For 17 years, Bob Gellman sat in the U.S. House of Representatives keeping tabs on what the federal government did with the information it collected on Americans. This was back in the days when data were stored on magnetic tapes and punch cards, or literally warehoused as paper records, and processed—if at all—by hulking mainframe computers. But even then, there was enough of it piling up in government’s hands to trigger worries about citizens’ privacy.
It was 1977, and Gellman, just four years out of Yale Law School, joined the committee with oversight of the federal government. A relatively new privacy law had set rules about how Washington used personal data, from who could look at Medicare beneficiaries’ files to what the proper uses were for passport records; Gellman’s job was to review the privacy plans agencies were required to submit. For all the rules, says Gellman now, “privacy” often amounted to a leap of faith in the federal employees who had access to the information. “They have to have some degree of discretion—otherwise the world doesn’t work,” he says. “You hope everyone does the right thing, whatever that happens to mean to them. Welcome to the world. Welcome to Washington.”
Today, the government has a great deal more data on Americans than it did during Gellman’s time on the Hill, housed in huge numbers of computers networked to one another, accessible with a few keystrokes and vulnerable to hacking threats unimaginable 40 years ago. “Every agency, depending on its mission, has these great stores of data,” says Gregory Wilshusen, director of information security issues at the Government Accountability Office. “And some of it – maybe even much of it – is very sensitive.”
The federal portrait of Americans’ lives varies in detail depending on how much you interact with the government, but can be quite intimate. The IRS has details of your income from year to year; the Department of Education knows how well you’ve kept up with your federal student loan payments. If you’ve served in the military, your fingerprints are probably on record; and if you’ve ever been in prison, there’s a chance your tattoo is filed away in a federal database. If you’ve ever applied for a security clearance, then the portrait likely extends beyond you to your friends and family, plus their friends and family. And a “death master file” under lock and key with the Social Security Administration keeps tabs on the moment you stop generating data.
When Gellman was overseeing it, that data tended to live in many silos, and structurally it still does — with two dozen major agencies and countless subprograms collecting and storing information. The trend in recent decades, though, has been for the federal government to collaborate internally when it comes to bridging those silos, leading computer scientists to sound the alarm about what they call “the mosaic effect” – that is, the risk that all this data, when combined, could paint a far more complete picture than any of us knew we were allowing.
Ed Felten, a decorated Princeton computer scientist who served as deputy chief technology officer of the United States in the Obama White House, has explained it this way: “One file might contain detailed information about behavior and another might contain precise identity information. Merging those files links behavior and identity together.” And even if the blended data doesn’t contain a name or Social Security number, the image that comes into focus can quickly be so specific to plausibly belong to only one person, or a handful of people. Currently, the Justice Department and the Department of Housing and Urban Development have a high-level agreement to allow that sort of matching. So do the IRS and the Social Security Administration, Health and Human Services and the Defense Department, and the list continues.
If the potential for knitting all this together is a fresh concern, the underlying worry about its enormous power goes back decades. In 1973, in a country rattled by Watergate and the accompanying disclosures about the willingness of Uncle Sam to dig into the backgrounds of President Richard Nixon’s so-called enemies, the then-Department of Health, Education and Welfare issued a report warning of the emergence of a new class of “technicians as record keepers” in whose hands our information was kept. Often these bureaucrats, HEW argued, were remote from both the Americans whose records they collected and those who would eventually make use of the data once it was passed along a federal daisy chain. That setup, HEW officials worried, encouraged a “’dragnet’ behavior” in which bureaucrats would feel free to dig into the private lives of Americans who’d done nothing wrong.
With the HEW report as the backdrop, 77-year-old Senator Sam Ervin – a North Carolina Republican who, however improbably, had made a name for himself as both a segregationist and civil libertarian – thundered in a speech in the Senate in June 1974 about the risk to Americans. “When [the] quite natural tendency of government to acquire and keep and share information about citizens is enhanced by computer technology and when it is subjected to the unrestrained motives of countless political administrators,” railed Ervin, “the resulting threat to individual privacy makes it necessary for Congress to reaffirm the principle of limited, responsive government on behalf of freedom.”
At Ervin’s urging, Congress scrambled to pass the Privacy Act, meant to both limit the government’s ability to collect information on citizens and boost the rights of those Americans to understand what was being collected. Five months after Nixon resigned, President Gerald Ford signed the bill into law, calling it “a major first step in safeguarding individual privacy.” But from Day One, say experts, the law has been at worst a mess, and at best a beast to interpret and enforce. Federal employees have discretion to share whatever data they might have with colleagues in their home agency, if necessary for work. How an agency might share information beyond its walls, including with other agencies, has …read more
Read more here: A picture of you, in federal data