It's a pleasure to be here in California to discuss some of the legislation that has been proposed in California aimed at protecting privacy. Iím based in Washington, D.C. now, but I grew up down on the peninsula and went to law school at Hastings here in San Francisco, so Iím really delighted to be back.
Let me thank the Progress & Freedom Foundation and the Pacific Research Institute for inviting me to participate in the panel today. I am very pleased by my affiliation with PFF and Iíve been a fan of PRI for many years.
I also want to congratulate Howard Beales and the FTC for conscientiously working to improve our national discussion of privacy. Iím always going to be hectoring people like Howard and Iíll probably never be satisfied.
People laugh at me when I talk about improving the intellectual quality of the debate in Washington ó Intellectual? In Washington? ó but the FTC has clearly taken steps to improve peopleís thinking on the costs and benefits of regulation aimed at privacy.
I'm here as Editor of Privacilla.org. Privacilla is a Web-based think-tank devoted exclusively to privacy. It attempts to capture privacy as a public policy issue from top to bottom.
We divide privacy from government and privacy in the private sector. Within the private sector, we break it down into financial privacy, medical privacy, and online privacy. Within those categories, we talk about the issues, what the policies should be, what proposals are out there, and so on. Importantly, we attempt to define what "privacy" is and set aside the non-privacy issues that are often confused with "privacy." I encourage you to visit the site at www.privacilla.org and get an idea of the material that is there.
As an aside, let me make a disclaimer that I try to give it whenever I speak. I do represent private clients wearing my lobbyistís hat. None of my clients has specific privacy concerns, but privacy touches just about every public policy issue, so I always encourage people to watch for bias in what I have to say, as you should with any privacy advocate.
As I mentioned, Privacilla has done something new, I think, which is to try to figure out what privacy is. The number one problem with the privacy issue is that the word "privacy" is used to describe so many different concerns with the modern world. You can talk about privacy, and some people are going to think youíre talking spam, some people will think it's identity fraud, some people will think it's security, and so on, and so forth.
Because of the brief time I have, let me just give you some top-level conclusions from our study of privacy.
One is that privacy is a subjective condition. It is a sense that a person has or doesnít have depending on who knows what about him or her. By subjective, I mean that it is held by individuals. You canít decide for me what my sense of privacy should be. And I canít decide for you what your sense of privacy should be. Privacy is the same kind of thing as happiness or morality.
So, Iíve got to ask you: if you heard there was a bill in Sacramento called the Happiness Assurance Act of 2002, would you feel warm and fuzzy just knowing that the government was about to make you happier?
Happiness is a product of self-awareness and autonomy. People make themselves happy by figuring out what they want and going after it. So it is with privacy.
I think political leaders and consumer advocates have been too quick to talk about regulation. They would probably do better by devoting themselves to consumer education. Only educated, empowered, and responsible consumers can figure out what they want in terms of privacy and pursue it by bringing businesses to heel with their everyday choices.
Thereís no question that protecting privacy in the modern world is hard. I admit, and regularly hector companies and industry groups about the fact that they donít offer an appropriate range of information practices for consumers who are the most sensitive to information sharing.
But if protecting privacy in the commercial world is hard, protecting privacy from government is impossible, because governments can take information from people by force of law. After September 11th, weíve seen a cavalcade of proposals at the federal level and here in California to increase the intrusiveness of government into our personal lives. Right or wrong? Itís still hard to say. But laws passed today will still be in place generations after the war on terrorism has been won.
For example, just last week, right here in California, legislation was introduced that would automatically forward personal information about new male applicants for driverís licenses to the federal government so that they can be registered for the military draft if that again becomes necessary. You donít have to oppose the draft to worry about yet another strand in a web of government databases that we as citizens have no power to resist or refuse. None at all.
Now Iíll briefly comment on, or augment the reports youíve heard from our other speakers, using my own perspective as a student of privacy.
The studies released today illustrate some of the costs of legislation proposed in the name of privacy here in California. And there are many. I would like to complete the equation by discussing the benefits.
The short answer is that I donít know what the benefits are. The proponents of new regulation have failed to articulate how legislation would make life tangibly better for Californians. Abstract privacy rights donít mean much. Iím talking about bettering the real condition of real people.
Letís assume that thereís an opt-in regime in California and everyone refuses to allow information about themselves to be shared among financial services companies and their business partners. How is life better after that? What burden is lifted from Californiansí shoulders?
I donít know, but if there were real demand for the version of privacy offered by the legislation weíve seen, there would already be a significant number of Californians refusing to deal with financial services companies. And, in fact, there would already be a market for no-information-sharing financial services.
Another way to phrase the question I am asking is "Who is being harmed by information practices that are legal today?" Iíve followed the privacy debate in Washington, D.C. more closely than here, and in the capitol of the free world ó the heart of the greatest democracy on the planet ó not a single person has come forward to say that they have been harmed by uses of information that are legal today.
I may be an ignoramus ó and there is much evidence of that ó but I am unaware of what harm the privacy legislation proposed here in California would protect consumers from. Someone needs to answer the question: How would it make life in California better?
I appeared on a panel discussion late last year at the Federal Trade Commission dealing with the notice provisions of the Gramm-Leach-Bliley Act. For that panel, I did an analysis of the GLB law and found that it doesnít advance privacy so much as something you might call "freedom from marketing."
But itís not really freedom from marketing. Itís freedom from accurate marketing. In the world advanced by the Gramm-Leach-Bliley law, college students get invited to buy annuities. Childless elderly couples are encouraged to invest in Education IRAs for their sons and daughters. Poor people like me get offers for private banking services in Antigua.
If your version of privacy is not getting crass commercial solicitations, weíre talking about more ó not less ó worthless junk.
At the FTC panel, advocates from across the political spectrum declared the GLB Act to be a failure in terms of delivering privacy. It would be amazing, amusing, and a little bit sad, if California took the failure of the Gramm-Leach-Bliley Act as a signal that it should do even more of the same.
I do love my home state of California, but I will point at you and laugh out loud if some of these proposals go forward.