PRIVACY POWER

Fundamentally, the problem with privacy boils down to the fact that in the USA you have few (if any) legal rights to your own data. Time and again, courts have ruled that corporations and governments may do what they wish with your information, barring any laws to the contrary. This is in stark contrast to European Union privacy directives, which work on the assumption that data about an individual belongs to that individual, and anyone who wants to use it must ask nicely first.

"The biggest privacy threats are political, not technical," says Bruce Schneier. "They're the fact that you don't own your own data. It's not like it is in Europe, where data collected for one purpose can only be used for that purpose. You have no rights to the data ChoicePoint has about you no rights to make it accurate or say 'I don't want that data available about me, take it down'."

Yet passing an EU-style privacy law is unlikely and could actually lead to harmful consequences, warns Peter Swire, a professor at Ohio State University's Moritz College of Law and former Chief Counselor for Privacy in the Clinton Administration.

"A lot of European laws are aspirational they state what they hope people will do," says Swire. "When we pass laws in the U.S., we actually expect people to enforce them. So any overarching Federal law has to be written with great care, so we don't drown our lives in opt-in forms or put limits on data that should be shared. It could apply a level of bureaucracy most Americans wouldn't want."

For more than 20 years, privacy advocate Robert Gellman has argued for the creation of an independent, non-regulatory privacy commission, similar to the early U.S. Commission on Civil Rights, which could act as a privacy watchdog.

"In its early days, the Civil Rights Commission was an opinion leader," he says. "They held hearings and focused the public's attention. An independent privacy commission could comment on what other agencies are doing, could say the President's or Congress's latest proposals are seriously deficient from a privacy perspective. And it could be a great resource for legislators who often know nothing about privacy."

"Giving such an agency regulatory powers would be an enormous challenge," adds Gellman. "I also don't think it's possible to regulate privacy in this country. But I think a lot could be accomplished in a non-regulatory manner."

One reason European countries have such strong privacy protections is that they've seen totalitarian governments up close, says Bill Scannell, a media strategist and creator of the Boycott Delta web site (http://www.boycottdelta.org/), which he built to oppose CAPPS II. Scannell says people in this country are naïve about what can happen when a government has too much power and too much information.

"People love to say they care about privacy, but then they're willing to provide a DNA sample in return for a coupon for a free Snickers bar," says Scannell. "Where's the privacy lobby in this country? There isn't one. Part of that is because we've never experienced true totalitarianism. But we are certainly headed in that direction, unless we make some serious policy decisions regarding all of this surveillance technology."

In a post-9/11 world, I believe we need both security and privacy, and that one doesn't necessarily cancel out the other. But we have to start by asserting our own rights to our own data and guarding both of them zealously, before our privacy and our rights both disappear.