The U.S. Constitution specifically requires that the country's residents submit to a decennial census. Similarly, in the United States today, the IRS may request personal and related information to insure that any citizen's taxes are properly paid. Legal authorities, such as the FBI, CIA and law enforcement officers of other ilk's may probe into the privacy of anyone, such as a potential terrorist, suspected of a crime or intent to commit one, to uncover information about his or her identity, intentions, plans and resources. A controlling institution's access to personal information, however, must be in keeping with requirements for due process.

The existence of controlling institutions places an additional burden on first and second parties. Whatever technologies and precautions a first party takes to protect his or her privacy must ultimately be penetrable by a legitimate controlling institution. In this case, social need dominates individual autonomy. Legitimate controlling institutions must also be able to gain access to any personal information an individual has entrusted to a second party that it requires to perform its socially sanctioned activities. Drawing this line can be difficult, as the recent debate on the "Clipper Chip" illustrates. Nevertheless, a controlling institution should receive no more information than it is entitled to. This implies that second party security systems must be able to distinguish and respond to legitimate external requests for personal information but to limit their response to only that information the controlling institution is justified in receiving.