Counting on Confidentiality: Legal and Statistical Approaches to Federal Privacy Law after the USA Patriot Act
Douglas J. Sylvester
Arizona State University - College of Law
Arizona State University
Wisconsin Law Review, pp. 1036-1138, 2005
This Article is divided into five parts.
In Part II, we summarize the development of concepts of privacy and confidentiality, and examine how legal and statistical communities have reacted to two major changes in the privacy landscape of the last twenty years. The first is the challenge brought by new online and potentially privacy invasive technologies. The second is the privacy and security effects of September 11th. We argue that law's innovations, perhaps reactive to overwrought public concerns regarding privacy and the aftershocks of September 11th, represent real challenges to traditional notions of data access, confidentiality, and respondent trust. Finally, we review statistical societies' quick condemnation of many of the privacy- and trust-erosive measures contained in post-September 11th legislation and their lobbying to overturn the most egregious of these.
In Part III, we provide a basic framework for enacting future privacy legislation to govern federal statistical agencies. We argue that federal agencies, and the laws that govern their conduct, should be framed with three broad principles in mind: (i) a commitment to bureaucratic justice; (ii) a level of regulatory coherence that justifies choices made; and (iii) a flexibility that allows anticipation of, rather than merely post hoc response to, challenges posed by future technology and methods. In so doing, we note that law's previous attempts to maneuver between these principles have often resulted in second-best solutions, changing with shifting public opinions that are, themselves, based on various cognitive processes that result in consistent and recognizable errors. We argue that laws that fail to consider methods available in computer science and statistics often underestimate the privacy threats posed by seemingly nonindividually identifiable data disclosures. Such laws also overlook, to the detriment of the trust-based statistical regime that has proven so successful for two centuries, the importance of statistical associations' ethical standards for determining appropriate disclosures.
In Part IV, we set out various statistical methods that have been, and could be, employed to protect the confidentiality of data released to the public or government agencies. In describing these options, we discuss the limitations inherent in each and note the law's continuing role in enforcing these measures.
Finally, in Part V, we conclude that increased dialogue between our disciplines can, and should, result in a better privacy regime that combines sound statistical methods designed to protect anonymity where appropriate, with legal enactments that promote legitimate sharing yet punish abuses. In so doing, we provide some specific approaches for legislating privacy that account for the trust needed to make statistical programs successful and for the data access and disclosure so important for the challenges currently facing this country.
Number of Pages in PDF File: 102
Keywords: Privacy, Census, Trust, Cognition, Behavioral, History, Statistics, Confidentiality, Institutional Theory, NSA Wiretapping, Patriot Act
Date posted: March 3, 2006 ; Last revised: September 15, 2009