Modern web network and internet telecommunication technology, big data storage and cloud computing computer service business concept: 3D render of the server room interior in datacenter in blue light Photo: Shutterstock
|

With the aggressive pace of technological change and the onslaught of news regarding data breaches, cyber-attacks, and technological threats to privacy and security, it is easy to assume these are fundamentally new threats. The pace of technological change is slower than it feels, and many seemingly new categories of threats have actually been with us longer than we remember. Nervous System is a monthly blog that approaches issues of data privacy and cybersecurity from the context of history—to look to the past for clues about how to interpret the present and prepare for the future.

 

In the wake of alarming headlines about the misuse of computer technology to collect personal information, a public outcry over data privacy compelled Congress to convene urgent hearings. Lawmakers called in the designers of large, complicated databases that stored personal information about Americans. At issue was how to ensure that the runaway pace of technological advancements did not overtake fundamental privacy rights.

As it happened, these hearings took place more than 50 years before the likes of Mark Zuckerberg, Sheryl Sandberg, and Jack Dorsey were called before Congress in 2018.

In 1965, the Social Science Research Council (SSRC) of the American Economic Association published a report showing that the decentralized nature of data collection and record-keeping in the U.S. was actively preventing effective usage of that very data. As the SSRC saw it, different government agencies were trying to track certain socioeconomic statistics, but were doing so in a patchwork of unrelated systems. Consequently, different agencies were wastefully collecting identical or overlapping data, while at the same time each agency was stymied in its access to information collected by peers.

Concurrently, President Lyndon Johnson's “Great Society” sought to implement a network of social programs to combat poverty and other social ills. These programs depended on socioeconomic statistics to identify and define those problems, and to measure the effectiveness of policy solutions. In light of the SSRC study, President Johnson's administration proposed a “National Data Bank” to collect and process that data more efficiently and consolidate the recordkeeping of at least 20 different agencies into one common system.

The proposal faced almost immediate public resistance. The New York Times called it “an Orwellian threat to privacy.” The Washington Post shuddered at the “harbinger of Big Brother.” The Chicago Tribune warned that the database would “become the heart of a surveillance system that will turn society into a transparent world.” The Los Angeles Times declared “Big Brother may be a computer.”

Vance Packard, author of the widely influential 1964 book The Naked Society, observed, “There are banks of giant memory machines that conceivably could recall in a few seconds every pertinent action—including failures, embarrassments or possibly incriminating acts—from the lifetime of each citizen.” The National Data Bank promised to collate all those records together, where a complete dossier on every person was just a keystroke away from any malicious hacker or unscrupulous government official. The mid-1960s were a time of civil unrest, political assassinations, and anti-war protests. Privacy advocates fearful of government overreach or breach of trust had no shortage of examples.

In July 1966, Congress convened the Special Subcommittee on the Invasion of Privacy to explore these issues in public. Neil Gallagher, a U.S. representative from New Jersey, led the hearings on behalf of the House. Gallagher supported the President but thought the National Data Bank needed tempering with privacy protections if it was to be implemented. On the Senate side, however, Sam Ervin of North Carolina distrusted Johnson's motives from the outset and warned “the computer never forgets.”

The academics and data scientists who had propounded the idea of the Data Bank in the first place tried to defend it. The prevailing public fear was that it would serve as a repository of individual “dossiers” of personal information. Raymond Bowman, assistant director of the Office of Statistical Standards, countered that the purpose of the Data Bank was to compile statistics, not individual data. However, in a crucial moment of questioning by Gallagher, Bowman admitted that in order to calculate those statistics, the system would need to collect data on individuals and maintain personally identifying information connecting each data point with a specific person.

In the face of the public opposition, the Johnson administration immediately abandoned the National Data Bank. Congress however kept the debate going, in one form or another, for almost six years, during which time a raft of privacy laws were enacted. The Freedom of Information Act (1966), Fair Credit Reporting Act (1970), and Privacy Act (1974) placed restrictions on the access to and use of data that was collected on Americans.

Paradoxically, this perceived victory for privacy advocates did not result in better data privacy. In 1989, almost a quarter century after the National Data Bank was mothballed, a reporter for Business Week obtained the current credit report on then-Vice President Dan Quayle, demonstrating how easy it was to gather supposedly secure private information on another person.

The December 1967 RAND Corporation publication The Problem of Privacy in the Computer Age saw this coming. According to that publication, the 1966 debate had missed the point. Privacy advocates had been taking the stance that although the government already gathered a wealth of information about its citizens, the fact that those individual records were distributed across unconnected data systems provided a certain measure of privacy by virtue of the logistical challenges anyone would face in collating it together. The Congressional hearings had focused too much on the threat posed by a single, government-run system that compiled those individual records in one place.

The crucial point, missed in the debate, was that this was a purely temporary state of affairs. The RAND report noted drily, “The capacity of the computer to store and retrieve tremendous amounts of data threatens to engulf the individual's right to privacy as never before.” In short, inevitable future improvements in computer processing power and the growing interconnectedness of networked systems meant that, eventually, it would be possible to easily compile those intrusive “dossiers,” with or without an official National Data Bank.

Fifty-plus years after the RAND Corporation's prescient report, it is clear that the natural growth of computer systems continued to erode privacy rights. In 2018, Congress repeatedly heard from representatives from companies like Amazon, Apple, AT&T, Google, Facebook, and Twitter in reaction to a series of data breaches, scandals, and growing public mistrust of how companies manage their information. What laws and regulations may emerge from these discussions remain to be seen, but in many respects the hearings of 1966 continue today.

David Kalat is Director, Global Investigations + Strategic Intelligence at Berkeley Research Group. David is a computer forensic investigator and e-discovery project manager. Disclaimer for commentary: The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions, position, or policy of Berkeley Research Group, LLC or its other employees and affiliates.