, do not
address the fact that information that has been legally collected may be
used later to harm the privacy of the individuals involved. A privacy doc-
trine suitable for the cyber age must address both primary collection and
subsequent secondary usages of information. Details follow, but as a gen-
eral principle the government can allow some kinds of personal informa-
tion to be freely collected and used without causing undue risks to privacy.
Some other kinds of information might be considered private and there-
fore should not be collected or used unless a specific authority, following
