Here's an article and an Editorial from The Economist of 10 February , 1996
The Economist, February 10, 1996, pp. 27-28
A day in the life of an ordinary American: he drives to the office, toils at a computer, browses in shops at lunchtime then picks up some bread and a video on the way home, where a pile of junk mail and a doctor's bill await him. At every stop along the way, his doings can be watched, monitored, tabulated and sold.
Americans think they have a right to privacy. After all, in 1965 the Supreme Court famously found such a right in the "penumbras" and "emanations" of the American constitution. Despite this, they have lost control over who knows what about them. The chief culprit is not so much Big Brother as lots of little brothers, all gossiping with each other over computer networks. But Big Brother is doing his bit: in the struggle against crime, terrorism, deadbeat parents, illegal immigrants and even traffic jams, the government keeps an ever-closer eye on more and more of its citizens.
On a typical day, for example, our hero's driving route may be tracked by an intelligent traffic system. At work, his employer can legally listen in to his business conversations on the telephone, and tap into his computer, e-mail or voice-mail. At the shopping centre, the ubiquitous closed-circuit camera may soon be smart enough to seek him out personally. His clothes shop is allowed to put peepholes in the fitting-rooms; some have hidden microphones, too. The grocery stores information about him if he is a member of its "buyers' club".
If he uses his credit card, not only does the card company keep tabs on when, where and what he buys, it may sell that knowledge to eager merchants. A purchase of outdoor furniture means that brochures hawking barbecue grills, lawn seed and funny aprons are likely to follow: hence the junk mail piled on his doorstep. The doctors' bills and other sorts of medical information are better guarded; but in many American states trade in private medical records is perfectly legal. (In 22 states, on the other hand, patients lack the right to see their medical files.) If he calls a toll-free 800 number or a pay-per-minute 900 number, the other end can identify his telephone number -- even if it is unlisted -- and sell it.
And if he decides to give up the rat race and become a Texan cowboy, the postal service will sell his new address to anyone who asks. His new employer can get his medical history from the insurance company, and his credit history from a credit bureau. Just to be hired, he may have to take a drug test, a lie-detector test (though this is now limited to certain fields), and a psychological test. He may have to tell his employer which prescription drugs he takes and whether he has smoked in the past year.
His choice of videos, at least, is protected: to tell which films he hires is illegal. But that is not much comfort in a world where legal databases match addresses with unlisted telephone numbers, and illegal ones do a brisk trade in bank, stock and tax information. With the right software, any aspiring Sherlock can build up a large file on most Americans, including education previous addresses, physical description, telephone bills, hobbies, and more. The armchair detective can even hire someone to do it for him: given a telephone number, at least one service will cull a credit database and supply an address, demographic information and buying preferences.
Did someone say "privacy"? Hush. Marketing and consumer- products firms like to know who buys what -- and where and when and how. Law-enforcement officials, too, are pleased to have new and better ways to snoop, often in response to pressures from the public. For example, the State Directory of New Hires, a pilot programme operating in five states, is intended to prevent illegal immigrants from working. Employers who hire a worker must contact the federal government, which checks to ensure that the new bloke has his papers. The system involves the feds in every decision to hire, which is a troubling precedent; and of course it will make mistakes.
The state of Maryland requires every hospital visit to be logged into a database; the idea is that by gathering such information, health and administration costs may be cut. But this compromises the once-sacrosanct principle that used to shield doctor-patient communications from public view.
Two cases burning up the Internet show the extent to which technology has become the front line in the battles over privacy. In one case, a law passed last year required telephone companies to design their equipment to allow for wiretaps. In the other, the federal government tried to enforce use of the "Clipper chip", a device which would ensure that it could read all encrypted messages.
Officials argued that in both cases the status quo -- access to private communications upon a court order -- was just being extended. Furious cybercitizens disagreed. "Trusting the government with your privacy", snorted Wired magazine, "is like having a Peeping Tom install your window blinds." Officialdom backed off on the Clipper chip because it couldn't make people buy it, but it is now pushing a related scheme that would allow a "trusted third party", such as a company or a nonprofit group, to keep the keys to private codes on behalf of the government.
The conflict is a classic one: between individual rights and the public good, between the demands of law-enforcement and the preservation of a private sphere. To resolve it, a principle is needed. There used to be one: data could not be gathered or used for another purpose without the consent of the person concerned. In these days of multilinked databases, that principle is history.
Today, the presumed right to privacy is giving way to the right to protect one's privacy. Although few realise it, Americans are generally able to see the files kept on them, to correct mistakes, block disclosure (sometimes, at least) and to learn where information has gone. Consumers have the right to check their credit reports and to insist on giving permission before they are released. Junk-mail recipients can write to the Direct Marketing Association to be placed on the "delete" list (but companies not part of the association must be contacted directly).
All well and good. But tracking down dozens of information-gatherers -- government agencies, department stores, mail-order companies and so on -- is no easy task, and it is not always possible to know which databases you are in, anyway. (One, which retailers like to consult, lists former salesmen suspected of theft; names can be added without telling the persons concerned.)
Given all this, it is not unreasonable that 80% of Americans tell pollsters they worry that they have "lost all control" over personal information. But at the same time they are extraordinarily willing to fill out warranty cards, questionnaires and impertinent surveys. In short, Americans love information, but they have not figured out how they want to control access to it.
In response, Congress and many states have passed the odd law to answer specific privacy complaints: the rule against disclosing videos, for example, and limits on the disclosure of driving records. Europe passed a comprehensive set of data protection guidelines in October. The last such federal legislation in America dates back to the Privacy Act of 1974.
Much of the law on privacy is therefore being made in vintage American style -- the courts are making it up as they go along. One case to watch is in Virginia, where the law forbids the use of anyone's likeness for commercial purposes without his consent. On this basis, a subscriber is suing U.S. News & World Report, an American weekly, for selling his name and address -- which, he claims, are forms of his likeness.
There are other pressures for change. Under the European directive, transfer of sensitive information to countries with inadequate privacy laws would not be allowed. If America's current muddle does not pass muster, business could be cut off from information from Europe -- a powerful incentive to fix what's broke.
And technology itself may provide a partial answer. All-but-foolproof encryption technology is freely available over the Internet and will not go away no matter how much Uncle Sam wishes it would. A Dutch firm, Digicash, has developed e-cash, which allows customers to buy goods over the Internet directly and anonymously. Digicash has also developed a smart card -- compatible with Eurocard, Visa and Mastercard -- that makes payment anonymous.
It is in the computer industry's interest to sort the issues out. Computer networks will not fulfil their commercial potential if consumers worry that their credit-card security and personal privacy will be snagged in the Internet. Already, certain sites on the Internet make an explicit commitment to privacy. Confidentiality, like information, is attractive to customers -- and thus should be marketable. Attention, Kmart shoppers: privacy for sale, aisle nine.
Editorial, The Economist, February 10, 1996, pp. 16-17]
The digital revolution will spread personal information far and wide. Should something be done about this?
Like a thousand insect-eyes glimmering in shadow, they are watching you. Not Big Brother, quite. Rather, hordes of little brothers gathering scraps of data -- each of these, in itself, harmless and dull. Note the bar-code on our front cover, which, combined with a credit-card at the newsagent's desk, could reveal when, where and by whom this newspaper was bought. Need a list of single male camping enthusiasts who live in high-income areas and read poetry? It can be had for the asking.
Such capabilities create commercial tools that make it possible to market the right products to the likeliest customers. This is all to the good. But those glimmering eyes can also be prying, even sinister. Americans especially are beginning to worry where all this is heading (see above). Can the demands of privacy withstand the advance of digital technology?
Old ideas about privacy, and the laws that were based upon them, are fast becoming obsolete. This is not mainly because information that used to be confidential is now public, but because technology is changing what "public" means. Twenty years ago, say, the local butcher might know that Mrs Jones bought a ham every Saturday. That was, in a sense, public information. Yet it was not widely available. Perhaps the butcher let the mustard merchant know about Mrs Jones; but there was no easy way for just anybody, out of idle curiosity or for any other reason, to find out. This is changing.
More important, meaningless scraps of information can become something else when combined. Again, the sophistication of modern databases and their increasing ability to talk to each other have changed the rules. In America, where personal data are easily obtained, any computer nerd given your Social Security number, address or telephone number can easily find out much more about you than you might wish. The scraps become tiles in a mosaic of your life, including matters such as your medical history (contribute to a diabetes support group?) and sexual orientation (subscribe to Gay Times?). And all this may go on without your even knowing that your dossier is up for sale to people and institutions you have never heard of.
Given these technological advances, maintaining anything like the degree of anonymity that people used to enjoy will take regulation. This is awkward, for no regulation works perfectly or does quite what it was meant to. Moreover, evidence of actual harm to individuals from the huge expansion of "public information" is slight. So you might think it would be better to do little or nothing: let the meaning of "private" and "public" change, and learn to live with it. The trouble is that, though the harm so far maybe slight, the legitimate anxiety is not. Remember too that the new technological possibilities are only just being explored: like the digital revolution itself, the shrinking of what was once called privacy has much further to go.
Is there a method of regulation that would allow the economic benefits of copious information to be enjoyed while still defending privacy for those who value it? A promising approach is to require the information-gatherer to gain permission for subsequent use. This idea informs a recent European Union directive on data protection. Under the directive, which governments must act upon by 1998, consumers have to be notified in advance of how a company would like to use their names and of the information that is attached to them. They can say no to such use; if they say yes, they have the right to know where their data have gone.
Here and there, this is happening anyway. Grocery and discount stores give shoppers with buyers' cards special discounts in exchange for permission to gather information on their purchases. Some Internet publications offer users a choice: they can browse anonymously, but those willing to disclose information about themselves gain access to more material. Unfortunately, however, there is little reason to suppose that market-driven practices of this kind will by themselves be enough to protect privacy. The difficulty is that unless the consent-principle is widely applied, information will continue to pour out like a flood from unprotected outlets.
For this very reason, admittedly, enforcing the consent-rule will be difficult. But it is worth a try. It would give information-gatherers a push in the right direction -- obliging most of them in effect, to count the erosion of privacy as a cost to be taken into account, without blocking the flow of all such information. Companies would collect and resell information more discriminately. And people who cherish their digital privacy would have the means to protect it -- which is as it should be.
Go to Roger's Home Page.
Go to the contents-page for this segment.
Last Amended: 17 February 1996
| |
| The Australian National University Visiting Fellow, Faculty of Xamax Consultancy Pty
Ltd, ACN: 002 360 456 | 78 Sidaway St Chapman ACT 2611 AUSTRALIA Tel: +61 6 288 6916 Fax: +61 6 288 1472 |