THIS SEARCH     THIS DOCUMENT     THIS CR ISSUE     GO TO
Next Hit        Forward           Next Document     New CR Search
Prev Hit        Back              Prev Document     HomePage
Hit List        Best Sections     Daily Digest      Help
                Doc Contents      

STATEMENTS ON INTRODUCED BILLS AND JOINT RESOLUTIONS -- (Senate - November 10, 1999)

Just consider the amount of information already being collected as a matter of routine--any spending that involves a credit or

[Page: S14537]  GPO's PDF
bank debit card, most financial transactions, telephone calls, all dealings with national or local government. Supermarkets record every item being bought by customers who use discount cards. Mobile-phone companies are busy installing equipment that allows them to track the location of anyone who has a phone switched on. Electronic toll-booths and traffic-monitoring systems can record the movement of individual vehicles. Pioneered in Britain, closed-circuit tv cameras now scan increasingly large swathes of urban landscapes in other countries too. The trade in consumer information has hugely expanded in the past ten years. One single company, Acxiom Corporation in Conway, Arkansas, has a database combining public and consumer information that covers 95% of American households. Is there anyone left on the planet who does not know that their use of the Internet is being recorded by somebody, somewhere?

   Firms are as interested in their employees as in their customers. A 1997 survey by the American Management Association of 900 large companies found that nearly two-thirds admitted to some form of electronic surveillance of their own workers. Powerful new software makes it easy for bosses to monitor and record not only all telephone conversations, but every keystroke and e-mail message as well.

   Information is power, so its hardly surprising that governments are as keen as companies to use data-processing technology. They do this for many entirely legitimate reasons--tracking benefit claimants, delivering better health care, fighting crime, pursuing terrorists. But it inevitable means more government surveillance.

   A controversial law passed in 1994 to aid law enforcement requires telecoms firms operating in America to install equipment that allows the government to intercept and monitor all telephone and data communications, although disputes between the firms and the FBI have delayed its implementation. Intelligence agencies from America, Britain, Canada, Australia and New Zealand jointly monitor all international satellite-telecommunications traffic via a system called ``Echelon'' that can pick specific words or phrases from hundreds of thousands of messages.

   America, Britain, Canada and Australia are also compiling national DNA databases of convicted criminals. Many other countries are considering following suit. The idea of DNA databases that cover entire populations is still highly controversial, but those databases would be such a powerful tool for fighting crime and disease that pressure for their creation seems inevitable. Iceland's parliament has agreed a plan to sell the DNA database of its population to a medical-research firm, a move bitterly opposed by some on privacy grounds.

   To each a number

   The general public may be only vaguely aware of the mushrooming growth of information- gathering, but when they are offered a glimpse, most people do not like what they see. A survey by America's Federal Trade Commission found that 80% of Americans are worried about what happens to information c ollected about them. Skirmishes between privacy a dvocates and those collecting information a re occurring with increasing frequency.

   This year both intel and Microsoft have run into a storm of criticism when it was revealed that their products--the chips and software at the heart of most personal c omputers--transmitted unique identification numbers whenever a personal-c omputer user logged on to the Internet. Both companies hastily offered software to allow users to turn the identifying numbers off, but their critics maintain that any software fix can be breached. In fact, a growing number of electronic devices and software packages contain identifying numbers to help them interact with each other.

   In February an outcry greeted news that image Data, a small New Hampshire firm, had received finance and technical assistance from the American Secret Service to build a national database of photographs used on drivers' licenses. As a first step, the company had already bought the photographs of more than 22m drivers from state governments in South Carolina, Florida and Colorado. Image Data insists that the database, which would allow retailers or police across the country instantly to match a name and photograph, is primarily designed to fight cheque and credit-card fraud. But in response to more than 14,000 e-mail complaints, all three state moved quickly to cancel the sale.

   It is always hard to predict the impact of new technology, but there are several developments already on the horizon which, if the recent past is anything to go by, are bound to be used for monitoring of one sort or another. The paraphernalia of snooping, whether legal or not, is becoming both frighteningly sophisticated and easily affordable. Already, tiny microphones are capable of recording whispered conversations from across the street. Conversations can even be monitored from the normally imperceptible vibrations of window glass. Some technologists think that the tiny battlefield reconnaissance drones being developed by the American armed forces will be easy to commercialize. Small video cameras the size of a large wasp may some day be able to fly into a room, attach themselves to a wall or ceiling and record everything that goes on there.

   Overt monitoring is likely to grow as well. Intelligent software systems are already able to scan and identify individuals from video images. Combined with the plummeting price and size of cameras, such software should eventually make video surveillance possible almost anywhere, at any time. Street criminals might then be observed and traced with ease.

   The burgeoning field of ``biometrics'' will make possible cheap and fool-proof systems that can identify people from their voices, eyeballs, thumbprints or any other measurable part of their anatomy. That could mean doing away with today's cumbersome array of security passes, tickets and even credit cards. Alternatively, pocket-sized ``smart' cards might soon be able to store all of a person's medical or credit history, among other things, together with physical data needed to verify his or her identity.

   In a few years' time utilities might be able to monitor the performance of home appliances, sending repairmen or replacements even before they break down. Local supermarkets could check the contents of customers' refrigerators, compiling a shopping list as they run out of supplies of butter, cheese or milk. Or office workers might check up on the children at home from their desktop computers.

   But all of these benefits, from better medical care and crime prevention to the more banal delights of the ``intelligent'' home, come with one obvious drawback--an ever-widening trail of electronic data. Because the cost of storing and analysing the data is also plummeting, almost any action will leave a near-permanent record. However ingeniously information-p rocessing technology is used, what seems certain is that threats to traditional notions of privacy w ill proliferate.

   This prospect provokes a range of responses, none of them entirely adequate. More laws. Brandeis's article was a plea for a right to sue for damages against intrusions of privacy. It spawned a burst of privacy s tatutes in America and elsewhere. And yet privacy l awsuits hardly ever succeed, except in France, and even there they are rare. Courts find it almost impossible to pin down a precise enough legal definition of privacy.

   America's consumer-credit laws, passed in the 1970s, give individuals the right to example their credit records and to demand corrections. The European Union has recently gone a lot further. The EU Data Protection directive, which came into force last October, aims to give people control over their data, requiring ``unambiguous'' consent before a company or agency can process it, and barring the use of the data for any purpose other than that for which it was originally collected. Each EU country, is pledged to appoint a privacy c ommissioner to act on behalf of citizens whose rights have been violated. The directive also bars the export of data to countries that do not have comparably stringent protections.

   Most EU countries have yet to pass the domestic laws needs to implement the directive, so it is difficult to say how it will work in practice. But the Americans view it as Draconian, and a trade row has blown up about the EU's threat to stop data exports to the United States. A compromise may be reached that enables American firms to follow voluntary guidelines; but that merely could create a big loophole. If, on the other hand, the EU insist on barring data exports, not only might a trade war be started but also the development of electronic commerce in Europe could come screeching to a complete halt, inflicting a huge cost on the EU's economy.

   In any case, it is far from clear what effect the new law will have even in Europe. More products or services may have to be offered with the kind of legalistic bumf that is now attached to computer software. But, as with software, most consumers are likely to sign without reading it. The new law may give individuals a valuable tool to fight against some of the worst abuses, rather on the pattern of consumer-credit laws. But, also as with those laws--and indeed, with government freedom of information laws in general--individuals will have to be determined and persistent to exercise their rights. Corporate and government officials can often find ways to delay or evade individual requests for information. Policing the rising tide of data collection and trading is probably beyond the capability of any government without a crackdown so massive that it could stop the new information e conomy in its tracks.

   Market solutions. The Americans generally prefer to rely on self-regulation and market pressures. Yet so far, self-regulation has failed abysmally. A Federal Trade Commission survey of 1,400 American Internet sites last year found that only 2% had posted a privacy po licy in line with that advocated by the commission, although more have probably done so since, not least in response to increased concern over privacy. S tudies of members of America's Direct Marketing Association by independence researchers have found that more than half did not abide even by the association's modest guidelines.

   If consumers were to become more alarmed about privacy, h owever, market solutions could offer some protection. The Internet, the frontline of the privacy ba ttle-field, has already spawned anonymous remailers, firms that forward e-mail stripped of any identifying information. O ne website (www.anonymizer.com) offers anonymous Internet browsing. Electronic digital cash, for use or off the Internet, may eventually provide some anonymity but, like today's physical cash, it will probably be used only for smaller purchases.

[Page: S14538]  GPO's PDF

   Enter the infomediary

   John Hagel and Marc Singer of McKinsey, a management consulting firm, believe that from such services will emerge ``informediaries'', firms that become brokers of information be tween consumers and other companies, giving consumers privacy pr otection and also earning them some revenue for the information th ey are willing to release about themselves. If consumers were willing to pay for such brokerage, infomediaries might succeed on the Internet. Such firms would have the strongest possible stake in maintaining their reputation for privacy pr otection. But it is hard to imagine them thriving unless consumers are willing to funnel every transaction they make through a single infomediary. Even if this is possible--which is unclear--many consumers may not want to rely so much on a single firm. Most, for example, already have more than one credit card.

   In the meantime, many companies already declare that they will not sell information th ey collect about customers. But many others find it possible profitable not to make--to--or keep--this pledge. Consumers who want privacy mu st be ever vigilant, which is more than most can manage. Even those companies which advertise that they will not sell information do not promise not to buy it. They almost certainly know more about their customers than their customers realize. And in any case, market solutions, including informediaries, are unlikely to be able to deal with growing government databases or increased surveillance in public areas.

   Technology. The Internet has spawned a fierce war between fans of encryption and governments, especially America's, which argue that they must have access to the keys to software codes used on the web in the interests of the law enforcement. This quarrel has been rumbling on for years. But given the easy availability of increasingly complex codes, governments may just have to accept defeat, which would provide more privacy no t just for innocent web users, but for criminals as well. Yet even encryption will only serve to restore to Internet users the level of privacy th at most people have assumed they now enjoy in traditional (i.e., paper) mail.

   Away from the web, the technological race between snoopers and anti-snoopers will also undoubtedly continue. But technology can only ever be a partial answer. Privacy wi ll be reduced not only by government or private snooping, but by the constant recording of all sorts of information th at individuals must provide to receive products or benefits--which is as true on as off the Internet.

   Transparency. Despairing of efforts to protect privacy in the face of the approaching technological deluge, David Brin, an American physicist and science-fiction writer, proposes a radical alternative--its complete abolition. In his book ``The Transparent Society'' (Addision-Wesley, $25) he argues that in future the rich and powerful--and most ominously of all, governments--will derive the greatest benefit from privacy pr otection, rather than ordinary people. Instead, says Mr. Brin, a clear, simple rule should be adopted: everyone should have access to all information. E very citizen should be able to tap into any database, corporate or governmental, containing personal in formation. I mages from the video-surveillance cameras on city streets should be accessible to everyone, not just the police.

   The idea sounds disconcerting, he admits. But he argues that privacy is doomed in any case. Transparency would enable people to know who knows what about them, and for the ruled to keep any eye on their rulers. Video cameras would record not only criminals, but also abusive policemen. Corporate chiefs would know that information ab out themselves is as freely available as it is about their customers or workers. Simple deterrence would then encourage restraint in information ga thering--and maybe even more courtesy.

   Yet Mr. Brin does not explain what would happen to transparency violators or whether there would be any limits. What about national-security data or trade secrets? Police or medical files? Criminals might find these of great interest. What is more, transparency would be just as difficult to enforce legally as privacy pr otection is now. Indeed, the very idea of making privacy in to a crime seems outlandish.

   There is unlikely to be a single answer to the dilemma posed by the conflict between privacy an d the growing power of information te chnology. But unless society collectively turns away from the benefits that technology can offer--surely the most unlikely outcome of all--privacy de bates are likely to become very more intense. In the brave new world of the information ag e, the right to be left alone is certain to come under siege as never before.

--

   Nosy Parker Lives

[William Safire, Washington]

   A state sells its driver's license records to a stalker; he selects his victim--a Hollywood starlet--from the photos and murders her.

   A telephone company sells a list of calls; an extortionist analyzes the pattern of calls and blackmails the owner of the phone.

   A hospital transfers patient records to an insurance affiliate, which turns down a policy renewal.

   A bank sells a financial disclosure statement to a borrower's employer, who fires the employee for profligacy.

   An Internet browser sells the records of a nettie's searches to a lawyer's private investigator, who uses ``cookie''-generated evidence against the nettie in a lawsuit.

   Such invasions of privacy ar e no longer far-out possibilities. The first listed above, the murder of Rebecca Schaeffer, led to the Driver's Privacy Pr otection Act. That Federal law enables motorists to ``opt out''--to direct that information ab out them not be sold for commercial purposes.

   But even that opt out puts the burden of protection on the potential victim, and most people are too busy or lazy to initiate self-protection. Far more effective would be what privacy ad vocates call opt in--requiring the state or business to request permission of individual customers before selling their names to practioners of ``target marketing.''

   In practical terms, the difference between opt in and opt out is the difference between a door locked with a bolt and a door left ajar. But in a divided appeals court--under the strained rubric of commercial free speech--the intrusive telecommunications giant US West won. Its private customers and the public are the losers.

   Corporate mergers and technologies of E-commerce and electronic surveillance are pulverizing the walls of personal pr ivacy. B elatedly, Americans are awakening to their new nakedness as targets of marketers.

   Your bank account, you health record, your genetic code, your personal an d shopping habits and sexual interests are your own business. That information ha s a value. If anybody wants to pay for an intimate look inside your life, let them make you an offer and you'll think about it. That's opt in. You may decide to trade the desired information ab out yourself for services like an E-mail box or stock quotes or other inducement. But require them to ask you first.

   We are dealing here with a political sleeper issue. People are getting wise to being secretly examined and manipulated and it rubs them the wrong way.

   Politicians sense that a strange dissonance is agitating their constituents. But most are leery of the issue because it cuts across ideologies and party lines--not just encrypted communication versus national security, but personal li berty versus the free market.

   That's why there has been such Sturm und Drang around the Financial Services Act of 1999. Most pols think it is bogged down only because of a turf war between the Treasury and the Fed over who regulates the new bank-broker-insurance mergers. It goes deeper.

   The House passed a bill 343 to 86 to make ``pretext calling'' by snoops pretending to be the customer a Federal crime, plus an ``opt out'' that puts the burden on bank customers to tell their banks not to disclose account information to marketers. The bank lobby went along with this.


THIS SEARCH     THIS DOCUMENT     THIS CR ISSUE     GO TO
Next Hit        Forward           Next Document     New CR Search
Prev Hit        Back              Prev Document     HomePage
Hit List        Best Sections     Daily Digest      Help
                Doc Contents