Should your
boss know about those visits to the shrink?
Employers sniffing through medical
records, would-be forgers having UPS deliver your
signature -- Simson Garfinkel reveals a world rife with
privacy violations in "Database Nation."
- - - - - - - - - - - -
By Thomas Scoville
www.
Salon.com
March
1, 2000 | When the Berlin Wall came down in October
1989, there was, of course, a lot of gloating in the
West. We'd won; capitalism and free markets had
triumphed over the dark forces of Soviet tyranny and
centralized control, conspicuously vindicating the
American way.
But what about the age-old advice:
Ignore at your peril the ominous shadows cast by the
creepy glow of hubris; if there's any time the gods love
to strike you down, it's during your victory lap. I was
haunted by a half-formed notion that, despite all the
economic chest-thumping and political high-fiving in the
so-called Free World, we were converging on our own
reckoning, a day when we would realize our own failures
beneath the weight of unacknowledged Western tyrannies.
I had no good idea how this might
actually come to pass. But reading Simson Garfinkel's
new book, it's starting to become clear: The combination
of free markets and ubiquitous information technology
imposes its own kind of tyranny, the end results being
often as scary as a KGB nightmare.
"Database Nation: The Death of
Privacy in the 21st Century" is a dense treatise on
electronic identification and surveillance technology,
as well as a guide to the workings of the modern
consumer tracking complex. Garfinkel, a technology
writer who runs an ISP on Martha's Vineyard, outlines
the laws and policies that make these mechanisms
possible and explains the commercial appetites that
motivate the relentless corporate mining of the
mountains of consumer data.
The picture is more than a little
hair-raising. Take,for instance, the hazards of
corporate credit-tracking databases: In the tangled web
of electronic repositories that chronicle your personal
credit history, a single mistake or false report can be
propagated to multiple agencies, ensuring that you'll
never be approved for a credit card or a mortgage.
Worse, errors can never be expunged, but only mitigated
with supplemental reports. Of course, the burden of
proof is on the individual. Equifax, Inc. may have made
the mistake, but the consumer suffers the consequences,
which can last for years.
Then there are the hidden perils of
those ubiquitous enticements to give up a few shreds of
your identity to the commercial data sphere. Think that
supermarket discount card was a bargain? Tell it to the
man who slipped and injured himself while shopping, then
sued the store. His corporate grocers used his consumer
profile against him, courtesy of the discount card. A
history of large liquor purchases undermined the
credibility of the customer's claim.
Then there are the databases tracking
your medical history: Garfinkel reports that 35 percent
of Fortune 500 companies acknowledge that they have
drawn on personal health records to make employment
decisions. Think you're in line for a big promotion? Not
with your record of psychiatric treatment, or that
one-time abnormal T-cell count after a nasty virus. For
HMOs, controlling costs also means the permanent
suspension of patient confidentiality; the ramifications
of this are nightmarish. Suddenly insurance companies,
marketers and mass-mailers have access to the most
intimate details of your flesh and blood.
The deeper Garfinkel digs, the more
ghoulish the picture becomes: Near the bottom of the
pit, there's the Medical Information Bureau, a widely
used clearinghouse of patient data for medical insurers,
which cloaks itself as would any sinister covert agency:
unlisted phone numbers, a profile so low as to approach
invisibility, concentric layers of codes and obfuscation
in reporting procedures. And though its data remains
invisible to consumers, its effects do not; with the
wrong codes affixed to your name in the MIB data cores,
you'll never get health insurance again. And you may
never know why.
Corporate databases also greatly
increase the individual's vulnerability to fraud,
identity theft and a host of other criminal abuses. I
was surprised to read, for instance, that United Parcel
Service stores customers' digitized signatures as proof
of delivery. UPS will fax you a receiver's signature if
you supply them with a package tracking number. It
appears to be relatively easy for someone to arrange for
UPS to deliver a facsimile of my signature.
Garfinkel makes the infuriating
revelation that much of the most promising technology
that could decrease consumer jeopardy isn't implemented
because of the marginal costs to corporations; profits
are more important than individual welfare, apparently.
Indeed, this inversion of corporate over individual
rights emerges as the dominant theme of "Database
Nation."
Certainly, Garfinkel finds corporate
disdain for consumer privacy rights is right out in the
open. Most incensing is the attitude of a mass-mailing
maven, the kind of marketer who upholsters your mailbox
daily with unwanted catalogs: "There is no such
thing as 'junk mail' -- only junk people." In other
words, corporation über alles.
Starting to sound a little like
tyranny?
Of course, resistance doesn't seem to
be coming from the technology sector - the Internet's
masters of the universe are too busy pawing through your
e-commerce cookies and profiling your Web surfing to
take much notice. The onslaught of corporate privacy
abuses has been resisted by only a few: whistleblowers
like Garfinkel, underground groups like the Cypherpunks
and - in a most un-Orwellian turn - by the federal
government, which has passed legislation to slow the
invasion.
There are a few problems with
"Database Nation." At times Garfinkel seems to
wander outside the implicit charter of the book. For
instance, his extended taxonomy of surveillance
techniques veers away from credibility and dangerously
close to "X-Files" territory with accounts of
thought-tapping and remote viewing experiments. At other
times he seems to want to write a completely different
book on spy technology, more appropriate for, say,
Jane's Defense Weekly.
Garfinkel also has an annoying habit
of creating shocking anecdotes of privacy abuse out of
whole cloth, not telling the reader until afterward
these horror stories only represent possible portraits
of the future. He opens one chapter with an account of
his e-mail correspondence with a person who turns out to
be a program sucking data about his shopping habits and
movie preferences -- then reveals that the scenario is
make-believe. This sensationalist technique is more
suited to National Enquirer than anything else, and
serves to subtly undermine his audience's trust.
Overall, though, "Database
Nation" is well worth the read. In the face of
escalating corporate incursions onto our fundamental
liberties, popular opposition is in alarmingly short
supply; those determined to galvanize public indignation
are performing a valuable service, and deserve to be
heard.
salon.com, 2000 ©
Database Nation: The Death of
Privacy in the 21st Century
By Simson Garfinkel
O'Reilly & Associates
270 pages
Buy
Database Nation
About the writer
Thomas Scoville is either an Information Age Savant or
an ex-Silicon Valley programmer with a bad attitude. He
is the author of the Silicon
Valley Tarot.
Related Salon stories
Who
can see your medical records? Congress passes a
bill under the banner of protecting privacy. Critics
say it does anything but that.
By Arthur Allen 07/08/99
Your
profile please When the giants of Net business say
they want to protect your privacy, they're really
trying to make you feel comfortable about giving up
more information about yourself.
By Andrew Leonard 06/97
"Excuse
me, are you human?" How do you know your new
e-mail pen pal isn't an intelligent agent?
By Simson Garfinkel 01/25/00
TOP
