Privacy violations that truly matter occur when two things converge: power and information.
Uninformed power can rarely be exercised effectively. Information without power is merely trivia.
It is in light of these fundamental facts that the debate over consumer privacy must be seen.
As technology allows distant islands of information to grow and become easily searchable continents, Americans instinctively realize that personal privacy will be a likely and early casualty of the 21st century. This visceral fear is reflected in poll after poll citing privacy as a top issue.
The public is right to be concerned, but it is important to channel that concern into constructive change, rather than mindlessly thrashing a new corporation every month for alleged privacy violations. We need to worry more about places where information collides with power and less about trivia; in other words, the government's invasion of our privacy.
History is replete with examples of governments compiling information and then using it to violate the rights of one or many citizens. The internment of Japanese Americans during World War II is one of many reminders the United States is not immune from such abuses.
By contrast, while misuse of power is always a danger in the private sector, there are comparatively few examples of corporations using information to ruin lives, seize property, or violate human rights. For those who want to remain unseen by corporate eyes, there are numerous courses of action.
Like most choices in the marketplace, they involve tradeoffs, but they are available. Pay a higher price at the grocery store cash register, by forgoing membership in the store's shopping club that tracks your purchases. Miss out on credit card incentive programs that catalog your buying preferences, by spending only cash. Contract for additional privacy protection during large transactions. The list goes on.
By voting with their spending power, consumers can deter many privacy threats. Technology companies, especially those involved in electronic commerce, know that reports of privacy violations lead quickly to lower traffic and fewer purchases. For this reason, assuring customers that their privacy is being protected occupies a high priority with most electronic commerce companies. The same incentive applies to the financial services industry.
It is only when government becomes involved that these choices cease to exist or become unreasonable.
If you don't want information provided to the motor vehicle bureau sold to database companies, not driving is hardly an option. Agencies like the IRS are not known for accepting privacy concerns as an excuse for a refusal to provide detailed personal data on demand. If you don't like Fincen pawing through your financial data, storing cash in your mattress is about the only way out. In fact, with laws like the Bank Secrecy Act on the books, an institution that wants to guarantee higher privacy for its customers doesn't even have that option.
Therefore, our primary focus should be on constraining the ability of government agencies to abuse information.
First, government should not be able to obtain private, personal information without legal authorization; in most cases an actual court order. This principle should cover everything from foreign surveillance activity to domestic law enforcement, and should also block the government from getting personal information second hand from private companies.
Second, government should not be able to transfer to any third party the data it compels you to supply for things such as driving, flying or paying taxes.
Finally, the government should not be allowed to prevent individuals from protecting their privacy with encryption and similar products.
The major exception to the principle that government, not business, is the primary threat to privacy, is medical information. In the case of a patient seeking care, the choice is sometimes stark: give up some of your personal privacy or die.
An effective information-age health-care system necessarily depends on good privacy protections enshrined in law. Otherwise, we end up with a system in which individuals are afraid to seek many kinds of treatment for fear of personal embarrassment or financial loss.
However, allowing for this medical exception, fears that business poses the greatest threat to personal privacy miss the real issue. We're losing sight of the forest for the trees, and government snoops are laughing all the way to the databank.
Junk mail may be a giant nuisance, but it hardly violates civil liberties. Financial institutions have data on our spending habits, but does anyone really think that Citibank is going to kick in consumers' doors and imprison them because they bought something "out of character?"
Real - and even life-threatening - problems arise not when businesses have information about their customers, but when government empowers itself to access that information.
We should also remember that creating a vast new regulatory apparatus to protect commercial privacy may be a cure worse than the disease it targets.
By definition, preventing the spread of information means someone has to monitor that information and look for abuses. Creating government mandates to constantly look over the shoulder of corporate America will only ensure that government and the private sector have access to our personal information.
Instead of engaging in knee-jerk corporate flogging, we should be focusing our attention on real threats. As government moves to expand wiretapping authority, compile DNA databanks, listen in on virtually all satellite communications, and monitor Internet activity, we should start seriously asking ourselves how much privacy we're willing to trade for security.
This might not be as fun as bashing corporations, but it will do a great deal more to protect constitutional rights. Rep. Barr, a Georgia Republican, serves on the Banking Committee and the Judiciary Committee. He is a former U.S. attorney for the Northern District of Georgia.