The Role of the Federal Government in Privacy

The Role of the Federal Government in Privacy Policy Professor Peter P. Swire The Ohio State University Center for American Progress The Privacy Symposium, Summer 2007 August 23, 2007

Overview Ø My background Ø Privacy under Pres. (Bill) Clinton l Role of the Chief Counselor for Privacy Ø Privacy under Pres. George W. Bush Ø What institutions and policies for the next administration?

My Background Law prof in 1990 s l Book on EU Directive & US Ø Chief Counselor for Privacy, US Office of Management & Budget, 1999 to early 2001 Ø Law prof again since early 2001 l Senior Fellow, Center for American Progress l Consultant to Morrison & Foerster, LLP l Lots of privacy & security at www. peterswire. net Ø

Privacy in Clinton Years 1993: Information Superhighway Ø FTC and “unfair & deceptive practices” l Cyberspace & privacy as new missions for the FTC Ø Children’s Online Privacy Protection Act of 1998 Ø Gore speech 1998 – need a White House official for privacy l I started early 1999 Ø

Privacy in Federal Government 6/99 OMB memorandum to post clear privacy policies on agency sites Ø 6/00 OMB memorandum presumption against cookies on federal sites & reports to OMB on privacy in the budget process Ø 12/00 OMB memorandum on agency data sharing, including push for privacy impact assessments Ø Federal CIO Council privacy committee Ø

Themes in Federal Government Ø Government should lead by example l Hard to push for strong web privacy unless government agencies have good policies Ø Government must respond to privacy crises l l Cookies memo after drug czar site found with cookies FIDNet and how not to announce surveillance of all who come to federal web sites

Medical Privacy HIPAA statute in 1996 Ø Congressional deadline to write law by 8/99 Ø Proposed rule 10/99 Ø 52, 000 comments by 2/00 Ø Final rule 12/00 Ø Almost repealed 3/01 Ø Modified final rule now in effect Ø l Changes in marketing & consent

Medical Privacy My role as W. H. coordinator – focus especially on the issues not solely within HHS l Law enforcement l Payments l Military, VA, State, Labor, etc. Ø Executive Order 12/00: limits on using health oversight records for law enforcement Ø Executive Order 2/00: genetic discrimination l Now on verge of becoming statute for private sector Ø

Financial Privacy Clinton speech 5/99 l The previous year essentially no privacy in financial reform bill that almost passed Ø House bill with half that 6/99 Ø Significant Administration push for privacy Ø Gramm-Leach-Bliley 11/99 Ø Administration proposal for more, 4/00 Ø GLB rules, 2000 Ø Many banks now feel fortunate with the deal they got Ø

Some Other Privacy Actions Ø Crypto policy change, 1999 Ø Safe Harbor with E. U. , 2000 Ø Network advertising code, 2000 Ø Bankruptcy and privacy study 1/01: public records and privacy issue Ø National Academy of Sciences study on authentication & privacy l Special report on national ID systems

Surveillance Issues In 2000, chaired W. H. working group on how to update surveillance law for Internet age l Proposed legislation summer 2000 l Same issues as Patriot Act • That doubled/tripled new surveillance powers • Took out all our privacy proposals, notably to treat email content like phone calls l In 2000, though, Republican Congress criticized us as too surveillance-prone Ø Would “privacy counselor” have chaired the effort under Pres. Bush? Ø

Contact Information Ø Phone: (240) 994 -4142 Ø Email: peter@peterswire. net Ø Web: www. peterswire. net Ø “Privacy & Information Sharing in the War Against Terrorism” at http: //ssrn. com/abstract=899626