Information Ethics And Government Records
INFORMATION ETHICS AND GOVERNMENT RECORDS
With the rise of a globally connected Internet, and technologies adept at recording data at unprecedented rates, we find ourselves living in an ever more digital world. There are perhaps few places that this new reality is better witnessed than in government, where increasingly large amounts of data are gathered and maintained in exclusively digital formats, spending their entire lifecycles as bit-streams of 1’s and 0’s. The advantages of this digital reality can be many and wonderful. Digital records are easily shared, easily mined, and easily linked in productive ways that were much more difficult with their analog counterparts. However, there is a dark side to heavy reliance on digital data, namely the difficulties witnessed in preserving and securing that same data over the long term. In April 2012 the Utah Department of Health was the subject of a massive data hack that exposed the private information of 780,000 individuals including “client names, addresses, birth dates, Social Security numbers, physician’s names, national provider identifiers, tax identification numbers, and procedure codes designed for billing purposes” (Anderson, 2012). An even larger hack occurred in April 2015 when the federal Office of Personnel Management was the victim of a targeted attack that “exposed records for over four million current and former government employees” (Gallagher, 2015). The examples of big government data storage and data theft offered by the Utah Department of Health and the U.S. Office of Personnel Management provides an opportunity to reflect on several key ethical issues that must be considered and evaluated with regard to government agencies gathering and preserving potentially sensitive digital information over the long-term. Among the ethical issues concerning stored big government data that will be considered in this paper are: individual rights to privacy and privacy protection in big government data stores; the ethical implications of increased government surveillance and data gathering activities; and, the ethical questions raised by the actions of hackers and whistleblowers who subvert data security protocols and access stored the stored private data of government. These ethical issues will be investigated and actions to address the issues now, and in the future, will be considered.
Government has long been in the business of gathering and maintaining information on its citizens. However, with the rise of technology that facilitates enhanced information gathering, coupled with the new realities and threats offered by a digital world, there are several ethical issues that must be considered in this new context. Chief among these are the ethical principles of privacy rights and privacy protection. It is important to note that assumed privacy rights are hardly a constant across time and space, and can vary dramatically between cultures. The malleability of privacy across cultures is highlighted by Capurro (2005) in his intercultural analysis of the observable differences between how privacy is perceived in Western cultures when compared to Japan. This difference is underscored further by Warren and Brandeis (2005) who articulate a Western perspective on the social importance of privacy rights that is fundamentally rooted in the individual. This position is clearly stated when they write “the protection of society must come mainly through a recognition of the rights of the individual” (p. 224). With regard to government data gathering and storage of potentially sensitive private digital data a central concern is balancing privacy with legitimate needs for storing that information over the long-term. In her analysis of the rise of digital government and the ethical concerns presented by this new paradigm, Cullen (2008) suggests, “governments have special privacy obligations arising from the concept of democracy, which includes the establishment of rules mediating the power relationship between government and citizens” (p. 418). This suggests a need for a shared understanding between all parties as to what individual rights to privacy entail and the steps that will be taken to protect those privacy rights. Privacy is a malleable concept that can shift depending on the time, place, and culture context in which it is being assessed and valued, which makes it an absolutely foundational ethical principle that needs to be considered with regard to government data gathering and storage.
A second pivotal issue that must be evaluated with the rise stored private information by governmental entities is the ethical implications of increased government surveillance and data gathering of its citizens. Doyle and Veranas (2014) see the rise of a government surveillance state as a direct threat to both public anonymity and individual private autonomy. Their suggestion to counter this threat involves placing “the onus…on those who promote the spread of invasive technology to demonstrate its real value and fully acknowledge the accompanying harms” (p. 217). A central concern raised by this issue of enhanced government surveillance and data gathering is its potential to violate the principles of individual privacy when allowed to operate without reasonable oversite or transparency. Fuch’s (220) offers another important critique in this regard, suggesting that the right to privacy is often fetishized in capitalist societies and used as a cover to conceal the actions of government and elites. For instance, a right to privacy argument might be used to shield corporate malfeasance or the growth of an enhanced governmental surveillance state. Ultimately enhanced government surveillance and data gathering has the inherent potential to be exposed and potentially used against citizens who fail to recognize, acknowledge, and understand the important role they play as active agents in a democracy.
A third critical issue to consider relative to the increased gathering and storage of private information by governmental entities is the ethical considerations related to hackers and whistleblowers who may act as potential agents in illicitly accessing stored personal data. Whereas in the past the storage of private information was on physical records that could only be accessed by breaking into an actual physical storage location, the digital storage environments of today have the potential to be much more easily entered and exploited by remote third party agents. This reality forces us to assess the ethics of access restrictions and the actions and potential consequences for those who might illicitly obtain and use information unethically (hackers) or employ it to serve the public good (whistleblowers). Spence (2012) suggests that there is a distinction between hacking and whistleblowing, and posits that whistleblowers such as Julian Assange and Edward Snowden play a vital role in ensuring that the private and classified information gathered and kept by government(s) meets ethical standards attuned to the right to individual privacy and citizen democracy. Spence also arrives at the determination that when gathering and storing private and classified information the onus is on government to make the legitimate case to its citizens that there is a logical Socratic rationale in place for doing so, and that an equally compelling case can be made that the decision to gather and store this type of information is in the public good.
Each of the ethical concepts under consideration here must be addressed in order for the ongoing capture and storage of private data by governmental entities to be rationalized as ethical and legitimate. With regard to privacy rights and privacy protection it is absolutely critical that any governmental entity engaging in the capture and storage of private information of citizens be aware that the conception of privacy rights can change from culture to culture. This is particularly important in the context of a trans-national, globalized information society where it is possible (and even likely) that the private information gathered and stored by one government may end up on storage infrastructure in another country. It is also critical that governmental entities gathering and storing private data espouse and maintain a strict adherence to defined information ethic codes or standards. In this regard, the code of ethics articulated by professional organizations of the information professions can serve as a prescriptive place for governmental entities to start. For example, the Society of American Archivists Core Values Statement and Code of Ethics provides several ethical guidelines that could (and should) be easily applied to government. This includes the ethical statement on privacy which states that "archivists recognize that privacy is sanctioned by law” and that “archivists place access restrictions on collections to ensure that privacy and confidentiality are maintained” (“SAA Core Values Statement,” 2011). Another issue to address is raised by Tazaov (2013) who argues that data protection and its foundational principles need to be reconstructed and reinterpreted by both courts and citizens as a fundamental human right alongside the right to privacy (and not merely as a subset of traditionally understood privacy rights). The need for better articulation of privacy rights in the digital age is echoed by Stewart (2007) in his commentary on the legal effect of revealing private information in the U.S. and abroad when he states, “despite the evolution of the personal privacy protection, the Supreme Court has yet to extend the right of privacy to incorporate personal data protection” (p. 343). Finally, governmental entities engaged in private data gathering and storage must make an active effort to involve citizens as vested stakeholders in the process, and make active efforts to educate them on why private information is being collected and how that data is being stored and protected.
The second ethical issue of enhanced government surveillance and data gathering must also be addressed in several distinct ways, by government and citizens alike. First, it is incumbent on governmental entities to commit to a basic level of rights adherence that sets clear boundaries on how much surveillance and data gathering is allowed. Such an action must be rooted in broadly conceived and understood ethical standards. This is touched on by Britz (2008) in his argument for a just global information society that is founded on foundational human ethics that transcend time, space, and culture, and that are equitable and inclusive to all stakeholders. Another method for achieving a basic level of rights that cannot be undermined by enhanced government surveillance and data gathering would be international adherence to the precepts of internationally recognized document such as the United Nations Universal Declaration of Human Rights (1948). The ethical issue of government surveillance and data gathering is complex and also must rely on the ongoing active engagement by citizens who remain engaged and facilitate ongoing dialogue and auditing of governmental entities focused on how and why private information is collected and stored. In this regard, citizens are well served understanding their rights and actively engaging with groups focused on these issues like the Electronic Information Privacy Center (EPIC), the Center for Democracy and Technology (CDT), and the Electronic Frontier Foundation. Lastly, there must be complete transparency offered by any government engaged in the gathering and storage of private data, both in the scope and magnitude of the surveillance infrastructure, as well as the legislative intent underwriting and authorizing its use and expansion.
The third ethical issue intrinsic to the gathering and storage or private data by governmental entities relates to the actions of hackers and whistleblowers that might access private data stores for a wide variety of reasons. One step that must be taken is an ongoing shared commitment by government and citizens alike that the onus is governmental entities to demonstrate just cause for any data gathering and data storage they engage in. These actions must be completely transparent and auditable. Doing so would hopefully have the desired effect of negating the need for whistleblowers who feel compelled to act due to government secrecy and obfuscation. This issue must also be addressed by a comprehensive, responsive articulation of the legal ramifications inherent to hacking and/or whistleblowing. In the new digital information age these legal prescriptions must fit real world realities of emergent technologies, something that Lessig (2010) posits are not currently seeing in our increasingly antiquated and unresponsive copyright and intellectual property laws. Laws and regulations must have clear enforcement mechanisms that simultaneously deter nefarious hacking activities while promoting whistleblowing when it is determined that the act has served a clear public good. Finally, it is incumbent on governmental entities engaged in private data gathering and storage to clearly adhere to accessible and transparent records management principles, as well as clearly define why, when, and how access restrictions on data are determined and put into effect.
Clearly this issue of government gathering and storage of private data has elements that must be addressed now. It also offers a host of potential questions that will need to be addressed in the future. One central question for all stakeholders moving forward is if a universally understood and accepted code of information ethics can be developed and applied across cultures, and if it will be responsive to digital data issues. A similar question that will need to be addressed in the United States is whether the right to privacy as it has been interpreted by the Supreme Court to this point will evolve to include digital data? With regard to enhanced government surveillance and data gathering it is important to ask if circumstances will change in the future to the point where citizens unilaterally demand transparency and clear justifications from governmental entities for ongoing surveillance and data gathering projects. If so, will those governmental entities comply? Lastly it is important to ask if the laws, standards, and penalties for hacking and whistleblowing will continue to evolve and keep pace with technological change. Will the laws be responsive to prosecuting hackers while simultaneously supporting whistleblowers who are acting in the public good? If not, will a chilling effect occur on whistleblowing actions that will have negative consequences on government and citizens alike? Questions like these must be considered as the world becomes ever more digital and globally interconnected. The ethical issues of privacy rights and privacy protection, government surveillance and data gathering, and illegal third party access to stored private information kept by government should continue to be explored and evaluated in the context of a world where governmental entities capture and store private information at exponential rates.
SOURCES
Anderson, H. (2012, April 9). Utah Health Breach Affects 780,000. Data Breach Today.
Retrieved from http://www.databreachtoday.com/utah-health-breach-affects-780000-a-4667
Britz, J.J. (2008). Making the global information society good: A social justice perspective on the
ethical dimensions of the global information society. Journal of the American Society for Information Science and Technology, 59(7), 1171-1183.
Capurro, R. (2005). Privacy: An intercultural perspective. Ethics and Information Technology,
7(1), 37-47.
Cullen, R. (2008). Culture, identity and information privacy in the age of digital government.
Online Information Review, 33(3), 405-421.
Doyle, T. & Verana, J. (2014). Public anonymity and the connected world. Ethics and
Information Technology, 16(3), 207-218.
Fuchs, C. (2011). Towards an alternative concept of privacy. Journal of Information,
Communication and Ethics in Society, 9(4), 220-237.
Gallagher, S. (2015, June 8). Why the “biggest government hack ever” got past the feds.
Arstechnica. Retrieved from http://arstechnica.com/security/2015/06/why-the-biggest-government-hack-ever-got-past-opm-dhs-and-nsa/
Lessig, L. (2010, January 26). For the love of culture. The New Republic. Retrieved from
http://www.tnr.com/article/the-love-culture
SAA Core Values Statement and Code of Ethics. (2011, May). Retrieved from
http://www2.archivists.org/statements/saa-core-values-statement-and-code-of-ethics
Spence, E.H. (2012). Government secrecy, the ethics of WikiLeaks, and the Fifth
Estate. International Review of Information Ethics, 18, 37-45.
Stewart, R. Commentary: Legal effect of revealing private information in the US and abroad.
Information Systems Management, 24, 343-344.
Tzanou, M. (2013). Data protection as a fundamental right next to privacy? ‘Reconstructing’ a
not so new right. International Data Privacy Law, 3(2), 88-99.
United Nations. (1948). Universal declaration of human rights. Paris: United Nations.
Warren, S. D. & Brandeis, L. D. (2005). The Right to Privacy (1890). In Moore, A.D.
(Ed.). Information Ethics: Privacy, Property, and Power (pp. 209-225). Seattle, WA: University of Washington Press.