|
This paper was presented at the Association for Education in Journalism and
Mass Communication in San Antonio, Texas August 2005.
If you have questions about this paper, please contact the author
directly. If you have questions about the archives, email
rakyat [ at ] eparker.org. For an explanation of the subject line,
send email to
[log in to unmask] with just the four words, "get help info aejmc," in the
body (drop the "").
(Jan 2006)
Thank you.
Elliott Parker
====================================================================
The Digitized Self as Public Tender:
Privacy Laws (or lack thereof) and the Sale of Personal Records
Introduction
The public outcry generated by ChoicePoint's recent report of the fraudulent
acquisition and use of over 140,000 personal records in the company's
database is
woefully misdirected, due in no small measure the company's framing of the
problem, one that was reported uncritically by the media.1 The
'problem' was identity
theft, the 'culprits' were scam artists and crooks, and the solution
was to catch and
prosecute them. What remains largely unaddressed, one with
potentially irreversible
damage to and far-reaching implications for personal privacy, is the
uncurbed growth
of the personal records industry chief among which is ChoicePoint Inc., which
collects with any regulatory restrictions practically every aspect of
individuals'
personal records from local, county, state and federal institutions.
The records
collected are stored into highly sophisticated databases capable of making
connections indiscernible to the human eye about the individual, and drawing
inferentially-based behavioral and psychographic patterns and
predispositions about
1 This Alpharetta, Georgia-based, founded in 1997, originally
provided only credit data to insurance
companies. By 2004, its database had contained the comprehensive
personal record of well over 100
million Americans, its gross income had increased from 500 million
dollars to four billion dollars, and
its clientele broadened from 5,000 to 50,000 and included
corporations, small businesses and parastal
agencies, especially federal and state law enforcement agencies. The
company reported in early
February 2005 that criminals posing as legitimate businesses received
the personal records of 30,000
Californians. That number was revised to over 140,000 a week later.
At least 750 individuals have
been identified as victims of the scam.
http://news.com.com/ChoicePoint+data+theft+widens+to+145%2C000+people/2100-1029_3-
5582144.html. Retrieved April 1, 2005.
1
such individual, a process known as data mining (Tavani, 2000). The data and
analyses are sold to corporations, small businesses and government
law information
agencies, who base their transactional and investigatory decisions
primarily on such
data and reports.
The general public is for the most part unaware of the industry's
existence, let
alone the impact of its activities of their lives. While citizens
have no authority over
the access and use of their personal records, or of the decisions
based on such records,
they are legally liable for (trans) actions based on their records:
The burden of proof
of innocence lies squarely on the shoulders of victims of identity
fraud or theft, who
have little recourse to redress in some state courts, none in others
and none in federal
courts.
I argue in this paper that this situation in which individuals are stripped of
their anonymity and privacy, virtually exposed, in effect sold as a
commodity to
practically any bidder, and on whose records long-lasting,
potentially damaging
decisions are made about their guilt or innocence, their financial,
ethical and
professional worth, is attributable to three main factors. First, to
the automation of
the personal record management process, which enables archiving, analysis and
dissemination with a speed and accuracy before unimaginable.
Secondly, to state and
federal laws and regulations governing personal record control,
access and use, which
favor corporations and businesses. I argue that these laws for the
most part guarantee
corporations unfettered access to such records, institute no
regulations governing
access and use, impose no penalties for abuse, and provide no legal
recourse for
victims of inaccurate or stolen records. Third, to the commercial
relationship that
2
exists between governments and personal records companies, in which the
government is both a service provider and a client. I show that
because of this
relationship, which generates millions of dollars in revenues and
cuts cost for many
cash-strapped states and counties around the nation, government
policies tend to err
in favor of facilitating rather curtailing the exploitation of
individuals' personal
record. I conclude by proposing four key recommendations for better
protection of
individuals' personal records.
Conceptualizations & Overview
First, some clarifications on the use of the terms, 'personal records', and
'personal records industry' (PRI), and an overview of the literature
on personal
privacy. Personal records refers to any demographic, medical, financial or
transactional data that could be used, in part or whole, the identity
of an individual.
Personal records include but are not limited to addresses, social
security number,
driver's license, assets, liabilities, judgments and liens, criminal
records, employment
history, hobbies and lifestyle, marital status, medical records and
even genetic
predispositions (Frost, 2004; Geilman, 1999).
Personal records industry denotes the compendium of businesses who base
entirely their activities on, and generate primarily their revenues
from, the collection,
storage, analysis, sale or rental of personal records. The term is
preferred over the
more commonly known terms commercial data brokers (CDBs) and information
brokers (IBs), because these terms, unlike PRI which refers wholly
and solely to
personal records, the other terms may also refer to non-personal
records, such as
3
financial market data (e.g. the NASDAQ and Dow Jones Industrial
Indexes) and nonidentifiable
personal data, such as the Nielsen TV Ratings and the Arbitron Radio
ratings.
For the purpose of issues discussed in this paper, the body of literature on
personal privacy could be divided into two periods, namely the
pre-automation period
(i.e. before the late eighties, the most active period of research
starting in the early
sixties) and the post-automation period (from the late eighties to
the present).
Record automation denotes not only the storage of records into
computers (a process
technically referred to as record computerization, and in which a
significant aspect of
the data input is still performed by humans) but also, and more
importantly, to the
automatic process of record maintenance, which includes storage, uploads,
downloads, updates, transfer and dissemination, and in which over 99% of the
functions are executed, often in real time, by computers and servers.
The impact of
automation on personal privacy is later discussed2.
The pre-automation literature focuses on the means by which individuals
achieve and/or guarantee their privacy (Westin, 1967) or the means by
which they
regulate access to aspects/characteristics of their privacy (Altman,
1975). Here,
privacy is generally conceptualized as the protection from
surveillance (Pedersen,
1979), intrusion and interference (Moor 1997; ), as well as
prevention of unauthorized
encroachment into one's secluded space, and prevention of
unauthorized sharing of
one's personal information (Margulis, 2003). Because of lack of
record automation,
record gathering was a very time- and energy-consuming endeavor. As a result,
2 In fact, the computerization of personal records is traceable as
far back as the late sixties, when some
federal government agencies started storing their data into large
computer mainframes (Halstuk &
Chamberlain, 2001).
4
instances of identity fraud or theft were rare if not non-existent,
and discussion on the
issue by the literature is virtually absent. A considerable number of
the literature pre
automation is jurisprudential, addressing tort issues centering on the
environmental/spatial rights to privacy, both at home and in the
workplace, and
remedies for individual recourse to redress for invasions of privacy
(Seipp, 1978).
But the automation of personal identity records influenced a significant shift
in focus on the literature from spatial intrusion and surveillance to
use and misuse of
personal records (Tavani, 1999). Record automation, combined with
existing federal
and state laws permitting business access to personal records, led to
the centralization
and amassing from disparate sources practically all aspects of the
individual's
identity, with a speed and accuracy before unimaginable. The agents
and processes
involved in the enterprise, while well known and actively patronized
by businesses
and government institutions, are virtually unknown to the individual.
When some of
their activities do become public, they are often phrased in the
context of identity
theft, one that focuses not on the activities of the industry, which
many may consider
objectionable, but on those of the criminals. The literature
addresses this and other
issues, such as individuals' lack of knowledge of their privacy
(Hoofnagle, 2004);
their inability to gain free and unrestricted access to their
records; their lack of
authority over the collection and use of their records (Bennet, 1991); the
overwhelming burden of responsibility being placed on the individual
to correct the
accuracy of their records); the lack of effective measures by government or
corporations to prevent identity theft (Hoofnagle, 2005); the lack of
effective
5
remedial measures for victims of identity theft, and the lack of
punitive measures for
corporate abuse of personal records.
In conclusion, the literature pre automation is in part
descriptivist/analytical,
delineating our understanding of the nature, characteristics and
boundaries of privacy,
and part prescriptivist, proposing ways to assert and safeguard one's
privacy. The
individual is assumed to be omniscient and omnipotent about her privacy. In
contrast, post-automation literature, viewing the individual as a
powerless and
ignorant victim, is in part muckraking ('exposing' the agents, companies,
consequences of the process), part critical (denouncing the
activities of the individual
records industry) and part advocatory (requesting that the federal
government pass
laws guaranteeing stricter protections for individuals' records,
harsher punitive
measures for record misuse, and greater remedial measures for victims
of record
misuse).
The Personal Records Industry
By any estimate, the personal records industry in the United States generates
an annual revenue of at least 20 billion dollars, 70% of which is
attributable to the
five big personal records companies, namely ChoicePoint, Dun and
Bradstreet, Lexis-
Nexis, Experian and Axciom (Foust, 2005).
Businesses comprising the personal records industry fell into one of three
categories: transactional, investigatory and direct marketing. The
transactional
6
personal records (TPRI) industry was the most established of the
three in terms of its
history and net worth.3 These businesses were originally created to verify the
credentials and trustworthiness of other corporations, both nationally and
internationally (as is the case with Dun and Bradstreet) and of
individuals (as is the
case with Experian and Equifax). Personal records not directly
relevant to business
transactions, such as vital and behavioral statistics, were hardly
collected or used.
The TPRI's clientele was exclusively businesses, particularly big
businesses, which
subscribed to the use of such records, solely for record verification
purposes. Only
credit header information were collected from government agencies4. This
information was used to match those voluntarily provided by businesses and
individuals to other businesses.
The investigatory personal records industry (IPRI) consisted mainly of private
investigation firms whose activities included verifying the credentials and
trustworthiness of individuals considered to be suspicious. Unlike
the case with
TPRIs, the individual of interest, being unaware of the record
verification activity, did
not provide information about themselves. The information collected
included credit
headers and criminal records, which were laboriously collected mostly
from county
law courts, departments of motor vehicles and vital statistics
offices (Tweney, 1998).
Direct Marketers, unlike financial data brokers and investigation firms,
collected mainly lifestyle records, which they gained from subscriber
lists and direct
3 The world's first business information provider, the company was
founded as the Mercantile Agency
in New York City in 1841 (Kerstetter, 1996). Its gross revue for 2004
was over five billion dollars
4
(Frost, 2004).
Credit headers are personal information found at the top of credit
reports, and include the individual's
name, age, social security number and address history.
7
marketing list. Their clients were other direct marketers, with whom
they trade or
share subscriber records.
The following could be inferred from the objectives and practices of these
businesses during the pre automation period. First, no significant
coordination or
collaboration existed among these companies. As a result, the companies each
collected their own information from different sources and collected
only those
aspects of individual's personal records relevant to the services
they provided. Thus,
no single company had in possession at any given time all of the
individual's personal
records. Secondly, the companies saw themselves as record
authenticators, not record
providers. In essence, they considered records not as commodities in
themselves, but
as tools required to provide their services. As such, the records
themselves were kept
as is: No inferences are made about behavioral propensities and
potential worth or
risks, in effect ruling out the possibility of inference-based
"value-added" services.
Thirdly, the three industries were mostly business-to-business
enterprises (the
exception being private investigators, who serve individual clients):
They neither
served nor solicited government agencies.
But these distinctions and differences began to disappear by the
early nineties,
the period that saw the aggressive automation of personal records by
many start-up
companies, which took advantages of opportunities provided by
sophisticated, costaffordable
information technology (notably the Internet), as well as by existing state
and federal laws that practically guaranteed unrestricted access to
such records with
no remedies or punitive measures for abuse5. These start-ups differed
from the older
5 Most of the major personal records industries today (e.g. such as
Accurint, Accudata and InfoUSA),
were found in the early nineties.
8
ones in two very important aspects. First, they perceived personal
records not as
tools, but as assets and commodities in themselves. Secondly, they
collected any and
all records available to them. Thirdly, they were willing to sell,
mainly via the web,
all aspects of personal records in their possession to anyone who needed them.
In fact, the public's disquiet (which quickly turned to alarm) over the public
sale and display of their records was borne of the unbridled
activities and mishaps of
these start-up companies6. It may have also brought to attention the
endless financial
opportunities information technology provides to their business. By
the mid nineties,
these companies reinvented themselves by expanding their services and
their target
audiences. They bought over many of the internet start-ups, enabling
them to expand
their database and clientele. They also started marketing aggressively to law
enforcement communities, for whom most of the databases were later designed.
Many critics, most vocally Hoofnagle (2004) have pointed out that
this move, while
beneficial to both parties, was and remains inimical to the interests
of individuals.
For federal, state, local and law enforcement, it guaranteed them instant and
unrestricted access to databases comprehensive enough to contain individuals'
medical conditions and sophisticated enough to enable successful
queries with as
little as the homophonic spelling of only a first name, thanks to
Soundex technology.
While state and federal privacy laws regulate access to and use of personal
records collected by parastatal agencies, no legal or regulatory
restrictions are
imposed on access to or use of personal records provided by
commercial interests.
Worse, many government institutions partner with businesses to
provide personal
6 Some of the excesses reported included the posting online of the
social security numbers of Oregon
residents. The numbers were obtained under the state's then public
records law.
9
records on a "cost-recovery basis" that is in fact very profitable
for state and federal
coffers7. The personal records companies for their part are
guaranteed of multipleyear
contracts worth billions of dollars, of government's disinclination
to regulate
their practices.
Individual Identity privacy Laws (or lack thereof)
There exists a popularly held misperception that individuals' personal records
are protected by state and federal laws with strong restrictions on
access to and use of
such records, punitive measures for violations and remedial measures
for victims.
But despite public outcry over the rise in number of victims of
identity theft (over 21
million by FTC's own latest count), no such laws exist8. The federal
privacy laws
currently on the books are in fact more beneficial to the commercial
data brokers than
to individuals9. Not only do these laws guarantee unrestricted access
to and use of
individuals' personal records, they also provide no course of redress
to victims of
record theft or abuse. The closest the federal government ever came
to passing a
comprehensive personal records protection bill was in April 1997, with the
proposition of the Personal Privacy Information Act by Senators Diane
Feinstein of
California and Chuck Grassley of Iowa. A similar bill of the same name was
proposed in the House in June 1997 by Representative Gerald Kleczka,
along with 74
7 Many state agencies across the nation charge considerable fees for
public record search and copying,
claiming they need they the money for record automation (Munro,
1998). The U.S. Postal Services
charges a hefty annual licensing fee for business use of its National
Change of Address Server
(NCOALink), which allows for real-time, automated updates when
individuals report a change of
address. The licensing fee could run as high as $145,000 a year.
Department of motor vehicles across
the nation charge licensing fees for access by any business to
drivers' records.
8
9
http://www.the-dma.org/cgi/dispnewsstand?article=3465. Retrieved
March 19, 2005.
These the Fair and Accurate Credit Reporting Act (FACT Act), an
amendment to the 1976 Fair
Credit reporting Act, the Gramm-Leach-Blilely Act of 1998.
10
co-sponsors.10 The law would have provided stronger restrictions on the use of
individuals' personal records, legal redress for victims, and
punitive measures for
fraud and non-compliance. But following an aggressive campaign mounted by the
personal records industry lobby against the bill, and sessions of
hearing held by the
Federal Trade Commission (FTC) in early 1998, which was dominated pro-PRI
members, the FTC recommended self-regulation over federal regulation. Shortly
thereafter, the bills were referred to the Senate Committee on
finance and the House
Subcommittee on the Constitution, where they died.
In place of these bills, series of smaller and far less effective
laws 1998 and
1998, namely the Driver's Privacy Protection Act (1998), the Health Insurance
Portability and Accountability Act (HIPPA, 1998) and the Gramm-Leach
Bliley Act
(1999). Each law applies only to a particular aspect of individuals'
records, and only
in specified contexts. They provide no legal relief or remedy for
victims of record
abuse and no significant punitive measures for violators.
The self regulation proposed by the FTC was less effective. The selfregulatory
principles, known as the Individual References Services Group (IRSG),
principles, were crafted by 14 members of the Persona records
industry and proposed
to Congress in December 1997. The principles focus mostly on which
aspects of the
individual's data will be transmitted and how, depending on the
target recipient. The
principles were non-binding, devoid of any punitive measures for
non-compliance.
Though abolished in principle by the passing of the Gramm-Leach-Blilely Act
in 1999, the IRSG principles are still being used by many companies
as the set of
guidelines governing their use of personal data, with modifications
being made,
10 http://thomas.loc.gov. Retrieved march 28, 2005.
11
ostensibly in response to public demand for more control and
protection, but in
actuality to stave off comprehensive federal regulation.
Recent public demand for greater control and protection of their personal
records has led to industry's introduction of business-to-business protection
guidelines, business-to-individual disclosure notices and
business-to-individual antiidentity
theft services and tool kits. The business-to-business protection
guidelines are
non-binding, going no further than advising clients how to use and
protect client's
data. The business-to-individual disclosure policies are every bit as
ineffective. They
consist mainly of informing individuals how their records will be
used and whom it
will be shared with, with limited provisions made for Third Party
opt-outs. The optout
process is vague, cumbersome and at best translucent. For all
practical purposes,
individuals are required to have an above-average awareness and
sophistication to
exercise their opt-outs, a requirement that disqualifies many. Those
who do exercise
their opt-outs are not guaranteed protection from disclosure for
several reasons. First,
they are required to submit their request in writing to the
companies, many of which
they may not even know exist. The vague definition of Third Parties
allows for a
very lose interpretation of the concept, often to the company's
advantage: They
qualify very few companies as Third Party sources, thereby exempting
them from the
Third Party exemption clause.
Secondly, for most companies, opt-outs apply only to those records they
received directly from the individual, and not those about the
individual they received
from other sources. Thirdly, the opt-out is neither retroactive nor
immediately
enforced. Individuals are advised that the opt-out will not apply to
those with whom
12
their records have already been shared and to expect continued Third
Party disclosure
for some period, variably six months. The companies' refusal to provide to the
individual the list of Third Parties with whom their records have
been shared, render
the opt-out exercise futile by guaranteeing that they will never
fully opt out. An
obviously easier and by far more effective disclosure policy would
contain the opt-in
method, which would require prior permission of the release or use of
individuals'
records by any institution, irrespective of the company's method of
collection or
intend use. But, and it would at this point come as no surprise to
the reader, the
industry has being vehemently opposed to this.
The business-to individual anti-identity theft tool kits are mostly software
designed to prevent the online user from falling prey to identity
theft scams, the most
current and frequent of which is phishing11. Some of these are
provided free, either
as stand-alones or as bundled products by software and Internet
Service Providers.
But the majority of online anti-theft tool kits are fee-based
services offered in the
form of downloads. Offline anti-identity theft services, all of which
are fee-based and
many of which are now provided by the major PRCs, are offered in the form of
monitoring individuals' records and notifying them immediately when new or
suspicious activities are reported on their credit. Ironically,
albeit not surprisingly,
not only has the PRI's self-regulated, non-punitive activities
facilitated identity theft,
11 Phishing is a scam whereby unsuspecting individuals respond to an
email supposedly form their
banks or service providers, informing them that their account has
expired, and asking them to update it
by clicking a link embedded in the email. The email takes them to a
site counterfeiting their banks' or
service providers' real site. The fake site prompts them to submit
their username, password and other
personal information. The information, when submitted, goes directly
to the scammer's email box,
who then uses them for fraudulent purposes. Phishing is made possible
by Active X, an adware that
takes advantage of glitches in Microsoft Windows XP platform by
allowing outsiders to anonymously
upload programs to a web-connected server. To combat phishing,
Equifax provides a free online
toolbar, which detects and blocks fake sites. Microsoft claims its
patch, Windows Service Pak2, fixes
the problem, though many software analysts are skeptical of the claim.
13
both offline and online, they have also provided new and lucrative avenues for
generating more income.
Policy Recommendations and Conclusion
In short, the industry generates its multi-billion dollar income
first from the
legal, unrestricted, non-consensual use of individuals' records, then
from offering
protection from abuse of such records. It is reasonable to assume
that with this kind
of arrangement, that the Personal Records Industry is neither a
satisfactory custodian
of, nor a willing advocate for the nations' personal records. It is
also obvious that
standardized set of comprehensive laws is needed, one that is
uniformly applicable in
all contexts and to all U.S. States and Territories, providing the
individual greater
control over access to and use of their records, better protection
from and redress for
abuse. For a law to qualify as satisfying these conditions, it must
contain four core
provisions, namely comprehensiveness, transparency, redress and
accountability.
Comprehensiveness addresses the applicability of the law to any party,
condition or context. To achieve this, a federal personal records
protection law should
be enacted to replace existing relevant but limited federal laws, and
should supersede
the authority of all other state laws. This will address the
unevenness that exists
among state laws, some favoring individuals (as is the case with
California) and
others favoring corporations (as is the case with Texas and Indiana).
The law will
also address existing loopholes in current state laws, which PRCs
have exploited to
circumvent compliance, and will make enforcement easier and more effective.
Secondly, the law should apply to all parties (individuals,
businesses and parastatal
14
institutions) involved in the personal record management process,
irrespective of their
role, or of the life cycle of the record. The blatant excesses of the
PRI is due to that
fact that current privacy laws apply only to records in possession of
the federal
government and only for a limited time. As was discussed earlier,
state and federal
governments become exempt from federal privacy rules governing personal record
use after releasing those records to the public, at which point they
are free to acquire
and use the records to their whims and caprice. Thirdly, the law
should apply to any
aspects of one's personal records. To achieve this, the law should
contain a detailed,
all-embracing definition of personal records, and should cover all
aspects of one's
personal records, including but not limited to financial, physical, medical,
demographic and genetic records, and in all media, including textual,
audio, video
and multimedia.
The transparency provision of the law will require full, quick and free
disclosure of all parties and activities involved in the record
management process.
This will include record use and abuse (such as fraud or identity
theft), the means of
personal record gathering, storage, analysis and dissemination, as well as the
identities of producers, service providers, suppliers and clients.
The transparency
provision should also include an opt-in clause, which will require
individuals' prior
authorization for Third Party record sharing or use. For reasons
already mentioned
the term 'Third Party' should be clearly defined, and its
applicability clearly outlined.
This transparency provision would facilitate enforcement of the last
two provisions
(i.e. redress and accountability), in effect an inhibiting factor
that would further
encourage full compliance with the law.
15
The redress provision will enable victims of record abuse to seek effective
resolution to and compensation for the abuse, and/or relief from harm
due to such
abuse. Finally, the accountability provision will serve as great
disincentive for
personal record abuse, by meting strict and serve penalties for fraud
or noncompliance.
Lying at the heart of these provisions is the preservation and guarantee
of some of the key tenets of American democracy and jurisprudence, namely
protection from violations of one's privacy, protection from harm and
right to due
process. Given what's at stake, it's the least lawmakers can do.
References
Altman, I. (1975). The environment and social behavior. Monterey, CA:
Brooks/Cole.
Bennett, C.J. (1991). Computers, personal data, and theories of technology:
Comparative approaches to privacy protection in the 1990s. Science,
Technology & Human Values 16 (1), 51-69.
Frost, M. (2004). Finding skeletons in online closets. Searcher, 12
(6), 54-60.
Foust, D. (2005, March 28). Keeping a grip on identity. Business
Week, 3926, 34-35
Geilman, R. (1999). Public records, public policy and privacy. Human Rights:
Communication Quarterly, 78 (1), 45-64.
Hoofnagle, C. J. (2004). Big brother's little helpers. How
ChoicePoint and other
commercial data brokers collect, process and package your data for law
enforcement. North Carolina Journal of International Law & Commercial
Regulation, 29 (4), 595-616
Hoofnagle, C.J. (2005). Privacy self regulation: A decade of disappointment.
Electronic Privacy Information Center.
Journal of the Selection of Individual Rights & Responsibilities, 26
(1), 7-12.
Halstuk, M. E. & Chamberlin, B. F. (2001). Open government in the
digital age: The
legislative history of how congress established a right of public access to
electronic information held by federal agencies. Journalism & Mass
16
http://www.epic.org/reports/decadedisappoint.html. Retrieved March 28,
2005.
Kerstetter, J. (1996, November 11). Sybase relationship could be D&Bs
Archilles'
heel. PC Week 44, 27-28
Moore, J. H. (1997). Towards a theory of privacy in the information
age. Computers
and Society 27 (3), 27-32.
Munro, N. (1998). Local government, fees & charges. Communications of the
Association for Computing Machinery 41 (1), 17-20.
Pedersen, D. M. (1979). Dimensions of privacy. Perceptual and Motor
Skills, 48,
1291-1297.
Seipp, D. J. (1978). The right to privacy in American history. Cambridge, MA:
Harvard University Press.
Tavani, H.T. (1999). Information privacy, data mining and the
internet. Ethics &
Information Technology 1 (2),
Tavani, H. T. (2000). Privacy and the internet.
http://www.bc.edu/bc_org/avp/law/st_org/iptf/commentary/content/2000041901.html
. Retrieved March 24, 2005.
Tweney, D. (1998, May 4). Don't lose any sleep over online privacy:
It's already too
late. InfoWorld 20 (18), 84-85
Westin, A. (1967). Privacy and freedom. New York: Athenaeum.
17
|
