Preserving Privacy

Telling “good stories” has been and will continue to be meaningful in making the impact of technology on privacy issues less abstract and more real. Simson Garfinkel’s Database Nation is the most recent entry in this distinguished tradition. His book builds admirably on such earlier works as The Privacy Invader, by Myron Brenton (1964); The Naked Society, by Vance Packard (1964); The Intruders, by Edward Long (1967); Privacy and Freedom, by Alan Westin (1967); On Record: Files and Dossiers in American Life, by Stanton Wheeler (1969); and The Assault on Privacy, by Arthur Miller (1971). These books were instrumental in placing privacy issues on the congressional and executive agendas. Not only did the books provide serious analyses of policy problems and suggest proposals for legislation, they also were significant in raising the public’s awareness and understanding. Database Nation should do no less.

One important theme in all of these publications concerns the nature of technology. Garfinkel takes a clear, and I believe highly defensible, position: “unrestrained technology ends privacy.” Although acknowledging that the technology-is-neutral position is “comforting,” he argues that the inherent dynamic of technology is to invade privacy. Although it is possible to design technologies that can enhance privacy, these generally are more elaborate and therefore more expensive than conventional technologies, and thus commercial demand has been slack. And since marketing decisions generally respond to cost and demand, the push for privacy-enhancing technologies is not great. The examples of privacy-invasive technologies that Garfinkel provides throughout his book may increase that demand.

Today, Garfinkel says, the most ubiquitous privacy-invasive technologies involve computerization: electronic data-processing systems, personal identifiers, data surveillance, and digital decisionmaking. He acknowledges the importance of earlier writers in stopping the creation of a national databank and notes that instead “we have built a nation of databanks”; hence the title of his book. Garfinkel discusses identity theft, misuses of medical records, profiling and marketing, and overuse of Social Security numbers.

Although at times readers may feel as though they are embarked on a high-speed journey through a database nightmare, the anecdotal evidence of abuses that Garfinkel presents is compelling. Moreover, the connection he makes between technology and market forces as the twin culprits is tightly forged. For example, he points out that “identity theft is flourishing because credit-issuing companies are not being forced to cover the costs of their lax security procedures.” Similarly, health-insurance companies’ drive for higher corporate profits fuels their compulsion to have members consent to blanket authorizations allowing them access to all records. He refers to such aggressive, and often deceptive, marketing practices as “corporate-sponsored harassment.” In this environment, where personal information has become a commodity, Garfinkel’s well-argued conclusions that “opt-out doesn’t work” and that consent has become a “cruel joke” seem immensely appropriate. He goes on to suggest that people litigate, exercise anonymity, and track the flow of their name.

Menacing technologies

One of the most valuable features of Database Nation is its description of various emerging technologies that threaten privacy. Notable among these is the variety of monitoring devices, primarily audio and visual, that systematically capture and preserve activities in public places. Satellite imaging, outdoor video surveillance, and Webcams have turned public places that traditionally allowed for anonymity into places where all is “captured, recorded, indexed, and made retrievable.”

Interestingly, Garfinkel does conclude that there is less need to worry about the use of biometrics: technologies that provide the possibility of unique identification. A number of biometric identifiers have been used over the years, and many more are under development. Most of these identifiers are designed to be stored in computers, thus making them vulnerable to misuse and manipulation. Among the identifiers that Garfinkel describes are “fingerprints” of the iris in the human eye and facial thermograms that capture patterns of veins and arteries. He reports that one company, called IriScan, which is working in partnership with British Telecom, has even developed a scanner that can capture the iris print of a person in a car going 50 miles per hour. However, Garfinkel reaches the quite sensible conclusion that, despite their futuristic image, most of these biometric techniques are unlikely to find their way into widespread use because of their technological and economic limitations as well as their implications for civil liberties.

Still, many people do seem committed to developing and implementing advanced personal-information collection systems as well as video and audio surveillance, usually citing law enforcement and national security interests as justifications. Given current concerns with what Garfinkel calls “kooks and terrorists,” such arguments are likely to persist. His analysis, though, gives pause to such easy inferences. Garfinkel argues that, for one thing, the nature of terrorism has changed: “the terrorist of tomorrow is the irrational terrorist.” As he points out, the new terrorist usually works alone or in a small group, is not interested in negotiating, is not rationally calculating long-term consequences, and may not be concerned with survival. In addition, the ability of the new terrorist to acquire destructive chemical, biological, and nuclear technology has been enhanced. One of the many stories Garfinkel reports is that of biological terrorism perpetrated by a religious community in Oregon. This group embarked on a trial run to determine how much Salmonella typhimurium to use in coffee creamers and in dressings served in salad bars. The group, ultimately foiled by law enforcement agencies, wanted its candidate to win in an upcoming local election and had decided to make other people so sick that they could not vote.

In Garfinkel’s analysis, the fundamental problem posed by terrorism is inherently social: “The new technology has put a tremendous amount of power into the hands of people who may not be capable of using it judiciously. The effect is inherently destabilizing.” Given the incentives of the new terrorists and the changing nature of technology, the effectiveness of even the most advanced forms of surveillance in detecting and deterring terrorist activities is limited. Garfinkel’s interviews with people in places such as the U.S. Arms Control and Disarmament Agency and the Center for Nonproliferation Studies suggest a better solution. He concludes that researching vaccines and treatments, training local law enforcement personnel, tracking radioactive and chemical materials, and restricting access to biological and chemical poisons would be more effective than invasive monitoring of potential suspects.

Ordinary threats

But the more likely threats to privacy lie not in efforts to combat terrorism but in everyday matters. Thus, a primary concern throughout Database Nation, as was true for the earlier literature in this tradition, is what to do in the face of the more ordinary threats posed by technology in the hands of marketing firms or health care organizations. In looking for ways to protect privacy from these mundane threats, Garfinkel considers both of the approaches that typically have been proposed: adapting existing property rights to personal information and enacting legislation.

Regarding the first approach, Garfinkel reaches the conclusion, now shared by many other observers, that information is different from tangible property and that application of property law is not suitable. When someone sued U.S. News & World Report for renting his name, along with 100,000 other subscriber names, to Smithsonian magazine, the defendants argued that sales of subscriber lists are “common, standard business practices” that people can opt out of through the Direct Marketing Association’s Mail Preference Service and that even if ownership of a name could be established, the economics are such that a single name would be worth pennies at best. Although this case was dismissed on a technicality (the plaintiff’s name was misspelled on the list, so it wasn’t his name that was rented), Garfinkel maintains that the defendant’s argument illustrates how difficult it is to assign value to personal information as if it were tangible property.

As Garfinkel points out, however, the ownership paradigm becomes problematic when extended to other areas, such as blood, tissue samples, and genetic codes. For example, some genetic diseases appear only or primarily in certain ethnic groups, such as Ashkenazi Jews, raising questions not only of an individual’s privacy but also of the group’s privacy. Given the shared nature of genetic codes, individual ownership of information and consent to its uses may be trumped by community ownership and consent. These issues are well illustrated by Garfinkel’s account of how, in Iceland, a company called deCODE has created a government-sanctioned Health Sector Database that will contain the genetic information of the country’s entire population.

The second approach, legislation and government action, offers what Garfinkel sees as the only real hope for addressing problems of technology and privacy. His bottom line is directly stated: “Without government protection for the privacy rights of individuals, it is simply too easy and too profitable for business to act in a manner that’s counter to our interest.” Although industry advocates for the effectiveness of self-regulation have been given much latitude recently, my own research leads to the same conclusion that Garfinkel reaches.

But will current trends lead to what Garfinkel uses as his book’s subtitle: The Death of Privacy in the 21st Century? Garfinkel’s research into technological and market developments, as well as his interviews with industry representatives, government officials, academics, and interest-group representatives, reveal many instances of real and potential threats to privacy. Although the “death of privacy” is a possibility, Garfinkel by no means sees it as inevitable. Indeed, his book ends with a rather hopeful plea that people act to protect privacy. Certainly, this book has the potential to help raise awareness among policymakers and the general public alike of the existing and emerging threats to privacy and of the steps that need to be taken to keep privacy alive and well.