Databases and Security vs. Privacy
By Heather Green
The debate about whether or not the U.S should or would adopt a national identification-card system has emerged with a jolting intensity. Jolting because even through world wars and a cold war, in which the U.S. feared an enemy within the country as much as the armies outside, Americans resisted the creation of a national ID that they would carry to prove their citizenship (see BW Online, 10/4/01, "Don't Make Privacy the Next Victim of Terror"). Now, however, public surveys, congressional speeches, and remarks by high-profile CEOs are bringing the issue to the forefront, causing everyone to consider whether America is ready to adopt a card ID system -- like those widely used in other countries -- at the expense of our privacy.
The problem is, the debate over trading security provided by card IDs for a lower standard of privacy focuses on the wrong issue. The federal government and law enforcement don't need national ID cards. Indeed, the Bush Administration stated publicly last month that it had no intention of pushing for cards. Instead, law-enforcement and intelligence agencies can achieve many of the same goals of an ID card by increasing the collection and sharing of data among federal and state agencies, banks, transportation authorities, and credit-card companies.
People concerned about balancing privacy and security need to focus on this point and not get caught up in the red herring debate around the ID cards themselves.
After all, the U.S. already is a database nation. In the corporate world, the push to gather, store, and trade information about individuals' daily lives, habits and tastes, families, purchases, health, and financial standing has steadily increased as database software and hardware, data-mining technology, and computer networks have become cheaper to run and connect.
The FBI, Central Intelligence Agency, Federal Aviation Administration, Immigration & Naturalization Service, port authorities, and state motor vehicle departments could possibly take a page from Corporate America. By creating data-gathering systems in the background that pull together information about people -- including their travel plans, frequent-flier info, license certification, border crossings, and financial records -- law-enforcement and intelligence agencies can run a robust national ID system without the card itself.
Two questions: Would government in the U.S. really be able to implement a system of databases, and why have other countries avoided this path? First, commercial databases are a particularly American heritage. We're concerned about privacy, but not urgently. Most believe that if we personally think it's important, we can set limits on how our information is used: We can call a number provided by the Direct Marketing Assn., say, to get ourselves off catalog lists. And we accept that some benefits and efficiency come from providing data to companies, including health insurers, credit-card issuers, and airlines. So a huge system of commercial databases has been created.
Second, Europe has a different, more tragic historical perspective. The Nazis used personal information culled from commercial and government files, including telephone and bank records, to track down Jews, communists, resistance fighters, and the mentally ill. As a direct result of that experience, privacy is very highly protected in countries such as Germany and France.
That doesn't mean these countries aren't interested in protecting security. It simply means that instead of amassing huge amounts of information in databases, these countries favor national ID cards. According to privacy group Privacy International, most of the Western European countries that have strict controls protecting the privacy of personal information -- including Germany, France, Belgium, Greece, Luxembourg, Portugal, and Spain -- have compulsory national ID systems.
So, Americans need to get more sophisticated and realize that, in the interest of security, law-enforcement and intelligence agencies are likely to start beefing up their databases on citizens. We need to be on guard and informed about this eventuality. Despite how difficult it might be to make these databases work effectively, you have to believe that security officials view networked databases as key to their war on terrorism.
Facing this likelihood, citizens need to know and make clear what the rules are under which people land in these databases and are flagged as suspects, who gets to look at the information, and what protections can be established so that information collected for one purpose isn't used for another without some kind of oversight. America needs clear definitions about what terrorism is, so that someone who is protesting against U.S. policies isn't labeled a terrorist out of hand. This is where the true privacy vs. security battlefield will be in the future.
After September 11, it's only natural that the nation would search for ways to increase its security. But law enforcement has overstepped the boundaries of acceptable surveillance of Americans in the past. Widespread wiretapping of civil-rights leaders, including Martin Luther King, as well as Vietnam war dissidents including Jane Fonda and John Lennon during the 1960s and early 1970s led to stricter controls over the kind of information intelligence agencies could gather and the type of broad investigations they could conduct.
Just because we depend on the government to protect us doesn't mean that it will always respect our individual rights. That's the contest that has always been waged in a democracy: the rights of individuals against the safety of the community. Individuals have a duty to be aware of the steps a security-focused government will contemplate and to fight for the protection of rights that they believe are the foundation of a democracy. Privacy is a civil liberty worthy of protection.
Green covers the Internet for BusinessWeek in New York