Introductory Abstract
Management Information Systems (MIS) have evolved basically as tools or processes that aid in the effective management of an organization. This helps make prudent business decisions in the organization. Essentially, through an MIS, data is converted to information, which is then analyzed, and the results studied and made use of to give strategic new direction. As such, an organization’s MIS helps establish improved communications amongst employees, evolve an optimal method for collating relevant information, also control costs, and align processes and procedures along with desired organizational goals and direction. An important objective of MIS is also to measure and enhance employee performances, minimize risks, manage resources, monitor controls, and ensure regulatory compliances. Such a system is increasingly automated and involves information sharing both internally and externally to the organization. An organizational MIS concerned with homeland security and for effective combating of terrorism and terrorism finance necessitates the successful utilization of the concept of time-sharing among various computer systems for developing more complex electronic surveillance systems. Such MIS is necessitated by increased danger to national security and institutions from terrorism, money laundering, and other such activities. MIS, in present-day America (as also in other parts of the world), has built-in structures for gathering and recording improved intelligence, and such systems – both in state and private organizations – are mandated by a host of current statutes and legal regulations which challenge the basic right to privacy of individuals enshrined in the US Constitution. This often implies that security concerns override the fundamental necessity of civilian liberties, which are thus increasingly being challenged by invasive and unobtrusive surveillance by the government machinery through a systematic, legally enforced (often clandestinely), and periodically reported electronically driven MIS.
This paper attempts to present a brief picture of the need of the state to maintain statutory surveillance methods and built-in security control systems as also as the individual needs to maintain privacy. It highlights the various legal statutes in the US that are in place to address enhanced security concerns, and in what way, these are inbuilt into the organizational MIS. It also recognizes the increasing conflicts between the need for national security and individual privacy and arrives at the conclusion that, civil liberties must necessarily subjugate to larger security interests of the state if any degree of protection of the state institutions and the people is to be achieved, and that, modern MIS is only evolving based on emergent global needs for combating terrorism which threaten the human race itself.
Evolution of MIS
The earliest management information systems were the data processing systems of the 1950s and 1960s, which were based on batch mode and run by COBOL programs on mainframes. However, such system was unable to tackle the huge organizational data, and data manipulation was only limited. A formal MIS emerged only in the 1970s with the invention of the timesharing computer systems. These allowed for multiple programs to be run so that many persons could access the system simultaneously for performing varied functions. These systems allowed the printing and manipulation of various reports, which thus aided in organizational decision-making. The late 1980s and the 1990s saw the emergence of tailor-made packages available in the market. The present trend, however, is for a knowledge-based system that could effectively replace human interventions for deciphering information hidden in data sourced by the system. Such a system is still evolving and is beyond the scope of this study.
Study of MIS
The study of management information systems necessarily involves a study of the use of computers in a business environment. The study encompasses the field of data communications, computer networking concepts, system analysis, and design, programming concepts, database engineering and management, software engineering, internet applications and security, ERP, E-governance, data warehousing and mining, and decision support systems, among others. The framework of the organizational MIS is based on sound information systems management principles. A successful MIS needs to align organizational processes and procedures along with larger corporate objectives and must factor in the legal regulations and statutory requirements of the day. Existing social, political, institutional, international, and other factors do play a vital role in its design and evolution, which may impact the civil liberties of individuals in the particular state. Also, various legal regulations and statutes in force in the particular national and international environment do influence the MIS of any organization, whether a public organization or a government agency. Hence, a brief study of the various laws in the present day US, as they impact on the organizational MIS, is in order and is discussed in the following paragraphs.
Internal and External Surveillance
Internally, organizational managements have built into their MIS, tools for recording data on employees that aid in decision making within the organization. Although these tools help build upon strategic information for improving employee work performances, limit labor costs, and align processes along corporate goals, yet these are only as good as the way these are utilized. Essentially, these restrict or merely circumscribe privacy and other civilian rights of individual employees and are a matter of dispute. In contrast, external law enforcement agencies and government agencies resort to a system of surveillance, data mining and reporting that help the state control and monitor organizational activities and ultimately help the government manage its security and legal concerns. Here too, privacy rights are compromised for ensuring the larger state good of improved security and legal compliances through mandatory reporting requirements and implemented, through an advanced MIS Additionally, the state also resorts to unobtrusive and secret surveillance methods like wiretaps and other electronic eavesdropping methods, which although unethical and privacy curtailing, are yet necessary to fight the global evils of terrorism, money laundering, and other such harmful activities. The entire system of surveillance, monitoring and reporting is implemented by certain legal and statutory acts affected through modern electronic methods using advanced management information systems, which were once traditionally used by organizational managements for evolving corporate strategies.
US Electronic Surveillance Statutes
A 2005 American Management Association’s (AMS) survey has indicated that over three fourths of US companies resort to web based and electronic surveillance of employee activities to guard against theft or sabotage. “Employee surveillance has been a feature in the modern workplace since the times of scientific management and extending through the shifts toward bureaucratic and then concerted control”
(D’Urso, 2006) It appears, that post 9/11, communication technology aided surveillance is on the increase, both internally and externally to the organization. According to Whitaker (2003, pp. 52-74) and Bloss (2005), “perceived threats, posed by global terrorists and criminals, have provided the impetus for many of the legal changes that have contributed to the enhanced surveillance powers of the U.S. policy in recent years”. Also, “increasing public use of electronic communication technology (i.e., cellular telephone, internet, etc.) has complicated police surveillance” (Bennett, 2005). Again, Simon (2005, 1) has observed that “in the absence of confinement or tangible boundaries (i.e., total institution), much of the new police surveillance occurs vis-à-vis electronic media (i.e., “data surveillance, biometric, virtual identity, etc.)”. Cole (2003) and Abrams (2005) have also observed that “U.S. public safety strategies commonly involve prominent police surveillance and search role”. Such surveillance is a threat to informational privacy and the relevant US laws need further enumeration to understand the privacy issues better.
The US Patriot Act
Signed by US President George Bush into law on Oct 26, 2001, following the 9/11 air terror strikes, this act provided for stringent measures for deterring, detecting, and prosecuting terrorist and money laundering activities in the US. Also, Title III to the Act was designed to effectively prevent international money laundering and also help block access of international terrorists to the US financial system. By far the most important and most powerful piece of legislation for tackling terrorism and terrorism finance, this law stipulated certain strict and mandatory reporting requirements on institutions – both financial and non-financial – as also made these institutions tune up their due diligence and compliance functions. As it stands, failure on their part to ensure compliance invariably invites strict enforcement measures by the US government. Banks and other financial institutions are mandated to set up and maintain a sound MIS, which would effectively identify and report on instances of money laundering, terror financing, and any other illicit financial operations. Trading and business organizations have to compulsorily file a Currency Transactions Report or CTR on transactions in excess of USD 10,000 in cash or travelers’ cheques. The details of the CTR as mandated effectively track the source or volumes of such transactions, inside or outside of the US. Data thus collected can be further investigated by enforcement agencies like the FBI. The report also considers and exempts certain organizations as per the Patriot Act and its provisions. Additionally, the Patriot Act also mandates brokers and dealers registered as per the Securities Exchange Act or SEA of 1934 to report any suspicious activities by filing the Suspicious Activities Report or SAR with the FinCEN. The Act also describes the types of activities, which may be perceived as suspicious and are thus reportable under the provisions of the Act. Obviously, without a strong electronic structure capable of recording and reporting on data as per the Act requirements, there would not be any appreciable degree of success in implementing all the legal provisions. In this, the existence and maintenance of robust MIS within an organization is of paramount importance and the developments in the field of computer networking technology have contributed to a global security blanket and surveillance system as never before. In addition to cash, shares and financial instruments, the Act also targets futures transactions, mutual funds, etc. One of the casualties of such a system is, of course, that of right to privacy and the age-old American tradition of civil liberties. Mojuye, B (p. 263) observes that “while financial institutions are required to keep confidential information regarding institutions or individuals engaged in or suspected of terrorist acts or money laundering activities, Section 314(b) of the Patriot Act allows them, however, to share those information among themselves (or with any association of financial institutions), provided they first notify the Department of Treasury. Such sharing of information will not violate the privacy provisions of the Gramm-Leach-Bliley Act”. After the renewal of the provisions of the Act in 2006, the legislation has retained its original contents and is now consistently used to statutorily and legally expand police surveillance activities as also search powers in cases of foreign intelligence and anti-terrorism investigations.
The Electronic Communication Privacy Act or ECPA
“The Electronic Communications Privacy Act (ECPA), which was enacted in 1986, has been substantially revised due to advances in technology and Patriot Act provisions and these revisions have been used to provide greater wiretap access in criminal or terrorism investigations” (Martin, 2006, pp. 441-487). Surveillance for enforcing the law is covered under the ECPA. The ECPA comprises three separate statutes, namely the Wiretap Act, the Stored Communications Act, and the Pen Register Act. Whereas the erstwhile Wiretap Act addresses the interception of communications while occurring via telephone calls or emails, the Stored Communications Act applies to those communications which are under storage like on an email on a computer or web server, customer records of ISPs and phone companies, etc. The Pen Register Act applies to device installation where the devices capture information from outgoing calls (pen registers) and also incoming calls (trap-and-trace devices), as also use of “processes” which capture likewise information on users of the Internet.
The Wiretap Act (а)
Before the Protect America Act was implemented in 2007, the U.S. wiretapping law was essentially governed by Title III of Omnibus Safe Streets & Crime Control Act, 1968 and it was this statutory act that regulated procedure for wiretaps in case of criminal investigations, whereas FISA, handled foreign intelligence surveillance. The latter, FISA was actually passed partly for resolving serious lacunae in the wiretap provisions in US law. However, the Patriot Act still governs the final say on the issue and has made some notable changes in the wiretapping law. Yet again, the security considerations overrode privacy search warrant considerations when such laws were amended. Government excesses, which have been perceived in this field, continue to date and are a matter of intense debate in legal circles. A significant modification of the Fourth Amendment procedures for search warrant issues is that of the legal authorization of sneak and peek warrants which enable the police authorities now – post the Patriot Act amendments – to unilaterally launch searches or wiretaps, unannounced.
The Stored Communication Act (b)
While this Act bans public companies from disclosing records on customers to the government, yet it also stipulates some exceptions by which such disclosure is possible, [vide: Stored Communications Act, 18 U.S.C.A. § 2702 (West 2000 & Supp. 2006)]. Disclosure is possible when the government obtains a warrant, court order or special administrative subpoena called National Security Letter or NSL Time and again, the NSA and hence the government, have been found to violate the provisions of this Act.
The Pen Register Act (c)
Also called the Pen Register and Trap and Trace Statute, this law has also been subject to alterations by the Patriot Act. Devices for tapping outgoing calls were termed Pens while those for tapping incoming calls were termed as Trap and Trace Devices. The Act also contains provisions on capturing and using data on Internet users. As Bloss, W (2007, p. 216) states, “Use of pen register and trap and trace devices, designed to record telephone number transactions from a fixed location, is an established surveillance method in wiretap-type investigations. Provisions of the Patriot Act expand their use to include the recording of computer IP addresses- a location identifier for a specific computer- and the warrant may permit the surveillance to extend anywhere in the United States. Again, these changes are designed to allow the police to have surveillance capability with emerging mobile and computer technology; where previous guidelines were intended to afford civil liberty safeguards based on more traditional crimes and existing technology”. The use of improved technology implies means of more diverse unobtrusive and secret methods of surveillance, tending towards privacy infringement, as never before.
Foreign Intelligence Surveillance Act or FISA
Whereas the other Statutory Acts mentioned before seek to tackle general criminal cases, the FISA was conceived to combat international terrorism and financial crimes through effective foreign intelligence surveillance. Like the ECPA, FISA also establishes a legal framework for electronic surveillance through interception of communications, setting up of pen registers and trap-and-trace devices, and data capture of Internet information. This Act also impinges on privacy rights of an individual and taps technology to build up national security structure.
The Protect America Act, 2007 (Bellovin, Steven, M. et al)
Enacted in Aug 2007, this Act changes extant US law so as to allow for warrant-less foreign intelligence wire-tapping from inside the United States of any communications that may include a party located outside of the United States. There is danger of privacy infringement in as much as the system may well tap some domestic communications, even if inadvertently. Surveillance is thus unobtrusive, but also invasive. It thus appears that, purely national security considerations have overridden concerns for protection of fundamental civil rights. It need not be emphasized here that, effective surveillance needs to ensure complete protection of communications in that, the new laws do not allow for exploitation by authorized persons nor allow unauthorized access by outsiders to the country.
Other Data Mining Tools, Echelon, etc
The National Security Agency or NSA supposedly has in place a secret surveillance architecture, whose structure can only be surmised. Technological advancements in managing information systems and network communications have contributed to this situation. Another program was that of the Total Information Awareness or TIA program, now renamed as Terrorism Information Awareness and de-funded by Congress. Then there has been the Computer Assisted Passenger Pre-screening System or CAPPS II now called Secure Flight, which consists of matching passenger data with other records to prevent likely terrorists from boarding planes. There is also the Matrix Pilot Project, which combines data from various sources to effectively assist in criminal investigations. The analytical core of the MATRIX pilot project was a program called Factual Analysis Criminal Threat Solution (FACTS), which was a technological and investigative tool which allowed for query-based searches of state and public records in data reference repository. Again, the NSA supposedly has in place a controversial program called ECHELON, which facilitates unwarranted wiretaps of international telephone calls, as also scrutiny of phone databases. In all such cases, the state has made use of advanced tele- communications and computer technology and all the clandestine programs derive support from an information system spanning across organizations. Also, other data mining programs like the Able Danger (carried out by the US Army), the Automatic Targeting System (ATS) to screen travelers entering into the country and a part of the larger Treasury Enforcement Communications Systems (TECS) – a law enforcing data collection, targeting, and sharing system –controlled by the Bureau of Customs and Border Protection or CPB, are known to have been in existence or do exist.
The Privacy Act of 1974
The Privacy Act of 1974 is the defining legislation in the US that addresses the concerns of privacy of US citizens This Act provides the right to privacy as a fundamental right and as a personal one, as enshrined in the US Constitution. As per the Act (Public Law 93-579, as codified at 5 USC 552a, and as amended), to protect the privacy of individuals identified in information systems that are maintained by Federal Agencies, the information collected, used, maintained, and disseminated by such Agencies, is sought to be regulated by the Act. The right to privacy is only constrained by any provision to the contrary and as provided for in law. The Act also stipulates the ways for maintenance of records by the Federal Agencies. The exception to non-disclosure to protect an individual’s privacy is provided for under separate general and specific exception clauses as per the Act. The Act also provides for the setup and maintenance of a Data Integrity Board. Also it specifies the creation and maintenance of a system of records or SOR, which are required to have an inbuilt indexing system based on an identifier like the Social Security Number of an individual. This obviously necessitates the maintenance of an electronic archival and database system for such law to be effective.
The Fourth Amendment
The Fourth Amendment to the US Constitution states: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated; and no Warrants shall issue but
Upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” This important US legislation still serves as the first line of defense for privacy protagonists. “A part of the US Constitution, which itself is a part of the Bill of Rights, the Fourth Amendment guards against unreasonable searches and seizures and was the response to the controversial writs of assistance that were a significant cause of the American Revolution” (www.usabillofrights.com). The original law was enacted years back and did not consider any electronic media, and only factored in physical search and seizure operations. With the advent of technology, electronic surveillance methods like wiretapping, infrared heat sensing, eavesdropping, etc, have relatively outmoded the provisions and the Act needs to further consider the modern methods of communications and surveillance systems used increasingly by organizational management and the US government agencies. The Act as such is yet to factor in the invasive and unobtrusive surveillance methods now being followed by security and enforcement agencies worldwide. The term Privacy is not explicitly stated or defined in the legislation. The right to privacy is but an inference as provided by the US Constitution. While the law supposedly provides for the protection of the individual right to privacy and protection against unwarranted searches and seizure operations, sadly, in actual practice, many ambiguities exist, innumerable transgressions have occurred, and this compounds the circumstances.
Data Mining and Homeland Security
Siefert, J.E., (CRS Report, 2008, pp. CR-1 to CR-38) has described data mining and its use in the US for ensuring and maintaining homeland security, particularly in the wake of the 9airstrikesikes. He mentions various data mining programs like Able Danger, Matrix Pilot Project, CAPPS-II, Automated Targeting System or ATS, the Novel Intelligence from Massive Data or NIMD program, and other surveillance activities of the National Security Agency or NSA that utilize data mining technology and hence information communications and management as the framework for achieving and securing an enhanced electronic security and surveillance infrastructure in the USA. Seifert notes that post 9/11, some legislations were affected like the Terrorism Information Awareness or TIA program previously known as the Information Awareness Office or IAO in 2002. The function of the IAO was essentially that of consolidating the various programs undertaken by the Defense Advanced Research Projects Agency or DARPA. The TIA collected, tracked, and analyzed data trails left by individuals (CRS Report, 2008, p. CRS-6 and CRS-7). Supplementing this program were other programs like the CAPPS-II (which was later replaced by the Secure Flight program), the Multi-state Anti-terrorism Information Exchange or Matrix pilot project (based on FACTS), the Regional Information Sharing Systems (RISS) secure intranet (RISSNET, for sharing intelligence and coordinating all operations against criminal networks operating in diverse locations sans borders, and all other surveillance programs of the NSA and other Federal Agencies (including the Novel Intelligence from Massive Data or MIND program), etc, which have only put in place secret electronic data mining and communications systems for enforcing and maintaining homeland security In the wake of 9/11 and other such terrorist incidents targeting America and its worldwide interests and organizations. One more secret operation by the NSA is the Call Record Program in which the NSA supposedly mined data relating to millions of call records of innumerable American citizens for identifying probable terrorists (USA Today, 2006).
Conclusion
While the advent of technology is very necessary and electronic surveillance is essential to protect national institutions against growing national and trans-border terrorism, including finance of terrorist activities, the borders of privacy and extent of invasive and unobtrusive surveillance needs to be clearly defined. The legal protection of privacy is quite ambiguous, although the right to the same is well enshrined in the US Constitution, including the Fourth Amendment and the Privacy Act of 1974. Various secret surveillance operations of Federal Agencies like the NSA are both invasive and unobtrusive and many other programs like the ECHELON and Matrix are gradually becoming public in the US media and also dealt with in Congressional hearings. While the Constitution of the US guarantees civil liberties, including the right to privacy of its citizens, yet, the development of modern information systems has proven a threat to these very fundamentals rights enshrined in the Constitution. The US Statutes like the Patriot Act, the FISA, the ECPA, etc, all take the aid of a developed MIS framework in order to implement their key provisions, in as much as they stipulate certain IT-driven mandates relating to the collection, maintenance, use, and sharing of data or information of customers and/or US citizens. A strong MIS is essential to maintain an effective and automated surveillance and reporting system so as to successfully tackle the global threats of terrorism and money laundering, among other criminal activities. While privacy may be impinged upon, yet, such surveillance and monitoring are required under the circumstances. However, more clearly defined statutes or modifications thereof are necessary to address the disputes between privacy advocates and government security and surveillance agencies. Also, the main legal statutes are constantly under review and are modified from time to time based on law court observations and Congressional hearings. For instance, while the all-powerful Patriot Act is still in place, yet it has been subject to many revisions and alterations from time to time. Thus, for instance, the House approved, by a vote of 238-187, an amendment to the Fiscal 2006 Commerce-Justice-Science appropriations bill (HR 2862, 112th Cong. (2005), which prohibited the FBI from fully using § 215 of the USA Patriot Act (Stern, S., at 1649). In 2006, the USA Patriot Act was reauthorized (P.L. 109-178) and included a provision that those libraries that are operating in traditional roles and not as ISPs would not be subject to national security letters (NSL) and as Sandler, M. observes, “should address some of the concerns” (at 703). Some experts like O’ Harrow (2005, ) has termed as “a menacing personal privacy hazard, the prolific identity thieves, and also mentioned overzealous government investigators who have collected personal information or data by sourcing from commercial databases.” There are still others who have highlighted on “security measures like national identification cards and even holistic data collection mechanism like biographical, biometric or transactional data mining programs” (Parenti, 2003; EPIC, 2006). For some,” these are extreme measures of social control and are similar to methods used by twentieth-century totalitarian regimes and, the expansion of police surveillance is an indicator of the fact that some fundamental democratic ideals have been finished” (Chang, 2003). Most experts have opined on “the social necessity for continuing the state advocacy of fundamental rights to privacy of an individual “(Bloss, W., 2007, pp. 1-21). Whereas “U.S. police are legally authorized to conduct surveillance and engage in search and seizure to gather prosecutorial evidence “(Del Carmen, 2004), Ducat (2004) has stated that “though no constitutional mandate assures individual privacy, the courts have interpreted it as an inherent right possessed by all citizens”. However, the jury still appears to be out on the issue. Concerted public opinion may well tilt the scales one way or the other, viz., More Security or More Privacy. Perhaps, the answer lies somewhere in-between. Also, while justice may not always be possible to ensure, justice may still generally be seen to be done. An obvious and larger implication could be that national institutions are only as effective and as just as the government of the day.
Works Cited List
Abrams, N. Anti-Terrorism and Criminal Enforcement, Second Edition, St. Paul, MN: Thomson/West Publishing, 2005
American Management Association, Electronic Monitoring and Surveillance Survey, 2005. Web.
Bellovin, Steven, M., et al, Risk Communications Security: Potential hazards of the Protect America Act, 2007, pp. 1-14
Bloss, W. “Parameters of U.S. Police Investigative Powers in a New Privacy Paradigm,” unpublished paper presented at the 12th International Police Executive Symposium, Prague, Czech Republic, 2005
Bloss, W., Escalating U.S. Police Surveillance after 9/11: an Examination of Causes and Effects, Surveillance and Society: Special Issue on “Surveillance and Criminal Justice”, Part-I, 2007, pp. 1-21
Chang, N., “How Democracy Dies: The War on Our Civil Liberties,” in C. Brown (ed.) Lost Liberties: Ashcroft and the Assault on Personal Freedom, New York: The New Press, 2003, pp. 33-51
Cole, D., The course of least resistance: Repeating history in the war on terrorism. In C. Brown (Ed.), Lost liberties: Ashcroft and the assault on personal freedom, New York: The New Press, 2003, pp. 13-32
D’Urso, S. C. Who’s watching us at work? Toward a structural-perceptual model of electronic monitoring and surveillance in organizations Communication Theory, 16, 2006, pp. 281-303
Del Carmen, R., Criminal Procedure: Law and Practice, Sixth Edition, Belmont, CA: Wadsworth/Thomson, 2004
Diffie, Whitfield and Susan Landau, Privacy on the Line: the Politics of Wiretapping and Encryption, updated and expanded edition, MIT Press, 2007
Ducat, C., Constitutional Interpretation, Eighth Edition, Belmont, CA: Wadsworth / Thomson, 2004
Electronic Privacy Information Center (EPIC), “The USA Patriot Act”.
Martin, S. “Note: Interpreting the Wiretap Act: Applying Ordinary Rules of ‘Transit’ to the Internet Context,” Cardozo Law Review 28, 2006, pp. 441-487
Mojuye, B., What Banks Need to Know About the Patriot Act, the Banking Law Journal, Copyright Alex-e-Solutions Inc., 2007, p. 263
National Security Archive Electronic Briefing Book #24, Jeffrey Richelson, editor, The National Security Agency Declassified, 2005, for USSID 18 and other USSID 18-related documents
O’ Harrow, R, No Place to Hide, New York: Free Press, 2005
Parenti, C. The Soft Cage: Surveillance in America from Slavery to the War on Terror, New York: Basic Books, 2003
Sandler, M, Deal Clears Way for Anti-Terrorism Law, CQ WKLY., 2006, at 703
Seifert, J.W., Data Mining and Homeland Security: An Overview, CRS Report for Congress, 2008, pp. CRS-I to CRS-38
Sewell, G., & Barker, J. R., Coercion versus care: Using irony to make sense of organizational surveillance. Academy of Management Review, 31, 2006, pp.1-24
Shelley, L., “The Globalization of Crime” in M. Natarajan (Ed). Introduction to International Criminal Justice, pp. 3-10, Boston, MA: McGraw-Hill Publishing, 2005
Simon, B. “The Return of Panopticism: Supervision, Subjection and the New Surveillance, Surveillance and Society 3(1): 2006, pp. 1-20.
Stern, S., House Votes to Limit Patriot Act, CQ WKLY., 2005, at 1649.
USA Bill of Rights, Copyright of www.vcielaw.com, 2003
USA Today, Article on NSA Call Data Program, 2006
Whitaker, R. “After 9/11: A Surveillance State?” in C. Brown (ed.) Lost Liberties: Ashcroft and the Assault on Personal Freedom, New York: The New Press, 2003, pp. 52-74,