TOWARD AN ELECTRONIC BILL OF RIGHTS Dean Gengle Smith &.Gengle P.O. Box 14431 San Francisco, CA 94114 (415) 474-0933 ABSTRACT Some futurist/analyst observers of trends in both the microcomputer industry and related services sectors of the economy place a 90% saturation of the personal microcomputer market by the 1990s. While such estimates as to exactly when the microcomputer will be as ubiquitous as the automobile and television sets may be overoptimistic, the "communications revolution" is acknowledged by most. This means, practically speaking, more people using the phone lines, satellite communications channels, and computers to: send and recieve mail/messages; hold "electronic meetings,, and conferences; conduct financial transactions; access special libraries ("databases") of information; make travel arrangements; conduct clerical and managerial information tasks; publish "electronic" papers; engage in real-time and imaginary simulations;and generally shake-up the way we "do', things and perceive ourselves "doing" things. The U.S. Constitution -- specifically the Bill of Rights -- has operated largely within a non-electronic, paper environment. Rights of free speech, assembly, religion etc. have been defined in terms of how things have been done, and not in terms of how they are coning to be done or may be done in the future. What we need to do quickly, it is respectfully suggested, is to make the Bill of Rights -- human rights generally -- ex-plicit in the telecommunications processes at our disposal. This will avoid the high social costs of fighting some ancient social battles over again, on electronic terrain, i.e. battles over privacy, pornography, political Big Brotherism, and worse. A so-called "Electronic Bill of Rights,, would, among other things, assure that electronic mail preserved two important properties of paper mail: signatures of identity and privacy. Such a Bill of Rights would also address issues of transnational data flow, the use of private and governmental data banks, freedom of information and privacy in matters other than mail per se, such as financial and/or political data, and unforseen clashes of "right" with" right" in the information environment. This paper is a set of working notes towards such a Bill of Rights, and a primer for community discussion of the issues involved. --8012 (Copyright @ 1981 Smith & Gengle) Item: Within weeks of President Carter's inauguration (1976), the Justice Department asked Congress to block implementation of the then newly enacted Tax Reform Act of 1976, before they became effective. The Attorney General argued that the act's modest privacy provision -- notice to taxpayers before the IRS could obtain their bank records, and a court order before any other federal agency could obtain tax records -- would hamper law enforcement and flood the courts with litigation. Item: In its early proposals for tracking illegal aliens (and to prevent their employment) the Carter administration came up with a Universal Social Security Identity Card. While the approach was dismissed by the Carter crew, the scheme is being seriously discussed once again by the members of the new Reagan Presidency. Item: According to a 1978 Harris survey, 71 percent of Americans are of the belief that they "begin surrendering their privacy the day they open their first charge account, take out a loan, buy something on 4k-.he installment plan or apply for a credit card.,, Contrast with 1974, when only 48% agreed with that statement. Item: Professor George I. DaVida applied for a patent on a new cryptographic scheme to the Commerce Department. He got back a letter from the Department ordering him not to discuss or write about the "principles" involved. "It was worded so broadly," DaVida said, "it could have meant that I couldn't talk about any of the mathematical theory underlying cryptography or my related research.,, DaVida's invention is a device to safeguard computer-based information by encoding it. Item: In 1978, the U.S. released a "national standard" for data encryption (DES). The DES has been challenged by private experts as "too easy to break." Some even charge that the standard was deliberately made too easy under orders from the National Security Agency (NSA), custodian of all official U.S. ciphers and eavesdropper on all enciphered foreign message traffic. Item: Quote from Science magazine: "While the NSA might wish to keep the current research into unbreakable codes secret -- presumably to deny them to hostile countries such coding schemes could have benefits in civilian, commercial life. Recent news stories and congressional investigations have revealed the extent of possible eavesdropping on ordinary telephone and data communications, and the demand for secure communications is growing. If everyone -- governments, corporations, even private citizens -- had the capability to encode their communications absolutely, all these threats to privacy would at least abate, and might just go away. In this context, the NSA's interest in denying access to the research seems rather narrow." That there are human rights is a contemporary form of the doctrine of natural rights, first clearly formulated by Locke and later expressed in terms of "the rights of man.,, Natural or human rights are those which people are supposed to have just because of their humanity and not because of human fiat, law or convention. Such rights have therefore been frequently invoked in the criticism of laws and social arrangements. In 1948, the General Assembly of the United Nations adopted a Universal Declaration of Human Rights. This declaration formulated in detail a number of rights, including economic and cultural as well as political rights, to form a standard of human rights. Of course, this was not a legally binding instrument, but it was followed by a number of international covenants and conventions, including the European Convention for the Protection of Human Rights and Fundamental Freedoms, which have influenced national legislation and provided some machinery for international enforcement. See: Basic Documents on Human Rights, Oxford, 1971. Those Articles of the First Ten Amendments to the Constitution of the United States (The Bill of Rights, 1791) possibly relevant to defining an "Electronic Bill of Rights;'annotated, with significant wordings underlined: Article I Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging freedom of speech , or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances. * As more and more transactions take place through computer terminals, freedom of speech and freedom of press begin to merge. The citizen's right to secure channels of communication, free from prior restraint or eavesdropping by third parties (whether government or others) should be built-in to the various layers of computer systems involved. The ability to organize politically, via computer conferencing and networking techniques, would be safeguarded under this article. Here, the right of peaceable assembly is broadened to include assembly via communications channels. Article IV The right of the people to be secure in their persons, houses, papers and effects against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation and particularly describing the place to be searched and the person or things to be seized. * "secure in their effects" can cover hardware and software, encryption and decryption keys, databases, etc. Effects, possessions and so forth need not necessarily be material objects but may partake of the nature of information. Article V (partial) . . . nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty or property, without due process of law; nor shall private property be taken for public use, without just compensation. * This might cover banking records, personally-generated encryption codes, records of transactions with databases, etc. The concept of "private property" might be expanded to include the contents of one's mainframe data files, for example. Article VI (partial re: prosecutions) . . . to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him . . . * This has obvious implications in the credit data field. The Freedom of Information Act and the Privacy Act are steps in the direction of safeguards. Article IX The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people. * "Retained by the people" would imply computer usage and encryption technologies as two of the "not delegated powers" which come under the protection of the final two amendments. # # # A partial legislative checklist: - Freedom of Information Act (1966) - Bank Secrecy Act (1970) - Fair Credit Reporting Act (1970) - Privacy Act (1974) - Family Education Rights and Privacy Act (1974) - Tax Reform Act of 1976 - Right to Financial Privacy Act (1978) # # # Proposed Organizational Protocols A network-based organization, consisting of other organizations, citizens groups and individuals, with the following purposes: 1. To encourage and support the widest possible public participation in decision-making concerning telecommunications development, use and policies. 2. To encourage and support maximum public use and benefit of new and existing channels of information, data transmission, data bases, satellite transmission technology, and hybrid computer/video/telephonic technologies. 3. To encourage and support the rights of private groups and individuals to research and develop new data encryption technologies, including but not limited to applied and theoretical encryption research, applied encryption techniques in hardware/firmware and software form, and the development of public-key cryptosystems. 4. To maintain the rights, derived from the U.S. Constitution, of private citizens and groups to secure channels of information, free from any and all forms of monitoring, whether by governments, other private groups or individuals. 5. To encourage and support the development and spread of electronic mail systems, computer convention systems, and databases incorporating the privacy and security features implied by (3) and (4) above. 6. To monitor and report on the actions and pending actions of government agencies, legislative bodies, private groups and individuals which might have an effect on the overall freedom and security of information channels, via presently existing or future communications technologies, such that Bill of Rights guarantees are further secured in the emerging global information environment. 7. To collect, process, store and retransmit information relating to (1) through (6) above, on an international basis and with a view toward the development of a planetary "Electronic Bill of Rights." # # # "Privacy is the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent, information about them is communicated to others." -- Alan Westin # # # Computer People for Peace, in a 1971 paper, suggested the following criteria for privacy in the computer age: The concept of "public information" as currently defined needs to be restricted along the lines of "name, address and social security number." Arrest and conviction records, school records and other personal history should not be made "public information." There should be no transfer of data from one agency to another and no sale of information under any circumstances. Individuals should be informed by periodic audit notices of all information about them held in any data bank, private or public, and should have the power to have any such data altered or destroyed beyond the data defined as "public information." No person should be denied any public or private service, right or employment opportunity for refusal to supply personal data beyond that defined as "public information." All questionnaires seeking personal data should carry a printed explanation of what information a person is obliged to supply for the purposes of the questionnaire. The substance of all legislation and regulations should establish a set of criteria for "need to know" for the collection of any data on individuals, and the burden of proof of this need should rest with the collecting agency. Statistical data necessary for analysis and planning by public and private agencies should be collected in such a way that none of it can be traced to any individual. Retention cycles should be established for the maintenance of all data collected on individuals. # # # Bibliography and References This listing is undigested and unrefined. It represents an unalphabetized "first pass" at collecting materials relating to these issues. Some may be unavailable or difficult to obtain. Rivest, Ronald L., Adi Shamir and Len Adleman, "A Method for Obtaining Digital Signatures and Public-key Cryptosystems.11 MIT, Laboratory for Computer Science, April, 1977 Miller, Arthur R. The Assault on Privacy, Ann Arbor, University of Michigan Press, 1971. The Privacy Act: How It Affects You and How to Use It, available from American Civil Liberties Union, 22 East 40th Street, NYC 10016. Stigler, George J., "The Economics of Information" Journal of Political Economy 69, no. 3 (June 1961) Dertouzos, Michael L. and Joel Moses, Eds. The Computer Age: A Twenty-Year View. MIT Press, Cambridge, 1960. Katzan, Harry S. Jr., Multinational Computer Systems, An Introduction to Transnational Data Flow and Data Regulation, International Series on Data Communications and Networks, Van Nostrand Reinhold, New York, 1980. Kolata, Gina Bari. "New Codes Coming Into Use (for tamper-proof security systems)", Science v208, May 16, '80 --------- 'Prior Restraints on Cryptography Considered," Science, v208, June 27, '80. --------- "DOD Vacillates on Wisconsin Cryptography Work," Science, v20l, July 14, '78. Hellman, Martin E., "The Mathematics of Public-Key Cryptography," Scientific American, August, 1979. Thompson, Gordon B. "Memo from Mercury: Information Technology is Different" paper no. 10, Institute for Research on Public Policy, June, 1979. The CoEvolution Quarterly, special Broadcast Issue, Winter 1977/78. Box 428, Sausalito, CA 94965. French, Scott. The Big Brother Game, Bugging, Wiretapping, Tailing, Optical and Electronic Surveillance, Surreptitious Entry, Lyle Stuart, Inc. New Jersey, 1978. Hougan, Jim. Spooks: The Haunting of America -- The Private Use of Secret Agents. William Morrow and Co. Inc. New York, 1978. Gengle, Dean. "The Limits to our Desires," The Alternate, San Francisco, Jan. 1981. Acknowledgements Materials presented in this set of working notes owe their origins to many different sources. This notetaker would like to particularly thank SSS, Arlen and R.A. Wilson, and John S. James for continued lively exchange and hard data. Individuals, organizations and others wishing to pursue these matters or to bring new information to the author's attention are cordially invited to write c/o the address at the beginning of this paper.