Statement of Legislative Counsel Gregory T. Nojeim on Drivers' Privacy and Amendments to the Driver's Privacy Protection Act Before the Senate Appropriations Subcommittee on Transportation
GREGORY T. NOJEIM
AMERICAN CIVIL LIBERTIES UNION
WASHINGTON NATIONAL OFFICE
DRIVERS' PRIVACY AND AMENDMENTS TO THE DRIVER'S PRIVACY PROTECTION ACT
SENATE APPROPRIATIONS COMMITTEE, SUBCOMMITTEE ON TRANSPORTATION
April 4, 2000
Chairman Shelby, Ranking Member Lautenberg and members of the Subcommittee:
I am pleased to testify before you today on behalf of the American Civil Liberties Union about amendments to the Driver's Privacy Protection Act adopted in 1999. The ACLU is a nation-wide, non-profit, non-partisan organization consisting of over 275,000 members dedicated to preserving the principles of freedom set forth in the Bill of Rights.
Today I will identify the abuses that lead Congress to enact the Driver's Privacy Protection Act and the 1999 amendments to the Act. I will explain that the ACLU supports both because they can protect the privacy of the information drivers submit in order to obtain driver's licenses. I will also suggest additional steps Congress should take to close loopholes in the DPPA and ensure that drivers secure the privacy benefits of the DPPA, including the 1999 amendments.
The Driver's Privacy Protection Act
The need for drivers' privacy became apparent after a tragic killing. An obsessed fan who had obtained the address of actress Rebecca Shaeffer from the California Department of Motor Vehicles (DMV) stalked and murdered Ms. Shaeffer outside of her Los Angeles apartment. She had taken steps to protect her personal information. She had paid to keep her home phone number unlisted. She was careful about giving out her address. When she applied for a California driver's license, she had no idea that California would endanger her by selling the information she had tried to keep private.
In response to the killing a few years later, Congress enacted the 1994 Driver's Privacy Protection Act (18 U.S.C. 2721-2725) to require states to protect the privacy of the information that drivers submit in order to obtain a driver's license. This information includes the driver's name, address, phone number, Social Security Number, driver identification number, photograph, height, weight, gender, age, certain medical or disability information, and in some states, fingerprints. The DPPA does not extend privacy protection to a driver's traffic violations, license status, and accidents.
The ACLU supported the DPPA. We testified in 1994 that although state DMV records had traditionally been open to the public, this could no longer be justified. We acknowledged that access to government information fosters democracy and enhances personal freedom. It encourages informed citizen participation in the governing process, promotes accountability of government employees, deters government abuse, and instills public confidence in government through increased awareness. However, we believe that access to personal information collected and maintained by state DMV's does not substantially advance these goals and thus does not meet the criteria necessary to be made available under an open-records policy. The individual's interest in avoiding the disclosure of personal information outweighs the public interest in disclosure in this context.
As we indicated in 1994, state DMV records ought to be treated with protections similar to the protections afforded federal records subject to the federal Privacy Act of 1974. Its central principle is that personal information collected by the government for one purpose may not be used for another purpose without the consent of the person to whom the information pertains. As applied to drivers' records, this would mean that information submitted by an applicant in order to obtain a driver's license could not be used for another purpose without the express consent of the driver.
Loopholes in the DPPA Compromise Its Privacy Value
The DPPA fell short of this ideal because loopholes in the Act have proven problematic. There is no way under the Act for a driver to prevent disclosure of personal information when a loophole applies. Among others, there is a loophole for:
Ø Each government agency to use personal information in the state's DMV records ""in carrying out its functions"" 18 U.S.C. 2721(b)(1);
Ø ""Performance monitoring of motor vehicles"" 18 U.S.C. 2721(b)(2);
Ø ""Use in connection with ? any investigation in anticipation of litigation"" 18 U.S.C. 2721(b)(4);
Ø ""Use in connection with the operation of private toll [roads]"" 18 U.S.C. 2721(b)(10);
Ø ""Use by an employer or insurer to verify information relating to the holder of a commercial driver's license"" 18 U.S.C. 2721(b)(9); and
Ø Any other use authorized by state law ""related to operation of a motor vehicle or public safety"" 18 U.S.C. 2721(b)(14).
The DPPA also included other overly broad loopholes. It allowed for disclosure of a driver's personal information in response to an individual request, or for bulk distribution for marketing, solicitations and surveys, if the driver is given notice and a chance to ""opt out"" of the dissemination of the driver's personal information. 18 U.S.C. 2721(b)(11) and 2721(b)(12). Another loophole allowed for the distribution of a driver's personal information for use in the normal course of business by a ""legitimate"" business to pursue debtors who had provided inaccurate or outdated information, and to verify the accuracy of information submitted by an individual to the business. 18 U.S.C. 2721(b)(3).
Abuse of Drivers' Personal Information
This latter loophole has led to abuse. Last year, a Nashua, New Hampshire company tried to exploit this loophole by purchasing from state DMV's the images and other personal information about 22 million drivers in order to build a national drivers database. Once a sufficient number of drivers' images were purchased -- often for a penny a piece -- Image Data, LLC would have made its database available for a fee to businesses. They would use it to retrieve a photograph to verify the identity of customers using credit cards and checks. Image Data contracted with South Carolina, Colorado and Florida, to sell their drivers' personal information without consent. Apparently, these states and Image Data took the position that the sale facilitated verification of the accuracy of personal information submitted to a business, and thus fit within the 2721(b)(3) loophole. This justification was called into question when it was revealed that the Secret Service had helped fund the drivers' photo database in an apparent effort to use the database to fight immigration fraud and airport terrorism.
Drivers were outraged when they learned that their photographs and other information were being sold without their consent to create a national database of driver images. Florida Governor Jeb Bush probably summed up drivers' sentiments best when he reportedly said, ""I am personally not comfortable with the state mandating license photos for the purpose of identifying authorized drivers, then selling those photos at a profit for a completely different purpose."" Every participating state was flooded with citizen complaints about privacy. And every participating state called off the sale.
1999 Amendments To the Driver's Privacy Protection Act
In an effort to prevent a recurrence and other abuses, Congress enacted two additional privacy protections in Section 350 of the Transportation Appropriations Act for FY 2000, P.L.106-69. The first lasts only as long as the highway money Congress appropriated in the law. It effectively requires states to obtain express driver consent before releasing the driver's photograph, Social Security Number, or medical or disability information. Exceptions to the new rule were provided for law enforcement and the execution of judgments, insurance claims investigations and underwriting, organ donation programs, and verification of information relating to the holder of a commercial driver's license. This provision effectively narrows a number of loopholes in the DPPA by barring release of this sensitive information for a different use without the driver's express consent. To have the desired effect, this protection would have to be re-enacted each year because it was tied to money appropriated in the Transportation Appropriations Act for FY 2000.
The second 1999 enhancement of driver privacy is permanent. Congress amended the Driver's Privacy Protection Act itself by requiring the express consent of a driver before a state DMV releases any personal information such as address, gender and age, in bulk for marketing, solicitations and surveys. Congress also amended the DPPA to require express consent for the release of personal information for a ""look up"" about a particular individual -- as opposed to a bulk distribution - for any purpose not mentioned as an exception in the DPPA itself. Previously, such information would be released pursuant to a request for an individual's information, or a request for bulk distribution for marketing purposes, if the individual had failed to ""opt out"" of the disclosure.
The ACLU supports these changes to protect driver privacy. By requiring express consent as a condition of dissemination of personal information in many circumstances, Congress made the DPPA more closely resemble the federal Privacy Act and other legislation protecting the privacy of information in record systems maintained by governmental entities. As a practical matter, the ""opt out"" approach offers much more limited protection than does an ""opt in."" I like to call the opt out approach, ""presumed consent."" Unless the driver acts, consent to dissemination of the driver's personal information is presumed. Likewise, the ""opt in"" could be viewed as requiring ""true consent"" -- an expression of consent prior to the sharing of information. The 1999 amendments protect driver privacy by partially converting the DPPA from a ""presumed consent"" into a ""true consent"" statute. However, more needs to be done.
Additional Steps Congress Should Take To Protect Driver Privacy
Congress should take five steps to further enhance driver privacy.
Make 1999 Protections Permanent. First, to fully secure the additional protections the 1999 changes afforded for drivers' photographs, SSNs and medical and disability information, Congress should make the changes permanent. This would not only protect driver privacy; it would also give states additional certainty with respect to the privacy floor they would be required to observe in the future. States are free to do more to protect driver privacy than the federal government requires. In the alternative, Congress should ensure that this year's transportation appropriations bill carries forward the work it began last year to protect drivers' photos, SSNs and medical and disability information.
Plug Loopholes. Second, Congress should plug as many of the remaining loopholes in the Driver's Privacy Protection Act as is practicable.
Beef Up Enforcement Efforts. Third, Congress should ensure that the Driver's Privacy Protection Act is enforced. The DPPA allows the Department of Justice to seek civil penalties of $5,000/day under 18 U.S.C. 2723(b) from states that fail to comply with the DPPA. To our knowledge, no state has been fined for failure to comply. However, in the legislature of at least one state - Minnesota -- steps are reportedly being taken to prohibit state implementation of the true consent provisions Congress adopted last year unless the federal government fines the state for non-compliance. 26 Access Reports No. 4, pp. 3-4 (February 23, 2000). Now that the Supreme Court has unanimously upheld the DPPA as a proper exercise of Congressional authority, (Reno v. Condon, No. 98-1464 (January 12, 2000)), Congress should call on the Government Accounting Office to conduct a state-by-state survey to identify for potential civil penalty the states that are not in compliance.
However, fines may not be enough. States may attempt to challenge the imposition of fines by the federal government on sovereign immunity grounds. In addition, states may argue that the fines only apply to violations of the DPPA, and thus are not applicable with respect to the 1999 protections afforded SSNs, photographs, and medical information. These additional protections do not appear in the text of the DPPA. Moreover, while we believe that the 1999 privacy enhancements require states receiving federal highway funding to comply with the DPPA and the 1999 changes, some have disputed that. As a result, we recommend that Congress make it clear beyond doubt that failure to comply will result in the withholding of a portion of a state's federal highway money.
Repeal SSN Solicitation Mandate. At roughly the same time Congress acted to promote driver privacy by enacting and improving the DPPA, Congress enacted other legislation that undermines the very principle upon which the DPPA rests. That is the principle that information submitted to the government for one purpose may not be used for another purpose without the consent of the person to whom it pertains. This other legislation requires the states to demand drivers' Social Security Numbers on driver's license application forms.
Social Security Numbers were created to help the government keep track of contributions made to the Social Security trust fund. At the time they were authorized, a promise was made that the numbers would not become universal identifiers. This promise has been broken repeatedly. Each time it is broken, personal privacy is compromised by linkage of data files reliant on the SSN.
In Section 317 of the 1996 Personal Responsibility and Work Opportunity Act (P.L. 104-193), Congress effectively required the states to ask applicants for commercial driver's licenses, occupational licenses and marriage licenses to provide their SSNs on the application form. In Section 5536 of the Balanced Budget Act of 1997 (P.L. 105-33), Congress extended the requirement to cover all driver's licenses, as well as hunting, fishing and other recreational licenses. The purpose of the legislation was to help track down parents who had failed to pay child support. The effect was to diminish the privacy of all license applicants, including the vast majority who do not owe child support.
Congress should do its part to protect driver privacy by repealing this anti-privacy mandate to the states. This would complete the work Congress began last year in the Transportation Appropriations Act for FY 2000 when it repealed Section 656(b) of 1996 Illegal Immigration Reform and Immigrant Responsibility Act. That section would have, among other things, required states to demand drivers' SSNs on drivers' license application forms. In other words, while one federal requirement that states solicit drivers' SSNs was repealed, another was left in place. Congress should finish the job.
Reject Calls for Delay. Finally, Congress should insist that states implement the 1999 privacy protections relating to the Driver's Privacy Protection Act without delay. These provisions became law almost six months ago. For the most part, they must be implemented by June 1, 2000 - nearly 8 months after they became law.
Congress went to great lengths to accommodate the special circumstances faced by some states. For the six states whose legislatures were not scheduled to meet this year - Arkansas, Montana, Nevada, North Dakota, Oregon and Texas - Congress extended the deadline to the date 90 days after the legislature next convenes. For the three states which had challenged the Driver's Privacy Protection Act in the Supreme Court - Wisconsin, South Carolina and Oklahoma - Congress allowed 90 days after the Supreme Court rendered its decision in Reno v. Condon.
Today, more than a full year after Colorado, Florida and South Carolina stirred up citizen outrage by proposing to sell millions of their drivers' photographs without consent, no provision of federal law is in force to bar such an abuse. This is a recipe for disaster. Enticed by the millions of dollars of revenue that sale of personal information generates for some states, absent a signal from Congress, a repeat performance is almost a certainty. Now more than ever, Congress must insist on prompt compliance with the law to protect the privacy of drivers' personal information.