DAVID L. SOBEL
Computer Professionals for
666 Pennsylvania Avenue, S.E.
Washington, DC 20003
KATHRYN ANNE KLEIMAN
Law Student Assistant
Counsel for Amicus
Computer Professionals for Social Responsibility ("CPSR") is a non-profit membership organization, incorporated in the state of California, with offices and full-time staff in Palo Alto, CA and Washington, DC. CPSR's membership includes a Nobel Laureate and four recipients of the Turing Award, the highest honor in computer science. CPSR's activities include the review of federal computing policies to determine their possible impact on civil liberties interests. Among its other activities, CPSR has prepared reports and presented testimony on computer technology and privacy issues at the request of congressional committees.1
The misuse of the Social Security number ("SSN") and its unnecessary proliferation epitomizes the risk to public safety and the threat to personal privacy of careless information practices. The code of ethics of many computer asso ciations and related professional organizations clearly state the importance of privacy protection in the design of computer systems.2 Automated information systems, by virtue of their great processing capability, pose an ongoing risk to personal privacy. For this rea son, the computer science community has long argued that adequate safeguards must be estab lished to protect personal information. Computer scientists have also played a prominent role in congressional proceedings and the de velopment of key reports that gave rise to many of the privacy laws in the United States today.3 And computer privacy remains a cen tral concern at regular meetings of computer pro fessionals.4
As the leading organization in the United States concerned with the impact of computer technology on personal privacy, CPSR has a substantial interest in legislative and judicial proceedings addressing the confidentiality of the SSN and has contributed its views and expertise to congressional committees considering the issue.5
At issue in this case is whether the Internal Revenue Service's practice of openly displaying Social Security numbers on mailings sent to taxpayers violates the Privacy Act of 1974. A review of the Act's legislative history, as well as other relevant legislative and judicial pronouncements, shows that the public disclosure of this identification number has long been a matter of serious concern. Indeed, Congress explicitly recognized the particular risk to privacy that could result from the unnecessary disclosure of the Social Security Number and therefore enacted restrictions on its use.
The extent of the privacy invasion at issue here becomes apparent when one considers that the Social Security number is used as an identification code for databases containing a wide range of financial, medical, educational, and credit information. It is like a master key that once obtained opens many doors. The possession of such a key must be carefully controlled. In recognition of the substantial risk that the unnecessary disclosure of the SSN might pose to public safety and personal privacy, this Court and others have protected the confidentiality of the number. Amicus believes that the Court should continue to provide that protection in this case.
I. The Unnecessary Disclosure of the SSN Raises Substantial Issues of Personal Privacy
Our legal system has long recognized and protected the right of personal privacy. The drafters of the Constitution "conferred, as against the Government, the right to be let alone -- the most comprehensive of rights and the right most valued by civilized man. To protect that right, every unjustifiable intrusion by the Government upon the privacy of the individual, whatever the means employed, must be deemed a violation" of constitutional principles. Olmstead v. United States, 277 U.S. 438, 478 (1928) (Brandeis, J., dissenting).
Justice Brandeis recognized that the First Principles enunciated in the Constitution have the "capacity of adaptation to a changing world" and must be applied to "new conditions" and technologies. Id. at 472. In the Olmstead case, Justice Brandeis anticipated that technological change would pose new challenges to the courts, and that the protection of liberty in this realm would require great vigilance. Justice Brandeis's formulation of the privacy problem that results from rapidly changing technologies was eventually adopted by the Supreme Court in United States v. Katz, 389 U.S. 347 (1967).
While the Court's analysis of Fourth Amendment claims under the Katz test has raised substantial questions about the impact of technological change upon "the reasonable expectation of privacy,"6 where Congress has sought explicitly through statutory authority to regulate an information practice, the privacy protection must be broadly construed.
As the Supreme Court recently noted, "both the common law and the literal understandings of privacy encompass the individual's control of information concerning his or her person." Department of Justice v. Reporters Committee for Freedom of the Press, 109 S. Ct. 1468, 1476 (1989). See also A. Westin, Privacy and Freedom 7 (1967) ("Privacy is the claim of individuals ... to determine for themselves when, how, and to what extent information about them is communicated to others").
Protection of privacy rights is particularly important when the administrative convenience afforded by computer technology may obscure the underlying privacy interest in controlling the collection, use and disclosure of personal information. The courts must be vigilant in the face of bureaucratic tendencies to ignore appropriate measures for safeguarding personal information, particularly where multi-use identifiers such as the SSN are likely to exacerbate the privacy harm that would result from unlawful disclosure. The Supreme Court has recognized the risks to personal privacy created by "unwarranted disclosures" in the computer age.
We are not unaware of the threat to privacy implicit in the accumulation of vast amounts of personal information in computerized data banks or other massive government files. The collection of taxes, the distribution of welfare and social security benefits, the supervision of public health, the direction of our Armed Forces, and the enforcement of the criminal laws all require the orderly preservation of great quantities of information, much of which is personal in character and potentially embarrassing or harmful if disclosed. The right to collect and use such data for public purposes is typically accompanied by a concomitant statutory or regulatory duty to avoid unwarranted disclosures.
Whalen v. Roe, 429 U.S. 589, 605 (1977) (emphasis added). See also 429 U.S. at 607 (Brennan, J., concurring) ("The central storage and easy accessibility of computerized data vastly increase the potential for abuse of that information ...").
Indeed, the Supreme Court has noted that the Privacy Act, under which this case arises, "was passed in 1974 largely out of concern over 'the impact of computer data banks on individual privacy.'" 109 S. Ct. at 1478 (citation omitted). That concern looms large when -- as in this case -- individuals' Social Security numbers are indiscriminately disclosed.
A. History of the SSN and Restrictions on its Use
Although the Social Security Number ("SSN") has been with us since 1936, the use of the SSN for purposes unrelated to the administration of the Social Security system is a relatively recent phenomenon. The number was first intended for use solely by the federal government as a means of tracking earnings to determine the amount of Social Security taxes to credit to each worker's account. Over the years, however, the SSN has been used by government agencies and the private sector for other purposes, often over the objection of independent experts and the general public. See, e.g., A. Westin and M. Baker, Databanks in a Free Society 399 (1972) ("adopting the Social Security number officially as a national identifier or letting its use spread unchecked cannot help but contribute to public distrust of government").
The government was permitted to use the SSN for tax reporting purposes when Congress authorized the Internal Revenue Service ("IRS") to use SSNs as taxpayer identification numbers. P.L. 87-397 (Oct. 5, 1961). However, it was recognized at that time that this expanded use of the SSN would raise substantial privacy risks.
Public opposition during the 1960s to the misuse of the Social Security Number was evident during a series of hearings held on privacy and information collection. See, e.g., Federal Data Banks, Computers and the Bill of Rights: Hearings Before the Subcommittee on Constitutional Rights of the Senate Judiciary Committee, 92d Cong., 1st Sess. Part I, 775-881 (1971). As Health, Education and Welfare ("HEW") Secretary Elliot Richardson testified in 1971:
There would certainly be an enormous convenience in having a single identifier for each individual ... [making] more efficient the acquisition, storage, and use of data .... It is the very ease of assembling complete records, of course, which raises the specter of invasion of privacy.
Id. at 784.
Two years later, an HEW advisory committee issued a report recommending the development of extensive legal safeguards for the record systems maintained by the federal government. The Secretary's Advisory Committee on Automated Personal Data Systems, U.S. Department of Health, Education and Welfare, Records, Computers and the Rights of Citizens (1973) (hereinafter cited as "HEW Report") at 121. The advisory committee warned that the use of the SSN as a personal identifier "would enhance the likelihood of arbitrary or uncontrolled linkage of records about people, particularly between government or government-supported automated personal data systems ..." Id. at 122 (footnote omitted). In recognition of that risk, the advisory committee recommended the enactment of restrictions on the disclosure and dissemination of the SSN. The HEW Report recommended that:
o Uses of the Social Security Number be limited to only those purposes required by the federal government.
o Federal agencies should not require the use of the Social Security Number absent statutory authority.
o Congress evaluate any proposed use of the Social Security Number
o Individuals have the right to refuse to provide their Social Security Numbers, and should suffer no harm for exercising this right.
o Organizations required by Federal law to obtain the Social Security Number use the number solely for the purpose for which it was obtained and not make any secondary use or disclose the Number without the informed consent of the individual.
Id. at 124-25.
Congress adopted those recommendations the following year through passage of the Privacy Act, P.L. 93-579, 88 Stat. 1896, (1974). See S. Rep.No. 1183, 93d Cong., 2d Sess. reprinted in 1974 U.S. Code Cong. and Admin. News 6916, 6944-46 (citing HEW Report). The Privacy Act makes clear that Congress gave special recognition to the need to control the misuse of the SSN. Section 7 makes it unlawful for any agency to deny any right, benefit or privilege to any individual "because of such individual's refusal to disclose his social security account number." It further provides that any agency requesting an individual to disclose his or her SSN must "inform that individual whether that disclosure is mandatory or voluntary, by what statutory or other authority such number is solicited, and what uses will be made of it." P.L. 93-579, Sec. 7, 88 Stat. 1896, 1909 (1974), reprinted in 5 U.S.C. Sec. 552a note (1982).
In Section 3 of the Act, Congress provided that
[n]o agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, unless the disclosure would be [in compliance with several specified exceptions not applicable here].
5 U.S.C. Sec. 552a(b). A "record" is defined as
any item, collection, or grouping of information about an individual that is maintained by an agency, including, but not limited to his education, financial transactions, medical history, and criminal or employment history and that contains his name, or the identifying number, symbol, or other identifying particular assigned to the individual ....
Id., Sec. 552a(a)(4).
In enacting these protections, Congress sought to prevent the privacy violations made possible by the proliferation of the SSN.
Citizens' complaints to Congress and the findings of several expert study groups have illustrated a common belief that a threat to individual privacy and confidentiality of information is posed by [expanding use of the SSN]. The concern goes both to the development of one common number to label a person throughout society and to the fact that the symbol most in demand is the Social Security number, the key to one government dossier.
* * *
A cross-section of such complaints appearing in the subcommittee hearings shows that people are pressured in the private sector to surrender their numbers in order to get telephones, to check out books in university libraries, to get checks cashed, to vote, to obtain drivers' licenses, to be considered for bank loans, and many other benefits, rights or privileges.
S. Rep. No. 1183, 93d Cong., 2d Sess., reprinted in 1974 U.S. Code Cong. and Admin. News 6916, 6944.
Amicus believes that the SSN privacy concerns Congress addressed in 1974 have even greater force today. Technological advancements and the computerization of public and private sector databases have hastened the trend toward unnecessary reliance on the SSN. As a congressional oversight committee recently noted,
[t]he extensive use of computers has resulted in the wide-spread private sector use of the social security number as an identifier. Many merchants require a customer to provide a social security number as a condition of doing business. Credit bureaus use the social security number to maintain individual credit files and routinely sell this information to almost anyone who requests it. The ability of the private sector to gather information such as credit history, grocery store purchases, medical records (including pre-natal information), family medical histories and genetic makeup has raised fears that in the near future unregulated companies will serve as national identity bureaus collecting and dispersing an individual's most private information.
Use of Social Security Number as a National Identifier: Hearing Before the Subcomm. on Social Security of the House Committee on Ways and Means, 102d Cong., 1st Sess. 2-3 (1991) ("Use of SSN") (Subcommittee hearing notice).
Amicus' concerns are also shared by the Social Security Administration, which issues the SSN but lacks the authority to curtail its proliferating use. As Gwendolyn S. King, Commissioner of Social Security, testified before the subcommittee,
[the Social Security Administration] and the Congress have historically had fundamental concerns about the possibility that the SSN might become a universal identifier in this country. These concerns center on questions of individual privacy and the increased possibility of the invasion of that privacy if all records pertaining to an individual could be accessed under one number. ...
The need for a unique number for individual records in computer systems means that use of the SSN is likely to continue to expand in the years ahead. While the Social Security Administration is not, and we believe should not be, responsible for use of the SSN in the private sector, we have a deep concern that individuals not be harmed through carelessness in the use of the SSN.
Id. at 25 (Testimony of Gwendolyn S. King, Commissioner of Social Security) (emphasis added). At issue in this case, we believe, is precisely the sort of "carelessness in the use of the SSN" that the Commissioner opposed.
B. The IRS Practice of Placing the SSN on a Mailing Label Creates an Unnecessary Privacy Risk
Willis H. Ware, the Chairman of the 1973 HEW Advisory Committee on Automated Personal Data Systems and a widely recognized authority on computer security,7 has recently stated that:
I regard the IRS's inclusion of SSNs on tax-form mailing labels as a risky and careless practice that has the effect of unwarranted and needless disclosure of sensitive personal data to casual or potentially malicious eyes. Granted the essential utility of the SSN to improve the accuracy of IRS recordkeeping, there are certainly means for concealing a portion of the label from sight and maintaining the confidentiality of the SSN.8
Apart from the many privacy risks in the unlawful disclosure of the number described supra, the inherent problem with the use of the Social Security number as an identifier is that it allows organizations to obtain information about individuals with whom there may be no prior relationship. This tends to diminish an individual's ability to control information about himself or herself and leads to the compilation of elaborate dossiers often without the knowledge of the individual.
When an individual discloses an account number to a particular business or institution, the information that is disclosed is only that necessary to identify the person to the particular institution. The disclosure of personal information to a particular company for a specific purpose establishes an expectation of confidentiality. Numbering schemes that are designed for particular businesses help promote confidentiality because they strengthen the ties between the individual and the institution and create an expectation that information which is transferred to the institution will not be used for other purposes.
Similarly, single-purpose identification cards without universal identifiers can actually enhance personal privacy by restricting the extent of a person's identity that must be disclosed to interact with a large institution. Library cards and driver's licenses are examples of such limited purpose cards. In those information systems, privacy protection should focus on the subsequent use of the information by the information-holding institution, but the number by itself is unlikely to create a privacy problem.
Multi-purpose identification numbers for which the purpose is open-ended may be more problematic. An institution that obtains the number presumably will have access to all the information that the document holder would have. This access allows the institution to create more elaborate picture of the document-holder than the single-purpose document.
For this reason, special weight must be given to efforts to restrict the misuse of the number.9
C. The Need to Restrict the Use of Personal Identification Numbers is Widely Recognized in Other Countries
The particular privacy problem of multi-use identification numbers, such as the SSN, have been amply demonstrated by the experience of other countries. In Canada, "the abuse of the Social Insurance Number is the only privacy issue that has regularly commanded the attention of members of the House of Commons in the last twenty years." D. Flaherty, Protecting Privacy in Surveillance Societies 281 (1989). The Canadian government has taken steps to prevent the Social Insurance Number from becoming a universal personal identifier; at considerable cost, a separate employee identifier is being introduced for federal employees, and the matching of computer files is being reduced.10
In France, the memory that identification numbers on government records were used to round up Jews during Nazi occupation has played an important role in the efforts to restrict the use of the SSN. At a meeting of European data protection commissioners in 1980, the French CNIL prevented the development of international identity cards, the use of the social security number, and the assignment of a new unique number to each recipient. Its solution was to attach a number to the card and not the person, so that if a card was lost, the individual received a new number.11 The use of the card became a matter of national debate in 1981. In an election statement on informatics, Francois Mitterand stated that "the creation of computerized identity cards contain a real danger for the liberty of individuals."12
Today, as the Europeans consider the development of a European wide standard for data protection, controlling the possible misuse of unique identifiers remains a central concern. Portugal's new constitution forbids the interconnection of files save in exceptional cases, and it is clear that 'citizens shall not be given all purpose national identification numbers.' Greece has instituted a system of national identity numbers for certain public sector data files, but the linkage of these files is forbidden by law. In Australia, the Privacy Act of 1988 forbids the use of the tax file number as national identification system by 'whatever means.'13
II. Unnecessary Disclosures of the SSN Jeopardize the Confidentiality of Personal Information
Given the widespread misuse of the SSN in the United States, access to the number provides a window into the activities and lifestyle of any person. Commissioner King recognized this in her congressional testimony. "An individual's Social Security number is the key to accessing a variety of information about that individual. That fact has shaped [the Social Security Administration's] current policy [of not disclosing SSNs without the individual's consent]." Use of SSN at 22.
The unnecessary disclosure of an individual's SSN creates the risk of confidential information being disclosed to any person or institution in possession of the individual's SSN. Because so much information is now retrievable by a person in possession of the SSN, the risk that personal information can be unlawfully obtained has greatly increased.
This problem of aggregated personal information was well stated by Congressman Frank Horton who said almost twenty-five years ago:
One of the most practical of our present safeguards of privacy is the fragmented nature of personal information. It is scattered in little bits across the geography and years of our life. Retrieval is impractical and often impossible. A central data bank removes completely this safeguard.
The Computer and the Invasion of Privacy: Hearings before the Special Subcommittee on Invasion of Privacy of the House Committee on Government Operations, 89th Cong., 2d Sess. 6 (1966).
Similarly, the Supreme Court has recognized that the aggregation of personal information heightens the degree of protection that must be afforded. In Reporters Committee, the Court affirmed the withholding of an individual's criminal "rap sheet" under the Freedom of Information Act. The Court noted "the power of compilations [of information] to affect personal privacy that outstrips the combined power of the bits of information contained within." 109 S. Ct. at 1477.
In practice, the proliferation of the SSN has greatly diminished the "fragmented nature of personal information" and has, in effect, created the "central data bank" Congressman Horton warned against and Congress sought to prohibit through the passage of the Privacy Act of 1974. The SSN, once disclosed, is the key to that vast repository of information. As the Supreme Court recognizes, "the power of compilations [such as those accessible through an SSN] to affect personal privacy" mandates that the courts be particularly vigilant in protecting the security of aggregated personal information.
A recent news story illustrates the threat to personal privacy created by the indiscriminate disclosure of an individual's SSN. According to the Wall Street Journal, Fidelity Investment offers a toll-free telephone service that -- upon entry of a Social Security Number -- provides an audio summary of a customer's investment portfolio. The system, which does not use a single-purpose, personal identification number ("PIN")14 to verify a caller's identity, permits anyone knowing the SSN of any Fidelity customer to access that individual's confidential account information. Clements, "Finding Out How Your Neighbor Invests is a Free Phone Call Away," Wall Street Journal, February 4, 1991, page C1. The HEW advisory committee recognized the problem in 1973, noting that "[a]s long as the SSN of an individual can be easily obtained ... , both individuals and the organizations that use it as a password are vulnerable to whatever harm may result from impersonation." HEW Report at 132.
The Court should regard the disclosure of the SSN as a critical problem of public safety and information privacy. The number is akin to the combination of a safe containing an individual's most intimate possessions. Sensible information practices would mandate that the use of the number be carefully controlled. The non-consensual disclosure of an SSN is tantamount to the disclosure of highly personal information.
III. The Courts have Recognized that Disclosure of an SSN Violates Personal Privacy Rights
This court, as well as several other courts, has recognized that substantial privacy interests are implicated in the disclosure of SSNs. Without exception, every court that has had occasion to consider the issue has reached the conclusion that the non-consensual release of an SSN by a federal agency would constitute "a clearly unwarranted invasion of personal privacy." See, e.g., IBEW Local No. 5 v. Department of Housing and Urban Development, 852 F.2d 87, 89 (3d Cir. 1988).
In cases decided under the Freedom of Information Act ("FOIA"), 5 U.S.C. Sec. 552, the courts have held that disclosure of SSNs is precluded by Exemption 6 of the FOIA, which restricts the release of "personnel and medical files and similar files the disclosure of which would constitute a clearly unwarranted invasion of personal privacy." Id. Sec. 552(b)(6). See, e.g., Painting and Drywall Work Preservation Fund, Inc. v. Department of Housing and Urban Development, No. 88-5076, slip op. (D.C. Cir. June 21, 1991); Local 3, IBEW v. Nat'l Labor Relations Board, 845 F.2d 1177 (2d Cir. 1988); Oliva v. United States, 756 F. Supp. 105 (E.D.N.Y. 1991); Painting Industry of Hawaii Market Recovery Fund v. Department of the Air Force, 751 F. Supp. 1410 (D. Hawaii 1990).15
In IBEW Local No. 5, a union sought the release of, inter alia, the SSNs of non-union employees working for a federal contractor.16 This Court began its analysis by noting that "there is a presumption in favor of disclosure" in FOIA cases. 852 F.2d at 89.17 Nonetheless, this Court found that "the disclosure of the Social Security numbers would constitute a clearly unwarranted invasion of privacy and is therefore barred by Exemption 6." Id. The Court looked to the congressional policy embodied in the Privacy Act.
The employees have a strong privacy interest in their Social Security numbers. Congress has recognized this privacy interest by making unlawful any denial of a right, benefit, or privilege by a government agency because of an individual's refusal to disclose his Social Security number. Moreover, in its report supporting the adoption of this provision, the Senate Committee stated that the extensive use of Social Security numbers as universal identifiers in both the public and private sectors is "one of the most serious manifestations of privacy concerns in the Nation."
Id. (citations omitted).
Having recognized an individual's "strong privacy interest" in his or her SSN, this Court cited the risk that the SSN, if disclosed, could be misused and noted that "once a number is public knowledge, it could wind up in anyone's hands." Id. (emphasis added).18
Once an SSN "wind[s] up in anyone's hands," the potential privacy ramifications are substantial. While the disclosure of this multi-use identifier might not cause immediate harm to the individual, it is the subsequent use that might be made of the SSN that is determinative. As the D.C. Circuit emphasized in protecting the names and addresses of federal annuitants from disclosure under FOIA,
[i]n virtually every case in which a privacy concern is implicated, someone must take steps after the initial disclosure in order to bring about the untoward effect. Disclosure does not, literally by itself, constitute a harm .... Where there is a substantial probability that disclosure will cause an interference with personal privacy, it matters not that there may be two or three links in the causal chain.
National Ass'n of Retired Federal Employees v. Horner, 879 F.2d 873, 878 (D.C. Cir. 1989).
The judicial authority recognizing an individual's privacy interest in the confidentiality of his or her SSN -- and in the information to which the SSN is a key -- provides strong policy arguments against the practice of the IRS challenged here. That authority also belies the district court's conclusion that an SSN is not a "record" within the meaning of Section 3 of the Privacy Act.
In IBEW Local No. 5, this Court -- like the other courts that have considered the issue -- affirmed the withholding of SSNs on the ground that they are exempt records, not on the ground that they are not "records" within the meaning of FOIA. Id. at 88. See, generally, Forsham v. Harris, 445 U.S. 169 (1980) (discussing the definition of "record"). The cited opinions also recognize that an SSN, in conjunction with the number holder's name (as contained on the address labels at issue here), is a personally identifiable record which, if disclosed, would constitute a "clearly unwarranted invasion of privacy." In light of the fact that the Privacy Act prohibits the disclosure of personal information unless, inter alia, "disclosure of the record would be required under [FOIA]," 5 U.S.C. Sec. 552a(b)(2), amicus submits that the non-disclosability of SSNs under FOIA is highly relevant to the court's inquiry here.
The indiscriminate disclosure of Social Security numbers constitutes a substantial invasion of privacy, as Congress, the Social Security Administration and this Court have recognized. In enacting the Privacy Act, Congress was motivated, in large part, by a desire to curtail the proliferating use and disclosure of the number. The practice of the Internal Revenue Service at issue here clearly violates that intent. The decision of the district court should be reversed.
DAVID L. SOBEL
Computer Professionals for
666 Pennsylvania Avenue, S.E.
Washington, DC 20003
KATHRYN ANNE KLEIMAN
Law Student Assistant
Counsel for Amicus
1 See, e.g., "Computer Privacy and the Need for the Establishment of a Data Protection Board," the Subcommittee on Government Information, Justice, and Agriculture, Committee on Government Operations, U.S. House of Representatives, May 16, 1990; "The Redesign of the National Crime Information Center (NCIC)," the Subcommittee on Civil and Constitutional Rights, Committee on the Judiciary, House of Representatives, May 18, 1989 reprinted in FBI Oversight and Authorization Request for Fiscal Year 1990, 101st Cong., 1st Sess. 512 (1989); "The Computer Security Act of 1987 (P.L. 100-235) and the Memorandum of Understanding Between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA)," the Subcommittee on Legislation and National Security, Committee on Government Operations, House of Representatives, May 4, 1989 reprinted in Military and Security Control of Computer Security Issues, 101st Cong., 1st Sess. 80 (1989); "Amendments to the Fair Credit Reporting Act, before the Subcommittee on Consumer Affairs and Coinage of the Committee on Banking, Finance and Urban Affairs, House of Representatives, June 12, 1990, reprinted in Amendments to the Fair Credit Reporting Act, 101st Cong., 2d Sess. 774 (1990).
2 The Association for Computing Machinery (ACM) Code of Professional Conduct states that:
EC5.1 An ACM member should consider the health, privacy, and general welfare of the public in the performance of his work.
EC5.2 An ACM member, when ever dealing with data concern ing individuals, shall always consider the principle of indi vidual privacy and seek the following:
To minimize the data collected;
To limit authorized ac cess to the data;
To provide proper secu rity for the data;
To determine the re quired retention period of the data;
To ensure proper dis posal of the data.
The Data Processing Management Association (DPMA) Code of Ethics, Standards of Conduct and Enforcement Procedures states:
"In Recognition of My Obligation to Society I Shall: Protect the privacy and confi dentiality of all information entrusted to me"
The preliminary code of ethics for the International Federation of Information Processing (IFIP) makes data protection a cen tral provision of Individual Professional Ethics:
1.2 Protection of Privacy
Information Technology Professionals have a fundamen tal respect for the privacy and integrity of individuals, groups, and organizations. They are also aware that com puterized invasion of privacy, without informed authoriza tion and consent, is a major, con tinuing threat for potential abuse of individuals, groups, and populations. Public trust in informatics is contingent upon vigilant protection of estab lished cultural and ethical norms of information privacy.
20 Computers and Society 36 (March 1990) (Emphasis added).
3 Willis H. Ware, a noted computer scientist at the Rand Corporation and an advisor of CPSR, chaired the Secretary's Advisory Committee on Automated Personal Data Systems of the Department of Health, Education and Welfare. That Committee pro duced Records, Computers and the Rights of Citizens (1973), a landmark report which out lined the privacy risks of automated record sys tems, recommended various safeguards, and gave rise to the Privacy Act of 1974, the most comprehensive privacy law in the United States. Joseph Weizenbaum, an emeritus pro fessor of Computer Science at MIT and a member of CPSR, was also a member of the Advisory Committee.
Subsequent reports by the Office of Technology Assessment have often relied heav ily on computer scientists to assess the privacy risks on automated information systems. See, e.g., Defending Secrets, Sharing Data: New Locks and Keys for Electronic Information (1987). See also National Research Council, Computers At Risk: Safe Computing In the Information Age (1991).
4 See, e.g., Rein Turn, "Information Privacy Issues for the 1990s," 1990 IEEE Symposium on Security and Privacy 395.
5 See, e.g.,Use of Social Security Number as a National Identifier: Hearing Before the Subcommittee on Social Security, House Committee on Ways and Means, 102d Cong., 1st Sess. (February 27, 1991)(testimony of Marc Rotenberg, Director, CPSR Washington Office).
6 See, e.g., Rakas v. Illinois, 439 U.S. 128, 431 n. 12 (1978). See also Amsterdam, Perspectives on the Fourth Amendment, 56 Minn. L. Rev. 349 (1974) ("the government could diminish each person's subjective expectation of privacy by announcing half-hourly on television that 1984 was being advanced by a decade and that we were all forthwith being placed under comprehensive electronic surveillance.").
7 Dr. Ware currently chairs the Federal Computer Security and Privacy Advisory Board established by the Computer Security Act of 1987. 15 U.S.C. Sec. 278g-4. The board is responsible for overseeing the computer security and privacy policies for federal agencies. Id. Dr. Ware is also a member of the System Security Stdy Committee of the National Research Council.
8 Electronic mail from Willis H. Ware to Marc Rotenberg (Thu, 08 Aug 91 17:25:36 PDT) ("RE: SSNs on IRS mailing labels").
9 See, Use of Social Security Number as a National Identifier: Hearing Before the Subcommittee on Social Security, House Committee on Ways and Means, 102d Cong., 1st Sess. 61 (February 27, 1991) (testimony of Marc Rotenberg, Director, CPSR Washington Office).
10 Privacy Laws and Business, February 1989, at 4, quoted in M. Spencer, 1992 And All That: Civil Liberties in the Balance 60 (1990). See also Access Reports, July 11, 1990, at 6.
11 D. Flaherty, Protecting Privacy in Surveillance Societies 227 (1989).
13 M. Spencer, 1992 And All That: Civil Liberties in the Balance 60 (1990).
14 Personal identification numbers ("PINs") refer to any identity number associated with a card. In the United States, an individual may have many PINs: a bank ATM card, a telephone charge card, a workplace access card. In other countries such as Sweden and Australia, the term "PIN" is often used to refer to a universal tax number, similar to the SSN in the United States, and therefore raises much of the same concern as the SSN.
15 Amicus' research has uncovered no case in which a court has authorized disclosure of SSNs under the FOIA.
16 In that case, the Union sought payroll records from the United States Department of Housing and Urban Development (HUD). HUD released the payroll records, including the employees' work classification, hours worked, rates of pay, and gross and net pay levels. However, HUD withheld the employees' names, home addresses, and Social Security Numbers.
17 Significantly, the Court held in IBEW Local No. 5 that the disclosure of the names and addresses of the employees would not constitute an unwarranted invasion of privacy. 852 F.2d at 92; see also Department of Navy v. FLRA, 840 F.2d 1131 (3d Cir. 1988). Thus, this Court has recognized that the disclosure of an individual's SSN implicates far greater privacy interests than does the disclosure of his or her name and address.
18 This Court, in the administration of its own records, recognizes the need to be cautious in the use of the SSN. The Registration Card that is completed by all attorneys admitted before the Court provides:
Disclosure of an attorney's social security number is requested solely for purposes of verifying the identity of the attorney as a member of the bar of this court. It will remain part of your confidential file. Your willingness to furnish this information is entirely voluntary.