““Reflections on the White HouseReflections on the White House Privacy Office” Privacy Office”

Peter P. SwirePeter P. SwireOhio State UniversityOhio State University

Center for American Progress Center for American Progress N.C. State Privacy DayN.C. State Privacy Day

January 29, 2008January 29, 2008

OverviewOverview

Privacy actions in the Bill Clinton yearsPrivacy actions in the Bill Clinton years Structure of the privacy officeStructure of the privacy office Possible reasons to care:Possible reasons to care:

Role of the CPORole of the CPO History of what happenedHistory of what happened Preview of what might happen?Preview of what might happen?

I. Clinton Administration Privacy I. Clinton Administration Privacy ActionsActions

Privacy hot buttons before I entered Privacy hot buttons before I entered government in 2/99:government in 2/99: Clipper Chip & encryptionClipper Chip & encryption CALEACALEA Know Your Customer (banking)Know Your Customer (banking)

Medical Privacy RuleMedical Privacy Rule

HIPAA in 1996HIPAA in 1996 Support for legislation through 8/99Support for legislation through 8/99 Proposed rule 10/99Proposed rule 10/99 52,000 comments by 2/0052,000 comments by 2/00 Final rule 12/00Final rule 12/00 Executive Order 12/00: limits on using Executive Order 12/00: limits on using

health oversight record for law health oversight record for law enforcementenforcement

Financial PrivacyFinancial Privacy

Clinton speech 5/99Clinton speech 5/99 House bill with half that 6/99House bill with half that 6/99 Significant Administration push for privacySignificant Administration push for privacy Gramm-Leach-Bliley 11/99Gramm-Leach-Bliley 11/99 Administration proposal for more, 4/00Administration proposal for more, 4/00 GLB regs 2000GLB regs 2000

Federal Government PrivacyFederal Government Privacy

6/99 OMB memorandum to post clear 6/99 OMB memorandum to post clear privacy policies on agency sitesprivacy policies on agency sites

6/00 OMB memorandum presumption 6/00 OMB memorandum presumption against cookies on federal sites & reports to against cookies on federal sites & reports to OMB on privacy in the budget processOMB on privacy in the budget process

12/00 OMB memorandum on agency data 12/00 OMB memorandum on agency data sharing, including push for privacy impact sharing, including push for privacy impact assessments (E-Gov Act 2002)assessments (E-Gov Act 2002)

Federal CIO Council privacy committeeFederal CIO Council privacy committee

Some other privacy actionsSome other privacy actions

Crypto policy change 9/99Crypto policy change 9/99 Genetic Discrimination E.O. 2/00Genetic Discrimination E.O. 2/00 NAS study on authentication and privacyNAS study on authentication and privacy Bankruptcy and privacy study 1/01: public Bankruptcy and privacy study 1/01: public

records and privacy issuerecords and privacy issue

Other privacy actionsOther privacy actions

Safe HarborSafe Harbor DoubleClick & Network Advertising Code DoubleClick & Network Advertising Code

6/006/00 SSN bill proposed 6/00, and fought Gregg SSN bill proposed 6/00, and fought Gregg

billbill Bill to update wiretap laws for the Internet, Bill to update wiretap laws for the Internet,

summer 2000; proposed higher standards summer 2000; proposed higher standards for trap-and-trace and email wiretaps for trap-and-trace and email wiretaps (Patriot Act 2001)(Patriot Act 2001)

II. The Privacy Office in the II. The Privacy Office in the U.S.U.S.

Chief Counselor for Privacy,Chief Counselor for Privacy, U.S. Office of Management and BudgetU.S. Office of Management and Budget Executive Office of the PresidentExecutive Office of the President Old Executive Office BuildingOld Executive Office Building

4 functions:4 functions: Government data handlingGovernment data handling ClearanceClearance Enforcement/OmbudsmanEnforcement/Ombudsman Bully PulpitBully Pulpit

Government Data HandlingGovernment Data Handling

Big advantage if in OMBBig advantage if in OMB ““Management”Management”

Office of Information & Technology PolicyOffice of Information & Technology Policy ““Budget”Budget” Can’t do that way in an independent Can’t do that way in an independent

agency – imagine a corporate CPO that agency – imagine a corporate CPO that was “outside” of the companywas “outside” of the company

ClearanceClearance

Testimony, legislative proposals cleared in Testimony, legislative proposals cleared in OMBOMB

Less formal statements also clearedLess formal statements also cleared Examples:Examples:

FIDNetFIDNet Money launderingMoney laundering New hire data base (information sharing)New hire data base (information sharing)

Can’t do as well in independent agencyCan’t do as well in independent agency

EnforcementEnforcement

Can’t do in OMBCan’t do in OMB HHS and financial agenciesHHS and financial agencies FTC for consumer protectionFTC for consumer protection Web seals & CPAs (expand scale)?Web seals & CPAs (expand scale)? Private rights of action?Private rights of action?

Bully pulpitBully pulpit Cons:Cons:

Fishbowl in White House therefore cautious about Fishbowl in White House therefore cautious about statementsstatements

Can’t comment on individual products or companiesCan’t comment on individual products or companies Pro: Pro:

Big impact if President or Cabinet speakBig impact if President or Cabinet speak Any White House official can raise the issue’s Any White House official can raise the issue’s

visibility & help on the Hillvisibility & help on the Hill Independent agency has more flexibilityIndependent agency has more flexibility

Ombudsman/InvestigatorOmbudsman/Investigator

No subpoena power at OMBNo subpoena power at OMB Limited ability to blow the whistle Limited ability to blow the whistle

externally to force change internallyexternally to force change internally W.H. Privacy & Civil Liberties BoardW.H. Privacy & Civil Liberties Board

Version 1Version 1 Version 2Version 2

What role for this beyond GAO, IGs, What role for this beyond GAO, IGs, Congress, and the press?Congress, and the press?

ConclusionConclusion Episodes of privacy activityEpisodes of privacy activity What might happen in a next What might happen in a next

Administration?Administration? Many issues could be open for revisiting, Many issues could be open for revisiting,

perhaps pretty soonNew Administration perhaps pretty soonNew Administration has made encouraging statements but we has made encouraging statements but we need to watch their actionsneed to watch their actions