The events of Sept. 11 have had widespread effects on life in America. Privacy has not escaped. Attitudes toward privacy have turned, and people are embracing invasive measures that they once shunned.
The most visible loss for privacy was the passage of the USA Patriot Act. An interesting aspect of the law was the strong anti-government, pro-privacy sentiment that came from the Republican-controlled House Judiciary Committee during debate on the bill. In the end, the privacy defenders, who included politicians from right and left, lost most of the fights. Under the circumstances, the struggle went on a surprisingly long time.
The USA Patriot Act is cited as an example that privacy is dead. Some seem to think that privacy will lose its importance with consumers. I am not so sure. I offer three general observations.
First, the USA Patriot Act expanded government surveillance authority. I do not mean to dismiss the law as minor. Indeed, many of the changes are far reaching and may even be unconstitutional. However, the act redrew the privacy line only for government investigators.
It is far from clear that the fight against terrorism will affect other aspects of privacy. People are willing to give government anti-terrorism investigators more authority to collect information, use wiretaps and the like. However, it seems doubtful that consumers are any happier than they were before the terrorist attacks about having their medical records disclosed or about receiving telemarketing calls during dinner. Sept. 11 may have lessened citizen concerns about government intrusions on privacy, but it may not have affected opinions about commercial intrusions.
Second, responses to terrorism have included the adoption or discussion of a variety of identification technologies. Despite the evidence of new public support for ID cards, it is interesting that politicians generally have avoided jumping on the ID bandwagon. The Bush administration signaled a lack of interest in a national ID card.
One problem with these technological responses to terrorism is that either the technologies do not work or they do not respond to the problems. Face-recognition software is so inconsistent that its adoption would only create difficulties for those using it and those being recognized. If employed seriously, face-recognition software is certain to falsely identify large numbers of innocent individuals, and people will not tolerate that much disruption.
ID cards are another solution in search of a problem. It is undoubted that better identification methods would have myriad positive and negative aspects. However, an ID card is unlikely to stop terrorism. The notion that anyone with an ID is not a terrorist is ludicrous. I doubt that it is even possible to establish a valid, counterfeit-proof identification system that won't cost tens of billions of dollars and that won't seriously inconvenience every single American citizen. Is anyone ready to stand in lines for hours at government offices to receive a new ID card? People might have been willing to do so on Sept. 12, but they won't be in a year.
Third, we already have evidence that privacy remains an active legislative issue. The new education bill that is almost certain to have been signed into law by the time this column appears contains a variety of privacy provisions. The No Child Left Behind Act of 2001 has six separate provisions that address privacy.
The one of most interest to marketers gives notice and opt-out to parents of students asked to disclose personal information in schools for marketing purposes. Marketers, school districts and consumer advocates contested the bill. Most will see the result as a compromise because it calls for opt-out rather than opt-in. However, the law has a lot more to it than just a new opt-out right.
The new provision will force schools to pay attention to privacy. Each school participating in collection of student information for marketing will have to adopt a privacy policy after consulting with parents. The school must provide an annual notice of information-collection activities for marketing, and parents will have an opt-out right for their children. In addition, parents will have the right to review any collection instrument before a student fills it out. These requirements are a recipe for continuing controversy.
Fulfilling the law's requirements and continuing procedures will not be trivial. Informing parents is likely to create considerable dispute about an activity that was mostly hidden from view in the past. I suspect that some schools will simply stop data collection for marketing rather than bother with all the fuss. If a school makes a mistake with any of the required steps, a resulting lawsuit could cost more than the school could earn through the sale of student data.
I am not predicting that privacy legislation for the Internet will pass in 2002. However, privacy has clearly not disappeared from the legislative agenda. That suggests that reports of the death of privacy are definitely premature.
