Slashdot Mirror
The Tightening Net: Part Two
The United States (with the help of some European Enlightenment radicals) invented the legal notion of individual, constitutionally- protected privacy, even if contemporary American citizens seem content to surrender it to government and corporations. The modern-day United States has few mechanisms for protecting privacy when it comes to personal data.
Some European countries give citizens legal control over their personal data, and forbid the transmission of personal information from one source to another without the individual's permission. They also have government agencies responsible for monitoring violations; citizens can turn to them for help. And even in most European countries, citizens surrender confidentiality when buying homes or cars or applying for bank loans. Generally, they can rest assured that the information they surrender won't be sold or passed along without their approval.
Canada, which has a privacy commissioner, has recently enacted a bill requiring companies to ask permission before collecting personal data; it also requires that they tell clients why they need it and who will see it (most Americans happily turn over their phone numbers to clerks at chains like Radio Shack and Toys 'R Us when they make purchases). But it's almost inconceivable that similiar legislation or a privacy commissioner could get past the thousands of corporate lobbyists encamped in Washington. Corporations have become the primary contributors to national political campaigns. They have powerful lobbies in Washington, where individual consumers seem to have few, if any.
The list of reasons for collecting personal data keeps growing. Federal law requires some employers to notify the government of newly-hired employees so that governments can garnish the wages of people delinquent in their child support payments. The government also screens for terrorists, tax cheats and illegal immigrants. Corporations use software programs to screen for anti-social or other "problem" behavior, and check employees against vast databases of crime and debt. Schools are deploying software programs to look for potentially violent students. Some states require that anyone who works near children go through computer and database checks for criminal histories, particularly sex offenses. In an increasingly phobic and fearful culture, it seems that privacy is sacrificed everytime a law enforcement or other perceived threat is raised.
Privacy problems are the underside of the information revolution. As the Net makes the collection of information easier than ever, it also points out one of the principal ironies of technology: Advances are almost always a double-edged sword. Software collection programs present society with access to information, advanced research and marketing techniques, but also with complex new problems, few of them being addressed by government, politics, the tech industries themselves. People are at the mercy of credit-reporting companies who can dig up all kinds of information and, in effect, punish them without perspective or due process. Getting accurate information and redressing errors is like getting tech support: it's supposed to be possible, but just try it.
Supreme Court Justice Louis Brandeis once wrote of every American's right to an "inviolate personality," a zone of privacy around their intimate behavior and personal lives. That zone has vanished, in part due to harassment laws and other legal evolutions, but also, increasingly, because of software and mushrooming databases. Code has become a social instrument beyond the wildest dreams of many of its creators.
Banks and insurance companies have a right to see customers' credit and payment histories. But lesser infractions used to be forgotten, and individual bankers or agents had the power to make individual judgments. Computers now make information available to companies that wouldn't have had access to it, and software programs make decisions about reliability and risk. The entire process has become simultaneously impersonal.
Although there are some statutes of limitations on bankruptcies and debts -- after seven and, in some cases, ten years, according to federal law, bankruptcy can't be legally used against you and some debts must be forgiven -- there are no procedures for eradicating this information, or even for knowing how much companies are considering it. Personal data survives in databases for all time. And companies increasingly distance themselves from the source and repository if the information, the database collectors themselves. That makes accountability even harder.
Don't lenders, insurers, and colleges have some responsibility for making proportional judgments of their own, for studying the relative merits of each case and make individual decisions? Or will they blindly followed credit-tracking information, no matter the sometimes punitive impact on people?
In his book "Code and Other Laws of Cyberspace," Harvard's Lawrence Lessig explains that the Fourth Amendment, which guarantees Americans the right to some measure of privacy, was conceived at a time when the prime technology for invading privacy was trespass. "Imagine then," writes Lessig," that in 1791 protecting against physical trespass protected 90% of personal privacy. The government could still stand on the street and listen through open windows, but the invasion presented by that threat was small, all things considered. For the most part, a regime that protected against trespass -- or unreasonable search and seizure -- was also protecting privacy."
When telephones appeared, this protection eroded. Private information was transmitted via phone lines. Rather than 90% of privacy being protected by the Fourth Amendment, only 50% was, estimates Lessig. Ever since, protections against privacy have not even remotely kept pace with technology. The boundaries around the reasonable information that banks, insurance companies, government and other institutions need to perform their legitimate business have been overrun. And corporations, not governments, have become the most wanton violators of privacy. One reason individual citizens feel apathetic is that they see little harm in Wal-Mart getting data about their shopping habits, or in Amazon selling lists of the books they like to other companies.
The public's fear seems to center on government, not corporate, intrusions of privacy, although polls show that fear of companies misuse of personal data is growing rapidly. But with corporations growing increasingly enmeshed with the political system, this may become an even more significant political issue, although it was never raised in the presidential campaign. History suggests that governments can change character -- Communism and witchcraft were crimes under some governments, not another. If the federal government should bow to corporate pressure and get serious about pursuing hackers and crackers online -- this doesn't seem a remote possibility -- people might regret looking the other way as their privacy is sold off bit by bit. Should today's citizens come into conflict with their government, there'll be no dearth of information about who and where they are, what they've read, bought, watched, and how they handled credit cards when they were 19.
Seemingly small transactions often have enormous implications for people's lives. The free flow of information is a noble notion, but it's becoming a frightening one as well.
And this is my problem... how?
Sounds like a problem for wannabe-privacy-invaders. My heart bleeds.
What about those of us who just don't want the "information" you "want to give" us, because your track record has demonstrated, time and time again, that you'll abuse it.
We don't like you. We don't trust you. And we will not cooperate with you.
If you're an economic elite that comprises a small fraction of the population but needs to get a majority (well, except for this year, maybe!) of the vote to rule, then selling an idea like this to the humble folk is a pretty nifty thing to be able to do. The day the unwashed masses start demanding the same consideration from government that you do, well...
Some states require that anyone who works near children go through computer and database checks for criminal histories, particularly sex offenses.
I believe this is ABSOLUTELY necessary for all child care facilities. Do you really want some sex offender, particularly a pedophile, playing with your kids? These checks take a couple of days and are not a big deal.
However, I'm in one of those states that do require it and I know first hand that a lot of daycares do not run this check. Mostly because they are so understaffed that unless the candidate looks seedy, they will most likely be hired. I could go into an entirely off-topic rant on how day care staff need to be paid more if there is ever going to be GOOD day care out there. But I won't go into that.
Check out Althea for a stable IMAP email client for X. Now with SSL!
The REAL privacy issue has to do with false (and occasionally deliberately false) or misleading information being circulated as absolute fact.
(If it's on the computer, it -must- be true... ...mustn't it?)
Everything you do leaves a paper/electron trail. Sometimes this is a good thing. Sometimes, it can be so shockingly abused that it's amazing anyone's still living in the US.
Have you =EVER= had any kind of parking ticket? That might not be bouncing round the police database any more, but any unscrupulous department could sell that data, without you ever knowing. Suddenly, you stop being employable. No explanation is ever given. After a small fortune is spent, you discover that some popular vetting company has turned your long-forgotten parking ticket into a "Current Police Record" and a "History of Illegal Activities".
Then, there are those times that personal names get confused and the wrong database entry is updated. Your local supermarket's computer decides you're dead. Your mail gets halted. Your credit cards are cancelled. Your bank accounts are frozen. Your driving licence is void. All automatically. And fixing one DB is pointless, because any automatic update'll pick the error right back up again.
Want to find yourself homeless? Just irritate a friend of someone you want a line of credit from. "Denied Credit" does -NOT- look good on a credit check.
Or maybe you want to work for a high-tech company involved in banking, credit, stocks or computer security. You'd better hope that your neighbor's brother's daughter's friend has never shaken hands with a drug dealer. It'll get onto your record the moment anyone does a paranoid background check. And once you're listed as a "Known Associate" of a "Potential Criminal Family", how long do you think you'll last in any top job?
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Medical data, address data, demographic data, habit data, all of that is just data. Rest assured that if things continue as they are, all of these will continue to be abused. Do you think your insurance company might find it interesting to add to their profile about you that you like to visit microbrewwry web sites? (Hmmm... liver problems in the future in X% of cases.) Or add to their statistical models that as an avid computer game player, you are X% more likely to have heart and obesity problems?
As advertisements get more focused, won't your grocery store want to know what you're allergic to, or if you're lactose intolerant? Hope you're not too embarressed about these things (as some people are!) because now your grocery clerk knows about it (when you handed them your Personalized Coupon for 15% off Soybean Milk.), and who know who that bored gossiping jerk might tell? Think Microsoft might want to know if you visit Slashdot a lot? Here comes the onslaught of "Why NT is Better Then Linux" ads! Think the Federal government might just decide that frequenting Slashdot is a sign of dangerous computer skill? (Why this might be bad is left as an exercize for the reader.)
Privacy concerns can be fruitfully divided into discussions about the exact way your privacy is being violated, but at the present time with the present policies, all privacy violations are important.
In a way, the "lesser" ones are more important to Slashdot frequenters, because it's obvious how insurance company privacy violations affect people, and a lot of people will stand against it. The more subtle, but nearly as powerful taken to its extreme (where it is busily being taken to while we sit complacent) privacy violations of watching what sites you visit, what you spend, how often you spend it, where you spend it is far more difficult to understand.
Consider... if I knew your surfing habits precisely, how much would I know about you? If I read everything you ever posted? Would I be able to guess with some level of statistical certainty (which is fine with insurance companies!) that you have some disease? Dangerous political views? Personality profile? (Bet you didn't think of that!) How would you like to be rejected for a job because your Anger Index was 32 too high... back in 1992?
Privacy concerns are not overrated; indeed, the more you understand about computers, the more you really look to see what's already going on, and the more you extrapolate into the near future (to say nothing about the far future), the more you realize that they are seriously underrated... mostly because they are difficult to understand easily. Regrettably, they are still very real.
PS: As for the idea that companies need detailed data about you to function efficiently, that's just plain bullsh*t. What they need is an efficient infrastructure, good lines of internal communication, good management, all the traditional stuff. Only marketers think they "need" detailed data about all of their hypothetical future customers. (Note nobody complains about data companies need to function... surely Amazon needs to know where to ship that book to... while this could be worked around it's not really worth the effort at this time.)
If you don't give your info out, people don't have it. If you don't specify that it be kept confidential, it won't be, nor should it be.
Much easier said than done. Some things can't be kept out of the public record- such as deed information- I've bought 2 houses, and I have no choice but to have that information available. I don't mind if the local public utility uses it to send me a letter informing me of something they have to do in the right-of-way. On the other hand, this same database is *SOLD* by the state (I'm in the USA) to direct mailers, Mortgage companies, and so on. My vehicle registration information has been sold. I've asked for them not to, but the lists go out immediately after the registration, but the "opt-out" takes up to 8 weeks, and I have to opt out of each individual VIN registered to me, I'm given no option to blanket-deny any requests under my name.
You don't have to give your information out, but life can be pretty hard if you don't. Depending on your state, you could: not hold a driver's license; not hold real property; not have a bank account; not have a credit card.
If you ever get a chance to use Lexis-Nexis, look up information on yourself. It is pretty scary what can be found. There *should* be controls on who and how they can access my private information, and the information kept on me should be available *to me* so that I can review it. Unless there are laws for this, none of the data-aggregation companies will be accountable for the information they gather.
One thing to keep in mind is that most Americans don't necessarily look at privacy issues in the same way as many posters on /. do. I was shocked to see my fiance actually take the time to send in the warranty card on a $40 blender she bought. Her thinking (i.e. "it may break and I may need to get it replaced") was obviously not the same as mine (i.e. "we are going to get even more junk mail than we already get."). I'm of the opinion, if you have a receipt and your blender's broken and it's worth more than the cost to ship the damn thing to Cuisinart, then you can get it fixed. If you don't have a receipt it doesn't matter if you sent in the warrantly card or not. Okay, so much for that rant.
The next thing I noticed, however, was that all the personal information was incorrect. Salary was different, personal interests were different, etc. etc.. Her name and address were correct (i.e. if we needed a replacement blender, we could get it), but all the marketing info was BS.
I do this as a matter of principal; keep seperate web-based email addresses, my "salary" ranges from 0-10,000 to 250-500,000 depending on my mood at any given time, my job title similarly varies, etc. etc.
In other words, businesses may be getting more and more info, but is any of it any good. And, what is the cost of seperating the good info from the bad?.
I'd like to add one more point, however, any information we are forced to give accurately (for a driver's liscense, bank loan, etc.) should be strictly protected.
Waltz, nymph, for quick jigs vex Bud.
There's a lot of paranoia amongst the tech-savvy populace of the net, and yet there seems to be a consistent failure to grasp the fact that current concerns about privacy are unwarranted and overrated.
Why is privacy overrated? After all, we live in a consumer society where we demand value for money and quality service from the corporations that provide everything we need to live, and information is the lifeblood of these ideals. Without reliable information corporations aren't going to be as efficient, and in a free market economy such as ours, this harms us all in the long run, far more than the trivial loss of privacy that comes from a company knowing how often you read /.
There are real privacy concerns out there which we should instead be addressing instead of whining about how companies compile online demographics. For instance, the need for privacy for medical information is paramount, and yet sorely lacking in America. With the increasing use of genetic technology in medicine, we either need safeguards to prevent insurance companies from declining "high risk" people, or a socialised health care system in which we can be guaranteedt treatment no matter what.
But the issue of online privacy is only really of interest to people who spent too much time online, and too little time in the real world.