Database Nation The
Death of Privacy in the 21st Century by Simson
Garfinkel
- reviewed by David Brake
The sub-title of this book - "The Death of
Privacy in the 21st Century" - may seem sensational to some, but if anything it
is a little under-stated. By the time you have read the first few chapters of
this book, you will probably conclude that privacy was dying if not dead for
most Americans by the end of the 20th century.
Database Nation explains just how little
control the average citizen and consumer has over their personal data and how
many different ways that information is being collected, cross-referenced and
both used and misused. Garfinkel gives a series of alarming examples showing
how information about you can spread without your knowledge of permission and
how errors and omissions from the data can creep in and harm you while you are
impotent to find or correct them.
The IRS ended up erroneously putting a lien on
a couple's house. Even though the Rosses explained the problem and the IRS
wrote an explanation to the biggest credit bureaus, "they had already sold the
credit data to something like 187 independent bureaus. And there was no just
way that I could ever keep up with it." One study suggests there are errors in
43% of the files kept by credit agencies.
Not only your name and address are for sale -
your face may be as well. The South Carolina Public Safety Department sold
photographs of 3.5m drivers to an image database for just $5,000. And your face
is not the only image in the public domain - nowhere is safe from spy
satellites, and these days they aren't just looking for military installations,
they may also be looking for that un-licensed swimming pool you installed. In
1997 EOSAT handed out a pamphlet at a trade show urging local government to use
their satellites to spot tax evaders.
If you use a supermarket affinity card, there
is no limit to what that business can do with the information about your
purchases. Robert Rivera says that when he sued Vons markets they threatened to
use information about his alcohol purchases against him in court.
Do you think at least your medical records are
safe? Well, it turns out that in most American states, releasing medical
records is not a crime - and one in 12 Americans say that they have suffered
harm or embarrassment when their medical records made their way into the wrong
hands. If you have any kind of health or life insurance, you will almost
certainly have given permission to the insurer to see just about any piece of
medical information. This is not merely a cautionary book - Garfinkel has
thoughts about what should be done, and his prescriptions aren't what you might
expect from one of the digerati. Paradoxical as it might sound, he thinks on
the whole that the best protector of your personal information is not
encryption but government regulation.
As he points out, "cryptography does not
protect privacy, cryptography protects information... Cryptography guarantees
the confidentiality of the transmission. But if a prosecutor subpoenas your
purchases from the website at the other end of the transmission and then
publicizes the names of the books you've purchased, your privacy has still been
violated - even though the data itself was safely encrypted while in
transit."
He suggests establishing a federal government
agency for privacy. "Some privacy activists scoff at the idea of using
government to assure our privacy. Governments, they say, are responsible for
some of the greatest privacy violations of all times! This is true, and it's
all the more reason to pursue a legislative solution... Legal approaches work
because the US government usually follows its own laws."
He goes on to briefly mention the very
different privacy environment in Europe - and this is one of the book's weakest
points, its lack of historical or geographical perspective. Although he
mentions some of the history of the US census, his analysis doesn't look back
much before the dawn of the computer age, and seldom looks outside of the US.
It also concentrates more on commercial companies' privacy breaches than the
government's and if you are really of a suspicious nature you might wonder why
it is that he doesn't even mention Echelon - the alleged secret global
snooping project masterminded by the US.
The book is also rather light on what the
individual should do to protect their own privacy - it mentions the Mail
Preference Service, for example, which is run by direct marketers and should
allow users to opt out of receiving unsolicited junk mail, but it doesn't give
contact details. It doesn't even tell you who the right people are in
government to lobby to change the laws, though it does give a bibliography and
"webliography" where you can find some of this out for yourself.
But it is churlish to complain about what this
book is not. Any American who wants to understand how their personal
information is being sold around the globe or who wants to understand some of
the more ominous implications of where technology is leading us should read
this book. You may not agree with some of Mr Garfinkel's suggestions for fixing
the mess that America is in over the privacy issue, and you may think his worry
about the right to privacy for artificial intelligences and other concerns
raised in later chapters are a little premature, but the first half of the book
alone is worth the price.
David Brake has been on the
Internet for 12 years and writing about it for five, yet somehow he is still
not rich beyond his wildest imaginings. He tries not to let this bother him.
For more information than you could ever want about David Brake, visit his
website. |