Open Government advances hold great promise for citizens, but also must be pursued with an eye for privacy. Too often, open government initiatives are pursued without attention to the information that will be released. If government loses the trust of the citizenry to responsibly shepherd their information, then the open government initiatives will not be welcomed but instead will be rolled back.
Federal Digital Identity
One of the key tools needed for effective implementation of e-government services is the ability to authenticate the identity of citizens online. However, widespread adoption of the technologies will only occur if individuals trust that strong privacy and security protections have been built into authentication systems.
Currently, there is a push for federated identity management for government - relying on third parties that users already have relationships with online. As these pilots move forward, CDT is pushing for adoption of frameworks and principles that will protect user privacy while enabling government delivery of services online.
The Privacy Act of 1974 is the primary law controlling how the federal government collects, uses, maintains, and disseminates information about individuals. The law was designed to protect individuals from an increasingly powerful and potentially intrusive federal government. The statute was triggered by a Code of Fair Information Practices (FIPs), and embodies these pricinples:
- there should be no records whose very existence is private;
- an individual must be able to discover what information is contained in his or her record and how it is used;
- an individual must be able to prevent information collected for one purpose from being used for another purpose without consent;
- an individual must be able to correct or amend erroneous information; and
- any organization creating, maintaining, using or disseminating records of identifiable personal data must assure the reliability of the data for its intended purpose and must take precautions to prevent misuse.
The Privacy Act empowers individuals to control the federal government's collection, use, and dissemination of sensitive personal information. The Act prohibits agencies from disclosing records to third parties or other agencies without the consent of the individual to whom the record pertains. The prohibition is weakened by several exceptions. As early as 1977, the Privacy Protection Study Commission found that the Privacy Act was vague and would likely not meet its stated purposes.
CDT has maintained that the Privacy Act should undergo a review and be brought up to date. While the fundamentals of the Act - principles of fair information practices - remain relevant and current, some definitions do not reflect the realities of current technologies and information systems.
New technologies like social media provide opportunities for government to engage with citizens. Integrating technology, social interaction, and content with government gives the opportunity to reach out to citizens where they already are.