The explosion of new technologies having privacy implications seems to be outstripping Congress's ability to regulate it with effective policy solutions. That was one of the conclusions of a Congress Project panel convened at the Wilson Center May 15 on the subject of Congress and Individual Privacy in a New Security Age.

The keynote speaker, Senator John Sununu (R-NH) cautioned that the myriad of new technology issues affecting privacy issues are not all the same, and that Congress and the Executive Branch need to deal with them in different ways. "You first need some kind of framework to look at what the core concerns are, who should be responsible for addressing them, and how to proceed." Sununu added, "If you want a good policy prescription, you have to understand the nature of the problem." He suggested that privacy issues could be broken down into three categories when trying to decide how to proceed. First, there are those matters that raise clear constitutional law issues involving the First, Fourth, and Fifth amendments. The question of when warrants should be obtained in connection with domestic surveillance under the Foreign Intelligence Advisory Act (FISA) is one recent example. These issues deserve a lot more thought and discussion than they often get.

Second, there are those privacy issues raised by economic or commercial contracts. We give all kinds of personal information to banks in order to obtain a loan. Questions arise as to whether it is proper for banks to share that information with third parties. But these are not constitutional issues so much as there are contractual. "That is not to say there should not be some government regulation of this. Congress has done so. But, as a free market person I think the best way is through consumer access and disclosure of what is being done."

Third there are "gray areas" that "members do not like to discuss in depth…and these involve questions of whether they are things the Federal government should be doing in the first place, such as the NSA gathering of phone logs," or forms of data mining like the Total Information Awareness program designed at the Defense Department (and shut-down by the Congress). "You have to weigh whether the benefit is really worth the privacy intrusions involved." Other examples include moving to national drivers' license standards. Sununu said this can be done by the states. By going to a uniform Federal license "we have created a new gold standard for fraudulent activity." In concluding, Sununu said that if you are only concerned about whether something is constitutional or unconstitutional, "you will enable a lot of bad ideas" simply because they are constitutional. This is because "the natural reaction of Congress is to design a solution" instead of thinking through whether the solution will actually solve the problem, or even whether it is an appropriate area for Federal involvement.

New Mexico State University Associate Professor Nancy Baker observed that Congress is generally inclined to protect the privacy rights of concern to citizens "but not when the people are afraid." Then, she noted, public opinion tends to favor security over privacy, and this is reflected in recent polls. Nevertheless, over the last three decades, Congress has enacted a large number of privacy laws in response to people's particular concerns. The September 2001 terrorist attacks slowed that down so that now any privacy protections come as part of national security legislation. And Congress has wrung some concessions from the Administration in this regard on laws like the USA PATRIOT Act. Still, the most recent renewal of that Act did not go far enough in the eyes of civil libertarians to allay their concerns about government abuses of privacy. Baker concluded that it is difficult to frame adequate privacy protections while the public remains fearful of another attack.

Joelle Tessler, a reporter on information technologies for CQ Weekly, emphasized the extent to which the law has not kept up with advances in technology when it comes to privacy. "Many Fourth Amendment protections do not apply in cyberspace. The laws are decades out of date, giving the government room to impose its interpretations as to how they should apply." While civil libertarians urge an updating of laws, there is a great difference among those in government and the private sector on how this should be done. The examples she gave of this privacy protection gap included e-mail and text messaging; search engines and search logs; and Internet wiretapping. "The key is adequate self-restraint by government in updating the law. An attempt was made to do this in the late 1990s but was cut short by the dot-com bust and then by 9/11."

Peter Swire, a professor of law at Ohio State and former Clinton Administration privacy counselor at OMB says a lot of people today see the privacy issue as what the environment issue was back in the 1970s. "There's sort of a discourse of despair about privacy now, as there was with environmental pollution then." But we have usually dealt with things when they become intolerable, going back to the problem of the British quartering their soldiers in our homes leading up to the American revolution, or the concern in the 1970s that lie-detectors would be used extensively in the workplace to learn all manner of private things about us; or that there would be one huge Federal mainframe computer will all the information about all of us. But Congress put a stop to those two possibilities as well. Now instead of a giant mainframe we have personal computers, but they are linked through the Internet and that raises many possibilities for privacy invasion.

Former Representative Martin Frost (D-Tex.), now a public policy scholar at the Wilson Center said the reason members don't move more quickly and effectively on these privacy concerns is that they really don't understand the new technologies and therefore are afraid to act for fear of unintended consequences. "Their kids know more about information technology than they do." Frost explained how in 1999 he and Rep. Deborah Price (R-Ohio), as members of the House Rules Committee, were called upon by the chairman of that committee to draft compromise privacy provisions for a financial services reform bill that otherwise would have been deadlocked between those who wanted no protections in the bill to those who wanted much stronger protections. Consequently, the bill did go on to be enacted as the Gramm-Leach-Bliley "Financial Services Modernization Act." It stands as an example of how clashing interests over privacy and free enterprise sometimes have to be reconciled by the leadership using extraordinary means.