TECHNOLOGY IN PRACTICE - AS I WAS SAYING
WITH WENDY LEIBOWITZ
We expect the right to guard our secrets. But we also don’t mind giving them away. They’re all over the Internet.
A friend of mine was stunned to realize that her employer was reviewing all employees’ e-mails to help with the tough decision about whose job to terminate. "He has no right to read our e-mail, and certainly not to use it to make a decision like firing someone," my friend whispered over the phone. Oh, yes, he might.
As our secrets and our lives become increasingly digitized, we’re learning more about the nature of what constitutes privacy. We’re also confronting new questions about our rights to privacy in the face of new security and surveillance concerns. An overwhelming factor in determining the extent of both our privacy and our security is technology.
Matters of Public Record
Privacy, like all legal constructs, is fluid and ever developing. The technologies in use today, however, seem to be raising an inordinate number of questions about how private our lives really are. Just to put some issues on the table, here are a few notes from the front:
• The Virginia state bar is beginning to post lawyers’ disciplinary records on its Web site, at www.vsb.org/attorney/attsearch.html. It’s certainly of use to clients, potential clients and snoopy colleagues, all of whom can check to see if lawyers have been the objects of public discipline within the past 10 years. The records are public, so don’t try to protest.
• Many records filed electronically with the courts contain considerable personal information. In bankruptcy courts, for example, filers must disclose their Social Security number, credit card information, employment history (including salary information), street address and other identifying data. "Virtually all of the information for identity theft is available in one place—it’s like one-stop shopping for I.D. thieves," says Marc S. Stern, a solo bankruptcy attorney in Seattle who is now required to file electronically. "People’s actual signatures, in many cases, are also reproduced, facilitating forgery" he adds. "Something needs to be done to make the personal information more secure."
Divorce records in some states are also public. And they can contain angry, unverified, sometimes salacious allegations, as well as information about children, including psychological evaluations and school records. Some family law practitioners say the mere threat of placing photographs, financial information or scandalous affidavits in public court documents has affected negotiations in some divorce and child custody cases. Courts are, in effect, becoming publishers of information about those who have no choice but to use the courts.
• Face cameras, which came to public attention at Super Bowl XXXV in Tampa, are now being rolled out in airports. The technology compares the measurements, or biometrics, of your face with a database of people to whom (we hope) you bear no resemblance. It’s sold as a "faceprint," of sorts, even though the technology can be defeated by wearing sunglasses. (At airports and borders, of course, a guard can tell you to remove the glasses and the false nose.)
Compared to many other methods used to identify people, face cams are quicker, less intrusive and more convenient for travelers trying to make a flight on time. And once the critical issue of who is in the database is resolved, face cams are probably more accurate than the race- and ethnic
-based profiling now used to pinpoint dangerous people. On the other hand, the technology is far from perfect—bearded men, beware. The technology is also expensive. And really, who knows who’s in that database?
• After the terrorist attacks of September 11, hundreds of young men who had recently arrived from the Middle East were rounded up for questioning. For some time, their names and any charges against them were not released, even though such information is usually publicly disclosed in this country. Attorney General John Ashcroft said he wanted to protect the privacy rights of those detained.
• But during its broad terrorism sweep, the Federal Bureau of Investigation did not search the records of those people who have recently purchased guns. Those records are shielded by federal law, as the attorney general accurately noted to a congressional panel. By contrast, despite recent federal legislation, our medical records are still not fully protected from marketers, or from many insurance and drug companies. According to the Health Privacy Web site, at www.healthprivacy.org, one in five patients in the United States is a victim of improper disclosure of medical information.
• Finally, though the list could go on and on, a Web site run by a nonprofit organization called The Environmental Working Group, at www.ewg.org, has been accessible since November 6, 2001. It ranks farmers, by name, according to the amount of federal subsidies they receive—in effect, publishing their salaries. Some farmers have protested, saying that the Web site violates their privacy rights. How would you like your salary to be published and ranked in comparison to others in your field?
These are some of the issues technology presents for our society—including our clients. Each raises questions about how we fold in the old privacy issues as we go.
Attitudes Toward Privacy
The debate over whether U.S. citizens enjoy a guarantee of privacy is as old as the country itself. Many people (some of them lawyers) will note the explicit privacy guarantees enjoyed by citizens of many European countries and think that, in comparison, we’re bereft. As privacy and security issues gain in public consciousness, it’s important to note that our Fourth Amendment states:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons and things to be seized.
The Fourth Amendment is a super-strong right of privacy. However, it does not contain the word "privacy." Indeed, many of the court cases and statutes that guard our privacy in this country—that deal with wiretap warrants, police searches and the admissibility of evidence—also don’t mention the word "privacy." This, I think, is what leads many people to think, wrongly, that we don’t value privacy or protect it from government intrusion.
But which of us wouldn’t be startled if a police officer came up and suddenly demanded to see some identification? We’d be shocked, because it is embedded in our consciousness that the police must have cause to stop and question us. (In many countries, including Western European countries, police can question you for no reason and you are required to carry identification at all times—something American joggers who leave their hotels with nothing but a room key discover to their dismay.)
This amorphous sense of protection from unreasonable government intrusion also extends, somewhat dangerously, to the courts. Sure, we know that documents filed in court (and not under seal) are public. But until recently that meant that someone had to go to the courthouse, stand in line, deal with an overburdened clerk and pay $1 per page to photocopy a document. It was "publicly accessible, practically obscure" access to information.
Now, as lawyers, we face the challenge of how to inform clients of the newly public nature of their case files. As a society, we need to come to grips with how much of our personal information is becoming public knowledge.
The Big Giveaway
While we truly value our privacy and our right to be "secure in our persons, houses, papers, and effects …," we are also quite careless with our personal information, especially when dealing with private corporations. Want a credit card? Fill out the application and give the bank the right to comb through your extensive purchasing and repayment history. Buying a computer? Fill out the warranty card and assign your name, address and purchasing habits to be bought, sold and circulated to every technology company under the sun. Subscribing to a magazine? Know that if periodicals couldn’t buy and sell subscribers’ names, an important component of their businesses would collapse.
Information, especially personal information, is the gold mine of this century. And all sorts of companies will pay for it.
Basically, we’re a free and open society whose members will disclose a lot about themselves pretty casually. This informal attitude toward dispensing information also, of course, brings a great deal of convenience to our lives. Some of us, for example, use EZ Passes that allow us to speed through tollbooths by automatically debiting our bank accounts. We pick up the phone and are "recognized" by automatic wizards that let us do our banking, suspend newspaper delivery or order a cable channel or a pizza, without having to repeat our personal information. "Yes, it’s me. You know me."
Like solicitous sales folks, some Web sites greet you by name when you come back for repeat visits. My Internet service provider sent me an e-mail birthday card. Amazon.com recommends books and music I might like. (Incidentally, they’re right on target about my tastes.) We’re a free people, and we’re an impatient people, and we will freely choose to "pay" in privacy for convenience and speed.
Some folks actually choose to dish out their personal lives to strangers via chat rooms, e-mail lists and personal Web sites. Even Robert Hanssen, the accused FBI spy, used his real name and e-mail address to describe his sex life with his wife on an Internet newsgroup. If even a professional spy isn’t discreet, you can imagine how most people treat supposedly private information. The rule: If you choose to disclose it, it is not private.
So Now What?
Lawyers generally deal with specifics. Let’s look at some of the specifics that began this column, and what specifically we should be thinking about.
E-mail in the workplace. We all have to become employment lawyers here, educating clients, friends and colleagues that an e-mail is a document created on an employer’s computer. (Check your local state laws.) Brief, courteous e-mail policies should be posted or circulated by e-mail. Here’s one: "The Company reserves the right to enter the e-mail or voice mail systems of any and all employees whatsoever, regardless of what position they may hold, and to review, copy or delete any messages and disclose such message to others as it shall determine. These e-mail and computer systems are not private."
Public records online. We must adjust our sensibilities to realize that public information—disciplinary records and documents filed in court—is truly public, especially in electronic form. This means that more documents filed in court should be filed under seal, particularly those dealing with children. The federal courts’ administrative body decided this past autumn that some information, such as criminal records, which contain psychological reports and mental health guidelines, will not be posted on the Internet. Some state courts are coming to grips with the issue, too, but these policies are in their infancy.
Personal data online. An additional factor for awareness is that the "privacy protection" stamps that adorn some Web sites are just decorations without the clout of the law.
For example, The Wall Street Journal recently reported that more than 1 million U.S. high school students are required to fill out a survey asking their names, addresses, grade-point averages, races, religions and social views ("College-Survey Firm Quietly Peddles Student Information to Big Marketer," December 3, 2001).
The surveying organization, the National Research Center for College and University Admissions, tells schools that it will circulate the students’ information to colleges and universities across the land, thus (somehow) increasing the students’ higher-education options. But generally unknown to the schools, students and teachers, National Research sells the personal information to American Student List LLC, the country’s leading supplier of young people’s names to marketers. The National Research survey, of course, includes a "privacy statement" explaining that responses are "used by colleges, universities and other organizations to assist students and their families." A spokesman for the organization told The Wall Street Journal that the privacy statement was designed to be brief because "teachers are very busy."
A Sign of Hope
I was also going to discuss how California sells its birth and death records to private companies. Then just as I was wrapping up this article, California banned the sale of these records after an outcry from state legislators. Why were the lawmakers upset? Because they discovered that the information was being published online. Technology comes to the rescue after all.
But there is some information that should be public, yet still is not. And technology is not to blame. In many cities, you can check your city council member’s voting and attendance record from your home computer. But in New York City, you have to wend through three police checkpoints, go to Room 5 in the basement of City Hall, and ask the deputy director of legislative documents to locate the information for you.
May public access come to information that should be public. And may other information remain private, unless we provide our knowing consent.
Wendy R. Leibowitz (email@example.com) is a lawyer and the Editor-in-Chief of E-Filing Report. Her Web site is www.wendytech.com.
The use of biometric facial recognition in Tampa, Florida, has seemingly been abandoned by police, according to the American Civil Liberties Union. System logs obtained by the ACLU through Florida’s open-records law indicate the system never identified a single individual in the department’s photo database. The report’s at www.aclu.org/issues/pri vacy/drawing_blank.pdf.