What privacy protections are in the Constitution?

The U.S. Constitution does not explicitly guarantee a right to privacy, but the First, Fourth and Ninth Amendments have formed the legal basis for laws protecting privacy.

First Amendment: Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.

Fourth Amendment: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Ninth Amendment: The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

 

What protects my privacy?

The federal Privacy Act of 1974 was passed in the wake of Watergate, amid public concern over abuses of government surveillance power and the computerization of government records. While its purview was comprehensive, the law is now frequently criticized as inadequate, even by the Justice Department itself in the introduction to the text on its Web site: "… the act's imprecise language, limited legislative history, and somewhat outdated regulatory guidelines have rendered it a difficult statute to decipher and apply."

Under the Privacy Act, federal agencies cannot keep secret records on U.S. citizens and must allow citizens to view the records kept about them. Agencies' records cannot describe "how any individual exercises rights guaranteed by the First Amendment unless expressly authorized by statute," must be limited to the information the agency needs to carry out its responsibilities, and should be collected from the individual in question if the information may have a negative effect on that person's "rights, benefits and privileges." The act also places limitations on how agencies can share information to prevent the construction of what Clinton administration chief privacy counselor Peter Swire calls "the one database on all Americans run by the government."

The act also gives citizens the right to correct inaccurate information in their records and to sue the government for civil penalties in the case of a violation. A federal employee who violates the act can face criminal charges.

However, as the DOJ's Web site intimates, the act has significant weaknesses. On its Web page about the act, the Electronic Privacy Information Center points out that the law grants exemptions for vaguely defined "law enforcement purposes" and "routine use," and that definitions for important terms such as "record," "system of record" and "identifying particular" are too narrow to be useful in the changing technological landscape. Characterizing the act's efficacy, Swire told FRONTLINE, "… a lot of times today, you'll see the government say 'Well, we complied with the Privacy Act,' and that's like saying 'We have a fence that's six inches tall … in place, so you're still protected.'"

The Freedom of Information Act, enacted in 1966, is another useful privacy tool; it requires the government to release any federal records requested by members of the public, unless those records fall under the nine exemptions built into the law to protect privileged information. More information on FOIA is available from the University of Missouri's Freedom of Information Center, including sample letters to obtain information from the government under FOIA or the Privacy Act.

State-level privacy and electronic surveillance regulations vary across the country. The National Conference of State Legislatures provides an online list describing each state's laws, as does the Electronic Privacy Information Center

 

On an average day, what kind of "digital footprint" do I leave?

Much of the technology used in daily communications and financial transactions involves the submission or transmission of personal identifying information, which companies can then compile, store, and often sell to other companies or the government. In his book, Privacy Lost, former Navy cryptographic analyst David H. Holtzman examines how personal information gets transferred in everyday transactions.

CREDIT CARDS
Credit card companies record customers' purchases and some use that information to construct customer profiles. Those profiles include buying patterns, which can be used to prevent fraud, as well as predictions of future purchasing patterns, which can be sold to marketers or other companies.

CELLULAR PHONES
The Federal Communication Commission's 2005 Enhanced 911 (E911) rule requires cell phone providers to be able to locate 911 callers "within 50 to 300 meters in most cases" and to provide that information within six months of a government request. To be compliant, most cell phone carriers have installed global positioning satellite chips into cell phones, which can track a user's position to within the mandated range.

INTERNET
Web sites use "cookies" and other software that can log the IP addresses of visitors' computers and other identifying data exchanged during use of the site. Major search engines keep records of searches along with the IP address or other identifying information of the computer from which the search originated. In 2006 the Justice Department subpoenaed search records from Yahoo, Google, MSN and AOL as part of a Supreme Court case over the Child Online Protection Act. Google was the only company to resist the subpoena, and in March, the company announced measures to make search information anonymous after 24 months.

 

What kind of data-mining programs is the government running?

In September 2001, the FBI Office of General Counsel authorized bureau personnel to begin using commercial databases such as LexisNexis and ChoicePoint in the course of counterintelligence investigations, as permitted under revised guidelines from then-Attorney General John Ashcroft. One document (found on page five of this collection of memos) set the tone for FBI investigators, with the instruction: "you may use ChoicePoint to your heart's content." A more comprehensive set of internal documents from the Office of General Counsel explained the legal justification for the new directive and provided guidelines for the use of databases such as ChoicePoint.

A report issued by the General Accounting Office (GAO) in May 2004 found 199 federal data-mining projects, of which 131 were operational and 68 were planned; 122 used "personal information," such as credit reports, student loan application data, bank account numbers or taxpayer identification numbers; and 14 were counterterrorism related. A little-noticed footnote in the report points out that the survey did not include programs at the National Security Agency or CIA; nor did it mention the Defense Department's controversial Total Information Awareness [TIA] program, which was shut down in 2003, but whose programs have secretly moved on to other agencies.

The report found that 52 of the 128 federal agencies surveyed were using or planning data-mining projects for purposes including:

• improving service or performance
• detecting fraud, waste and abuse
• analyzing scientific and research information
• managing human resources
• detecting criminal activities or patterns
• analyzing intelligence and detecting terrorist activities

This interactive map assembled by journalism students and professors at Northwestern University outlines the many data-mining programs being operated by branches of the federal government -- from the FBI and the Department of Defense to the Education Department and the Treasury -- along with their connections to private companies, such as ChoicePoint and LexisNexis. [To access the map, click through the introduction page, then choose "Data Mining Programs" at the bottom of the screen.]

 

• Related Links
• Privacy
• The Debate of the 21st Century
  In the war against terrorism, do Americans need to lower their expectations of privacy? Here are the views of experts interviewed by FRONTLINE for this report.
• The Electronic Frontier Foundation
  EFF's mission is "to champion the public interest in every critical battle affecting digital rights." It has filed a lawsuit against AT&T for its alleged collaboration with the National Security Agency; the lawsuit is currently in front of the 9th Circuit Court, and EFF has collected documents and court filings here. [See FRONTLINE's interview with former AT&T employee Mark Klein for more on this issue.]
• The Electronic Privacy Information Center
  EPIC is a public policy research center dedicated to issues involving civil liberties, privacy and the First Amendment. It has a section of resources dedicated to domestic surveillance as well as the A to Z's of Privacy.
• Privacy.org
  Run by EPIC and Privacy International, a human rights organization based in London, Privacy.org is a compendium of news and action alerts related to privacy issues.
• Privacy and Civil Liberties Oversight Board
  Following up on a recommendation in the 9/11 Commission Report, the Bush administration established this board to advise the executive branch on privacy. It is also "specifically charged" with reviewing information-sharing practices related to terrorism to determine whether civil liberties and privacy are being "appropriately" protected. The board issued its first annual report to Congress on April 23, 2007; according to the report, the board was briefed on the president's terrorist surveillance program [TSP] and found "no evidence or reasonable basis to believe that the privacy and civil liberties of U.S. persons are improperly threatened or impinged." However, on May 15, 2007, The Washington Post reported that one of the panel's five members had resigned in protest over revisions to the report requested by the Bush administration. According to the Post, "One section deleted by the administration would have divulged that the Office of the Director of National Intelligence's civil liberties protection officer had 'conducted reviews of the potentially problematic programs and has established procedures' for intelligence officials to file complaints about possible civil liberties and privacy abuses."
• American Civil Liberties Union
  Here is the section of the ACLU's Web site related to privacy and technology issues. It includes a section on surveillance & wiretapping with fact sheets, legislative and legal documents and reports.
• Data Mining
• Data Mining: An Overview
  Updated in January 2007, this Congressional Research Service report explains the basics of data mining, which "has become one of the key features of many homeland security initiatives." According to CRS, data mining "represents a difference of kind rather than degree" when compared to other ways of analyzing data, in that it "can be used to examine several multidimensional data relationships simultaneously." The report also discusses major data-mining projects in the national security arena, including TIA and the NSA's terrorist surveillance program. [Note: This is a pdf file; Adobe Acrobat required]
• Effective Counterterrorism and the Limited Role of Predictive Data Mining
  When Las Vegas casinos wanted to screen prospective employees for links to crime, they turned to software written by a programmer named Jeff Jonas. But in this December 2006 Policy Analysis for the libertarian Cato Institute, Jonas and Jim Harper argue that "data mining is not well suited to the terrorist discovery problem." Jonas also maintains a blog that he calls "a collection of thoughts and resources on privacy and the information age."
• Data Mining: Federal Efforts Cover a Wide Range of Uses
  The U.S. General Accounting Office (GAO) -- "the audit, evaluation and investigative arm of Congress" -- compiled this May 2004 report on data-mining programs throughout the federal government. The main finding: "Our survey of 128 federal departments and agencies ... shows that 52 agencies are using or are planning to use data mining. These departments and agencies reported 199 data mining efforts, of which 68 are planning and 131 are operational. ... In addition, out of all 199 data mining efforts identified, 122 used personal information." [Note: This is a pdf file; Adobe Acrobat required]
• Survey of DHS Data-Mining Activities
  This December 2006 Department of Homeland Security Report "identified 12 systems and capabilities that DHS personnel use to perform data-mining activities to support DHS' mission of counterterrorism. Nine systems are operational and three systems are under development." [Note: This is a pdf file; Adobe Acrobat required]
• Balancing Privacy and Security: The Privacy Implications of Government Data-Mining Programs
  Data mining led the agenda when the Democrats gained control of the Senate Judiciary Committee and held its first hearing on Jan. 10, 2007. This page features prepared testimony from representatives of the Cato Institute and the Heritage Foundation and statements by Committee Chair Patrick Leahy (D-Vt.) and Ranking Democrat Ted Kennedy (D-Mass.) "We don't question the sincerity of the administration in wanting to protect the American people against new terrorist attacks," said Kennedy. "But it is our responsibility to conduct meaningful oversight over the judgments and methods involved."