Index: [thread] [date] [subject] [author]
  From: Camden Hutchison <crh2014@columbia.edu>
  To  : <CPC@emoglen.law.columbia.edu>
  Date: Wed,  9 Mar 2005 20:43:11 -0500

paper one

The Costs of Privacy

by Camden Hutchison



       In the 21st century, the key technological developments that
affect our lives increasingly relate to the collection, processing
and communication of information.  Ever more efficient data storage
technologies facilitate the permanent recordation of information on
a volume inconceivable in the pre-digital age.  Ever more powerful
computer processing capabilities allow increasingly sophisticated
analysis of this information, producing new knowledge from raw
data.  Ever more pervasive internet connectivity provides for the
communication of information among individuals and institutions on
a scale unprecedented in human history.  The economic and social
benefits of this information revolution are widely acknowledged and
celebrated -— with one notable exception:  Attitudes toward
technology quickly sour when the information being collected,
stored and analyzed is information about ourselves.
	This aversion is unsurprising.  Individuals in Western societies
feel a profound and instinctive desire to control access to
knowledge about their private lives.  Thus, as the collection and
use of personal information by corporations and government becomes
increasingly widespread, calls are advanced in this and other
Western countries for the creation of new laws that protect
individual privacy.  This paper is a response to such calls.  While
there may be important reasons in favor of protecting privacy
through law, restricting the communication and use of our personal
information, as with restricting any employment of technology, also
entails social costs.  My argument is that it is crucially important
that these costs be taken account of in any discussion regarding how
the legal system should respond to privacy issues.  To illustrate
why, I use two examples of settings in which the scope of our
privacy rights are very different.

	First, an example of benefits from reduced privacy:  The
development of standardized credit scoring, a technology dependent
on the collection and analysis of personal financial information,
has significantly broadened access to credit and reduced the cost
of borrowing for American consumers.  Prior to the advent of the
now-ubiquitous credit report, the amount of consumer lending in the
economy was constrained by information-asymmetry problems in the
debtor-creditor relationship.  Since banks were generally unable to
evaluate the creditworthiness of individual loan applicants without
undertaking their own credit investigations, it was often difficult
for individuals of average means to obtain the financing necessary
to purchase a home or send a child to college.  The problem was one
of information failure -— borrowers with good credit histories had
no ready means of convincingly differentiating themselves from
borrowers with poor credit histories.
	This problem was largely resolved following the emergence of third
party credit scoring in the 1960s.  Lenders today have quick and
inexpensive access to the financial histories of almost every
individual living in the United States of America.  The result is
that lending decisions -— now automated -— are often made in
minutes, resulting in significant reductions in transaction costs. 
Open access to credit information has moreover improved the ability
of lenders to discriminate among borrowers presenting different
credit risks, resulting in a more efficient allocation of lending
capital and, thus, lower average interest rates.  Our lack of
financial privacy carries over to the secondary markets, where
educational loans and home mortgages are purchased and sold on the
basis of automated underwriting processes, driving interest rates
still lower.  All told, credit analysis technologies are estimated
to save American consumers tens of billions of dollars every year. 
These savings would be unattainable without broad access to our
personal financial information.

	My second example suggests the potential costs of privacy laws. 
Unlike the consumer credit market, the American health care system
today operates under a body of relatively effective privacy
regulations, the most significant of these having been promulgated
pursuant to the Health Insurance Portability and Accountability Act
(“HIPAA”).  The privacy provisions of HIPAA, inter alia, prohibit
the communication of patient health information by physicians and
hospitals except by specified secure means.  Patient information
may be transmitted electronically only in specific circumstances
and only through the use of approved security protocols.
	While HIPAA has had the positive effect of enhancing the security
of electronic patient information, it has also imposed significant
burdens on the heath care system.  First, the economic compliance
costs of HIPAA are considerable:  Since its enactment in 1996,
HIPAA has required hospitals across the country to spend millions
of dollars each on establishing new practices, training physicians
and staff, and purchasing approved security software packages in
order to achieve and maintain regulatory compliance.  These
expenses, none of which are reimbursed by the federal government,
divert scarce financial resources and constitute yet another factor
in the rapidly rising cost of health care.
	Second, and I believe this to illustrate the fundamental danger of
privacy legislation, HIPAA restricts the ability of physicians to
share knowledge in order to better treat patients.  To provide the
starkest example of this effect, HIPAA has significantly set back
efforts to develop a “universal patient record” system -— a
comprehensive electronic database of patient information accessible
by any doctor or hospital in the country.  Under HIPAA, the creation
of such a resource -— long regarded to be a highly desirable goal by
health care professionals -— would very likely be illegal.  A result
of this restriction on information is that a significant percentage
of emergency referral patients continue to receive mistreatments
which kill them.  These are cases where privacy is paid for in
human life.

	Examples like the consumer credit market and HIPAA should give us
pause when thinking about privacy law.  If we begin, as I would,
with the premise that human access to information is a social good,
then privacy advocates should bear the burden of demonstrating
exactly how and why suppressing information would yield a net
social benefit in any given case.  I do not suggest that this
burden cannot be met.  I do suggest, however, that proponents of
privacy regulation may need to do a better job of clearly
articulating why the value of privacy outweighs its very real
costs.


-----------------------------------------------------------------
Computers, Privacy, and the Constitution mailing list



Index: [thread] [date] [subject] [author]