America’s Privacy Policy

A New York Times editorial warns that “democratic freedoms are in jeopardy when the military … arrogates to itself the power to act as watchdog over civilians.” One senator argues that “a society cannot remain free and tolerate a government which can invade an individual’s privacy at will.” Another passionately calls for an attack on “the kind of faceless bureaucracy in and out of Government that seeks to make the computer a supreme being.” A guest editorial in the Chicago Tribune claims that computers, “for all of their efficiency in helping law enforcement agencies safeguard the body politic, are menaces to freedom.”

Though many of these quotes feel like they could be from today’s newspapers, they all date between 1967 and 1974, long before the introduction of personal computers, mobile phones, or the internet. 

The 1960s saw an explosion in the use of computers — large, room-sized machines, used exclusively by large organizations — which in turn facilitated an explosion of digitized data collection. Machines had been used for data management and analysis for decades, since the tabulating machines that were the forerunners of modern computers were created to facilitate the 1890 U.S. Census. But the speed and scale of the new “data banks,” as they were called at the time, left the punch cards of the prior era in the dust. A mid-1960s proposal by the Social Science Research Council for a centralized National Data Center (NDC), intended to ease calculation of national-level statistics and research in fields like economics and demographics, was decried by privacy advocates as a grotesque invasion of privacy. The national outcry killed the proposal but fears of centralized federal data remained; historian Sarah Igo argued in her 2018 book The Known Citizen that the NDC served more as a focus for extant unease about computerized data than as the primary source of that anxiety.

At the same time, the electronic engineering advancements that made modern computers possible also made it easier to build smaller and smaller wiretapping and listening devices, played to great effect in movies like the 1962 cinematic debut of James Bond. The Cold War context also amped up worries about the political ramifications of data collection and surveillance; fears of Soviet-style totalitarianism loomed over the rapid spread of computerized and networked bureaucracy.

That technological change fueled an increasing sense of unease in American culture around the fate of privacy. CBS aired an investigation into widespread surveillance shortly before Christmas in 1971, followed only two weeks later by a similar ABC special titled “Assault on Privacy.” Congress held many hearings on the topic of privacy over the ’60s and ’70s, culminating in the passage of several pieces of major legislation, including the 1970 Fair Credit Reporting Act and the 1974 Privacy Act. The latter requires federal agencies to publish descriptions of their data collection practices and prohibits them from sharing citizens’ personal data — even with other agencies — without acquiring consent from those citizens or lawful residents. Legislators explicitly attempted to craft a law that could anticipate future uses and abuses of computer technology — “cradle to grave” dossiers, unaccountable computer decision-making, and Americans being reduced to data that could never be corrected or updated — driven by a sense that they were in a window of opportunity that was rapidly closing. North Carolina Sen. Sam Ervin, one of the bill’s sponsors, said in 1974 that “Congress must act before sophisticated new systems of information gathering and retention are developed, and before they produce widespread abuses.” The bipartisan bill received widespread support and passed overwhelmingly in both houses.

The 1974 Privacy Act, now over a half-century old, was in the news again this year as President Trump’s slash-and-burn Department of Government Efficiency attempted to seize data from a range of government agencies, in some cases using records collected by tax or healthcare agencies, for instance, for the unrelated purpose of immigration enforcement. Trump’s Social Security Agency has embraced artificial intelligence tools and other radical technological changes that whistleblowers warned has exposed the personal data of millions of Americans. Critics have alleged that DOGE’s efforts were in clear violation of the Privacy Act. Representatives from both parties have begun to push for a modernized Privacy Act to reflect today’s dramatically different technological landscape, seeking to clarify the definitions of concepts like personally identifiable information and written consent in the context of the internet. But the law’s age hasn’t stopped states and organizations from suing the federal government for failing to protect Americans’ data.

Much of the media coverage of alleged Privacy Act violations has hung the law largely on the ghost of Nixon and Watergate, pointing at the fact that it became law in the wake of Nixon’s resignation. Rolling Stone quoted a lawyer claiming the point of the law was “to prevent someone in the government like the president from accessing data to create an enemies list or effectuate a mass firing of employees who aren’t loyal,” and compared the Watergate scandal to “DOGE’s data gathering” and a “list-making project by the Trump administration.” Journalists often refer to the law only as “Watergate-inspired” or as a “Watergate-era” reaction to Nixon, rarely mentioning any of the specific concerns about computers that were articulated by the law’s creators. 

But the law was not primarily a reaction to the overreach of Nixon and his collaborators. Instead, it was a political attempt to “tame the new computer technology and to extend Constitutional safeguards which were written to check the power of men rather than the super-power of machine,” as the New York Times editorial board put it in 1974. By framing the law as a reaction only to Watergate, the press leans on a simplistic view of the past, flattening a long history of carefully-considered critiques of technology and a much broader set of worries about constitutional rights.

While Watergate was mentioned in legislative discussions leading up to the Privacy Act, it was in the context of a number of other scandals perpetrated by government officials. Lawmakers referenced the overreach of the McCarthy era, as well as federal agencies’ use of wiretapping and personality tests in the 1960s and 70s. They pointed to news about Department of Agriculture and IRS data being used to compile mailing lists and surveil political organizations. Several brought up the recent exposure of the FBI’s decade-long COINTELPRO domestic spying and sabotage program against a wide range of political activists from the Black Panther Party to the United Farm Workers, a revelation that shocked the nation and eventually led to further congressional inquiries. Sen. Ervin was particularly shaken by the findings of a congressional investigation into a controversial U.S. Army program that conducted surveillance on domestic political organizations and at political protests. California Rep. Barry Goldwater Jr.’s remarks at a conference on privacy and computer security included anecdotes about federal law enforcement officers knocking down doors to violently arrest innocent civilians on gun and drug charges that were based on incorrect data in government records. Most of these cautionary tales had received major media coverage, and it was widely understood that the ever-increasing power of computers would only supercharge these types of secretive bureaucratic abuses. 

Many of the technological capacities feared at the time have long since come to fruition; the 2013 exposé of the National Security Agency’s massive metadata collection programs is perhaps the most egregious example.

Private companies, meanwhile, regularly collect mind-boggling amounts of data about every single person. Federal and local law enforcement agencies, sometimes prevented by laws like the Privacy Act from collecting information directly, regularly purchase personal data on the private market. Dossiers of social media posts and communications are used in visa review and criminal sentencing. Massive, opaque algorithmic engines are being used to make healthcare decisions, award government contracts, and evaluate employees targeted for layoffs. 

Lawmakers and social critics of the ’60s and ’70s were remarkably prescient in their fears, but Congress was unable to create legislation to forestall the explosion of data collection that helped undermine many of the privacy protections they intended. Sarah Igo has argued that the Privacy Act may have even facilitated that explosion: instead of restricting or redacting government-stored data, it took the approach of “transparency, in the form of still more data” about the data collections themselves. In addition to the strong American bias toward transparency over regulation, the robust influence of American free-market politics kept the law narrowly focused on government data and so didn’t rein in the private sector. This was emphasized repeatedly by advocates of the law in committee debates leading up to its passage: a government commission investigating a company’s data collection for privacy violations, to some senators, would be just as bad as COINTELPRO or the Army surveillance programs. 

Privacy rights in the American constitutional context had long been considered mostly physical, protecting one’s person, house, papers, and effects from unreasonable search or seizure. Even within the newly energized jurisprudence on privacy as a Fourteenth Amendment due process issue — a central basis of both the landmark 1965 Griswold contraception case and the 1973 Roe abortion case — protections were understood to apply to physical “zones of privacy” or an individual’s decisions, not institutional records about them. Igo and legal historian Lawrence Capello agree that the Privacy Act’s required transparency reinforced some paranoia about surveillance rather than establishing clear-cut privacy protections. They argue it also shifted focus away from privacy as a collective, society-level right to an individualist one in which citizens had a sense of private ownership over their data, even though they did not control it. 

Despite these limitations, the history of the Privacy Act reminds us that widespread concerns about privacy can translate into new protections of privacy rights. It is seductive to think that large scale abuses of technology are too thorny to handle directly, and that ousting a disgraced politician might bring an end to those abuses. If it worked with Nixon, why not now? But we should not let a singular comparison to a past controversy like Watergate limit our understanding of what may be possible if we stop accepting privacy violations as the price of modern society. We can instead work to envision a future governed by laws that anticipate technological transformation. As journalist and critic Vance Packard wrote in 1967, the “crucial question is whether we are letting technology get out of hand without a sufficient concern for human values.”