The fast-paced growth of new technologies with privacy implications seems to be outstripping Congress's ability to regulate them effectively, concurred panelists at a May 15 Congress Project seminar. Privacy issues take many forms, from the confidentiality of medical and financial records to secure e-mail, Internet transactions, and cell phone conversations. But when is government intervention protecting Americans, and when is it infringing on their liberties?

"You need some kind of framework [to determine] what the core concerns are, who ought to be responsible [for addressing them], and how to proceed," said keynote speaker Senator John Sununu (R-NH). He cautioned that Congress and the executive branch must develop distinct responses to the diverse new technology issues affecting privacy.

Joelle Tessler, a reporter on information technologies for CQ Weekly, said the law has not kept pace with advances in technology when it comes to privacy. "Some of our most basic privacy protections, including the Fourth Amendment protection against unreasonable search and seizure, don't necessarily apply in cyberspace," she said. "Because the legal system moves so much more slowly than the technology, many privacy experts fear that the laws governing Internet surveillance are decades out of date or they simply don't exist at all. And that creates confusion about how rules written for an analog world apply in the digital age."

Peter Swire, a professor of law at Ohio State and former Clinton Administration privacy counselor, said many people today view privacy similarly to the way they viewed the environment issue in the 1970s. "When we talk about privacy, there's a sort of discourse of despair," he said, as there was with environmental pollution back then.

Swire indicated that we usually have addressed such issues when they became intolerable, going back to the problem of the British quartering their soldiers in American homes in the 18th century leading up to the American Revolution; or the concern in the 1970s that lie-detectors would be used extensively in the workplace to learn private information about employees; or there would be one centralized federal mainframe computer loaded with our private information.

"Society responded to that perceived intrusion, saying we need a check and balance here; we need to step back," Swire said, and Congress put a stop to those possibilities. Now, instead of a giant mainframe, we have personal computers, but they are linked through the Internet and that raises many possibilities for privacy invasion.

While civil libertarians argue the need for updating laws, there is a distinction between government and the private sector on how this should be done. Tessler cited e-mail and text messaging; search engines and search logs; and Internet wiretapping as examples of this privacy protection gap.

"The key to protecting privacy on the Internet comes down to creating adequate legal restraints to insure the government doesn't abuse its power and that means updating the law to recognize that much of the information Americans reveal about themselves on the Internet today is just as private and deserves just as much privacy protection from government surveillance as the contents of their telephone conversations," Tessler said. "Back in the late 1990s, lawmakers began crafting legislation to strengthen online privacy protections. But the dot-com bust and the 2001 terrorist attacks derailed those efforts."

Sununu pointed out "there really is no explicit constitutional provision that discusses and presents a right to privacy." There are civil liberties, property rights, protection from unreasonable search and seizure, but no specific rights to guarantee privacy.

"There's this basic question of what rights and opportunities should the individual have, and what standards do we have to protect the individual from a government that's seeking [information for national security,]" he said.

Sununu grouped privacy issues into three categories. First, there are matters that raise clear constitutional law issues involving the first, fourth, and fifth amendments. One example is the domestic surveillance program under the Foreign Intelligence Advisory Act (FISA) and what constitutes just cause for the government to obtain warrants to conduct eavesdropping.

Another recent example is a provision in the Patriot Act that requires someone served with a national security letter to disclose the name of his or her attorney to the FBI, which Sununu said could discourage people from seeking counsel. This is problematic, he said, in that Americans do, and the Constitution's framers did, consider the right to representation to be absolute.

Second, there are privacy issues raised by economic or commercial contracts. Banks require a variety of personal information before they disburse loans and questions arise as to whether banks should be prohibited to share that information with third parties. These are not constitutional issues but contractual ones, said Sununu. Although he does not oppose government regulation in this realm, he said the government can serve the public best by improving disclosure and notification to consumers. "I do believe that the market itself can exert a very powerful force in insuring heightened security and in heightened credibility."

Former Representative Martin Frost from Texas, now a Wilson Center public policy scholar, recounted how he and Rep. Deborah Price (R-Ohio), as members of the House Rules Committee, were assigned to draft compromise privacy provisions for a financial services reform bill in 1999 that otherwise would have been deadlocked between those who did and did not want protections in the bill. Consequently, the bill was enacted as the Gramm-Leach-Bliley "Financial Services Modernization Act." Frost said it stands as an example of how clashing interests over privacy and free enterprise sometimes have to be reconciled by the leadership using extraordinary means.

Third, said Sununu, there are the vague areas, "where we ask the question is this really something [the federal] government should be doing in the first place," such as the NSA gathering of phone logs, or forms of data mining such as the Total Information Awareness Program designed by the Defense Department and shut down by Congress. Another example is the proposal to have a national driver's license. Sununu said it should be up to the states to improve standards. Having a uniform federal driver's license, he said, would create "a gold standard for fraudulent activity."

Nancy Baker, an associate professor at New Mexico State University, said Congress generally is inclined to protect the privacy rights of concern to citizens but not when people are afraid.

"Congress as an institution is not well designed to secure privacy rights when constituents are afraid," she said, "particularly of outside threats like crime, immigration, and terrorism." Recent polls show that public opinion has shifted to favor security over privacy, "from carrying national ID cards, to expanding FBI wiretap authority, to sharing consumer information with the government."

Nevertheless, during the last three decades, Congress has enacted numerous privacy laws in response to public concerns. The 9/11 attacks slowed down that process so now any privacy protections come as part of national security legislation. Congress has wrung some concessions from the Administration in this regard on laws such as the Patriot Act. Still, its most recent renewal did not go far enough in the eyes of civil libertarians to allay their concerns about government abuses of privacy. Baker underscored the difficulty of framing adequate privacy protections while the public remains fearful of another attack.

There are times when law enforcement requires access to private information. But, Sununu said, it's important to weigh whether the benefit is worth the privacy intrusions involved and whether the proposed solution is even an appropriate area for federal involvement. "We want to make sure we only take action if there is both a legitimate need and we have an ability to crack the solution that doesn't have even greater unintended consequences."