Teetering On The Edge
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Society of Canadian Office Automation Professionals (SCOAP)
March 16, 1994
Privacy Commissioner of Canada
(Check Against Delivery)
First I would like to thank SCOAP for the opportunity to speak to you. What could be better for a privacy commissioner than an audience that wants to "explore the emerging information and technology issues"? Though, I must say I'm impressed by the number of early risers ready to turn out for breakfast at an ungodly hour for serious discussion.
But, the issue is serious. And privacy is definitely one of emerging technology's "hot buttons". I am going to tell you briefly what I mean by privacy, why I think it has become such an important issue, and what we might do to reap the benefits without trading away our autonomy.
The issues are no longer hypothetical. As proof, let me cite you two stories from recent newspapers. The first was Ontario Social Service Minister Silipo's musings about a national ID card. And the second is the government's new Blueprint for Renewing Government Services Using Information Technology.
These two developments should help us focus the debate: where to establish the balance point amongst a series of competing pressures. These are:
- the need for greater accountability for government social expenditures targeted to qualified recipients, to prevent fraud and waste;
- the demand for more "accessible service at lower cost" (Blueprint);
- the need to create new jobs, particularly in the knowledge-based industries, and the fundamental right to retain our privacy and autonomy.
Up to now much of the energy has been spent on the first three greater control and accountability, better access, and jobs, jobs, jobs. All of these are vital, of course. I pay taxes too. All of us would like to see them spent efficiently. And all the public sector employees here know firsthand, the impact of shrinking budgets and growing public demands for service.
So, it's easy to understand the enormous excitement generated by new information technology and difficult to detach ourselves and regard the promises with a sceptical eye.
But, we must. Because increasingly, the message we hear from the scientists and technicians is disturbing. They tell us that it is humans that must change, that we must adapt to the technology they have created and not that the technology must be constructed to reflect our human values.
Perhaps, this is too fundamental a discussion for breakfast but it leads to the other argument we hear, and that, is that we must redefine "privacy" to meet the demands of the technology. Some speculate that the new privacy will simply mean "confidentiality" or ensuring your information is secure. Lost will be the fundamental concept of being left alone, not being counted, surveyed, monitored and canvassed at will.
This is not the first time that there has been a debate about the impact of technology on privacy. And what do we mean by privacy? So first, I must set the stage by defining briefly what we mean by privacy (and I ask for patience from those ATIP staff present for whom this stuff is bread and butter).
Privacy is simply our right to control the flow of information about ourselves. Have nothing to hide? Don't care whether the video store sells your movie selections and address to mail order marketers? That should be your choice. But if I object, shouldn't I be able to opt out?
Privacy is the right to hold governments and business to a standard of fair information practices. That standard means collecting only the information needed for the program or service. It means using the information only for that purpose and not disclosing it to third parties who have no need to know. And it means giving us, the subjects, the right to examine the information and correct errors.
Informational privacy is built on the principle upheld by the Supreme Court - that all information about an individual is fundamentally his or her property. This means that no one should have more control over the information that the person it concerns. To disclose or withhold the information is for the subject to decide. Privacy is fundamental to the democratic notion of self-determination or autonomy.
And yet it is one of those values we risk trading away.
The studies so far have concluded that dramatic advances in telecommunications and information technology change the relationship between individuals and government. New technologies can process personal information faster and deliver it more extensively, and cheaper, that ever before.
But there has never been a technology with the power to deliver information that matches the new electronic systems. Consider the so-called "information highway" and the promises it holds:
- students in rural areas with access to the libraries and lectures of the country's top university faculties;
- patients and their doctors consulting with the best medical specialists in their fields;
- taxpayers getting 24-hour service from their government over the telephone or their home computer.
Who could possibly object?
I think you would object if your medical file found its way into the newsroom of your local TV station. Or, if your child's school records were available for the neighbourhood teenager hacker. Or, if your income tax return turned up in a stockbroker's office or at the local credit bureau.
Let me give you a concrete example of the scope of one new network and the kind of information it contains. BC has introduced a Pharmacy Network Project designed to provide complete personal drug histories on line to pharmacists across the province. It doesn't require too much imagination to understand why that information could be useful to the pharmacist and the provincial health ministry. Nor is it difficult to imagine who else might find the contents interesting.
What are we going to do to prevent the massive collection and disclosure of our personal details on the information highway? And how will we prevent the master government profile the Privacy Act was put in place to prevent?
Some (including increasingly overworked and underfunded governments) may see the vulnerability of information and the consequent loss of privacy as inevitable tradeoffs against greater speed, efficiency, and cost-effectiveness. Privacy is often at the top of the list of rights we are prepared to trade away for other perceived benefits, usually because we don't recognize it as an issue until it's lost. But once lost, there is no remedy, you can't get it back. It's gone.
So, we are tempted by technology's benefits. But, are we alert to its vulnerabilities?
This brings me to the government's blueprint, announced earlier this week. I must say I was encouraged by the lead on the press stories. For those who missed it, it read: "Guarding the privacy of Canadians will be a key concern as Ottawa revamps the public service for the information age...".
Of course, I would be the first to tell you that you can't believe everything You read in the newspapers. by some of the concepts.
And a privacy commissioner cannot help but be unnerved The document speaks frequently about "connectivity", "sharing and re-using information", and exchanging information electronically.
Now, cast your mind back to those core privacy principles I highlighted earlier:
- collection only for a specific purpose,
- use only for that or a related purpose,
- informed consent to any uses and disclosures
- and the right to examine the information and correct errors.
Can we reconcile these apparently contradictory government commitments? I hope we can and I should tell you that the process has begun on a hopeful note. Chief Informatics Officer Andy Macdonald briefed me last week on the big picture and has invited my office to be a full participant in the development.
And, at a recent Information Technology Association Conference, Minister of State for Industry Jon Gerrard cited privacy as one of the government's key concerns for the national information highway project.
So, I do not doubt the government's commitment and sincerity. Nor do I doubt that the discussions may sometimes get a little warm. After all, my first obligation is to Canadians' privacy. And moving to these electronic delivery systems means a qualitative change in government information management.
The US Office of Technology Assessment identified three features of these new systems that must concern us.
The first is that administration of government programs may have to be consolidated not only across departments, but also across jurisdictions. Many of the hoped-for benefits: less cost, greater access are illusory without the participation of different levels of government. Will this lead to the walls coming down between government databases, raising anew the spectre of Big Brother?
The second feature of these delivery systems is their likely dependence on private sector involvement. Increasingly governments are looking for partnerships with the private sector. In other words, receiving government services could well mean an electronic interchange, not just between you and the government. But, between you, the government and the private sector.
A third inevitable feature of these single interactive government systems is some sort of access and identiftcation device. And that device is almost inevitably an identity card. This prospect worries me.
I do not see anything ominous in replacing a piece of paper with a piece of plastic which carries the same information and serves the same purpose. What does concern me is the proposal by Mr. Silipo that we carry a single identification card, documenting our lives, which bureaucrats and police can demand at will. This is marvellously efficient, undeniably accurate and the ultimate tool of state control. The notion that we should be required to prove that we are who we say we are is anathema to North Americans. This is what many of us (or our parents and grandparents) thought we had escaped.
There has to be a middle ground here and perhaps that is the so-called smart card. These cards with their processing and memory capacity do at least have the potential to segment the data, limit access and give the individual ultimate control of the data, rather than the state.
How we deal with each of these issues will determine how well we are able to consider the implications of the technology on those human values like our privacy.
Canadians do care. Let me give you a quick highlight from a survey about privacy taken last year. The study established a strong public consensus for giving privacy a higher priority on the policy agenda, a "very strong desire for action" and for the active involvement of government.
But what the survey revealed most dramatically to me was the public's deep sense of unease. They are aware that technology is impinging on their lives in ways they don't yet understand, and they want to know more and to have much more personal involvement in the decision-making process.
One issue caused strong concern among respondents: linking their personal information from one organization's data base to another's. This is precisely the direction in which information technology and cash-strapped governments are moving.
Let me give you an example of what can go wrong when we forget to plan properly and consider the human factor.
During the U.S. election campaign, Clinton was criticized for the growth of low-tech jobs in Arkansas while he was Governor. Clinton countered that AT&T manufactured smart cards in Arkansas and committed himself, as part of his new health care plan, to providing everyone with a smart health card. The cards would be issued at birth and store a lifetime's medical information: a cradle-to-the-grave smart card.
This was the first that many Americans had heard about a smart card and they didn't like it. The response from the American Civil Liberties Union and others was swift and negative. They argued that Americans' privacy would be diminished. They worried that private health information would be read by everyone and the cards raised the spectre of a national ID card. The ACLU implored the administration to drop the idea. Once the story hit the front pages, no-one was going to get this genie back into its bottle. The idea was withdrawn.
So what happened here? First, you have to be struck by yet more evidence that the public's expectation of privacy is expanding and technologies perceived as undermining it are in for heavy weather.
Second, it is apparent from the controversy that many critics do not understand the technology. It's particularly ironic here because smart cards, when properly designed and used, are potentially one of the most powerful tools to enhance individual control over personal information.
But what is most apparent is that the Clinton administration had to drop the technology from its agenda because it had underestimated the public's concern. It failed to put the issues before the public for discussion, failed to get input from all the affected parties and failed to explain the technology, including its privacy pluses. This may prove an expensive lesson and one from which we must learn.
The need for public information and understanding, and public support, has grown enormously. Recent political events in this country have spelled out clearly that Canadians will no longer simply accept what's fed them. That need to know and understand will grow so long as technology continues its mind-bending onward rush.
So let me leave you with some privacy fundamentals for systems like the one envisaged in the Treasury Board Blueprint.
- Privacy considerations must be recognized specifically in the provision, use and regulation of the information system;
- The network must be governed by a fair information code established in law;
- Individuals should be able to control their own information, including what details are transmitted over the network;
- Government should limit its collection of personal data for electronic services to the minimum needed to provide the service;
- Service providers should not disclose information without the individual's explicit consent and should explain their data collection practices to individuals;
- Information about individuals' transactions must also be governed by the code; that is the pattern of the transactions, not just the data in each individual transaction;
- Government should ensure that the information goes when and where it is intended. It must protect the confidentiality of the electronic communications, perhaps through encryption;
- There should be no charge to protect your privacy;
- There should be an independent oversight body to monitor the system.
Society will continue to embrace technological change as it always has, for all kinds of reasons: comfort, convenience, liberation from toil, better profits, more efficiency, better control in a word, for progress.
Can our institutions gear up to these new challenges? Will the 21st Century see science and technology finally overcome humanity's capacity for controlling its own destiny? Will we be consumed by our machines?
Privacy is only one of the many elements in this intriguing question, but it's an important one. How well privacy fares that's to say, how much respect for human dignity and individuality we preserve, will determine whether in the end we have a society where God truly does come out of the machine.
- Date modified: