Throughout the 1960s and 1970s, new concerns were raised in response to the first digital data banks and projects involving interconnection files. It is clear that information technology that offers the possibility to record anything can also endanger the security of personal information, while producing an unequivocal entity easily manipulated by those in authority. Of course, recording personal information is by no means a new phenomenon, but the efficiency of a computer in regard to handling information has improved; what in the past seemed hard to achieve is now achievable through technological devices. Because of these machines, it is now possible to store millions of files, compare them all, carry out the most sophisticated technical tasks and transfer the results from anywhere in a short interval of time.
In an effort to protect the individual rights of their citizens, modern democracies have responded by outlining guidelines that seek to protect human rights. Such an intervention was seen by some as ambiguous, because as much as these societies would like to regulate the circulation of information, blocking progress in economical and social terms would be considered highly detrimental. This double objective is not easily achieved and it compromises the efficacy of the established plan for protection.
In the mid-nineteenth Century, a new method of surveillance appeared in the first democratic societies, namely England, the United States and France, a method named “Profiling the Populations” by the authors with the help of Mattelart [MAT 14]. It is an indirect form of surveillance, generally invisible, based on using the data of individuals, which will soon complement and replace the previous method. Unlike these antiquated methods that are carried out directly and require the individual to carry out some work about themselves in order to comply with set standards, the profiling can be put into action without the individual knowing, while requiring no participation on their part. The progression of these operations will follow the progression of the information acquiring techniques.
To put this into context, in the face of records and registers of all sorts, the invention of a movable file in the Paris police headquarters in 1833 constituted a major advance in terms of researching and identifying groups of delinquents, something that according to Foucault was not given due credit by historians [FOU 75]. Unlike older writing systems, the movable file facilitated the inclusion of new data and lent itself to the creation of alphabetical categorization that allowed for the completion of all sorts of tasks, as follows: data sorting, data retrieval, collection of new reports, etc. This technique, picked up again over time in different sectors of work, will soon concern an increasing number of individuals; one single individual can now expect to appear in several hundreds of files.
Herman Hollerith’s 1886 invention of the tabulating machine in the United States constitutes another crucial development in the profiling of populations. The 1978 publication of Nora and Minc entitled “The Computerization of Society” [NOR 78] suggested that the dangers of technology for individual liberties have been overestimated. In order to back up this statement, they put forward the following example: the Gestapo completed their work effectively without the help of electronic technological files. This example is poorly chosen because it demonstrates, on the contrary, the tragic consequences of using the former information handling techniques with undeniable clarity and force.
In his book IBM and the Holocaust, Black puts forward the following question: “What mysterious planning allowed for millions of victims to find themselves on a train station platform in Germany or elsewhere in occupied Europe, to travel for two or three days, and then could go from the ramp of Auschwitz or Treblinka to the gas chambers, all in under an hour? Hour after hour. Day after day. From one timetable to the next, with clockwork precision and the merciless efficiency of a Blitzkrieg. The survivors would never know. The liberators would never know. The politicians would never know. The prosecutors would never know. The experts would never know. It’s almost a question of whether the issue will be raised at all” [BLA 01, p. 490]. After extensive research, it is this question that Black, throughout his book, attempts to answer with great accuracy with the help of supporting data, figures and documents. He demonstrates that the extermination of several million people, with speed and efficiency unmatched to this day, was a result of the automated organization and processing of a considerable amount of information with the help of thousands of Hollerith’s tabulating machines of perforation. Such machines were found everywhere: in offices, stations and factories, but also in ghettos and camps. Every piece of information was seized, handled and analyzed. From 1933, these machines optimized the identification of Jews from Germany living in Prussia, then from 1939 the identification of all the Jews living in the Grand Reich. A significant example showing the extent to which the tabulating machines have contributed to murderous industrialization is provided by a comparison between the fates of the Jews living in Holland and those living in France during the German Occupation: “out of an estimated population of 140,000 people, more than 107,000 Dutch Jews were imprisoned, and out of this number 102,000 were killed – a mortality rate of about 73%. Out of the 300,000 to 350,000 Jews who lived in France, irrespective of region, nearly 85,000 were imprisoned, with only 3,000 survivors. The mortality rate in France was about 25%” [BLA 01, p. 383]. The explanation of these differences comes mainly from the differing tabulating equipment available in the two countries. From 1930, Holland used Hollerith machines for their census. In 1941, they recorded all the Jews in the census office equipped with these same machines and carried out a centralized tabulating operation the same year in order to create an alphabetical register of the Jewish population. Some 159,806 individuals were thus registered according to several criteria in the 80 Hollerith perforated columns, recordings that were the prelude to the systematic and continual surveys that were to follow. Meanwhile in 1940, France denounced its Dutch cousin for the delay in completing the recordings, and so the country found itself unable to turn the Jews living in their country into perforated cards. By the end of 1940 those in occupied areas were identified, and then in 1941 everyone was identified manually because of the extensive Tulard files. Other surveys organized in 1941, which were carried out using the previous round of identifications, did not experience the success that their developers expected. Subsequently, the results gained by a newly formed demographics unit using tabulating machines also proved disappointing. When in the hands of the resistance fighters, headed first and foremost by General René Carmille, these machines did not help the racist policies of the Nazis, but were made to further patriotic objectives, namely the reconstruction of the French Army.
As a direct extension of tabulating machines, computers have brought such a great amount of progress in terms of the automatization of information that they very rapidly raised concerns in terms of the preservation of individual liberties. In the 1960s, a debate emerged in the United States about this particular issue of liberties, at the very moment when the first data banks were being implemented. After some time, at the start of the 1970s, in France in particular, projects involving centralizing files caused controversy due to their threat to individual rights.
The United States used information technology not only for military purposes but also in a civil context. They carried out their 1960 census with the help of a Univac computer. A few years before, the first processing projects made use of this machine, such as the project studying the number of arrests at the Supreme Court or one accomplished by IBM and a bar association, which concerned the legal systems of a range of states, putting into practice a list containing two million entries. Throughout the 1960s, following technological progress (better-performing machines, replacement of perforated cards with magnetic bands, development of the keyboard, use of computers in telecommunication companies, facilitating the sharing of work between several users often far away from each other, online query systems, IT services for particular tasks), a new importance was attributed to the gathering and processing of information. IT specialists, experts, researchers and administration assistants desired access to the greatest amount of information in order to manage it more effectively, develop their knowledge, advise the government or do business. In 1964, the State of New York launched a plan designed to gather information from 3,600 different sources such as the police department, the prosecutors’ offices or the courts of justice. Programs were developed that facilitated the translation of data from state administration into formats that allowed others to make use of it. This is also the time when credit agencies started to appear in all areas of the country, in response to a growing demand from money lenders with regard to the solvency of money borrowers. These agencies were to create files about certain individuals using the short news items contained within newspapers, local neighborhood surveys or court rulings. Often on a national scale, they contributed to the industrialization of intelligence without any guarantee that such information was to be kept confidential; their sales were made in the absence of any ethical framework. The fact that records, files and different sources were progressively taking the form of electronic data interpretable by a computer opened the way for the automatization of information on a large scale. “This automatization takes various names depending on the environment and those involved: electronic data processing at IBM, automated data processing or integrated data processing in large companies, information retrieval for scientific documentation or libraries” [ATT 13]. The first critics of the evolution where made aware of it through the media and essayists, who referred to the rather vague and poorly defined notion of personal privacy. During the second half of the 1960s, the debate regarding the threats of information technology focused on the government’s creation of a National Data Centre. The collection of personal data using technology was not exected but the operations undertaken manually really called for the implementation of ethical or legal rules aiming to protect confidentiality. Automatization made these restrictions totally obsolete, without replacing them with other procedures. National legislative bodies, in these circumstances, were to be encouraged to increase the number of hearings and to refuse any credit until rules guaranteeing confidentiality were drawn up and put into practice. This debate was to gain exposure and become more widely known through the 1967 publication of a book by a professor of public law, Alan F. Westin, entitled Privacy and Freedom [WES 67]. This book is the result of a research group that he had commissioned from 1962, after a large survey launched in 1951 by the Association of the Bar of New York. In Westin’s opinion, digital technology started changing lives as soon as governments began collecting information on individuals and companies through surveillance and wiretapping. Surveillance thus took on a new dimension due to the development of systematic information retrievals, the creation of personal files, automatization of processing and the overall progress of technological science. Control through records and storing information was established as a by-product of the automatization of social and public service processing in a country that prides itself on its liberal principles. Even if we were to install dams to control the streams, it would be impossible to halt the process of computerization that flows like a river towards the sea.
In France, as in many countries, networking of personal files has contributed to making information technology a social issue. At the end of the 1960s, in the absence of official procedures, a system named SAFARI (automated system for administrative files and directories of individuals) was put into practice by public administration services so as to be able to connect different public and private files about people1. In pratical terms, this indicated an expansion of the role of the directory of individuals kept by the National Statistic Institute; on this occasion its automation and use of the social security number to interconnect all files. During an initial phase (1965–1970), the arguments put forward in favor of the operation concern only its management. At no point did SAFARI developers suspect the sheer number of questions and criticisms that would arise at a later stage. They did not see the system as being dangerous and risky, but simply a technological operation. Of course, they knew very well that they were introducing an immense reform into the administrative sector but kept their attention on the positive elements, which involved a greater transparency of information. In this way, an organization established in 1966 with the objective of promoting information technology in French society, the Information Technology Commission, perceived an opportunity in file networking by making the use of computers a profitable business. Integration logic driven by the new technique seemed to demand the use of a universal administrative language that required a single registration process for individuals and companies. The actions of this organization would become a determining factor in the automatization of technological directories, a process that they would finance to a significant degree. As for the head of the directory, the National Institute of Statistics showed support for a reform that would give them the opportunity to develop statistical investigations. The customers, namely the different management groups, had great interest in simplifying administrative circuits and facilitating a way to manage and display more accurate knowledge of the people. A second phase, between 1970 and 1974, then arose that proposed a new point of view regarding the operation. From 1970, the government and the parliamentary circles were worried about the social consequences of certain applications of information technology. The managerial considerations that were the only ones offered up to that point were offset by the consideration of other elements, like the potential threat to individual freedom. Parliament had combined the automatic handling of a central file of drivers with an official right for those involved to access the stored data. They later vehemently refused (for reasons claiming to adhere to respect for personal privacy) to create an automated national file, which would contain the recorded medical history of every French citizen. The government and the parliamentary circles seemed to share the same views on the matter. At this moment, they compelled the Council of State to rethink the problem of information technology and freedom, while forcing them to propose satisfactory measures in order to use computers in a way that respected the fundamental precepts of freedom. In 1972, a group gathered at the chancellery to address the issue. The SAFARI system was soon to be condemned by liberal circles that worried about the existence of a national file gathering information on the civil state of the whole population of France, as well as the possible links this file may have had with electronic files owned by diverse ministries and public services: the army, the police force, customs officers, tax officers, public health services and the court. The general use of technological means to control someone’s private life may lead, in their view, to a coercion of the police and administration bodies, which does not adhere to the most basic personal liberties. This criticism was far from being shared by the majority of the members of parliament, as illustrated through the subdued reaction met by various bills created in 1970, 1973 and 1974 to protect the freedom of the individual. A problem was on the horizon, but there was a desire not to stilt the development of a promising innovation without first getting a clearer idea of the dangers. This really was an affair for the media who were to spark things off and render SAFARI an issue concerning the state by fully exposing a secret that had until that point been kept concealed from public knowledge. On March 21, 1974, the renowned daily newspaper Le Monde released the headline: “SAFARI or hunting the French”, which proved inflammatory enough to attract attention, while clearly suggesting the gravity of the issue. By focusing on the fears about a specific threat that had been diluted up until that point, by making the threat well known and thus taken up by other publications, it forced the government to publicly address the issue. They reacted immediately: in a matter of days, on March 29, the prime minster prohibited all forms of new networks between technological systems which depended on different ministries, and called for a reliable committee in charge of proposing rules guaranteeing that the development of information technology occurred with careful consideration of personal privacy and public freedom.
To confront the dangers posed and concerns raised by computers, democratic states were to submit computerization to rules aiming to better protect personal privacy. Numerous adjudications were conscious of this necessity to protect, even if the right to personal liberty had not been recognized until a very late stage, only included in the Universal Declaration of the Rights of Man in 1948.
It is true that the notion of personal privacy is blurred and ever changing, and it is through the attacks it has suffered that its definition has been clarified and enriched. In this respect, information technology has been a real catalyst. At the end of the 19th Century in the United States, scandalous media photography, advertising and sales methods seriously endangered personal privacy, a scandal that the courts failed to pick up on. It is in this context that two American legal experts, Warren and Brandeis, wrote a famous piece in 1890 on “the right to personal privacy”, defined as “the right to be left alone”, which would serve as the foundation for a later jurisprudence evolution [WAR 90]. Similar to photography and the advertising of the past, information technology was to threaten this right to privacy. As a direct extension of the contributions made by Warren and Brandeis, Westin states that the right to privacy has become “that of stating, managing and erasing one’s personal details and of deciding when, in what way and how much these details are shared with others”. In terms of traditional details concerning one’s identity (home, country, family ties), personal privacy is now defined by the way in which personal information is treated. The importance of such an addition is so significant that the charter of fundamental rights of the European Union made the decision to distinguish between a right to personal privacy, which concerns one’s personal and family life as well as their interactions (article 7) and the protection of personal data subject to a certain number of restrictions (article 8).
The European Council played a major role in defining these restrictions, though both the OECD guidelines and the protecting laws of the state, by revisiting the fundamental principles that were defined at the start of the 1970s and mentioned in the 1981 Convention for the Protection of Individuals with regard to Automated Processing of Personal Data. A principle of reliability demands that information be collected and treated according to fair and licit methods, a principle of accuracy demands that data be verified for its truthfulness and that it is kept up to date, a principle of purpose demands that at any moment three points can be tested: the recorded information is linked to the declared purpose on the creation of a process, the information is not used for a different purpose and they are erased from the system once the final objective has been reached, unless the information is anonymous.
Other restrictions complement these fundamental principles: the initiation of processing must be brought to the attention of the public and these processes must be well secured. In addition, everybody should be able to access any data that concerns them, and if necessary demand their amendment or even their deletion. The agreement also prohibits the processing of data concerning race, politics, religion, health and sexual orientation, as well as that concerning family members with a criminal conviction, unless appropriate safeguards are taken. The document also expresses that a country can limit the collection of certain categories of data when subjected to the specified restrictions.
After the Landtag of Hesse in 1970, Sweden in 1973, the Federal Republic of Germany in 1976 and finally France in 1978 [MAI 92], all European democracies voted for laws that result in these principles, by creating a specific independent system to ensure that they are applied. In 1995, a European delegate was made responsible for the protection of personal data.
A division was soon to appear in the United States, as they had not voted for a general law imposed over all processes undertaken by the public and private sectors, but instead the 1974 Privacy Act that was applied to federal administration files and specific laws surrounding credit, banks, education and telecommunications. In addition, the US did not establish an independent committee, legislation being the sole responsibility of the court. Ultimately, according to American law Professor James Q. Whitman, there existed two Western cultures concerning personal privacy: America’s, that sees data protection as a right to protect freedom, and Europe’s, that perceives the right as protecting human dignity [WIT 04]. These differences resulted from a greater worry concerning equality from one side to the other, an aristocratic legacy with a marked difference. For other legal experts, the differences are indisputable, believing that in the United States priorities surrounded economic interests; yet these are in stark contrast to the notions of equality and dignity emphasized on both sides of the Atlantic. The main factor explaining this is relationship with the state. It is possible to trace the persistence of intense mistrust of the American population towards the state that could not be depended on and which was expected to limit legislative interventions in the issue. On the contrary, in Europe the law was perceived as a path to freedom. From here, it can be concluded that “if personal privacy is better protected in Europe than in the United States, it is due to the fact that the law imposes limits on the right of the individual to interfere with the lives of others” [ZOL 05].
In the opinions of certain critical commentators, reinforcing the right to personal privacy does not really interest anyone apart from the wealthy, allowing this group to conceal their privileges and their riches from the public gaze. A historical analysis supports this point of view by showing the bourgeois and elitist origin of a concept that can be expressed to counter an income redistribution policy, for example. The right to be left alone is confused in this way with a right to cheat. It can also be argued that in a period of extreme individualism, to the point where social cohesion is under threat, it would be inappropriate to add even more value to people’s secrets. These secrets could constitute obstacles against the pursuit of objectives that concern the public and that call for the subordination of private interest for collective interest. Ultimately, transparency and participation, when needed, seem to inherently serve the common good as opposed to a fearful withdrawal into one’s individual, private and protected space.
An extensive inspection of the situation reveals that things are not so simple and that, in the context of our societies, the right to personal privacy is of crucial importance. First of all, this right forms the foundation of the democratic project; it even constitutes its very essence, since the ultimate aim of such a regime is to allow for personal autonomy. For Greek founders of this political regime, each citizen belongs to two types of existence with a very clear distinction between which one belongs to him alone and which one is common business. Both must go together. According to Hannah Arendt, in this society “the private was like the other, dark and hidden from public domain, and by being a politician one is said to reach the highest potential of human existence, having no more space to oneself like a slave who winds up ceasing to be human” [ARE 61]. If the right to personal privacy was not recognized until very recently in representative democracies, it is because it goes without saying, meaning its regulation by law was not deemed necessary [KAY 74]. It is the socialization of the human, and the violation of this private sphere by processes that are increasingly indiscreet, which explain the intervention of a judge followed by the law in order to establish limits. Fundamentally, what one looks to safeguard is actually an area of individual sovereignty that is shielded from all exterior intrusions. Far from being a barrier or an obstacle to democracy, the preservation of this area is on the contrary an integral part of human life. Only using this area, an authentic public space can be constructed. Citizens require a balance between transparent exposure to public activity and repose in the protected sphere of domestic life, something that Arendt calls “the darkness of concealed life”. Without space for one’s private life, there would no longer be the slightest chance of nourishing individual characteristics, which make one able to significantly contribute to interactions linked to the common good.
Moreover, in this day and age, the right to personal privacy has been considered in a more general dimension. It is not just a small stratum of privileged people that may find it beneficial to claim their privacy, but the whole population. We can go as far as to say that it is the most vulnerable and the most dependent of society who are also the most visible when faced with figures of authority, whose apparent concern, in many cases, conceals their desire to control the population. From the moment they appear, regardless of which disadvantaged category they come under, minorities will be subjected to forms of discrimination.
Laws aiming to protect are welcomed with open arms by certain developers who worry about the mistrust held by public with regard to their technological products, ensuring an official social legitimation of technology that is able to continue developing in a suitable climate. Two critical observers note the following: “if one wanted to be cruel, one could write about the intervention of lawyers and judges in the technological field which is the inevitable cause of the King of Prussia’s position, we would attack Silesia and we would then worry about finding a lawyer to justify our actions” [JAM 78]. In the end, this intervention points toward some positive elements. By reaffirming certain aspects somewhat forgotten in the issue of respect of privacy, the intervention offers the first guarantees to those people on file who are granted new rights. A symbolic benefit that should not be overlooked is from that point forward in their reach, allowing them to be able to judge the difference between fact and right and between the way they are treated and the way they should be treated. Meanwhile those who create the data must respect certain limits in what they do, as well as the prerequisite formalities that must be carried out on establishment of an operation, putting them before their responsibilities. The creation of a specialized independent committee, which constitutes an entity separate from authorities, can overcome the shortfalls of a parliamentary or jurisdictional body.
Despite the protective measures put in place, all the risks of information technology are far from being accounted for. When we focus only on the reinforcement of the right to personal privacy, the collective dimension of the issue of computers is neglected. This machine increases visibility of individuals in the face of authority, but it simultaneously threatens other freedoms and brings the very stability of this authority into question, as clearly indicated by the first article of French Law2. The Tricot report in preparation for this law signaled in 1976 that the major threats originated from an increase in social control but also from the worsening of unequal social relations at society’s core [COM 76]. According to this report, the formal rigor of models processed using information technology is able to give specialists a considerable influence over social decisions and policies by making the discussion of “the truth” about computers impossible. In these conditions, it will soon be desirable for workers and users to participate in a consultory way in the automatization process. The report puts the juridical situation into perspective by taking into account political, industrial and cultural environments. Law ceases to constitute a true guarantee in a State that does not respect freedom or that is dependent on other countries to provide them with technology apparatus. And so myths about the computer were dispelled in an attempt to put the machine in its rightful place. This conclusion would thus feature in superior technological education, teaching a subject entitled “information technology and society”, introducing an association comprised of teachers and researchers, named CREIS (Centre for the Research and Teaching of Information Technology and Society), aiming to teach through methods of reflection while ensuring the promotion of studies of this kind.
Applying these technological laws and freedoms came up against a certain number of difficulties. After 10 years of application in the first countries that adopted them (Sweden, the United States, Germany, France and Canada), Professor David H. Flaherty, on the basis of a detailed survey, demonstrated the enormous difference between the rhetoric of the laws and the way they were implemented [FLA 89]3. In France, 80% of processes inside the private sector were not declared, going against the expectations of the law. The people on file did not demonstrate much interest in gaining control over the processes that concerned them and did not exercise their right to access the information very readily. When the judge was questioned, he/she showed little interest in the topic whose issues he/she misjudged. Finally, it was the institutionalized body exterior to official authority (CNIL, National Committee of Information Technology and Freedom) that really shed light on the reality concerning the new restrictions. Through the recording of processes, opinions and numerous complaints that they had received, they were able to see the full extent of the numerous problems posed for individual freedom, and the progress of computerization in all areas of activity. They were able to avoid the most threatening aspects by imposing limits on police surveillance, and by being very cautious concerning identity card digitalization projects. They prohibited processes with discriminatory elements, supervised technical profiles and upheld the aims of business processing. Numerous hesitations accompany these opinions, which those in charge of processing had to keep in mind. In the large majority of cases, contradictory opinions were balanced out: for example, in terms of priorities during research and respect of hidden medical information, the necessity of a welfare inspection and of respect for the personal privacy of the vulnerable, direct marketing interest and the right of the individual to not be disturbed [COM 88]. From 1995, the independent committee incited by CNIL in favor of the preservation of confidentiality was seen as an embarrassment by public and private operators and users of personal data. Rearranging the European order regarding data protection did not succeed until 2004, but it was an opportunity to downgrade the power of a committee that a 1996 report of the State Council would denounce for having an exaggerated view of their role. At the end of the 1990s, adapting the law in accordance with the evolution of techniques became more and more difficult due to the development of the Internet, which presented the opportunity to bypass restrictions by automating data collection and relocating processes in the United States [RUL 08]. The 9/11 attacks in the country to this day constitute a vital date in terms of the regulation and protection of personal data. From this date, security services rendered this a top priority, realizing that when considering the security/freedom binary, one cannot afford to compromise.