Can Public Data Be Too Public?
Recently, the State of California halted sales of its database of 24 million birth and death records after a newspaper reported that the information was being made available on the Web by a genealogical organization. In addition to privacy concerns, there also were cries that the data may enable identity theft, since it contained information on living people.
Some people think that even restricted access to public information via the Web is a bad thing. In New York City, a non-profit group created a Web site to let voters view their individual voter registration records to determine at what polling place they were registered to vote. While this is public information, the site was lambasted for making the information available and only asking for a person's last name and date of birth before displaying the requested information. The main criticism of the site was that by asking for only two pieces of identifying information, it was not sufficiently secure—although the entire database is open to public inspection at the Board of Elections physical offices, with no identifying information being required of the petitioner at all.
The issue is compounded when public record databases not only are made accessible but merged together, creating even more powerful sources of information. In the eyes of some privacy advocates, this further erodes personal privacy.
As Charles Davis of the Freedom of Information Center at the Missouri School of Journalism puts it: "We're equating ease of access with privacy, and to me, they're two different animals. Either a record is private or it's not."
At a certain level, this is true. Yet as we've seen, the Supreme Court has said that multiple public records combined together may yield a private, non-public record. And when public databases are overlaid on commercial databases, the issue gets even more problematic. For example, there are databases that reside in that murky area between public and private, an area inhabited primarily—and quite profitably—by mailing lists. It wasn't long ago that the IRS was found to be renting mailing lists of luxury-goods buyers just to see if their reported incomes could support such expensive purchases. Does this constitute sophisticated law enforcement or an invasion of privacy?