New data bases are being established and linked all the time. I would like to concentrate on for a moment or two, as an example of what I consider to be the most significant kind of privacy threat, the electronic funds transfer system. That system now being developed throughout our financial community will provide the checkless, cashless society.

There are benefits and convenience that result from such a system; we don't have to carry around money, and we don't have to bother with checks that have to be written and circulated. How convenient to be able to use the EFT card at the point of sale where my purchase is instantly recorded, my account is debited and the account of the purveyor of goods or services is credited-all in an instant-at the speed of light.

As that system expands we find the basis for data surveillance that Professor Laudon talked about because we can have a minuteby-minute account of what someone is doing. As we live our day using that EFT card to buy our lunch, purchase a book, go to a movie, make reservations for the airlines, stay in a motel, all that can be recorded step by step.

All of those records could be maintained in a very, very specific form, with specific information available.

Most of us have already seen the front end of the EFT system at the grocery store when we carried our purchases to the optical scanner at the checkout counter. The uniform product code is read; and in some stores not only the monitor screen, but a voice tells us what we bought and how much we are being charged for it. We receive a very specific receipt that tells us not simply the price of an item but specifically what item we purchased. Those records will have to be kept in the system at least for audit purposes.

Think about how an individual can be profiled by his behavior, his whereabouts pinpointed at any moment of the day. Some credit document is not moving slowly through the mails; we are talking about information moving at the speed of light in networks throughout the country which can be instantaneously queried. That is the kind of system that is being established in the private

sector.

I sometimes worry about what that means in terms of civil liberties from another standpoint: I think about those instances when someone has been denied credit, because of credit history, or error. Whatever that reason may be, somebody chose not to provide credit.

I think about the possibility that an individual, because of the EFT system, can be immobilized in society because his EFT card is not being recognized; his number, and as a result, almost his personality, is invalidated. His card won't be accepted by the system, for whatever reason.

We are talking about invasions of privacy, Mr. Chairman, that can result because an individual may have profiles and dossiers developed about him; because he is using systems that identify him, his behavior can be controlled while he moves through society and, indeed, he can be virtually immobilized in a crowd.

The result of all this is, that in fact we are developing a virtual central data base. The question of a national identity card or a single identifying number is growing moot. The linkages of infor

mation systems, the networking of information in distributed data bases that can be instantly queried from any computer any place, makes a central data base a moot question, because we can get information wherever it is.

Because of the available personal identifiers, credit card number, social security number, name, address, other identifiers, a single identifier becomes less and less necessary. Technology is providing ways to link identifiers and files, Mr. Chairman. Something must be done now to protect the individual's privacy.

Where can we look for help? Let's look at the current administration. In addition to those file matching programs which are now in place, let's look at some other indicator's.

The administration wanted to have polygraph examinations of people in high levels of the executive agencies and polygraphs, can be unreliable and intrusive forms of privacy invasion. The administration was pushing proposals from the FBI to use the National Crime Information Center, to keep an eye on people who had not committed a crime but are people who might associate with people with whom the FBI has an interest.

The administration wants to restrict FOIA inquires and Privacy Act privileges. This administration has withdrawn Executive orders previously issued by the White House which undertook to protect information and to restrict access of the White House to Federal information files.

A committee of the House, Mr. Chairman, the Government Operations Committee, did a study a while ago on Privacy Act implementation. It was reported that the OMB has been doing a poor job in keeping track of the implementation of the Privacy Act. There isn't very much interest in this administration to see how well the Privacy Act of 1974 is being implemented. And since 1974, there has not been a wide inquiry on Federal information systems.

What have the Federal courts being doing with respect to privacy? First of all, in the Miller decision, the Supreme Court told us that individuals do not have an expectation of privacy in their financial records; they don't even have standing to complain about it, said the Supreme Court. So the Congress had to step in and enact the Financial Privacy Act of 1978.

In the Stanford case, the Supreme Court thought it was all right for the files of newspapers to be searched by Government_agents without process. And, again, the Congress had to pass the Privacy Act of 1980 to undo that and to provide some protection to the media.

The Smith case, involved the pen register, the device by which numbers called on the telephone are recorded-the Supreme Court said an individual has no privacy rights about the listing of telephone numbers called.

In Paul v. Davis, the Supreme Court said that information privacy is not protected under the Constitution, and it shielded from liability a State police official who distributed wrong criminal information about an individual.

That the current administration is not doing anything to forward the interests of individual privacy.

We cannot expect the Court to change its mind. It appears to me, Mr. Chairman, we must look to the Congress.

There has been some excellent work on information and privacy by the Office of Technology Assessment. I know that your committee has made an inquiry to OTA with respect to an assessment regarding questions of technology and Government data banks today.

I recommend such a study. Further, I earnestly recommend the establishment of some sort of Federal entity to do what the Privacy Protection Study Commission could not continue to do because it went out of business.

The current administration wants deregulation. I make a sharp distinction between deregulation that will stimulate the private sector economically and de-regulation in terms of protecting the liberty of individuals. Deregulation, to me, does not mean the protection of personal freedom. What it means to me is that protections for the freedom of individuals are being removed.

As much as I dislike levels of bureaucratic overlay, the average consumer today is unorganized and doesn't have a way of expressing a constituency, and never will have because of the diverse per spectives and interest of various individuals. It requires some institution. I believe, to look out for the individual's privacy.

I earnestly hope that you, your committee, and the Congress, will exercise leadership in assessing the situation and in establishing a mechanism that can protect the privacy that is slipping away.

I am reminded how appropriate your hearings are at this particular time. In the book 1984, that it was on April 4, that Winston Smith wrote, "Down with Big Brother."

This is a perfect time to begin examining how we can control the technology and control information systems, so that individual integrity can be protected. The dignity of the individual is one of the most important civil liberties in the world today.

I thank you, Mr. Chairman. I am willing to answer any questions you have now or may submit later in writing.

[The statement of Mr. Trubow follows:]

TESTIMONY BEFORE THE U.S. HOUSE OF REPRESENTATIVES, JUDICIARY SUBCOMMITTEE ON COURTS, CIVIL LIBERTIES AND THE ADMINISTRATION OF JUSTICE, APRIL 5, 1984, BY GEORGE B. TRUBOW, PROFESSOR OF LAW AND DIRECTOR, CENTER FOR INFORMATION TECHNOLOGY AND PRIVACY LAW, THE JOHN MARSHALL LAW SCHOOL, CHICAGO, IL Mr. Chairman, I am George B. Trubow, Professor at The John Marshall Law School of Chicago, Illinois, and Director of the School's Center for Information Technology and Privacy Law. Previously I have served as deputy counsel to the U.S. Senate Judiciary Subcommittee on Improvements in Judicial Machinery, Executive Director of the Maryland Governor's Commission on the Administration of Justice, and Director of Inspection and Review for the Law Enforcement Assistance Administration of the U.S. Department of Justice. From 1974 to 1976, I was general counsel to the Committee on the Right to Privacy, Executive Office of the President. I appreciate this opportunity to testify during your hearings on "1984: Civil Liberties and the National Security State."

Many people have celebrated the arrival of 1984, by noting that George Orwell's visions did not occur. There are no all-seeing two way television systems in our homes and offices to monitor our movements and thoughts, although information technology has come a long way since Orwell wrote his famous novel, "Nineteen Eight-Four."

Though Big Brother is not omnipresent as yet, perhaps the systems are now being developed that will monitor our every movement and examine our political, religious, business and social activities. The computer systems and networks being built now can provide the foundation for such surveillance as Orwell envisioned, even though he did not foresee the role that the digital computer would play in the future world.

Millions of home and business computers have already been sold and projections are that many millions more will be marketed in the near future. Information processes that were previously considered too small to justify automation can now be easily and cheaply converted to electronic manipulation. Attorneys, accountants, doctors, teachers, writers, and others are discovering that a great deal of their work can be performed on personal computers.

The information revolution goes far beyond the individual person processing information alone at home or in the office. The public and private data bases that are being developed and linked are a major part of the information revolution. These linkages come with a myriad of "hi-tech" names: Teletext, Videotex, Electronic Funds Transfer, The Source, Arpanet, and many, many more. Such systems will be the connection between millions of home, business, and government computers and centralized data bases. These "information highways" also provide the means for whomever owns them-government or business-to monitor and possibly to influence or control our movements, transactions and even our thoughts.

Teletext is the one-way transmission of information from a data base to a home computer which stores the information until the subscriber is ready to read it. Teletext is often compared to an electronic newspaper. Videotex is a two-way system that permits subscribers to query data bases for specific information, or to supply information themselves. While neither of these systems are widespread in the United States, as yet, they are being developed rapidly in Europe and can be expected to burgeon in this country, too. The obvious benefits from these new technologies, however, come with the inherent danger of loss of privacy. The information that flows through these highways, whether by telephone line or satellite, is subject to being monitored and copied. While the computer's vast memory capabilities and high speed operation creates the information revolution, it is precisely these same capacities that permit the monitoring of personal information and the survelliance of an individual's activities. For instance, consider the Electronic Funds Transfer System, known as EFT, which is the banking industry's system for creating a checkless and cashless society. With this system the transfer of funds, whether the most mundane point-of-sale transaction such as a grocery purchase or the most complex international high-finance arrangement, would be accomplished through computer linkages that debit and credit financial accounts and develop a minute-by-minute record of one's existence.

Of course, these types of files have been kept for centuries-long before the invention of the computer. However, the old pen and paper systems afforded natural protection for information; because they were to bulky and unwieldy that information was not easily available. It was simply too tedious and too costly to search the records, copy and transmit information. Today, on the other hand, computer speed and memory coupled with high speed transmission and printing put this information at an investigator's fingertips.

Anyone who has applied for any type of financial credit, bank loan, mortgage or credit card, knows that he or she must reveal great deal of information, including name and address, social security number, the names of banks where that person has accounts, his or her income and place of employment, and a list of debts and assets. Many people may not realize that signing the application gives almost a total waiver of the right to informational privacy, allowing the bank or credit institution to gather or supply virtually unlimited personal information about the applicant. Because retail credit bureaus keep files on at least 150 million Americans, almost anyone who uses credit can be certain that some faceless organization has detailed personal information about him or her.

For individuals who have something embarrassing in their past such as a juvenile arrest record, history of psychiatric treatment, or some financial problem, the existence of these files is like a ticking time bomb. Release of such information could lead to public shame or perhaps a loss of job. But the focus of privacy concern should not be merely on those who have histories that they would prefer to hide; more importantly, privacy should focus on all of us who have something to protect, and that is personal and family dignity. Privacy is the privilege not to have one's life an open book, at the behest of others. Privacy is the privilege to determine what information about oneself is to be shared with others and for what purpose personal information will be used.

Of course, if individuals want to participate in the benefits of society and new technology, they must surrender some privacy. Walter Cronkite sums up this dilemma in his foreward to David Burnham's Book, "The Rise of the Computer State:" "Without the malign intent of any government system or would-be dictator our privacy is being invaded, and more and more of the experiences which should be solely

our own are finding their way into electronic files that the curious can scrutinize at a touch of a button."

"Edmund Burke warned us more than 200 years ago: "The true danger is when liberty is nibbled away, for expedients and by parts." If privacy is the freedom from unwarranted intrusion by others, then we can see this "nibbling for expedients" taking place constantly today. Consider, for example, some of the current "routine" activities of federal and state government regarding computer file matching and information exchange which include locating the whereabouts of parents who have skipped out on obligations to dependent children, finding young men who have failed to register for the draft, and identifying individuals who commit welfare fraud. Most recently, the Internal Revenue Service began matching government and private sector data bases for the purpose of developing taxpayer “personal lifestyle profiles" to verify the validity of tax returns. The government justifies such activities for the "expedient" of catching wrongdoers, and most would not contest that objective. But these surveillance activities-the use of information gathered for one purpose being used for another purpose without the data subject's knowledge-are being implemented without guidelines developed with the benefit of national examination and discussion to define the proper balance between the individual's interests and those of government.

Former U.S. Senator Sam Ervin, Jr., at a 1971 Senate hearing on federal data banks and the Bill of Rights, stated the privacy problem this way: "Once people start fearing the government, once they think they are under surveillance by the government, whether they are or not, they are likely to refrain from exercising the great rights incorporated in the First Amendment to make their minds and spirits free." In other words, the knowledge that we are being watched forces us to conform and to alter the way we behave. After a while, this conformity can become second nature, and at that point we have truly lost our privacy and our freedom, and George Orwell's prediction will have come to pass.

A number of disturbing trusts are becoming clear:

The Government-state and federal-clearly has the propensity to develop profiles and dossieres of citizens and to carefully scrutinize their behavior.

More and more data bases of personal information are being developed by countless entities in the public and private sector.

Information communication technology-the ability to link these distributed data bases in a vast network-provides in effect a "central" national data base of personal information.

Files and linkages are being constantly enlarged. The development of horizontal business conglomerates makes available to individual customers general merchandising, insurance, banking, investment, accounting and real estate brokerage services; legal and medical service soon may also be available at the department store. With all these services furnished under one "roof," a massive "cradle-to-grave" personal information file becomes reality. There has been discussion in Washington about the establishment of a national identity card-which could surely be the key to identifying and linking every personal information base in existence. (As an aside, it can be noted that to a large extent, the social security number and bank charge cards already provide a pervasive means for information linkage).

The Congress has not made a careful and systematic examination of government or private sector information practices since it passed the Privacy Act of 1974. Indeed, that act appears not to have curtailed the governmental sharing of personal information-something that was a clear objective of the legislation. The Privacy Protection Study Commission reported in 1977; few of its recommendations appear to have been implemented. This year-1984-is an appropriate time to undertake another look at the status of government and private sector information practices, and I earnestly hope that the Congress does so.

I believe that experience indicates that the individual consumer is without adequate privacy protection. I quote from the findings of the National Symposium on Persoanl Privacy and Information Technology, sponsored by the American Bar Association and the American Federation of Information Processing Societies in 1981: "The individual's informational privacy is relatively unprotected and will remain so unless an effective constituency is developed." because of the diverse interests of our nation's population an organized privacy constitutency cannot be developed. A further recommendation of the Sypmosium is, “Some long-term mechanisms or institutions, public, private, or both, must be established to examine and develop informational privacy policy that balances governmental, societal and private interests." Though I dislike the ideal of more bureaucracy, I believe that it is time for the federal government to establish some mechanism for pirvacy vigilance before it is to late to do so. Information and communications technology advances at an astonish