Archive of the Meetings of the Secretary’s Advisory Committee on Automated Personal Data Systems (SACAPDS)

The Origin of Fair Information Practices

By Chris Jay Hoofnagle 

We have secured transcripts of the meetings of the Department of Health, Education, and Welfare (HEW) Secretary’s Advisory Committee on Automated Personal Data Systems (SACAPDS). This committee developed the landmark 1973 Records, Computers and the Rights of Citizens, Report of the Secretary’s Advisory Committee on Automated Personal Data Systems, known as the HEW Report.  

Privacy expert Robert Gellman has noted that the HEW Report was the origin of “Fair Information Practices,” a set of principles that formed the basis for modern privacy legislation.  Gellman wrote, “It has often been said that reports by commissions and advisory committee end up gathering dust on a shelf, meaning that they are ignored. The HEW Advisory Committee was, perhaps, one of the most influential reports of its type, with long-lasting international effects that continue forty years later.”  

The SACAPDS heard from dozens of witnesses, many of whom discussed large-scale government information collection programs that were essential for the delivery of some social good—monitoring coal miners for black lung disease, accurate census enumeration, determining whether migrant children had basic tests for hearing and vision, assessing the efficacy of education in different states, and distribution of food stamps and other benefits.  The witnesses earnestly discussed the ways in which they tried to incorporate confidentiality and data security into these files, but often for sake of administrative efficiency and unique enumeration, these different programs used the Social Security Number (SSN) to track individuals.  Some made guarantees of confidentiality without any legal basis for it. Others operated systems with no accountability controls at all.  By 1972, committee members lamented that the widespread use of the SSN in the public sector was mirrored in the private marketplace, and that it was practically impossible to function in society without providing the SSN to numerous businesses.

Reading the transcripts, it is striking how little conversations about privacy have changed in forty years. Tensions among interests in efficiency, law enforcement, cost, access to knowledge and freedom of information, federalism, the vagueness of the term “privacy,” eroding practical obscurity of public records, accountability, pragmatic system design, limitations of anonymization and the problem of re-identification, fraud and risk, the incredible complexity in the provision of benefits, the needs of a large and complex administrative state, centralization versus devolved systems, and individual rights appear many times in the committee’s discussion.  

Common tropes included the dead-beat dad or the welfare recipient who is identified or tracked with the SSN.  What would happen to those socially-necessary functions if we lacked a unique identifier? How are they to be balanced with vague notions of “privacy?”  What is the legal injury caused by privacy violations?  Even the idea of a “generation gap,” with younger citizens caring less about intrusive government questions, emerged in the first meeting. These themes are recognizable in today’s debates about technology.

It was clear that many organizations with sensitive personal data understood that they owed responsibilities to data subjects.  Some created legal guarantees of confidentiality, and many implemented technical, administrative, and procedural controls to protect data that are today recognizable as a fair information practices framework.  In many cases, existing practices were codified and thus made more uniform through enactment of the Privacy Act and the FERPA.  Some working with sensitive statistical data prohibited raw data sharing, and understood that de-identified data concerning certain rare diseases were in effect identifiable.  At the same time, some practices seemed to contravene written policy, and in some cases, it was clear that system administrators did not themselves understand all the potential and actual uses of data.

H.R. 1, a sweeping bill that proposed to allow the Secretary to obtain personal information from any other agency in order to determine eligibility for benefits, cast a shadow over the entire proceeding.  Under the bill as introduced, the Secretary would have broad power to define the scope of information individuals needed to supply (including assignment of a SSN) and to withhold benefits for noncompliance. The words privacy and confidentiality do not appear at all in the bill, and the safeguards for this information apply mainly to states cooperating with HEW.  The bill also criminalized attempts to fraudulently obtain a Social Security Number. 

On June 7, 1972, just before the group’s third meeting, a subcommittee of the group (Dr. Grommers, Layman Allen, Arthur R. Miller, Joseph Weizenbaum, Carole Parsons, and David Martin) circulated a memo titled, “Draft Thematic Outline of Report of Secretary’s Advisory Committee on Automated Personal Data Systems.”  The five page memo contained the skeleton of what we call fair information practices today.   The last page of the document details,  “Procedures to protect individuals in relation to the use of automated personal data systems,” and concludes with an outline of penalties for infringements of these rights in addition to compensatory and punitive damages for victims. Some of the elements of the fair information practices seemed to draw from Abraham S. Goldstein’s essay, Legal Control of the Dossier (in On Record: Files and Dossiers in American Life (Stanton Wheeler, Ed.)(Russell Sage Foundation 1969)).

Memo to Members of the Secretary’s Advisory Committee on Automated Personal Data Systems, from David B.H. Martin, Executive Director, June 7, 1972. 

SACAPDS met nine times between 1972-3, often near the NIH campus or at the campus’ Stone House.  They had to give their SSN to satisfy the NIH campus security rules.  They worked very hard, on weekends and often late into the night.  Transcripts, ephemera, and other information about SACAPDS are available in Dr. Willis Ware’s papers archive (1972-1977), maintained by the University of Minnesota.   Please note that these transcripts are uncorrected and that when scanned, automated character recognition was used and this OCR is uncorrected.

First Meeting, April 17-18, 1972

April 17 transcript
April 18 transcript


The initial meeting of the SACAPDS was held on the campus of the National Institutes of Health.  The members had diverse experiences, many had worked with computers or large databases and were concerned about the implications of those technologies.   One member was a high school student, another, a law student interested in privacy.

Discussion initially focused upon the Social Security Number (SSN) and the scope of the Committee’s charge: 

“What needs are there for unique personal identifiers? Do we need one for all purposes? What are the pluses and minuses of the social security number? What are the alternatives? What would be the costs of an alternative or of alternatives?

While the Committee members discussed openly the idea of protecting privacy—even the idea of exploring a constitutional amendment to protect it—societal tensions soon emerged that complicated simple solutions, such as the abolition of the SSN.  Credit reporting was discussed, which directly exemplified the value in having a standard, unique identifier for all Americans. As presented in the hearing, credit reporting was still a limited practice, without penetration into basic services such as utilities, and apparently only 65-70 percent of credit files even had a SSN.  Gerald Davey, who presented credit reporting to the group, was very concerned about non-credit uses of consumer reports and the problem of authorized users giving access to reports to unauthorized persons. 

The conversation is interesting because in this context, SSN enumeration at birth still had not been adopted, and so many Americans did not have a SSN.  Davey explained that credit reporting agencies used name, current and former address in order to individuate records.  Davey later explained that credit reporting use of the SSN has little to do with the Social Security Administration or government records—businesses liked the SSN because people can remember it, and thus it serves as a more reliable identifier than other numbers. 

Discussions of what we would today call “identity theft” appear in the transcript, with members relating anecdotes about undocumented workers arrested with multiple Social Security cards.

Committee member Robert Gallati, who operated New York’s criminal justice information systems, made an impassioned plea for privacy of the SSN: “If we believe in the concept and principle of redemption and of liberty and freedom to move throughout the country and establish a whole new life, then we are denying it by virtue of insistence upon this unique identifier, are we not?”

Foreshadowing the eventual failure of Congress to regulate the SSN, David B.H. Martin, who served as executive director to the Committee, said, “Will the credit bureaus and the banks and the others who are using the number be a political force, an interest group force let’s say, that will operate to stymie any effort to change the terms on which the number is available?”

Some of the most insightful commentary came from MIT Professor Joseph Weizenbaum, a computer scientist who studied artificial intelligence and created ELIZA.  Weizenbaum generally argued against technological determinism, and warned participants about the problem of system obsolescence and lock-in, the problem of policy drift and of the subtle policy choices that computer systems cement into place.  In a colloquy concerning compulsory provision of personal information, in this case paper forms that request personal information, Weizenbaum said, “…The fact that an answer is offered seriously that there is a form which demands that such and such be put in and that’s why it is put in and that the system won’t process it unless the form is properly filled out, and so on and so forth, although the information may be hokum and so on and so forth, that’s an extremely serious matter which it seems to me testifies to the extent to which technology of all kinds, including administrative technology not just machine technology, has in fact taken over and to our willingness to accept this with only a very slight protest.” 

“I take the laughter to be fundamentally an attempt at tension reduction. We feel the tension that this induces in us but we dismiss it by laughing about it. In fact, it’s a deadly serious matter.

Weizenbaum, channeling Goffman, emphasized the importance of being able to play different roles or to wear different masks in society.  He argued that adoption of a standard unique identifier would cause, “all of my various identities, all the various roles that I play become merged into one, and, among other things, people who make a connection with me by virtue of one role that I play will automatically have made a connection with me with respect to all the other roles that I play, which may in fact be none of their business and may in fact be damaging to me.”

Don Muchmore, a representative of the banking industry, then shared an interesting anecdote about compulsory provision of personal information.  He witnessed a bank customer opening a $10,000 account who did not want to share her SSN.  She protested that it was not the bank’s business, and that the bank might use the SSN for purposes other than tax reporting.  Meanwhile, a business representative was opening a much larger account, but this business did not have to provide a SSN to initiate the account. Muchmore concluded, “…the question in her mind was something which I think is of paramount interest to us…that is the delineation between the individual and his rights, and the diminishing of those rights it seems to me or the invasion of those rights, and groups or corporations or unions or whatever they would be and their protection against invasion of privacy.”

There is a discussion of the 1942 Federal Reports Clearance Act, which required OMB approval of all information collection activities covering more than ten individuals.  As described, it resembled the modern Paperwork Reduction Act, but it also served as a proto-privacy law for collection and internal management of information.  Thomas S. McFee, Deputy Assistant Secretary for Management

Planning and Technology, HEW, explained that OMB had rejected hundreds of requests for information as too burdensome, and that in some cases, the HEW had stopped fielded surveys because of complaints from citizens.

The first day’s transcript concludes with a lecture by Professor Arthur Miller on the law of privacy. Miller sketched the history of privacy law in America, and discussed an approach he thought promising: “It seems to me there is yet to be written a chapter about informational due process. And certain types of governmental information gatherings, uses, disseminations might be challenged on the grounds that they violate due process.”

“For example, the ability of the government to extract certain types of information coercively and use it to a citizen’s disadvantage may be said to be a violation of that citizen’s due process rights, particularly if that individual is not given a right to see the file, to challenge its accuracy, to try and force the government to create locks, gates, barriers to the movement of that data and participate in decisions made about that citizen on the basis of that data.”  Miller’s views were influential—the Privacy Act sought to codify many of the rights Miller discussed, and independently courts developed a limited form of constitutional information privacy cases (e.g. Westinghouse Elec. Corp v. Kerr-McGee Corp, 580 F.2d 1311 (1978)).

The second day concluded with a discussion of problems in census enumeration by Carol W. Parsons. She observed, “approximately 20 percent of all of the black males between the ages of 20 and 35 were not counted in either the census of ’50, ’60 or ’70. 

David B.H. Martin, Special Assistant to the Secretary of HEW
Explanation of background and aims of Committee.

Gerald L. Davey, President and Chief Executive Officer, Medlab
Computer Services, Inc.
Discussion of record-keeping practices and use of Social Security number in credit-reporting industry.

James C. Impara, Administrator of Educational Accountability,
Department of Education, State of Florida
Explanation of high school student records data systems of the State of Florida.

Patricia J. Lanphere, Assistant Supervisor, Bureau of Services to
FamDies and Children, Department of Institutions, Social and Rehabilitative Services, State of Oklahoma Explanation of data systems used by her department.

Prof. Arthur R. Miller, Harvard Law School
Discussion of the law of privacy.

Robert A. Knisely, Chairman, Urban Information Systems Interagency Committee (USAC); Director, Division of Community Management
Systems, Department of Housing and Urban Development Discussion of integrated municipal information systems.

Arthur E. Hess, Deputy Commissioner, Social Security Administration,
Discussion of use of the Social Security number and the confidentiality of Social Security Administration records. 

Thomas S. McFee, Deputy Assistant Secretary for Management
Planning and Technology, DREW
Discussion of the procedures under the Federal Reports Act of 1942 governing the collection of information by the Federal government.

Carole W. Parsons, Staff Associate, Division of Behavioral Sciences, National Academy of Sciences – National Research Council
Discussion of activities and organization of the NAS-NRC Advisory Committee on Problems of Census Enumeration.

Second Meeting, May 18-19, 1972

May 18 transcript
May 19 transcript


Professor Miller discussed the price of privacy and the kinds of people who can and cannot afford to negotiate for it: “To take a very, very simple illustration: Ask yourself or think about the question: how much will I pay for certain kinds of privacy? If you are very wealthy, you can afford to pay a great deal for privacy. You can hire guards, you can refuse to go into the credit network by being, in a sense, a cash purchaser. You can forego certain types of governmental benefits because you think, rationally, or irrationally, that the price is too high in terms of the data extracted from you.

“I know of people who refuse, I think irrationally, to get driver’s licenses, because the particular state in which they live insists on the Social Security Number. These are people who can afford to do it, either because they can pay for cabs or in one or two cases, I know of personally, they have chauffeurs.

“If you are at the subsistence level and, by definition, a large percentage of the people serviced by HEW are at the subsistence level or below it, or they have other types of infirmities, or incapacities, age, or health; and you say to that person, “How much are you willing to pay for privacy?” he is not willing to pay very much because a dollar here, and a dollar there, is the difference between subsistence, and non-subsistence.

“In effect, the system is forcing him to forego privacy or his definition of privacy, in order for him to stay alive, and seek benefits that are essential to his maintenance as a human being.

“That raises the question to what degree should the system extract that information, knowing, first, in some amorphous, constitutional sense the cost of privacy is being unequally distributed across the nation.

Miller discussed the idea that recipients of government aid may feel castigated or otherwise singled out by the government.  But this is where automated data systems offer benefits, according to testimony by Gerald L. Boyd.  The systems offered the ability to check up on an aid recipient, without performing in-person investigations, “…the midnight check to see if there was a man in the house, the asking of neighbors is he really not home or are they working…That kind of recurring contact in the neighborhood that reinforces to my mind at least, reinforces the person’s feeling that he is set apart, castigated in a way.”

When Congress ultimately passed the Privacy Act of 1974, automated decisions without human interaction were limited, perhaps because of the concerns raised by the Committee in response to Boyd’s presentation.

Stan Aronoff observed the relationship between those who were familiar with computer systems and fears about their use: “it seemed to me that the people that are best able to articulate the problem and are most afraid are the people who, themselves, work with the computer or are sophisticated in it.”  Weizenbaum said in agreement, “Two years ago there were only…a thousand people in the U.S. seriously worried about the relationship between smoking and cancer…The people who are probably most worried are the people who in some sense may be said to know most about what really goes on in big computer systems.” 

Professor Weizenbaum pointed to a recent article he published in Science (On the Impact of the Computer on Society, How Does One Insult a Machine?, v. 176 p. 609, 1972) where he argued that knowledge of machines can decay, resulting in a situation where, “…decisions are made on the basis of rules and criteria no one knows explicitly and…the system of rules and criteria becomes immune to change.”  In the context of policy, Weizenbaum argued that decay created a disaster: “Not only have policy makers abdicated their decision-making responsibility to a technology they don’t understand, all the while maintaining the illusion that they, the policy makers, are formulating policy questions and answering them, but responsibility has altogether evaporated. No human is any longer responsible for ‘what the machine says.’” Weizenbaum’s article is polemic, but one has to consider its context—the war department was a chief buyer and driver of technological research, and it its application, it allowed the warrior to have an “…enormous psychological distance from his victims. He is not responsible for burned children because he never sees their village, his bombs, and certainly not the flaming children themselves.”

The trope of the young not caring about privacy again emerges, in a lamentation by Guy Dobbs, concerning an acquaintance who polled his students about privacy issues: “…About 75 to 85 percent of the students in that very limited sample of 80 students were willing to pay the price, were willing to give up a good deal of their privacy as we understand it for the sake of the kind of progress and benefits they believed that are reported by those systems and those technologies.”

Kenneth A. McLean, an aide to Senator William Proxmire (the author of the Fair Credit Reporting Act) provided an interesting summary of credit reporting, the aims of the FCRA, and how well Proxmire succeeded in addressing problems in credit reporting. McLean relayed the depth of investigation led by insurance firms: “insurance reporting firms who go into great detail about a person’s sex life, his housekeeping habits, his associates, his general political or psychological attitudes…”  McLean recommended that the Committee examine the regulation of private-sector databases instead of just government ones.  McLean argued that private-sector data systems were engaging in similar behaviors as government computer operators, albeit with fewer safeguards.  McLean also argued that there was a, “…substantial interchange between these data systems. We found in our hearings that government investigators frequently use the information in private data collection banks and I suspect, although I haven’t been able to verify it, there is a reciprocal arrangement on the part of private firms with the government collection agencies.”

McLean related an anecdote from the car insurance industry, which was particularly invasive in its investigation of customers: “…They want to know who you associate with what your attitudes, your manner of behavior, whether you are a neat housekeeper.”

“We asked how is this related to driving ability and the witness said, it really isn’t, but we are insuring these people against liability, so we may be compelled, some day to defend them in a legal action before a jury, and if they, in any way, have some deviant behavior characteristics, they wear pink shirts, or have long hair and a mustache, they read Karl Marx…This is their rationale. If you admit that rationale, there is a certain spurious logic to it, there is no limitation to what they can collect. They can look in your library and see what books you read, what magazines you subscribe to.

McLean also discussed the “credit bulletin:” “The FTC has also held credit bulletins are illegal. These are directories of everyone in town, showing their credit rating. It is a great big telephone book and they hand it out to individual merchants on Main Street. They keep it under the counter and the kid that comes in Saturday, can find out about everybody in town, whether they pay their bills, where they have accounts. There is no privacy at all.”

As with today’s privacy policies, disclosures in the context of the Fair Credit Reporting Act did not relieve the asymmetry between firm and consumer.  McLean was asked about the invasiveness of investigations, and lamented that disclosure of practices was supposed to motivate citizens to take action on privacy.  But in practice, “They do not have to disclose a detailed list of all the questions they are asking. They simply disclose, in a general way, we are going to investigate your background and personal characteristics and etc. To the average person, it is gobbledygook.”

McLean related an investigation by Mike Wallace: “Mike Wallace of CBS formed a completely fictitious, bogus company, got a letterhead printed up, and then went to 20 credit bureaus in 20 different cities throughout the country, and he picked names at random from the phone book in those cities. Then he sent them a letter under his bogus letterhead saying that his firm was thinking of extending so-and-so credit and could he get a credit report.”

“Although…this bogus firm did not exist, and was not a member of the credit bureau, and although the credit bureau is supposed to determine the authenticity of these requests, check on the validity of the person, he was able to get reports in ten out of twenty cases.

Lawrence M. Baskir, counsel to then Senator Sam Ervin, who was actively investigating data practices of government and the private sector made comments that one might hear at any privacy conference today:  “We even find it difficult to formulate the dangers we want to avoid.  We can say, obviously, we want to avoid error, we want to avoid mistake, but what is the real human interest in collecting too much data?…”

“It is very difficult to try to verbalize and is much more difficult when you try to start making choices. We find there are almost always other interests on the other side. It may be fishy, it may be catching welfare cheaters, it may be something else. But the government interest on the other side is always much, much more powerful. This puts it at a very great disadvantage in trying to strike balances…

Commenting on harm in privacy violations, Baskir said, “…Unfortunately when you come down to violations of privacy, the kinds of information, kinds of programs that HEW deals with, benign systems, it is hard to find the injury. What is the injury? If you find the injury, how do you know what caused it?”  Baskir later suggests liquidated damages as an approach to satisfy the injury problem: “The thing you can do with legislation that you cannot do through the ordinary trial processes of challenging somebody is that you can declare something to be wrong and then declare, in a sense, almost arbitrarily, a consequence that you do it. You may not be able to prove that the unauthorized use of social security number has caused you any injury if you tried to sue, but you can write a piece of legislation that says, ‘Thou shalt not, and if you do, you pay approximately one thousand dollars irrespective of anything else.”  The Privacy Act ultimately did exactly that—established a thousand-dollar fine for violations, but the Supreme Court held in Doe v. Chao that the language of the Privacy Act required actual damages before a wronged citizen could collect the liquidated damages. 

Baskir expressed frustration with the progress of Ervin’s committee, identifying areas where they had investigated and even drafted legislation, but the political economy made reform impossible.  Of course Baskir’s comments on May 18, 1972 came almost one month before the Watergate burglary arrests, and the political economy changed greatly thereafter.

Gerald L. Boyd, Deputy Director, Office of Family Benefits Planning, DHEW
Discussion of planning, with emphasis on data systems, for the administration of benefit programs proposed in H.R. 1 (welfare reform legislation).

Bernard H. Kroll, Head, Section on Systems Design and Data Processing, Office of Biometry, National Institute of Neurological Diseases and Stroke (NINDS), National Institutes of Health, DHEW

Discussion of the Perinatal Collaborative Study of NINDS. Anthony J.J. Rourke, Jr., M.D., Chief, Office of Clinical and Management Systems, Clinical Center, National Institutes of Health, DHEW
Discussion of the Clinical Center’s automated personal data systems.

Joseph D. Naughton, Chief, Computer Center Branch, Division of Computer Research and Technology, National Institutes of Health, DHEW
Presentation of the National Institutes of Health Computer Center.

Kenneth A. McLean. Professional Staff Member, Committee on Banking, Housing, and Urban Affairs, U.S. Senate
Discussion of the Fair Credit Reporting Act.

Mario L. Juncosa, Physical Sciences Department, The Rand Corporation
Rein Turn, Information Sciences and Mathematics Department, The Rand Corporation
Discussion of current studies. by The Rand Corporation on security of data systems.

Harty S. White, Jr., Associate Director, Center for Computer Standards, National Bureau of Standards, Department of Commerce
Discussion of activities of the American National Standards Institute (ANSI) in development of standard for identification of individuals proposed by ANSI.

Lawrence M. Baskir, Chief Counsel and Staff Director, Constitutional Rights Subcommittee, Committee on the Judiciary, U.S. Senate
Discussion of the Subcommittee’s activities, concerns, and hearings on Federal Data Banks, Computers and the Bill of Rights.

Third Meeting, June 15-17, 1972

June 15 transcript
June 16 transcript

June 17 transcript 


This meeting convened on the eve of the arrest of Watergate burglars, which set events into motion that helped in the enactment of the Privacy Act.

Roy L. Lowry discussed the Federal Reports Act, a 1942 law that required government collection of information of over 10 individuals to be reviewed by the Office of Management and Budget.  Lowry described the law as necessary to deal with duplicative and invasive federally-funded questionnaires, and in his testimony, gave the example of a study of women’s sexual behavior and cervical cancer. 

Starting on page 51 of the first meeting’s transcript, there is a paradigmatic discussion of the tension between individuals’ interest in privacy and accountability.  Update the terms a little bit, and one could see this same conversation occurring in Washington today.  There is the trope of the government needing detailed information to prevent entitlement fraud, the feeling that recipients do not consent to such information sharing in any real sense, the technocrat response that in fact they do consent because the citizen provided the data, a political economy and intolerance for waste and abuse that causes a “right to know” to be invoked concerning  individuals’ medical treatment, etc. 

Proceedings on the 16th begin to frame the actual HEW report.  There is a discussion of the draft outline of the report, and individual members brainstorm about approaches to advising the Secretary.  Arthur Miller gives the most expansive presentation on his ideas for the Committee to date, emphasizing that privacy should be thought of as a due process right.   Professor Weizenbaum discusses the problem of centralization in detail, and proposes a kind of pointer-system for federal records combined with audit logs to prevent unauthorized access to information by agencies, and to encourage the storage of data close to the collector of the information.  Such a system would accommodate information sharing, but each act of sharing would be documented and would be a product of a “policy decision” rather than an emergent outcome of a large, unified database. 

Day three of the proceedings includes an interesting discussion of Social Security Number issuance. Why does the SSN lack a “check digit?” According to George Friedman of HEW, the agency considered adding one but had no means to communicate with the 100 million Americans already in possession of a SSN, and the agency was concerned about the cost of adding a digit to its data processing burden.  Friedman discussed how HEW matches individuals to existing SSNs, the costs associated with processing data files, and some of the data challenges faced by HEW given that SSNs started issuing in 1936.  Arthur Miller raised a series of prescient questions about the possible motivations for individuals to have more than one SSN (foreshadowing identity theft problems) and the incentives HEW may have for cross checking the SSN with other agencies.  The discussion with Friedman continues to cover issues with migrant workers and SSNs, errors in the coding of HEW records, and the colossal complexity faced by HEW in making changes to the structure of the SSN.  One basic problem was that millions of employers were using the SSN regularly to report earnings to the government.  Major changes at HEW would require reciprocal accommodations at millions of other entities.

Friedman elucidates other dynamics of the SSN—that it initially may have seemed to be less privacy invasive to individuals to provide a number rather than personal information (such as mother’s maiden name) to institutions; that the SSN is just a “tool”; that since this tool is so widely deployed already, it ought to be used; and that institutions such as state motor vehicle departments have little use for the SSN but adopted it nevertheless as a universal identifier for administrative ease, since so many people already had them.

The discussion concludes with a critique of an ANSI proposal (“Identification of Individual for Information Interchange”) that seems intended to aid information sharing with the SSN without consideration of privacy issues.  This is discussed in more detail at the fifth meeting.

Roy L. Lowry, Clearance Officer, Statistical Policy Division, Office of Management and Budget, Executive Office of the President

Thomas S. McFee, Deputy Assistant Secretary for Management Planning and Technology, DHEW

Arthur Benner, Chief, Forms and Records Management Section, Division of Operating Facilities, Office of Administration, Social Security Administration, DHEW
Discussion of the procedures under the Federal Reports Act of 1942 governing the collection of information by the Federal government.

Michael A. Liethen, Office of the Chancellor – Legal Counsel, University of Wisconsin, Madison
Discussion of record-keeping activities of the University of Wisconsin, Madison.

Walter M. Carlson, Corporate Marketing Consultant, International Business Machines Corporation, and Past President of the Association for Computing Machinery
Discussion of IBM’s data security program.
Discussion of standard for identification of individuals proposed by the American National Standards Institute (ANSI).

Juan A. Anglero, Assistant Secretary for Planning and Development, Department of Social Services, Commonwealth of Puerto Rico
Discussion of decentralization of data systems and the differential impact of data systems according to socio-economic and ethnic status.

Prof. Joseph Weizenbaum, Department of Electrical Engineering, Massachusetts Institute of Technology
Discussion of linkages, centralization, and irreversible social consequences of data systems.

Prof. Arthur R. Miller, Harvard Law School
Discussion of the right of due process.

Lois L. Elliott, Director, Management Information, Bureau of Education for the Handicapped, Office of Education, DHEW
Discussion of the Uniform Migrant Student Record Transfer System.

George Friedman, Assistant Bureau Director, Systems, Bureau of Data Processing, Social Security Administration, DHEW
Discussion of data collection activities of the Social Security Administration, procedures for issuance of the Social Security number, and costs of maintaining data files.

Gerald L. Davey, President and Chief Executive Officer, Medlab Computer Services, Inc.
Outline of plans for proposed study of costs of creating and maintaining selected types of automated personal data systems.

Fourth Meeting, July 24-26, 1972

July 24 transcript
July 25 transcript
June 26 transcript


Robert R. J. Gallati gave an overview of New York State’s criminal justice information system, described by Gallati as, “basically a very large computerized data base, containing derogatory information about people.”  The New York Times described Gallati as a visionary, and his comments in the committee show a very strong concern for privacy, even for the subjects of police databases.  In earlier sessions, Gallati focused his comments upon the lack of authentication in database records organized by the SSN, and argued that only with a national fingerprinting system would the authentication challenges be overcome.

Gallati described a very sophisticated record system for its time, with confidentiality protections, auditing (and specific anecdotes concerning policing of misuse of the database), check-digits and other methods to ensure validity of data, access and correction rights for suspects, purging of records for suspects whose charges were dismissed, procedural and physical security methods, and savvy-policies, such as the sequestration of organized crime files away from ordinary records.  Gallati even discussed management of the computing system, and whether police computers should ever be implemented in a shared environment, an issue alive today in the form of government cloud computing.  Politically Gallati’s agency was independent, and was only tasked with being a clearinghouse for criminal justice information (instead of a law enforcement agency). 

Gallati explained that a number of powerful interests lobbied the government to get direct access to the criminal justice information system, including private-sector security companies and Wall Street firms.  Committee member Don Muchmore turned out to be a user of these background checks and he complained that many of the criminal checks administered return arrest records without dispositions.  This results in the bank releasing the employee.  Gallati explains that many courts do not complete records with disposition information, and as a result, many people who were mistakenly arrested or otherwise wrongly charged have arrest records for serious crimes without any indication that they were innocent.  This problem is discussed in much greater detail in later proceedings.

Gallati described a procedure where first offenders could secure return of criminal records: “7090 of the civil rights law” required the state to “return the fingerprints and photographs, and destroy the record and expunge it from the computer.”   

St. John Barrett of the Department of Health Education and Welfare discussed the original Freedom of Information Act (FOIA), which was enacted in 1967.  So weak was this first FOIA that when people discuss the act today, it is assumed that the second, 1974 version of the FOIA is being referenced. Barrett, recalling his years at the Department of Justice, discussed how prior to the passage of the 1967 law, agencies selectively disclosed information, and were often reluctant to do so to political enemies.  Barrett explained, “[T]he Freedom of Information Act was designed to turn this whole system upside down so that the question ceased to be “why disclose,” but rather, “why not?”  William H. Small of CBS News followed Barrett, and recounted structural problems with the 1967 act: fees associated with requests, delays after requests, expense and delay associated with litigation, overclassification, a sense among government workers that they own agency records, and the law’s lack of applicability to Congress.

Samuel J. Archibald described agency foot-dragging and a series of other impediments to disclosure under the 1967 act.  Archibald gave an overview of current litigation under the act, noting that requestors had won many cases, but that the government very frequently invoked the law enforcement investigation and inter-agency memorandum exemptions.  He explained reforms that were about to occur—flat, predictable rates for agency search and duplication of records and attorney fee shifting provisions.

But a confused, maximum transparency ideology soon emerged.  Archibald argued that anyone receiving a government benefit had a reduced expectation of privacy, and that their name should be subject to FOI.  Committee members quickly observed that anyone touched by a government program could become subject to journalist oversight under Archibald and Small’s conception of the FOI.  After all, if it is the journalist’s job to evaluate the efficacy of government, why shouldn’t the record systems analyzed by the committee—including black lung medical records, vocational training records, mental health records, and criminal justice files—all be open to journalist inspection?  Archibald argued in response that the government was denying FOI requests to protect its own privacy, rather than individuals’ rights. But Small and Archibald’s defensiveness were clownish and extreme.  Small argued that some tax records should be public and questioned the value of jury secrecy.   Both seemed distrustful of political processes and the ability of government itself to evaluate the efficacy of programs.  Archibald even claimed to not be the beneficiary of any government largess at all, but then switched direction to explain that the benefits he received were a result of service to the government.  They seemed to argue that privacy could be protected by having the government collect less information (thus it would not be available to FOI) but this missed the point that such collection was necessary for oversight of government programs, the very interest Small and Archibald invoked to justify FOI.

Overall, Small ad Archibald just did not understand the trend that the SACAPDS was investigating—that government-collected records would not remain obscure because of automation and aggregation.  In retrospect, Small and Archibald could not foresee the fracturing of media into unaccountable transparency advocates, such as Wikileaks.  Of course the Committee did not foresee this either, but it understood that anyone could use the FOI, even businesses and data users with no duties or accountability to data subjects. An example was provided by committee member J. Taylor DeWeese—FOIA was used to obtain records on gun owners in order to create marketing lists.

Professor Weizenbaum even chastised the pair, concluding, “I move to say that you have done a disservice to the press, to this committee, and to our charge here, in having so over-stated your case that you drive people like me, for example, who are enormously in favor of very, very much more freedom of information than we have today — you positively drive us in the opposite direction.”  Small later complained to the chair that the committee had put him on trial.

Julius Shiskin, Chief Statistician, Office of Management and Budget, gave a very interesting overview of how OMB regulates collection of information, addressed confidentiality, and how the agency attempted to reduce information collection burdens.  This discussion also visits the issue of confidentiality, and the problem of agencies making confidentiality guarantees that are not reflected in their authorizing statutes.  A lack of protection was particularly problematic for businesses, which provided information sensitive to their business models but was available to competitors through virtue of FOI requests.

Earle P. Shoub, Deputy Director, Appalachian Laboratory for Occupational and Respiratory Diseases, Environmental Health Service, DHEW

Edward J. Baier, Deputy Director, National Institute for Occupational Safety and Health, Health Services and Mental Health Administration, DHEW
Discussion of the Morgantown, West Virginia Medical X-Ray Examination System.

Fred Sachs, Assistant Commissioner for Program Management, Rehabilitation Services Administration, Social and Rehabilitation Service, DHEW

Wesley Grier, Chief, Division of Program Surveys and Statistics, National Center for Social Statistics, DHEW

Nathan Lesowitz, Chief, Statistical Branch, Rehabilitation Services Administration, Social and RehabBitation Service, DHEW
Discussion of the Vocational Rehabilitation Case Service Report System.

Prof. lthiel de Sola Pool, Department of Political Science, Massachusetts Institute of Technology
Discussion of the ·benefits and possible adverse consequences flowing from applications of the methods and tools of the social sciences.

Dr. Robert R. J. Gallati, Director, New York State Identification and Intelligence System

Adam D’Aiessandro, Deputy Director, New York State Identification and Intelligence System
Discussion of New York State Identification and Intelligence
System (NYSIIS).

Harry P. Cain II, Director, Office of Program Planning and Evaluation, National Institute of Mental Health, Health Services and Mental Health Administration, DHEW

Irving Goldberg, Chief, Evaluation Studies Section, Biometry Branch, National Institute of Mental Health, Health Services and Mental Health Administration, DHEW

Jean Warthen, Director, Center for Health Statistics, Maryland Department of Mental Hygiene
Discussion of the Maryland Psychiatric Case Register System.

Allan Lichtenberger, Chief, Educational Data Standards Branch, National Center for Educational Statistics, DHEW
John Putnam, Education Program Specialist Educational Data Standards Branch, National Center for Educational Statistics, DHEW

ban N. Seibert, Education Program Specialist, Educational Data Standards Branch, National Center for Educational Statistics, DHEW

Charles T. Roberts, Education Program Specialist, Educational Data Standards Branch, National Center for Educational Statistics, DHEW
Discussion of Chapter 6 of Office of Education Handbook V, “Standard Terminology for Pupil Information in Local and State School Systems.”

St. John Barrett, Deputy General Counsel, DHEW

William H. Small, Vice President, CBS News

Samuel J. Archibald, Executive Director, Fair Campaign Practices Committee, Inc.
Discussion of the Freedom of Information Act.

Marvin Schneiderman, Acting Associate Scientific Director, Demography, National Cancer Institute, National Institutes of Health, DHEW

Harvey Geller, Head, Special Cancer Survey Section, Biometey Branch, National Cancer Institute, National Institutes of Health, DHEW

Theodore Weiss, Head, Automatic Data Processing Management Section, Biometey Branch, National Cancer Institute, National Institutes of Health, DHEW
Discussion of Third National Cancer Survey.

Julius Shiskin, Chief Statistician, Office of Management and Budget, Executive Office of the President

Joseph Waksberg, Associate Director for Statistical Standards and Methodology, Bureau of the Census, Department of Commerce

John J. Carroll, Assistant Commissioner for Research and Statistics, Social Security Administration, DHEW

Harold Nisselson, Assistant Director for Research, National Center for Educational Statistics, DHEW

Sigmund Schor, Director, National Center for Social Statistics, DHEW

Walt R. Simmons, Assistant Director for Research and Scientific Development, National Center for Health Statistics, DHEW
Discussion of federal statistical programs.

Fifth Meeting, August 17-19, 1972

August 17 transcript
August 18 transcript
August 19 transcript


“My own judgment is that one explanation of this contradiction is that when a number of people use the word ‘privacy’ and raise complaints about invasions of privacy, they are not talking about privacy at all. They are talking about power.”  –Richard J. Gwyn

The meeting opened with a lengthy discussion of whether smoking should be allowed in the room, and the committee voted to create smoking and non-smoking sections.  One participant strenuously objected to any rules surrounding smoking.  She was the executive director of a hospital!

Richard J. Gwyn delivered some of the most thoughtful and well-informed testimony in his appearance at the fifth meeting—discussing privacy as a matter of “context,” the use of privacy as a proxy for power, the issue of citizens being conditioned into a state of apathy about information collection, the difficulty of defining privacy, and the observation that computerized records have several privacy advantages over paper files.  Gwyn discussed the privacy initiatives worldwide (mentioning efforts in Sweden, Britain, and Hessen), with a focus on Canada, which had extensive government-led efforts underway to consider privacy regulation.  There were concerns about the census, wiretapping, and credit reporting. The Kingston Conference, held in May 1970 (Willis Ware participated in it), attended by 230 people, was cited as the first substantive engagement on privacy in Canada.  That conference generated a few points of consensus—ones parroted at modern conferences on privacy—that governments had to take the lead in protecting privacy, since governments owned many computers and were a force of data collection; and that privacy was virtually impossible to define.  Around page 200, Gwin described an empirical investigation into computing and information processing with many interesting observations. 

A representative from Trans World Airlines discussed the information in airline reservation databases, and indicated that law enforcement could inspect the company’s records with a mere request to do so, but that the airline required a subpoena for releasing copies of the records.  Committee members were concerned that reservation systems could lead to databases of places where individuals traveled, and to speculation about people who may have traveled together on the same plane.  Still, structurally, these reservation systems had elements that protected data.  For instance, reservation records were purged from the system automatically after flights and placed on microfiche for one year.  Airlines identified frequent travelers through phone numbers provided, but purged these individuals’ reservation records.  During the TWA appearance, Joseph Weizenbaum called airlines pretending to be the TWA representative and was successful in convincing an airline employee to reveal his travel itinerary.

Representatives from General Electric explained the factors that caused the SSN to be so broadly used in the private sector.  The company had experienced a “code explosion” as a result of the company collecting more variables without having a consistent scheme to code them.  This was slowing down data processing. Additional problems came from payments submitted from consumers who could not remember their account numbers, the issue of frequent address changes, and the age-old problem of having thousands of customers with the same name.  GE even considered printing the SSN on the face of its credit cards, but chose not to after consulting with HEW.  Arthur Miller, again with great foresight, warned that GE’s reliance on the SSN might make the company vulnerable in ways it had not considered.

Two FBI employees gave a presentation on the National Crime Information Center (NCIC).  The committee was interested in the idea that NCIC contained arrest records, even in cases where the arrest was ultimately not charged or found to be lacking probable cause.  Some members thought that arrest records should not be considered “crime information,” and thus the name of the system itself was inapt.  Much more discussion of this problem took place at the sixth meeting of the Committee.

The last day of the meeting features a very smart presentation by Sheila Smythe, representing ANSI. She discusses the challenges of developing a unique identifier and is the first to introduce the concept of authentication (she uses “verification”) in relationship to identification.  Starting on page 23 of the third day’s transcript, she details the requirements of an effective identifier: it should be able to accommodate the size of the population, one should not be able to derive personal information from the identifier alone, it should have a check digit, it should be verifiable by the issuer, and any citizen should be able to acquire one if needed. 

The ANSI system was described as fatalistic and unnecessarily geared toward information exchange, in a response from two representatives of the Society of Certified Data Processors.  The duo suggested that the SSN be a secret maintained by HEW, and that institutions in need of data could query HEW for relevant records without learning the SSN. The Society’s proposal did indeed sound more privacy-protective, but their presentation was hurried and unclear. ANSI had worked on their standard for six years, and was able to leverage the considerable adoption of the SSN in the private sector. 

As with the witness from IBM, a few committee members were concerned with Sheila Smythe’s pragmatism and the general unwillingness of technologists to take any responsibility for the normative aspects of their work.  Philip Burgess, a political science professor, argued that the ANSI standard should not just facilitate interchange, but inquire into the purposes of interchange.  He observes, “…one of the problems we have in this committee is that every time we ask a [normative] question of somebody, they say that is somebody up the line’s responsibility, and these people say, well, all we do is make it possible. It’s somebody else’s decision to decide whether it should be possible or not.”  Wernher von Braun was invoked.  Smythe ultimately responded that ANSI hoped that the SACAPDS would address the social aspects.

Alan E. Taylor, President, The Society of Certified Data Processors Observations on the different patterns of accuracy and adequacy in automated data systems.

Harry V. Chadwick, Deputy Director, Indian Health Service, Health Services and Mentalllealth Administration (HSMHA), DREW

Alfred E. Garratt, Ph.D., Chief, Office of Management Information Systems, Health Program Systems Center, Indian Health Service, HSMHA,DHEW

Rice Leach, M.D., Director, Indian Health Service U11it, SeDs, Arizona. Discussion of the Indian Health Service Health Information System.

F. M. Wilkerson, Vice President for Data Services, Trans World Airlines
Discussion of the Trans World Airlines Reservation System.

Richard J. Gwyn, Director General, Socio-Economic Planning, Department of Communications, Government of Canada ‘
Discussion of Canadian perspectives on automated personal data systems and privacy.

David B. H. Martin, Special Assistant to the Secretary and Executive Director, Secretary’s Advisory Committee on Automated Personal Data Systems, DREW
Briefing on DHEW organizational structure and functions.

Inspector Donald R. Roderick, National Crime Information Center, Federal Bureau of Investigation

Special Agent Dennis Lofgren, National Crime Information Center, Federal Bureau of Investigation
Discussion of the National Crime Information Center of the FBI.

William Simmons, Director, Student Loan Program, Bureau of Higher Education, Office of Education, DHEW

Harry Lester, Branch Chief, General Education Data Systems, Division of Automated Data Processing, Office of Education, DHEW

Alice Hansen, Chief, Reports and Analysis, Division of Insured Loans, Bureau of Higher Education, Office of Education, DHEW

Carol Wennerdahl, Administrative Director, lllinois Guaranteed Loan Program
Discussion of the Guaranteed Student Loan Program.

Walter L. Schlenker, Chairman, General Electric Corporate Information Standards and Codes Committee, General Electric Company

Emmet E. DeLay, Manager, Information Systems Operations, General Electric Credit Corporation
Discussion of individual identifiers for automated personal data systems.

Donald Roache, Acting Assistant Administrator, Program Statistics and Data Systems, Social and Rehabilitation Service, DHEW

William E. Cleaver, Senior Computer Systems Analyst, Division of State Systems Management, Social and Rehabilitation Service, DHEW

Harry Overs, Assistant Bureau Director, Bureau of District Office Operations, Division of Operating Policies and Procedures, Social Security Administration, DHEW

Richard K. M. Bridges, Assistant Director, Assistance Payments Unit, Division of Family and Children Services, Department of Human Resources, Atlanta, Georgia

Paul A. Skelton, Director, Division of Administrative Services, Department of Health and Rehabilitative Services, Tallahassee, Florida
Discussion of Social and Rehabilitation Service proposed regulations on the use ofthe Social Security number.

Sheila M. Smythe, Executive Associate, Blue Cross-Blue Shield, and Chairman, ANSI Committee X 3L8.3-IndiVidual and Business Identifications

Albert C. Kocourek, Data Processing Manager, Rouse Corporation, and Chairman, Professional Practices Committee, The Society of Certified Data Processors
Discussion of the proposed ANSI standard on identification of individuals for information interchange.

Paul Fisher, Chief, International Staff, Office of Research and Statistics, Social Security Administration, DHEW
Discussion of data systems for social insurance programs in foreign countries. 

Sixth Meeting, September 28-30, 1972

September 28 transcript (AM)

September 28 transcript (PM)
September 29 transcript
September 29 evening transcript
September 30 transcript


The first sixty pages of the September 28 afternoon transcript include an exposition on the Medical Information Bureau, which had been the target of negative reporting.  Like credit reporting, medical information reporting was developed in the late 19th century.  The first federal consumer privacy law, the Fair Credit Reporting Act, regulated the MIB and consumer reporting agencies.

The second day of the proceedings focused upon information collection and maintenance in the courts, specifically the problem of “disposition” information in criminal and civil matters.  Robert Gallati detailed a problem that plagues citizens to this day—oftentimes individuals are arrested for minor crimes but ultimately are never charged. Record systems will reflect the arrest, but not the disposition of the matter, and so when these individuals have background checks, they appear to have committed crimes that they were never formally charged with, and never found guilty of.  This has profound and unfair effects upon minorities and the poor as they are subject to more law enforcement attention than others.

California has passed legislation to prohibit employers from relying upon arrest records in hiring decisions to address this problem.  The underlying information problem still exists, however.  The custodians of these records have no incentives to correct this problem.  In fact, the tradition of devolved power to judges and judicial independence creates incentives for courts to have separate computer systems that do not interoperate with criminal justice systems.

Professor Link of Notre Dame, who studied the problem as part of his role as Chairman of the Committee on Science and Technology of American Bar Association explained that the complexity of the criminal justice and court systems resulted in missing disposition information.  For instance, whether deposition information was present in a record system was often linked to the stage at which the charge was dismissed.  In cases where the police directly observed the criminal behavior, the police themselves were likely to have information on disposition. But in cases where the suspect was arrested based upon investigation, the prosecutor’s office tended to have disposition information. To study the problem and locate disposition information, Link’s team had to analyze records at the jurisdiction’s state police, county sheriff, city police, prosecutor’s office, the courthouse, and the probation office; yet this still did not reveal information on all of the cases. 

Much of the following discussion concerns the definition and purpose of “public records.”  J. Taylor DeWeese passionately observed that the liberal purposes of public arrest records–the impossibility of secret arrests and protection against double jeopardy–were perverted to illiberal ends as these records are amassed by credit bureaus and background check companies. Arthur Miller argued that the assumptions built into 19th century ideals of public records need revisiting in light of technology.  Still, others made a compelling argument: wouldn’t you want to know if a prospective bank employee has been charged many times with a crime but never convicted? Arthur Miller responded: “I am really amused…at your concern for me as your depositor in not hiring the arrestee. I appreciate your trying to safeguard me but if the alternative is that the poor kid can’t get a job for six months and then sticks up the bank…”

The meetings took a turn toward the contentious on September 30th. The Committee was charged to produce a report by the end of the year, and yet some members thought that more information needed to be solicited. Some wanted to go on the road to hear from people in California, among other places. Some wanted to hear from witnesses that were not trade association groups; members thought these groups to be presenting a milquetoast version of industry practices. But ultimately the committee decided not to hear from new groups of witnesses or to go on the road. The committee felt that privacy was a bipartisan issue, and that traveling could cause news coverage of their investigation. In the shadows of Watergate and the election, such coverage could convert privacy into a partisan issue, thereby weakening the committee’s effort.

Recall that in June, a subcommittee had circulated a memorandum that outlined basic fair information practices. At the September 30th meeting, Ware restated and refined these principles. He suggested that legislation be enacted to punish “unreasonable use of information” with criminal, civil, and class action remedies. Among the unreasonable practices Ware suggested prohibiting were the maintenance of a personal data system without notice to individuals, that data transfers would only occur according to specific legal approval, that data maintainers would have to follow an evolving set of best practices, that data should not be transferred in bankruptcy for incompatible purposes, and finally, that it would be unreasonable to operate a database that is inimical to the interests or welfare of persons. Ware’s personal archive includes a memorandum that summarizes the Younger Committee report which was issued in June 1972; Ware appears to have been strongly influenced by it, and by principles underlying of the Freedom of Information Act.

Joseph C. Wilberding, Executive Director and General Counsel, Medical Information Bureau (M.I.B.), Greenwich, Connecticut

Discussion of the M.I.B. information system.

A. Niel Pappalardo, Vice President, Medical Information Technology, Inc., Cambridge, Massachusetts
Discussion of Meditech’s medical information systems.

William F. Atchison, Director, Computer Science Center, University of Maryland, College Park, Maryland; Chairman, Education Board of the Association for Computing Machinery; and Chairman, Working Group on Secondary Education in Computers, International Federation of Information Processing Societies

Truman Botts, Executive Director, Conference Board of the Mathematical Sciences, Washington, D. C.

Peter G. Lykos, Program Director, Computer Impact on Society, National Science Foundation, Washington, D. C.

Seymour A. Papert, Professor of Mathematics and Co-Director, Artificial Intelligence Laboratory, Massachusetts Institute of Technology Discussion of education regarding computers and their impact on society.

John N. Williamson, Ed.D., Research Specialist, The Rand Corporation, Washington, D. C.
Presentation and demonstration of REACT (Relevant Educational Applications of Computer Technology), course segment entitled “The Social Impact of Computers.”

Richard T. Penn, Jr., Program Manager, Technical Analysis Division, National Bureau of Standards, Washington, D. C.

Dr. Alfred Blumstein, Director, Urban Systems Institute and Professor, Urban Systems and Operations Research, School of Urban and Public Affairs, Carnegie-Mellon University, Pittsburgh, Pennsylvania

David Storm, Assistant Vice President, First National City Bank, New York, NewYork

Robert R. J. Gallati, Director, New York State Identification and Intelligence System, Albany, New York

David Link, Associate Dean, Notre Dame Law School, and Chairman, Committee on Science and Technology, American Bar Association

Larry P. Polansky, Deputy Chief Court Administrator, Common Pleas Court of Philadelphia, Philadelphia, Pennsylvania

Chief Judge Harold H. Greene, Superior Court of the District of Columbia
Discussion of court record-keeping practices.

William M. Adams, Associate Director, Operations and Automation Division, American Bankers Association, Washington, D. C.

Charles Borsom, Executive Vice President, National Society of Controllers and Financial Officers, Chicago, Illinois

Richard W. Freund, Vice President, First National City Bank, New York, New York

Kenneth A. McLean, Professional Staff Member, Banking, Housing, and Urban Affairs Committee, United States Senate
Discussion of personal data systems in financial institutions.

Andrew O. Atkinson, Superintendent, Regional Computer Center, Cincinnati/Hamiton County, Ohio.

William Mitchel, Senior Consultant, Claremont Graduate School, Claremont University, Claremont, California

Selma J. Mushkin, Professor of Economics, and Director, Public Services Laboratory, Georgetown University, Washington, D.C.

Charles R. Rowan, Executive Director, National Association for State Information Systems, Englewood, Colorado

Myron E. Weiner, Associate Extension Professor, Institute of Public Service, University of Connecticut, Storrs, Connecticut
Discussion of state and municipal information systems.

Seventh Meeting, November 9-11, 1972

November 9 transcript
November 10 transcript (working meeting, no transcript)
November 11 transcript (working meeting, no transcript)
Agenda for November 10–11


“…the capacity of recordkeeping agencies to think that an accusation unbased, unverified, unrebutted, unchecked, and unexpungeable is somehow mitigated…by allowing a person to put a denial in the file is really the height of naiveté at best.” – Ira Glasser

A trio of ACLU staff—John Shattuck, Ira Glasser (who went on to direct the ACLU), and the erudite Frank Donner (who founded ACLU’s political surveillance project) gave powerful testimony. John Shattuck’s focused upon how government collection of information affected First, Fourth, and Fifth Amendment rights, and how minorities and the poor bear the brunt of these incursions. 

Glasser’s testimony was broader and detailed private sector privacy problems.  He shared the story of a man whose insurance was cancelled because his son was alleged to be a “hippie.”  He spoke in detail about dossiers built upon schoolchildren that parents and children could not see, but were used in ways that affected individuals’ future.  He recounted examples of families evicted from public housing based upon criminal convictions of family members not resident in the property.  He detailed the plight of individuals with criminal histories and how the discovery of arrests and convictions could act as an absolute bar to employment, despite rehabilitation and years of lawful conduct. 

Frank Donner recounted the harms of political surveillance: its targets are “subjects,” which leads to stigma; that surveillance of even innocent activities is important to the state because the state believes that all facts somehow contribute to a mosaic of subversive plans; that it is overly exhaustive in its examination of individuals; that it is unforgiving of youthful indiscretion because investigators believe that “the leopard does not change his spots;” and that it is animated by a negative bias, that it, it interprets activities as sinister. 

Donner discussed “deferred recordkeeping,” what we could call “data retention” mandates today: “…the reason why everything is relevant [and must be collected] is because his [the investigator’s] assumption proceeds by what I call the politics of deferred recordkeeping — that a day will come when it is important to know who these people are and all about them because these people may well be poised for a takeover, they may well want to destroy the country, and you can’t be too careful.”

Donner discussed the many inquiries he received from individuals who, because of mental illness, thought that they were being followed by government agents.  Instead of dismissing these stories, he explained that their pathologies were just amplified versions of conventional fears that everyone shares.  They are evidence of the harm to the psyche of society itself.

Donner concluded: “…who can vouch for the selfhood of the next generation who live in this atmosphere of constant probing, a constant fear, a constant attempt to renew connections with each other away from the government?”

“You know, scholars have long puzzled about the meaning of a phrase in one of T. S. Eliot’s poems where he writes, ‘Till human voices wake us and we drown.’ I think the meaning is quite clear. I think we are all so hooked on technology, so in love with process, that we can’t take a stand for the human needs of the members of our society, and human voices wake us and we drown.

Shattuck argued that all arrest records should be expunged in cases where there is no disposition. Glasser suggested that employers should be prohibited from asking about arrests.  This is surprising, because in later years, ACLU’s pendulum swung so dramatically towards a “marketplace of ideas” approach to the First Amendment that factual but derogatory information in public records would be seen as a “too bad so sad” problem for citizens. Other suggestions from the ACLU included a complete enumeration of all federal government databases, a right to hearing to challenge information in a record, and the availability of a financial penalty for violating the law even when the individual could not establish damages.

Ralph Abascal, Managing Attorney, Law Reform Unit, San Francisco Neighborhood Legal Assistance Foundation
Discussion of the “California Earnings Clearance System.”

John Shattuck, Staff Counsel, American Civil Liberties Union (ACLU)

Ira Glasser, Executive Director, New York Civil Liberties Union Frank Donner, Research Director, ACLU Surveillance Project
Discussion of individual cases concerning automated personal data systems which have come to the attention of the ACLU.

William H. Corbett, Private Citizen
Discussion of a problem with multiple issuance of social security numbers;

Otilio Mighty, Director, Veteran’s Affairs, New York Urban League

Joe Garcia, Executive Director, Seattle Veterans Action Center
Discussion of veterans’ perspectives on automated personal data systems.

Gordon Manser, Associate Director, National Assembly for Social
Policy and Development, Inc.

Eloise Waite, National Director for Services to Military Families, American Red Cross, and Chairman, Committee on Confidentiality of the National Assembly for Social Policy and Development, Inc.
Discussion of the National Assembly’s Committee on Confidentiality and the responsibilities of voluntary social service agencies to their clients and funding sources.

Mary Drabik , Norman Matthews, Kenneth William, People Against National Identity Cards (PANIC), Cambridge, Massachusetts
Discussion of PANIC’s position on the Social Security number ‘as a unique, universal personal identifier. 

Eighth Meeting, December 15-16, 1972

There is apparently no transcript of this meeting, as the committee worked to write the body of the report.

Robert M. Ball, Commissioner, Social Security Administration, DHEW
Discussion of policy issues raised by spread in the use of the Social Security number as a personal identifier. 

Ninth Meeting, March 1-3, 1973 

There is no transcript of this meeting

No presentations. Meeting devoted exclusively to review of draft final report.