Subject: NIIAC Draft Privacy Principles --------------------------------------- This is a draft of the NIIAC Mega-Project III's privacy principles statement. Mega-Project III is chaired by Esther Dyson, a member of the EFF Board of Directors. The NII Advisory Council is composed of individuals from the publishing, telecommunications, computer, and other fields, and serves as a civilian advisory board for the Administration on issues regarding information infrastructure. Comments may be submitted regarding this draft to Esther Dyson . DRAFT OF MEGA-PROJECT III (privacy, security, intellectual property) of the NATIONAL INFORMATION INFRASTRUCTURE ADVISORY COUNCIL (December 6, 1994) PRIVACY AND RELATED SECURITY PRINCIPLES FOR THE NII PREAMBLE Privacy is a cherished American value. In designing the technological infrastructure and the policy environment for the NII, the United States is establishing the framework for individual, social, economic, and political life in the 21st century. It is important that fundamental American values -- including protection of privacy, freedom of speech and association, and freedom from discrimination and protection of property rights -- be considered in the NII. None of these values are absolute, and all need to be addressed in the context of the public interest. DEFINITIONS Throughout this document personally identifiable information refers to "any information that could be uniquely associated with the individual to whom it pertains." In policy discussions, privacy is frequently coupled with confidentiality and security. Although the terms are interrelated, it is important that the meaning of each be understood independently. Information privacy is the ability of an individual to control the use and dissemination of information that relates to himself or herself. Confidentiality is a tool for protecting privacy. Sensitive information is accorded a confidential status that mandates specific controls, including strict limitations on access and disclosure, that must be adhered to by those handling the information. Security is the totality of safeguards in a computer-based information system. Security protects both the system and the information contained within it from unauthorized access and misuse. Security consists of hardware, software, personnel policies, information practice policies, and disaster preparedness. MEGA PROJECT III RECOMMENDS THE ADOPTION OF THE FOLLOWING PRIVACY AND SECURITY-RELATED PRINCIPLES FOR THE NATIONAL INFORMATION INFRASTRUCTURE (NII): 1. Personal privacy -- including information, transactions, and communications -- must be protected in the design, management, and use of the NII. Informed, uncoerced consent to the use of personally identifiable information, as well as autonomy and individual choice are fostered by ensuring privacy on the NII. In addition, protection of privacy is crucial to encouraging free speech and free association on the NII. While privacy protections are crucial to encourage free speech and free association on the NII, such protections are not absolute and must continue to be balanced, where appropriate, by concepts of legal accountability. 2. The privacy of communications, information, and transactions must be protected to engender public confidence in the use of the NII. For instance, people should be able to encrypt lawful communications, information, and transactions on the NII. Network-wide and system-specific security systems that ensure confidentiality, integrity, and privacy should be incorporated into the design of the NII. In an interactive electronic environment, transactional information should be afforded the same high standard of legal protection as content. To achieve its full potential, the NII must incorporate technical and legal means to protect personal privacy. 3. Existing constitutional and statutory limitations on access to information and communication, such as those requiring warrants and subpoenas, should not be diminished or weakened and should keep pace with technological developments. 4. Individual rights to access personally identifiable information about themselves must not be diminished or weakened on the NII. Individuals must have the ability to review personally identifiable information and the means to challenge and correct inaccurate information. 5. Individuals should be informed of other uses and disclosures of personally identifiable information provided by that individual or generated by transactions on the NII. Personally identifiable information about an individual provided or generated for one purpose should not be used for an unrelated purpose or disclosed to another party without the informed consent of the individual except as provided under existing law. 6. Data integrity -- including accuracy, relevance, and timeliness of personally identifiable information -- must be paramount on the NII. Users of the NII, including providers of services or products on the NII, should establish ways of ensuring data integrity, such as audit trails and means of providing authentication. 7. The use of a national personal identification system administered by the federal government should not be developed as a condition for participation in the NII. 8. Subject to public policies intended to secure and maintain the integrity and enforceability of rights and protections under U.S. laws -- such as those concerning intellectual property, defamation, child pornography, harassment, and mail fraud -- spheres for anonymous communication should be permitted on the NII. Those who operate, facilitate, or are otherwise responsible for such spheres must adequately address the sometimes conflicting demands of anonymity, on the one hand, and accountability, on the other. 9. Collectors and users of personally identifiable information on the NII should provide timely and effective notice of their privacy and related security practices. 10. Public education about the NII and its potential effect on individual privacy is critical to the success of the NII. 11. An entity with input from federal, state and local governments and the private sector should develop a process for overseeing the development, implementation, and enforcement of privacy policy on the NII. 12. Aggrieved individuals should have available to them effective remedies to ensure that privacy and related security rights and laws are enforced on the NII, and those who use these remedies should not be subject to retaliatory actions.