National Academies Press: OpenBook

Privacy Issues with the Use of Smart Cards (2008)

Chapter: III. FEDERAL PRIVACY LAW

« Previous: II. THE EVOLUTION OF CONCERNS OVER PRIVACY AND SECURITY SINCE SEPTEMBER 11, 2001 (9/11)
Page 9
Suggested Citation:"III. FEDERAL PRIVACY LAW." National Academies of Sciences, Engineering, and Medicine. 2008. Privacy Issues with the Use of Smart Cards. Washington, DC: The National Academies Press. doi: 10.17226/23104.
×
Page 9
Page 10
Suggested Citation:"III. FEDERAL PRIVACY LAW." National Academies of Sciences, Engineering, and Medicine. 2008. Privacy Issues with the Use of Smart Cards. Washington, DC: The National Academies Press. doi: 10.17226/23104.
×
Page 10
Page 11
Suggested Citation:"III. FEDERAL PRIVACY LAW." National Academies of Sciences, Engineering, and Medicine. 2008. Privacy Issues with the Use of Smart Cards. Washington, DC: The National Academies Press. doi: 10.17226/23104.
×
Page 11
Page 12
Suggested Citation:"III. FEDERAL PRIVACY LAW." National Academies of Sciences, Engineering, and Medicine. 2008. Privacy Issues with the Use of Smart Cards. Washington, DC: The National Academies Press. doi: 10.17226/23104.
×
Page 12
Page 13
Suggested Citation:"III. FEDERAL PRIVACY LAW." National Academies of Sciences, Engineering, and Medicine. 2008. Privacy Issues with the Use of Smart Cards. Washington, DC: The National Academies Press. doi: 10.17226/23104.
×
Page 13
Page 14
Suggested Citation:"III. FEDERAL PRIVACY LAW." National Academies of Sciences, Engineering, and Medicine. 2008. Privacy Issues with the Use of Smart Cards. Washington, DC: The National Academies Press. doi: 10.17226/23104.
×
Page 14
Page 15
Suggested Citation:"III. FEDERAL PRIVACY LAW." National Academies of Sciences, Engineering, and Medicine. 2008. Privacy Issues with the Use of Smart Cards. Washington, DC: The National Academies Press. doi: 10.17226/23104.
×
Page 15

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

10 signed to create an integrated, automated entry and exit system at the U.S. border points that records the arrival and departure of aliens, verifies their identities, and authenticates their travel documents through the comparison of biometric identifiers.44 The US-VISIT program employs digital finger scans and photos to screen foreign nationals entering the United States against watch lists.45 After 9/11, the federal government mandated that airline and airport employees have iden- tity cards to access secured portions of the airports. The TSA and its predecessor on security, the Federal Aviation Administration, have had a computer-based airline passenger screening program since the late 1990s. The newer Computer Assisted Passenger Pre- Screening (CAPPS II) program collects and correlates passenger information such as passenger name, ad- dress, birth date, and credit card number against vari- ous governmental and commercial databases, such as criminal records, to produce a security code of green, yellow, or red.46 It also requires airlines to turn over all passenger records and other personal information to the TSA.47 Those passengers coded red are denied board- ing.48 In Canada, passenger screening involves denied boarding of: • An individual who has been involved in a terrorist group and who, it can reasonably be suspected, will endanger the security of any aircraft or aerodrome, or the safety of the public, passengers, or crew members. • An individual who has been convicted of one or more serious and life-threatening crimes against aviation security. • An individual who has been convicted of one or more serious and life-threatening offences and who may at- tack or harm an air carrier, passengers, or crew mem- bers.49 These types of restrictions could be incorporated into Smart Card utilization at transit entry points, to deny entry to persons posing a safety or security threat. The International Civil Aviation Organization (ICAO) recommends the use of facial features as the primary means of biometric identification in RFID-embedded passports.50 In 2005, ICAO adopted a new Standard and Recommended Practice requiring that all member port Security, and How This Technology Should be Governed, 69 J. AIR L. & COM. 459, 482–83 (2004). 44 Margaret Betzel, supra note 8. 45 Butler, supra note 37. 46 See Haas, supra note 43. 47 See Pablo Mendes de Leon, The Fight Against Terrorism Through Aviation: Data Protection Versus Data Production, AIR & SPACE L. 31, at 320–330 (2006). 48 Daniel J. Steinbock, National Identity Cards: Fourth and Fifth Amendment Issues, 56 FLA. L. REV. 697, 709–10 (2004). 49 http://www.skyserviceairlines.com/eng/airline/arrivalsdepart ures/SpecialBulletins.asp (Last visited Nov. 14, 2007). 50 Butler, supra note 37. states (including the United States) issue biometrically enhanced machine readable passports (MRPs) and travel documents (MRTDs) not later than April 1, 2010.51 In August 2006, the United States began issuing passports containing RFID chips encoded with biomet- ric and biographical information. One can envision that MRTDs eventually may be required domestically as well. The impact of the Patriot Act on individual privacy has been much debated. One view, expressed by Profes- sor Orin Kerr of George Washington University, is: The Patriot Act did not tilt the balance between internet privacy and security strongly in favor of security. Most of the Patriot Act's key changes reflected reasonable com- promises that updated antiquated laws. Some of these changes advance law enforcement interests, but others advance privacy interests, and several do both at the same time. None challenged the basic legal framework that Congress created in 1986 to protect Internet privacy. Studying the Internet surveillance provisions of the Act suggests that the media portrayal of the Patriot Act as "extraordinary" and "panicky legislation" has little in common with the law Congress actually enacted.52 To address national security concerns, there has been some discussion of creating a National Identity Card, though there are Orwellian concerns about Big Brother’s administration of such a system.53 III. FEDERAL PRIVACY LAW A. Constitutional Law 1. Searches and Seizures The Fourth Amendment of the U.S. Constitution pro- tects "the right of people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures."54 Thus, a threshold question is whether information procured through a Smart Card, such as biometric and other personal data, constitutes a search or seizure, and secondly, if so, whether the search or seizure is “reasonable.” The question also arises whether the intrusion constitutes a violation of the individual’s right of privacy.55 The U.S. Supreme Court has refused to find that a seizure has occurred where a governmental official questions and makes identification requests of people in 51 ICAO, 1 MRTD Report 5 (2006). 52 Orin S. Kerr, Internet Surveillance Law After the USA Pa- triot Act: The Big Brother That Isn't, 97 N.W. U.L. REV. 607, 625 (2003). 53 See, e.g., Steinbock, supra note 48, at 697. 54 U.S. CONST. amend. IV. 55 Much of the law review literature focuses on privacy in terms of abortion rights, Internet use, and health care. There is some literature on the subject of Smart Cards, mostly on the issue of the airline Trusted Traveler program. See, e.g., Dempsey, supra note 40, at 649, 724; Haas, supra note 43, at 459, 480 (2004).

11 confined circumstances. Thus, in United States v. Dray- ton, plainclothes police requests for permissions to search the baggage or persons of interstate bus travel- ers during a routine drug and weapons search was up- held as not constituting a Fourth Amendment search or seizure.56 Similarly, in Florida v. Bostick, the U.S. Su- preme Court reversed a Florida Supreme Court holding that due to the cramped confines of a bus, the question- ing of a person by police officers would so deprive a per- son of his freedom of movement as to constitute a per se Fourth Amendment seizure. 57 More recently, the Court has held that an encounter with a police officer only becomes coercive, and there- fore a seizure, if a reasonable person would not feel free to decline the request or terminate the encounter.58 Ac- cording to Professor Steinbock, “This reasoning easily applies to identification requests that are ancillary to other required official interactions….”59 Thus, demand- ing that a transit passenger produce a Smart Card likely would not constitute an unconstitutional search or seizure, even if the person demanding the card were a transit policeman, so long as the other circumstances did not reveal an aura of coercion in the passenger’s freedom of movement. Moreover, in a long line of cases, the courts have steadfastly upheld security screening checks and personal identification requirements at air- ports. Airport terminals are not meaningfully different as venues for Constitutional analysis than transit ter- minals. 2. A Reasonable Expectation of Privacy Though the right to privacy is nowhere explicitly mentioned in the U.S. Constitution, in Griswold v. Connecticut60 the U.S. Supreme Court found such a right contained in the “penumbras” of the Constitution. In this case, a married couple’s use of contraceptives in their bedroom was protected by a zone of privacy free from governmental intrusion.61 Griswold was the first U.S. Supreme Court decision to recognize a Constitu- tional right of privacy. Justice Harlan's Concurring Opinion in Katz v. United States62 identified a two-part test for determin- ing those occasions in which a right to privacy should be recognized: (1) there must be a subjective expectation of privacy, and (2) the individual's expectation must be reasonable. If there is no reasonable expectation of pri- vacy, then there has not been an occasion to violate the 56 United States v. Drayton, 536 U.S. 194, 201-02, 122 S. Ct. 2105, 2111, 153 L. Ed. 2d 242, 252 (2002). 57 Florida v. Bostick, 501 U.S. 429, 436, 111 S. Ct. 2382, 2387, 115 L. Ed. 2d 389, 399 (1991). 58 Brendlin v. California, 127 S. Ct. 2400, 168 L. Ed. 2d 132 (2007). 59 Steinbock, supra note 48, at 697, 712. 60 381 U.S. 479, 85 S. Ct. 1678, 14 L. Ed. 2d 510 (1965). 61 The Court subsequently extended privacy to abortion dur- ing the first trimester in Roe v. Wade. 410 U.S. 113, 93 S. Ct. 705, 35 L. Ed. 2d 147 (1973). 62 389 U.S. 347, 88 S. Ct. 507, 19 L. Ed. 2d 576 (1967). individual’s Fourth Amendment right.63 Thus a Fourth Amendment search occurs where “an expectation of privacy that society is prepared to consider reasonable is infringed.”64 Stated differently, obtaining and examin- ing evidence may constitute a Fourth Amendment search, “if doing so infringes an expectation of privacy that society is prepared to recognize as reasonable.”65 The flip side of this analysis is that a legitimate ex- pectation of privacy is not to be expected when the ac- tion in question is openly displayed to the public, such as in a transit station or vehicle. Hence, that which can be seen or overheard by others is not off limits to law enforcement officers or other governmental officials or employees.66 A passenger passing through a turnstile at a transit station, or standing in a transit vehicle, is ex- hibiting publicly observable conduct. Should the transit provider monitor his or her movements either through video cameras in the station or vehicle or through a centralized electronic assessment of the individual’s whereabouts by reading his or her Smart Card, no rea- sonable expectation of privacy would have been vio- lated, until perhaps he or she stepped into the stall of a rest room. In Smith v. Maryland,67 the Supreme Court held that an individual did not have a reasonable expectation even in the telephone numbers that he or she dialed. The Court observed that as an individual understands that the telephone company keeps a record of the phone numbers one dials for billing purposes, no additional incremental invasion of privacy occurs when police place a pen register on the user’s line. Because the phone number does not disclose the content of the con- versation, it does not constitute a Fourth Amendment search. Recording the information obtained from swip- ing a Smart Card across a reader would seem to pose no more Constitutional concerns than dialing a telephone number, and would therefore also likely withstand a Fourth Amendment challenge. In Paul v. Davis,68 the Supreme Court addressed the disclosure of personal information by a public official. In Paul, a police chief circulated a photograph of Davis (who had been arrested but whose charges had been dismissed) on a list of “active shoplifters.” The Court found that the right of privacy extended only to “fun- damental” activities and that arrest information did not constitute such a fundamental activity.69 The Supreme Court developed the framework for a Constitutional right to information privacy in Whalen v. 63 Haas, supra note 43, at 459. 64 Maryland v. Macon, 472 U.S. 463, 469, 105 S. Ct. 2778, 2782, 86 L. Ed. 2d 370, 376 (1985) (citing United States v. Jacobsen, 466 U.S. 109, 113 (1984)). 65 Skinner v. Ry. Labor Executives' Assoc., 489 U.S. 602, 615, 109 S. Ct. 1402, 1412, 103 L. Ed. 2d. 639, 658 (1989). 66 See Brogan, supra note 32, at 65, 73–74 (2002). 67 442 U.S. 735, 99 S. Ct. 2577, 61 L. Ed. 2d 220 (1979). 68 424 U.S. 693, 99 S. Ct. 1155, 47 L. Ed. 2d 405 (1976). 69 Id. at 713.

12 Roe,70 a case involving a state statute that established a centralized computer file containing names and ad- dresses of all persons who obtained certain prescription drugs. In upholding the state statute, the Court identi- fied two interests affected by this governmental gather- ing of information: (1) "the individual interest in avoid- ing disclosure of personal matters," and (2) "the interest in independence in making certain kinds of important decisions."71 The Court observed that Paul was control- ling for the second of these two categories. It avoided fundamental activity analysis, instead concluding that the statute posed no significant threat to privacy. Though Griswold seemed to protect the sanctity of one’s bedroom against governmental intrusion, the pub- lic highways appear to stand on a different footing. In United States v. Knotts,72 the U.S. Supreme Court up- held the use of a radio frequency tracking device (a “beeper”) to track a suspected criminal from his pur- chase of chemicals back to his drug lab. Though the Eighth Circuit had found the use of the beeper to con- stitute an unreasonable search, the Supreme Court reversed, relying on Katz and holding that one does not enjoy a reasonable expectation of privacy when travel- ing on public roads.73 Absent individualized suspicion (reasonable cause), the U.S. Supreme Court explicitly has upheld the con- stitutionality of highway search and seizures in three areas: (1) border patrol checkpoints, (2) sobriety check- points, and (3) information-seeking checkpoints. In dic- tum, the Court also has indicated that other situations would warrant a reasonable search and seizure, includ- ing: (4) a roadblock designed to thwart an imminent terrorist attack, (5) a roadblock designed to catch a dangerous criminal likely to flee via a particular route,74 (6) a roadblock for the purpose of verifying drivers’ li- censes and registrations,75 and (7) searches at airports or government buildings.76 Searches at transit stations would appear to stand on the same footing as searches on highways or at airports, which have received wide- spread judicial support. In the context of Smart Cards, the threshold question is what information about individual passengers is be- ing gathered, and whether individuals have a reason- able expectation of privacy in such information. This might include an wide array of information, such as: • How much money has been deposited to pay for tran- sit services. 70 429 U.S. 589, 97 S. Ct. 869, 51 L. Ed. 2d 64 (1977). 71 Paige Norian, The Struggle to Keep Personal Data Per- sonal: Attempts to Reform Online Privacy and How Congress Should Respond, 52 CATH. U.L. REV. 803, 810 (2003). 72 460 U.S. 276, 103 S. Ct. 1081, 75 L. Ed. 2d 55 (1983). 73 Knotts, 460 U.S. at 279. 74 City of Indianapolis v. James Edmond, 531 U.S. 32, 44, 121 S. Ct. 447, 148 L. Ed. 2d 333 (2000). 75 Delaware v. Prouse, 440 U.S. 648, 99 S. Ct. 1391, 59 L. Ed. 2d 660 (1979). 76 Edmond, 531 U.S. at 48-49. • Where the Smart Card is passing, or being swiped. • Demographic information about the passenger. • Biometric information about the passenger. The transit provider might also correlate the informa- tion obtained with information available from other sources, such as information obtained from credit insti- tutions or police or security agencies. The cases seem to suggest that where the individual is located is important in the determination as to whether a privacy interest exists. Thus, an individual in his home enjoys greater protection against privacy intrusions than an individual on the public highway. Readily observable information obtained while the pas- senger is in a public transit station or on a transit vehi- cle likely would not be protected. Where the Smart Card is swiped or passes likely would not be deemed protected privacy. Certain demographic information, such as the name, address, and telephone number of the person to whom a Smart Card is issued, also likely would not be deemed private information. Yet, one’s political or religious af- filiation might be considered highly private. One’s gen- der or race ordinarily would be publicly observable, yet one can imagine that a court would be troubled by the collection of such data unless it understood the purpose for which it was to be used. Thus, the reasonableness of the government’s action also is of importance in the Constitutional assessment. Biometric information may intrude on reasonable ex- pectations of personal privacy. One source argues that although biometric hand scanning or facial scanning does not intrude upon the Fourth Amendment, retinal or iris scans constitute Fourth Amendment searches: Like fingerprints, retina and iris scans will…constitute Fourth Amendment searches because of the ability of these biometric measures to reveal personal medical in- formation. Furthermore, although none of these biomet- rics involves physically entering a person's body in a con- ventional sense, such as using a needle to obtain a blood sample, the means employed to collect the biometric measurements may, nonetheless, constitute a physical in- trusion and, thus, be deemed a search. In Kyllo v. United States, the Supreme Court recently held that the use of thermal imaging technology to detect the amount of heat radiating from a house was a search even though the de- vice could not penetrate the walls of the house. Although Kyllo dealt with searching a person's house and not the person's body, the house in Kyllo is analogous to a per- son's body. For example, retina measurements are ob- tained by an electronic scan of the retina using a beam of incandescent light to map the pattern of blood vessels in the retina. Scanning of the retina, like the scanning of the house at issue in Kyllo, does not involve physical penetra- tion. However, because the use of a beam of light to map a person's retina reveals information that could otherwise not be obtained without physical intrusion, such action may also be viewed as a search even though the method of obtaining the information does not physically invade the body in a conventional sense.77 77 Star, supra note 1, at 251, 261.

13 It is, as yet, unclear whether the courts will adopt such a view. It would seem that one’s facial features or retina are publicly observable physical features, though not at the detail permitted with modern computer tech- nology. It would also seem that a person has the option of not purchasing a Smart Card if he or she is fearful of a privacy intrusion, in the same way one has the option not to acquire a passport. Individual citizens have a Constitutional right to travel. Though there is a Consti- tutionally-recognized right to travel,78 and infringe- ments upon that right must satisfy a compelling gov- ernmental interest,79 no court has yet circumscribed the federal government’s right to obtain personal informa- tion for use in passport control. 3. Reasonableness of the Government’s Intrusion Upon Privacy In Kyllo v. United States,80 the U.S. Supreme Court held that the warrantless use of a thermal imaging de- vice to scan heat emanating from a home constituted an unreasonable search under the Fourth Amendment. The use of sense-enhancing technology to obtain infor- mation that “could not otherwise have been obtained without physical ‘intrusion into a constitutionally pro- tected area’” ran afoul of the Fourth Amendment, at least when the technology “is not in general public use.”81 In dissent, Justice Stevens pointed out that the limitation on technology “not in general public use” was “somewhat perverse,” because the evolution of technol- ogy and its wider availability over time will increase the threat to privacy.82 Once it is determined that the individual has a le- gitimate expectation of privacy in the information being sought, the analysis turns to an assessment of the pur- poses of government in seeking such information. In the absence of individualized suspicion, the reasonableness of such a search depends on balancing the interests of the government vis-à-vis the extent of the intrusiveness of the search.83 Reasonableness is judged by balancing the search’s intrusion on the individual’s Fourth Amendment interests against its promotion of legiti- mate governmental interests. The factors to be consid- ered include the nature of the privacy interest upon which the search intrudes, the character of the intru- sion, the immediacy of the governmental concern, and the efficacy of the search for meeting it.84 This requires 78 See, e.g., United States v. Guest, 383 U.S. 745, 86 S. Ct. 1170, 16 L. Ed. 2d 239 (1966). 79 Shapiro v. Thompson, 394 U.S. 618, 634, 89 S. Ct. 1322, 1331, 22 L. Ed. 2d 600, 615 (1969). 80 533 U.S. 27, 121 S. Ct. 2038, 150 L. Ed. 2d 94 (2001). 81 Id. at 34. 82 Id. at 47 (Stevens, J., dissenting). 83 Chandler v. Miller, 520 U.S. 305, 318, 117 S. Ct. 1295, 1303, 137 L. Ed. 2d 513, 525 (1997). See Jill Dorancy-Williams, The Difference Between Mine and Thine: The Constitutionality of Public Employee Drug Testing, 28 N.M. L. REV. 451 (1998). 84 Vernonia Sch. Dist. v. Acton, 515 U.S. 646, 653, 115 S. Ct. 2386, 2391, 132 L. Ed. 2d 564, 574 (1995). an evaluation of: (1) the reasonableness and legitimacy of the government’s interest, (2) the extent to which the action taken can be said to advance that interest, and (3) the degree of intrusion of the search or seizure.85 Professor Daniel Steinbock concludes: “On the informa- tion-gathering side of the process, there are substantial Fourth Amendment questions raised by mandated re- porting of personal information produced in the course of everyday life. Though this practice should be re- garded as a search, it may not be an unreasonable one, up to a point.”86 In Skinner v. Railway Labor Executives’ Ass’n,87 the U.S. Supreme Court upheld the Constitutionality of U.S. DOT regulations requiring blood and urine testing for the presence of drugs of certain “safety sensitive” employees involved in certain accidents or those who violated certain safety rules. The railroad employees’ expectations of privacy were diminished by their em- ployment in an industry extensively regulated for safety, and the persons tested “discharge duties fraught with such risks of injury to others that even a momen- tary lapse of attention can have disastrous conse- quences.”88 Weighing the government-as-employer in- terest in stopping the misuse of drugs by employees in safety-sensitive positions against the individual interest in privacy, the Court found the requirement of a uri- nalysis test reasonable.89 Fourth and Fifth Amendment cases addressing the reasonableness of the government’s interest have arisen in the transit context. For example, in Beharry v. New York City Transit Authority,90 a Federal District Court held, “the Authority’s request that Beharry provide a small urine sample within a two-hour period caused a minimal interference with Beharry’s privacy rights, which must be outweighed by the Authority’s concerns with protecting the safety of its employees and custom- ers.”91 In Holloman v. Greater Cleveland Regional Tran- sit Authority,92 the Sixth Circuit held that the transit authority had a compelling governmental interest in “protecting the safety of its passengers and the general public by ensuring that its drivers do not operate buses while under the influence of alcohol or drugs,” and that this interest outweighed the employee’s expectations of privacy.93 In Amalgamated Transit Union v. Suscy,94 the 85 Steinbock, supra note 48, at 697, 728–29 (2004). 86 Id. at 701. 87 Skinner v. Rwy. Labor Executives’ Ass’n, 489 U.S. 602, 617, 109 S. Ct. 1402, 1413, 103 L. Ed. 2d 639, 660 (1989). See Dorancy-Williams, supra note 83. 88 Skinner, 489 U.S. 602, at 628. 89 Skinner, 489 U.S. at 614. See also Drake v. Delta Airlines, Inc., 923 F. Supp. 387, 396-97 (E.D.N.Y. 1996), aff’d in relevant part, Drake v. Delta Airlines, Inc., 147 F.3d 169, 170-71 (2d Cir. 1998). Beharry v. MTA, 1999 U.S. Dist. Lexis 3157 (E.D.N.Y. 1999). 90 1999 U.S. Dist. Lexis 3157 (E.D.N.Y. 1999). 91 Id. at 30. 92 1991 U.S. App. Lexis 6904 (6th Cir. 1991). 93 Id. at 2.

14 Seventh Circuit held, “the public interest in the safety of mass transit riders outweighs any individual interest in refusing to disclose physical evidence of intoxicating or drug abuse.”95 Further, a long line of checkpoint cases have upheld police demands for drivers’ licenses and automobile reg- istrations as reasonable. Though the Supreme Court has not yet had occasion to rule on checkpoint inspec- tions on pedestrians, the Court has held that forcing people to stop at a checkpoint constitutes a Fourth Amendment seizure; the issue is whether a suspi- cionless seizure is reasonable.96 The Court has distin- guished between checkpoints whose principal purpose is to “detect evidence of ordinary criminal wrongdoing,” and those whose focus is instead on serving some “spe- cial needs” other than crime control, the former being per se unreasonable absent some individualized indica- tion of criminality and the latter permissible. In dicta, the Court has indicated that certain stops are not un- reasonable under Fourth Amendment analysis, includ- ing roadblock-type stops for highway license and regis- tration checks, and “to thwart an imminent terrorist attack.”97 Professor Steinbock notes that, Anti-terrorism identification checkpoints would stretch the rationale of “special needs” or “non-criminal purpose” searches to its current limit, but it is not likely that courts would find their use to be distinguishable from general crime fighting, particularly in the face of the enormous public pressures that would probably lie behind their creation.98 Hence, an ordinary stop of the passenger for purposes of swiping the card to deduct fares might not be a search or seizure at all, and if it was, likely would be deemed reasonable in any event. Were the government, however, to monitor the location of individual transit passengers as they passed through the network, a more serious issue would be raised, though no more than that posed by surveillance cameras in transit stations and vehicles. A stop predicated on security concerns, or a denial of entry into the transit system, if reasonably conducted and predicated on reasonable grounds, might well satisfy the government’s compelling interest in protecting public safety. Thus, the government’s strong interest in protecting public safety can make even an intrusive search rea- sonable, and therefore consonant with the Fourth Amendment’s protection against unreasonable searches and seizures. In the post-9/11 environment, the gov- ernment’s bona fide interest in protecting the public against threats to security likely would support gov- 94 538 F.2d 1264 (7th Cir. 1976). 95 Amalgamated Transit Union v. Suscy, 538 F.2d 1264 (7th Cir. 1976). 96 City of Indianapolis v. Edmond, 531 U.S. 32, 40, 121 S. Ct. 447, 453, 148 L. Ed. 2d 333, 342 (2000); Mich. Dep’t of State Police v. Sitz, 496 U.S. 444, 450, 110 S. Ct. 2481, 2485, 110 L. Ed. 2d 412, 420 (2004). 97 Steinbock, supra note 48, at 697, 724–25. 98 Id. at 726. ernmental intrusion into personal privacy, so long as the intrusion was reasonably related to security. But a search in a public transportation venue does not guarantee judicial support. As the Ninth Circuit observed in United States v. $ 124,570 U.S. Currency,99 an administrative airport search would only be upheld if the search is "no more intrusive than is necessary to achieve air safety."100 In so holding, the court "recog- nized the danger that the screening of passengers and their carry-on luggage for weapons and explosives will be subverted into a general search for evidence of crime."101 Thus, the court held that an administrative airport search cannot also serve an unrelated law en- forcement purpose, but must be limited to the goal of achieving travel safety. So too, the requirement of a transit provider that pas- sengers provide personal information for the issuance of a Smart Card must satisfy a legitimate governmental purpose. Requiring the card to be swiped would satisfy the legitimate governmental need to ensure that the person is paying for the transportation being consumed. Certain information could be justified by the need of the transit provider to obtain information useful for mar- keting or planning purposes, such as advertising or choosing the venue of future transit stations, lines, or vehicles. More intrusive information could be justified by a need to protect public safety and security. Given the broad sway afforded the need to protect public secu- rity in transportation in the post-9/11 world, one could even imagine a legitimate government need to have information correlated with the Smart Card on mem- bership in extreme and radical political and religious organizations with a history of terrorism. Therefore, it seems that quite a wide spectrum of per- sonal information could be sought or correlated by tran- sit providers in or related to the issuance and use of Smart Cards. However, personal privacy could be pro- tected in other ways, such as the issuance of regulations by the transit providers establishing guidelines as to what information is to be collected and how it is to be stored, used, and disseminated, and whether the indi- vidual has the right to access and correct such informa- tion. In other words, the wide latitude given govern- mental institutions by the Constitutional jurisprudence could still be limited internally. So long as such limita- tions did not conflict with federal security laws or regu- lations, they likely would be upheld. B. Federal Statutes Since the 1970s, the U.S. Congress has passed several pieces of legislation attempting to protect individual privacy against governmental intrusions or dissemina- tion. Yet in the post-9/11 world, the federal government has been given increased authority to monitor individ- ual activity in the “war on terrorism.” 99 United States v. $124,570 U.S. Currency, 873 F.2d 1240, 1246 (9th Cir. 1989). 100 873 F.2d at 1245 (citing Davis, 482 F.2d at 910). 101 Id. at 1243.

15 One source notes three overriding characteristics of U.S. privacy law that account for its diversity and com- plexity: “(i) the tendency of modern privacy law to di- vide into at least two main branches of privacy inter- ests: privacy concerns about autonomy and privacy concerns about personal information; (ii) the variety of different types of privacy laws; and (iii) the specific, context-dependent nature of many privacy laws.”102 The Fair Credit Reporting Act of 1970 limits the col- lection and sharing of credit histories by credit bureaus. The Privacy Act of 1974103 protects individual privacy with respect to federal agency operations and practices by regulating the government's collection, use, and dis- semination of personal information. The Privacy Act applies to information maintained by a federal agency in a "system of records," defined as a group of any re- cords from which information is retrieved via either the name of an individual or by some individually-assigned identifying number, symbol, or other particular. The Privacy Act requires that a federal agency “main- tain in its records only such information about an indi- vidual as is relevant and necessary to accomplish a purpose of the agency required to be accomplished by statute or by executive order of the President.”104 It also requires the U.S. government to restrict disclosure of personally identifiable records maintained by federal agencies. A federal agency may withhold "records or information compiled for law enforcement purposes, but only to the extent that the production of such law en- forcement records or information…could reasonably be expected to constitute an unwarranted invasion of per- sonal privacy."105 It may also withhold documents that are "personnel and medical files and similar files the disclosure of which would constitute a clearly unwar- ranted invasion of personal privacy."106 Examples in- clude “arrest records, discipline records, passport or Social Security numbers, job performance records, un- ion membership cards, and the like.”107 The Privacy Act structures how information is proc- essed within the public sector through the regulation of recordkeeping and disclosure practices. Individuals have the right to gain access to agency records contain- ing their personal information, and the right to request correction or deletion of information that is inaccurate, irrelevant, or incomplete.108 The Privacy Act also regu- lates the use of computer matching by federal agencies when records are matched with those of other federal, state, or local government records. Federal agencies involved in computer matching programs must: 102 Glancy, supra note 12. 103 5 U.S.C. § 552. 104 5 U.S.C. § 555a(3)(1). 105 5 U.S.C. § 552b(7)(c). 106 5 U.S.C. § 552b(6). 107 Lahr v. Nat’l Transp. Safety Bd., 453 F. Supp. 2d 1153, 1177 (2006). 108 Norian, supra note 71, at 803, 818. 1. Negotiate written agreements with the other agency or agencies participating in the matching programs; 2. Obtain the approval of the matching agreement by the Data Integrity Boards (DIB) of the participating federal agencies; 3. Publish notice of the computer matching program in the Federal Register; 4. Furnish detailed reports about matching programs to Congress and the Office of Management and Budget; 5. Notify applicants and beneficiaries that their records are subject to matching; and 6. Verify match findings before reducing, suspending, terminating, or denying an individual's benefits or pay- ments. 109 However, the Privacy Act had several structural weaknesses. It failed to restrict the practices of private corporations or confer upon individuals standing to pur- sue a cause of action against state or local governments; only federal agencies could be held accountable, and then only for administrative injunctions and minimal damages. Moreover, the “routine use” exemption seem- ingly swallows the rule.110 The 1986 Amendments to the Electronic Communica- tions Privacy Act of 1968111 criminalize unauthorized access to electronic communications.112 109 5 U.S.C. § 552a. 110 Black, supra note 12, at 397, 416–17. 111 18 U.S.C. § 2701. 112 (a) Offense. Except as provided in subsection (c) of this sec- tion whoever— (1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or (2) intentionally exceeds an authorization to access that fa- cility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished as provided in subsec- tion (b) of this section. (b) Punishment. The punishment for an offense under subsec- tion (a) of this section is— (1) if the offense is committed for purposes of commercial advantage, malicious destruction or damage, or private commer- cial gain, or in furtherance of any criminal or tortious act in vio- lation of the Constitution or laws of the United States or any State-- (A) a fine under this title or imprisonment for not more than 5 years, or both, in the case of a first offense under this sub- paragraph; and (B) a fine under this title or imprisonment for not more than 10 years, or both, for any subsequent offense under this sub- paragraph; and (2) in any other case— (A) a fine under this title or imprisonment for not more than 1 year or both, in the case of a first offense under this para- graph; and (B) a fine under this title or imprisonment for not more than 5 years, or both, in the case of an offense under this subpara- graph that occurs after a conviction of another offense under this section.

16 The Computer Matching and Privacy Protection Act of 1988113 amended the Privacy Act114 by designating the manner in which federal agencies could engage in com- puter matching and by providing certain protections for those applying for and receiving federal benefits. Section 7201 of the Omnibus Budget Reconciliation Act of 1990115 amended the Privacy Act by providing certain protections for individuals receiving federal benefits. The Health Insurance Portability and Accountability Act of 1996 provides privacy protection for electronically transmitted health information.116 The Children's Online Privacy Protection Act of 1998117 requires parental consent for the collection of information concerning children under the age of 13. The Financial Services Modernization Act of 1999118 (also known as the Gramm-Leach-Bliley Act) protects the privacy of consumer information held by financial institutions. Every financial institution has a continu- ing obligation to protect the privacy of its customers and safeguard the confidentiality of their customers’ nonpublic personal information.119 Regulatory agencies are obliged to promulgate regulations to ensure that banks and other financial institutions adopt procedures and safeguards: (1) to insure the security and confidentiality of customer records and information; (2) to protect against any anticipated threats or hazards to the security or integrity of such records; and (3) to protect against unauthorized access to or use of such records or information which could result in sub- stantial harm or inconvenience to any customer.120 The E-Government Act of 2002121requires federal agencies to conduct privacy impact assessments before developing or procuring information technology that collects, maintains, or disseminates personally identifi- able information. Agency officials must develop appro- priate privacy measures when implementing Smart Card-based systems and ensure that privacy impact assessments are conducted. 122 The Intelligence Reform and Terrorism Prevention Act of 2004123 establishes an “information sharing environ- ment” (ISE) among federal, state, and local intelligence 113 100 Pub. L. No. 503, 102 Stat. 2507 (1988). 114 5 U.S.C. § 552a. 115 101 Pub. L. No. 508, 104 Stat. 1388 (1990). 116 Health Insurance Portability and Accountability Act of 1996, 104 Pub. L. No. 191, 110 Stat. 1936 (1996). 117 15 U.S.C. §§ 6501–6506. 118 15 U.S.C. § 6801. 119 15 U.S.C. § 6801(a). 120 15 U.S.C. § 6801(b). 121 Pub. L. No. 107-347, 115 Stat. 2899, codified at 44 U.S.C. § 101. 122 See http://www.whitehouse.gov/omb/egov/g-4-act.html (Last visited Nov. 14, 2007). 123 108 Pub. L. No. 458, 118 Stat. 3638 (2004). gathering agencies and requires the President to ensure it is created “in a manner consistent with national secu- rity and with applicable legal standards relating to pri- vacy and civil liberties.”124 The ISE shall incorporate protections for individuals' privacy and civil liberties.125 The Act also established a Privacy and Civil Liberties Oversight Board, consisting of five members appointed by the President.126 Though established by Congress in 2004, the President did not appoint its members until 2006. The Board’s mission is to advise “the President and other senior Executive Branch officials to ensure that concerns with respect to privacy and civil liberties are appropriately considered in the implementation of all laws, regulations, and Executive Branch policies related to efforts to protect the Nation against terror- ism.”127 C. Administrative Practice On August 27, 2004, President George W. Bush is- sued Executive Order 13353 establishing the Board on Safeguarding Americans' Civil Liberties, in order to “strengthen protections for the rights of Americans in the effective performance of national security and homeland security functions….”128 On December 15, 2005, President George W. Bush is- sued a Memorandum to Heads of Executive Depart- ments and Agencies on Guidelines and Requirements in Support of the Information Sharing Environment. 129 124 6 U.S.C. § 485(b)(1)(A). 125 6 U.S.C. § 485(b)(2)(H). 126 5 U.S.C. § 1601. 127 6 C.F.R. § 1000.3; 72 Fed. Reg. 17789 (Apr. 10, 2007). See also http://www.whitehouse.gov/privacyboard/ (Last visited Nov. 8, 2007). In 2004, Sen. Patrick Lahey (D-Vt.) character- ized RFID tags as “barcodes on steroids…poised to become the catalyst that will launch the age of micro-monitoring.” He con- tinued, “The RFID train is beginning to leave the station, and now is the right time to begin a national discussion about where, if at all, any lines will be drawn to protect privacy rights.” Brito, supra note 3. 128 69 Fed. Reg. 53585 (Aug. 27, 2004). 129 On the issue of protecting the privacy rights of Ameri- cans, it provided: As recognized in Executive Order 13353 of August 27, 2004, the Federal Government has a solemn obligation, and must con- tinue fully, to protect the legal rights of all Americans in the ef- fective performance of national security and homeland security functions. Accordingly, in the development and use of the ISE, the information privacy rights and other legal rights of Ameri- cans must be protected. (i) Within 180 days after the date of this memorandum, the Attorney General and the DNI, in coordination with the heads of executive departments and agencies that possess or use intelli- gence or terrorism information, shall (A) conduct a review of current executive department and agency information sharing policies and procedures regarding the protection of information privacy and other legal rights of Americans, (B) develop guide- lines designed to be implemented by executive departments and agencies to ensure that the information privacy and other legal rights of Americans are protected in the development and use of the ISE, including in the acquisition, access, use, and storage of

Next: IV. STATE PRIVACY LAW »
Privacy Issues with the Use of Smart Cards Get This Book
×
 Privacy Issues with the Use of Smart Cards
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

TRB’s Transit Cooperative Research Program (TCRP) Legal Research Digest 25: Privacy Issues with the Use of Smart Cards examines basic privacy issues associated with the acquisition and storage of financial and trip data associated with the use of a transit smart card. The report explores who can access the data collected, what data may be accessed and under what conditions, and how the information can be used.

READ FREE ONLINE

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!