PERSONAL PRIVACY PROTECTION VERSUS YOUR RIGHT TO KNOW: HOW THE USE OF GIS IN THIS COMPUTER AGE HAS OVERTAKEN YOUR INDIVIDUAL RIGHTS

I know no safe depository of the ultimate powers of the society but the people themselves; and if we think them not enlightened enough to exercise their control with a wholesome direction, the remedy is not to take it from them, but to inform their discretion by education. --Thomas Jefferson

This article addresses certain concerns with the government's current practices in disseminating personal information on individuals, the associated legal rights that are often infringed upon in releasing this information, the societal importance of monitoring legislation to safeguard proper enforcement of government regulations, and the power of GIS and other technology in gathering, analyzing, and integrating these personal data.

I. DEFINITION OF PRIVACY

Privacy involves three basic aspects: (1) autonomy, (2) intrusion, and (3) informational privacy. Autonomy has been defined as one's freedom to engage in intimate or private activities without intervention or regulation from government. The National Research Council broadly defined individual autonomy as: the capacity of members of society to function as individuals, uncoerced and with privacy. Protection of individual autonomy is a fundamental attribute of democracy.1

Autonomy as an individual's right to privacy typically has involved issues of abortion or the use of birth control.

Intrusion as a privacy interest means that one should be free from government surveillance with a reasonable expectation of privacy. For example, the Supreme Court has ruled that one has a reasonable expectation of privacy in a public place (phone booth).2

Informational Privacy as a privacy interest means that individuals have the right to limit their personal domain by denying access of their personal information to others, or to limit how much personal information they are obligated to give to others. Such personal information is often in the control of both public and private sector organizations.

II. THE SIGNIFICANCE OF GIS

In order to understand the value of GIS data and the importance of sharing resources to develop a GIS database, it is crucial to understand what GIS is. GIS is designed as a method to overlay and combine diverse kinds of data into a single map summarizing geographic, cultural, and scientific attributes. GIS, defined simplistically, is a computer system capable of holding and using data describing places on the earth's surface. GIS is an organized collection of computer hardware, software, data, personnel, and procedures designed to efficiently capture, store, update, manipulate, analyze, and display all forms of geographically referenced information. GIS performs geographic analyses and creates thematic maps. GIS employs a flexible and robust data structure based on topological relationships.3

GIS, by definition, should permit spatial operations on the data. Specifically, only GIS is able to answer spatial queries by using latitude and longitude data and other geographic information. GIS manages the links and relationships between data of different sets. First, the data set files are combined. Second, the computer performs arithmetic processes upon the combined data sets. Finally, analyses may be performed upon the combined data sets.

GISs are sometimes also referred to as "intelligent mapping" systems.4 What makes GIS "intelligent" is that it can seamlessly integrate map or graphic data with attribute or tabular data. GIS stores the attribute or tabular data in an external database management system (DBMS); the map or graphic data reside in the GIS. GIS links the graphic data with the tabular data in various ways. They may be linked by exact matching or nonexact matching. Exact matching occurs when you have information in one computer file about many geographic features and additional information in another file about the same set of features.5 The task of combining the computer files is achieved by using a key common to both files. The common key to both files is extracted and the two files are joined and stored in another file.

Nonexact matching occurs when some types of information are collected in more detail or more frequently than other types of information.6 If the smaller data set fits exactly within the larger data set, then the smaller areas may be grouped together until they cover the same area as the larger area. This process of grouping the data sets until they perform an exact match is called hierarchical matching.

When the boundaries of the smaller areas do not match the boundaries of the larger areas, then the two data sets need to be combined to create a new layer containing the characteristics of both data sets. This overlaying process, which is like laying one map over another and noting the combination of both maps, is called fuzzy matching.7

The geographic location data are the key for any GIS data: the coordinates of spatial features form the integrating tie that brings all spatially referenced information together. These coordinates relate all types of spatial features that may exist on a multitude of different layers. By doing so, relationships are developed among the attribute data associated with those coordinates. As digital databases of spatial features are used, the quality and integrity of information become more important, sophisticated, and interesting.

III. DATA MATCHING

The merging of databases, a common feature of GIS, permits the government to create large dossiers on individuals. The Computer Matching and Privacy Protection Act of 1988 makes it more difficult for databases to be merged to create large data files on individuals. Yet, it is still possible to combine individual data with public aggregate data such as census block groups or consumption and purchase data. The outcome is a database not based on actual facts but on suppositions.

IV. INVASION OF PRIVACY TORTS

Based upon the situation presented in. Section III, Data Matching, it is possible for an invasion of privacy tort called "placing someone in a false light." The basic element for placing someone in a false light is that one publishes matters highly offensive that portray another in a false light, attributing to that person views he or she does not hold or actions he or she did not take. In the data matching situation, an incorrect data profile of an individual communicated to a substantial number of persons would produce mental distress. Physical injury or pecuniary damages are not required.

Other invasion of privacy torts include (1) intrusion into another's seclusion, (2) appropriation of another's identity for commercial advantage, and (3) public disclosure of private facts about another. The intrusion into another's seclusion could be either physical (e.g., electronic monitoring device) or nonphysical (e.g., repeated telephone calls). Seclusion by definition includes one's rights to physical solitude or one's private affairs or concerns.

The appropriation of another's identity for commercial advantage involves the unauthorized use of any object or characteristic sufficient to identify another. The result is a product or service promoted by using another's identity.

The public disclosure of private facts of another must involve the highly offensive disclosure to the public of a matter of another's life. The matter disclosed must not be open to public view or inspection and is not a matter of public record.

V. CONSTITUTIONAL ARGUMENTS FOR RIGHT OF ACCESS

The U.S. Constitution in the First Amendment of the Bill of Rights states, "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances." The First Amendment has been recognized as "continuing a fundamental personal right of conscience and expression."8 The First Amendment also is viewed as "the repository of... self-governing powers."9 In order to exercise these fundamental rights of conscience, expression, and self-governing, the citizens must have the right to know the government's workings, policies, and administration. James Madison in his discussion of the First Amendment stated, "The right of freely examining public characters and measures, and of free communication thereon, is the only effectual guardian of every other right...."10

The First Amendment can be characterized as establishing a strong basis for the government to consider its citizens' rights to access the government's public records and information. Affording citizens the right to know of their government's workings, policies, and administration is most conveniently accomplished by giving the citizens access to the government's data and information. The press has traditionally been designated as the citizens' surrogate to obtain information about their government. Thomas Jefferson said that because the informed "opinion of the people" is the basis of government,11 he would prefer "newspapers without government" over "government without newspapers."12 The press acts as the watchdog for the public by reporting on the public officials and their actions. Such openness of the government would hopefully make them responsive and accountable to the public through the press. In this modern age characterized by the ease of computer access to government data, especially GIS data, the right of access should reside with the citizens, in addition to their surrogate, the press. Meaningful GIS data can make a significant impact on the decisions to be made by state and local governments. The citizens' access to such meaningful GIS data will inform them and equip them to exercise their fundamental personal right of conscience and expression concerning the workings, policies, and administration of their government.

VI. CONSTITUTIONAL ARGUMENTS FOR THE RIGHT OF PRIVACY

Although the U. S. Constitution does not reference the phrase "individual privacy rights," the founding fathers of this nation produced a remarkable document in the Constitution that was ratified only with the promise of the Bill of Rights. The Bill of Rights explicitly guaranteed certain protections to the rights of individuals through amendments to the Constitution. The First Amendment is central to our concept of freedom and our God-given "inalienable rights", which the infant nation rallied to in the Declaration of Independence, can be preserved only if their application is rigorously defended.

In the United States, the Constitutional basis of privacy has been found in the Supreme Court majority opinions to lie in the explicit guarantees in the First, Fourth, Fifth, Ninth, and Fourteenth Amendments, as well as the broader range of implied rights created by them in what is referred to by courts as "zones of privacy." The First Amendment guarantees freedom of communication and the expression of ideas; the Fourth Amendment guarantees freedom of association and freedom from unreasonable search and seizure including, in some cases, electronic, aural, visual, and other types of surveillance; the Fifth Amendment guarantees freedom from self-incrimination, and guarantees due process of the law with regard to the federal government; the Ninth Amendment recognizes that rights not specified in the Constitution are vested with the people; and the Fourteenth Amendment guarantees due process and equal protection of the law with regard to the states. The ideas expressed in the Constitution support individual supremacy against government and other organizations.

The United States District Court in the Western District of Texas, Austin Division recently ruled on a case, SJ Games vs. the Secret Service 13, where the primary issues centered around whether the seizure of a computer, used to operate electronic mail that had been sent to (stored on) the bulletin board, but not read (retrieved) by the intended recipients, constitutes an unlawful intercept (or the invasion of a right to privacy) under the Federal Wiretap Act. Count One was based on the Privacy Protection Act of 1980, Count Two was centered around the First Amendment, Count Three was centered around the Fourth Amendment, and Counts Four and Five were based on the Electronic Communications Privacy Act. The legislative history to Privacy Protection was taken into consideration by the deciding committee that recognized a problem for the law enforcement officers, who seeking to comply with the statutes, might be uncertain whether the materials sought were work product or nonwork product and that they were intended for publication. Therefore, in interests of allowing for some objective measure for judgment by the office, the committee has provided that the work product must be possessed by someone "reasonably believed" to have a purpose to communicate to the public, thereby infringing upon the right of privacy.

The complexity of this case results from the Secret Service's insufficient investigation and its lack of knowledge of the specific laws that could apply to their conduct on February 28, 1990, and thereafter. The Secret Service conduct resulted in the seizure of property, products, business records, business documents, and electronic communications of a corporation and for individual citizens that the statutes were intended to protect.

As the government defendants contend, it may well be that these statutes relied upon by the plaintiffs should not apply to the facts of this case, as these holdings may result in the government having great difficulties in obtaining information or computer documents representing illegal activities. But this Court could not amend or rewrite the statutes involved. The Secret Service had to go to the Congress for relief. Until that time, the Court recommended better education, investigation and strict compliance with the statutes as written.

In general, current federal and state laws provide sectorally based protection for individuals in response to specific and recognized problems such as those detailed in the following acts:

� The Freedom of Information Act
� Fair Credit Reporting Act
� Family Educational Rights and Privacy
� Right to Financial Privacy Act of 1978
� Electronic Fund Transfer Act
� Privacy Protection Act of 1988
� Telephone Consumer Protection Act of 1991

This approach is derived from the traditional American fear of government intervention in private activities and the reluctance to broadly regulate industry.

VII. FOIA AND PRIVACY RIGHTS

The problems of bigotry and discrimination addressed by many of the U.S. federal acts (e.g. Freedom of Information Act (FOIA), Family Educational Rights and Privacy Act of 1974, Privacy Protection Act of 1980, Fair Credit Reporting Act,), describe a range of privacy issues that are real and truly corrosive to the privacy of individuals and documented communications deemed private in these United States of America. But freedom of speech and the right to privacy is almost absolute in our land and the only fear in demanding enforcement and compliance is that of a violent reaction or other extreme and unreasonable legislative proposals such as Congress's recent attempt to further invade our privacy by electronically tapping our telephonic communication system. Content-based prohibition, such as that set forth by Congress, however well intended for the overall protection of the public at large, simply cannot survive the screening that our Constitution demands. No viewpoint or message may be deemed too hateful or disturbing that it may not be expressed and remain private. Individuals tend to strongly believe that Congress's recent request for legislation to legally monitor the actual communications and communicators merely subjects one to government infringement on the Constitutional rights of freedom of speech (1st Amendment), against unreasonable search and seizure (4th Amendment), and against self-incrimination (5th Amendment), as well as on the right to privacy, specifically set forth in both the Privacy Act and the FOIA. The real danger is the gradual erosion of individual liberties through the automation, integration, and interconnection of many small, separate record-keeping systems, each of which alone may seem innocuous, benevolent, and wholly justifiable.

One potentially major obstacle could very easily be the advances in GIS technology that are at the heart of the privacy issue. On one hand, many will agree that GIS has nothing to do with privacy because it is factual data on land and land resources. On the other hand, others will contend that although this may be true, due to the fact that GIS is a powerful data integrating technology that allows the compiling of data from individuals for analyzing personal household and private information GIS technology could very easily be even more invasive of personal privacy than other information technology. Both perspectives present consumers with a double-edged sword, offering exciting new services through such federal acts as contained in the FOIA and the Privacy Act while at the same time posing serious threats to personal privacy. While the FOIA limits the types of personal information that may be disseminated by federal agencies, the Privacy Act typically controls the information that state agencies and local governments may gather regarding personal information on individuals. Yet, the applicability of current privacy laws within the networked digital environment is far from clear.

On October 4, 1993, President Bill Clinton asked each Federal department and agency to take steps to ensure it is in compliance with both the letter and the spirit of the FOIA, 5 U.S.C. 552.

For the sake of clarity as to what is to be expected from mere compliance, FOIA merely establishes a presumption that records in the possession of agencies and departments of the executive branch of the United States government are accessible to the people. This was not always the approach to any federal information disclosure policy. Before enactment of the FOIA in 1966, the burden was on the individual to establish a right to examine these government records. There were no statutory guidelines or procedures to help a person seeking information. There were no judicial remedies for those denied access.

With the passage of the FOIA, the burden of proof shifted from the individual to the government. Those seeking information are no longer required to show a need for information. Instead, "the need-to-know" standard has been replaced by a "right-to-know" doctrine. The government now has to justify the need for secrecy.

The FOIA sets standards for determining which records must be disclosed and which records can be withheld. The law also provides administrative and judicial remedies for those denied access to records. The 1974 amendments require agencies to (1) publish comprehensive indexes for administrative processes of requests for information, requiring that agency files for locating and copying records be uniform and moderate; (2) answer complaints brought into court in a timely manner; and (3) not withhold entire documents but release the nonexempt portions. In addition, the 1974 amendments direct the courts to (1) expedite the consideration of FOIA cases, (2) examine withheld documents and make an independent determination as to whether they should be released, and (3) award the recovery of attorney fees by requesters who prevail. Above all, the statute requires federal agencies to provide the fullest possible disclosure of information to the public.

VIII. THE PRIVACY ACT AND PRIVACY RIGHTS

As we mentioned earlier, the Privacy Act of 1974 is a companion to the FOIA. The Privacy Act regulates federal government agency record keeping and disclosure practices. The Act allows most individuals to seek access to federal agency records about themselves. The Act requires that personal information in agency files be accurate, complete, relevant, and timely. The subject of a record may challenge the accuracy of information. The Act requires that agencies obtain information directly from the subject of the record and that information gathered for one purpose not be used for another purpose. As with FOIA, the Privacy Act provides civil remedies for individuals whose rights have been violated (Industrial Foundation of the South v. Texas Industrial Accident Board, 679).

Another important feature of the Privacy Act is the requirement that each federal agency publish a description of each system of records maintained by the agency that contains personal information. This prevents agencies from keeping secret records as was common under the leadership of J. Edgar Hoover in the FBI.

The Privacy Act also restricts the disclosure of personally identifiable information by federal agencies. Together with the FOIA, the Privacy Act permits disclosure of most personal files to the individual who is the subject of the files. The two laws restrict disclosure of personal information to others when disclosure would violate privacy interests.

IX. FOIA AND THE RIGHT OF ACCESS

In addition to the First Amendment right of the public to know the workings, policies, and administration of its government, there is a statutory right of public access to government-held information. The federal government's records are accessible to the public through the Freedom of Information Act (FOIA).14 The guiding principle of FOIA as stated in the senate report of the bill for FOIA is that of "a general philosophy of full agency disclosure."15 The Supreme Court interpreted FOIA stating, "(t)he basic purpose of the FOIA is to ensure an informed citizenry, vital to the functioning of a democratic society, needed to check against corruption and to hold the governors accountable to the governed."16

Under FOIA there are nine categories of government records that may be exempted from disclosure: (1) those relating to national security (granting broad discretion to the president to establish classification criteria), (2) agency rules and practices, (3) statutory exemptions (such as tax returns and census records), (4) confidential business information (such as financial data and trade secrets that might cause competitive harm), (5) interagency or intraagency memoranda (working documents historically exempted by the common law), (6) personnel or medical files (that "would constitute a clearly unwarranted invasion of personal privacy"), (7) law enforcement investigations, (8) banking reports, and (9) information (maps) about oil and gas wells.17

All records not specifically exempted by FOIA must be made "promptly available to any person."18 It does not matter what medium the record is in or whether the records are computerized: all records must be made available under the FOIA. The Computer Security Act of 1987 prohibits agencies from withholding computerized records from the public if the records would be available under the FOIA as paper documents.19

The First Amendment and the FOIA have established models for state constitutions and state open records statutes to provide public access to government-held data or information. Since there is no distinction made that would deny public access to government-held GIS data or information at the federal level, there should not be such a distinction at the state and local levels. Any government-held GIS data or information should be accessible for the citizens to exercise their fundamental personal right of conscience and expression concerning the workings, policies, and administration of their government.

X. DILEMMA OF THE GOVERNMENT AS THE CUSTODIAN

The dilemma that the government faces is that it no longer has the liberty to withhold information from requesters under the FOIA to protect the privacy interests of affected individuals. Now the government faces potential lawsuits from the requesters of the information if it unjustifiably withholds nonprivileged or nonconfidential information. At the same time, those individuals who claim the information is privileged or confidential may also sue the government for its unauthorized release.

Therefore, the government is now a mere custodian of the privileged or confidential information. The legislators of FOIA and its companion Privacy Act never intended to entrust the government as a watchdog of an individual's right of privacy. This is not unusual in light of the precedent in the Bill of Rights that was concerned mainly with protecting the individuals against the Government and not against other individuals or private organizations. The remedy for such interference with one's rights to privacy must lie in civil court for the torts as described earlier in Section IV, Invasion of Privacy Torts.

CONCLUSION

Contemporary society is passing from an industrial age to a GIS information age. The characteristics of a GIS information age are diverse. However, as the production of information becomes a major commercial undertaking, the value of information for its own sake will increase. The vast collection, maintenance, and dissemination of personal information by government and industry has increased public suspicion that their personal information privacy is eroding. The GIS community has a substantial interest in maintaining citizen trust in GIS technology. Awareness by the GIS community of privacy protection issues will promote fairness in information practices generally and prepare the GIS community to have a voice in the drafting of future privacy legislation.


Footnotes:

4) Esri White Paper Series, "Enterprise GIS: Using GIS in the Corporate Environment", May 1993, page 11.

5) David Rhind, Teresa Connolly, and Birkbeck College, University of London, Understanding GIS�The ArcInfo Method, 1992, pages 1�5.

6) Id.

7) Id.

8) Matthew D. Bunker, Sigman L. Splichal, Bill F. Chamberlin and Linda M. Perry, "Access to Government-Held Information in the Computer Age: Applying Legal Doctrine to Emerging Technology," in 20 Florida State University Law Review 546 (1993), note 21 citing Leonard W. Levy, Emergence of a Free Press, 250-81 (1985); Vincent Blasi, "The Checking Value in First Amendment Theory, 1977 Am. B. Found. Res. J. 523; Justice Black and First Amendment "Absolutes": A Public Interview, 37 N.Y.U. L.Rev 549 (1962) (transcript of interview conducted by Professor Edmond Cahn).

9) Id. note 22 citing William J. Brennan, Jr. "The Supreme Court and the Meiklejohn Interpretation of the First Amendment," 79 Harv. L. Rev. 1, 11 (1965).

10) Id. note 9 citing James Madison, Writings of James Madison 398 (1806), reprinted in "Note, Access to Official Information: A Neglected Constitutional Right," 27 Ind. L.J. 209, 212 (1952).14

11) Id. note 10 citing Thomas Jefferson, "Letter from Jefferson to Edward Carrington, Jan. 16, 1787, in The Papers of Thomas Jefferson 48�49).

12) Id. note 11.

13) Steve Jackson Games, Incorporated, Steve Jackson, Elizabeth McCoy, Walter Milliken, and Steffan O'Sullivan vs. The United States Secret Service and the United States of America , 816 F. Supp. 432 (1990)

Son federal statutes, arising from Secret Service agents' seizure, pursuant to search warrant, of materials from operator's premises. The District Court, Sparks, J., held that : (1) seizure was violation of Private Protection Act (First Amendment Privacy Protection] ; (2) seizure, reading, and destruction of materials did not constitute unlawful "interception of Oral Communications Act; and (3) seizure constituted violation of Stored Wired and Electronic Communications and Transactional Records Act.

14) 5 U.S.C. Section 552 (1988).

15) Bunker, Splichal, Chamberlin, and Perry, previous cite, note 83.

16) Id. note 84 citing NLRB v. Robbins Tire & Rubber Co., 437 U.S. 214, 242 (1978).

17) Id. note 88 citing Section 552(b)(1)-(9).

18) Id. note 86 citing 5 U.S.C. Section 552(a)(3) which provides:

Except with respect to the records (mandated to be) made available under paragraphs (1) and (2) of this subsection, each agency, upon any request for records which (A) reasonably describes such records and (B) is made in accordance with published rules stating the time, place, fees (if any), and procedures to be followed, shall make the records promptly available to any person.

19) Id. note 90 citing Act of January 8, 1988, Pub. L. No. 100-235, 101 Stat. 1724 (1988).