A DAY in the life of an ordinary American: he drives to the office, toils at a computer, browses in shops at lunchtime, then picks up some bread and a video on the way home, where a pile of junk mail and a doctor's bill await him. At every stop along the way, his doings can be watched, monitored, tabulated and sold.
Americans think they have a right to privacy. After all, in 1965 the Supreme Court famously found such a right in the "penumbras" and "emanations" of the American constitution. Despite this, they have lost control over who knows what about them. The chief culprit is not so much Big Brother as lots of little brothers, all gossiping with each other over computer networks. But Big Brother is doing his bit: in the struggle against crime, terrorism, deadbeat parents, illegal immigrants and even traffic jams, the government keeps an ever-closer eye on more and more of its citizens.
On a typical day, for example, our hero's driving route may be tracked by an intelligent traffic system. At work, his employer can legally listen in to his business conversations on the telephone, and tap into his computer, e- mail or voice-mail. At the shopping centre, the ubiquitous closed-circuit camera may soon be smart enough to seek him out personally. His clothes shop is allowed to put peepholes in the fitting-rooms; some have hidden microphones, too. The grocery stores information about him if he is a member of its "buyers' club".
If he uses his credit card, not only does the card company keep tabs on when, where and what he buys, it may sell that knowledge to eager merchants. A purchase of outdoor furniture means that brochures hawking barbecue grills, lawn seed and funny aprons are likely to follow: hence the junk mail piled on his doorstep. The doctors' bills and other sorts of medical information are better guarded; but in many American states trade in private medical records is perfectly legal. (In 22 states, on the other hand, patients lack the right to see their medical files.) If he calls a toll-free 800 number or a pay-per-minute 900 number, the other end can identify his telephone number- -even if it is unlisted--and sell it.
And if he decides to give up the rat race and become a Texan cowboy, the postal service will sell his new address to anyone who asks. His new employer can get his medical history from the insurance company, and his credit history from a credit bureau. Just to be hired, he may have to take a drug test, a lie-detector test (though this is now limited to certain fields), and a psychological test. He may have to tell his employer which prescription drugs he takes and whether he has smoked in the past year.
His choice of videos, at least, is protected: to tell which films he hires is illegal. But that is not much comfort in a world where legal databases match addresses with unlisted telephone numbers, and illegal ones do a brisk trade in bank, stock and tax information. With the right software, any aspiring Sherlock can build up a large file on most Americans, including education, previous addresses, physical description, telephone bills, hobbies, and more. The armchair detective can even hire someone to do it for him: given a telephone number, at least one service will cull a credit database and supply an address, demographic information and buying preferences.
Did someone say "privacy"? Hush. Marketing and consumer-products firms like to know who buys what--and where and when and how. Law-enforcement officials, too, are pleased to have new and better ways to snoop, often in response to pressures from the public. For example, the State Directory of New Hires, a pilot programme operating in five states, is intended to prevent illegal immigrants from working. Employers who hire a worker must contact the federal government, which checks to ensure that the new bloke has his papers. The system involves the feds in every decision to hire, which is a troubling precedent; and of course it will make mistakes.
The state of Maryland requires every hospital visit to be logged into a database; the idea is that by gathering such information, health and administration costs may be cut. But this compromises the once-sacrosanct principle that used to shield doctor-patient communications from public view.
Two cases burning up the Internet show the extent to which technology has become the front line in the battles over privacy. In one case, a law passed last year required telephone companies to design their equipment to allow for wiretaps. In the other, the federal government tried to enforce use of the "Clipper chip", a device which would ensure that it could read all encrypted messages.
Officials argued that in both cases the status quo--access to private communications upon a court order--was just being extended. Furious cyber- citizens disagreed. "Trusting the government with your privacy", snorted Wired magazine, "is like having a Peeping Tom install your window blinds." Officialdom backed off on the Clipper chip because it couldn't make people buy it, but it is now pushing a related scheme that would allow a "trusted third party", such as a company or a non-profit group, to keep the keys to private codes on behalf of the government.
Selling secrets, and secrecy
The conflict is a classic one: between individual rights and the public good, between the demands of law-enforcement and the preservation of a private sphere. To resolve it, a principle is needed. There used to be one: data could not be gathered or used for another purpose without the consent of the person concerned. In these days of multi-linked databases, that principle is history.
Today, the presumed right to privacy is giving way to the right to protect one's privacy. Although few realise it, Americans are generally able to see the files kept on them, to correct mistakes, block disclosure (sometimes, at least) and to learn where information has gone. Consumers have the right to check their credit reports and to insist on giving permission before they are released. Junk-mail recipients can write to the Direct Marketing Association to be placed on the "delete" list (but companies not part of the association must be contacted directly).
All well and good. But tracking down dozens of information-gatherers-- government agencies, department stores, mail-order companies and so on--is no easy task, and it is not always possible to know which databases you are in, anyway. (One, which retailers like to consult, lists former salesmen suspected of theft; names can be added without telling the persons concerned.)
Given all this, it is not unreasonable that 80% of Americans tell pollsters they worry that they have "lost all control" over personal information. But at the same time they are extraordinarily willing to fill out warranty cards, questionnaires and impertinent surveys. In short, Americans love information, but they have not figured out how they want to control access to it.
In response, Congress and many states have passed the odd law to answer specific privacy complaints: the rule against disclosing videos, for example, and limits on the disclosure of driving records. Europe passed a comprehensive set of data protection guidelines in October. The last such federal legislation in America dates back to the Privacy Act of 1974.
Much of the law on privacy is therefore being made in vintage American style- -the courts are making it up as they go along. One case to watch is in Virginia, where the law forbids the use of anyone's likeness for commercial purposes without his consent. On this basis, a subscriber is suing U.S. News & World Report, an American weekly, for selling his name and address--which, he claims, are forms of his likeness.
Peeping Sam, look to discreet Europe
There are other pressures for change. Under the European directive, transfer of sensitive information to countries with inadequate privacy laws would not be allowed. If America's current muddle does not pass muster, business could be cut off from information from Europe--a powerful incentive to fix what's broke.
And technology itself may provide a partial answer. All-but-foolproof encryption technology is freely available over the Internet and will not go away no matter how much Uncle Sam wishes it would. A Dutch firm, Digicash, has developed e-cash, which allows customers to buy goods over the Internet directly and anonymously. Digicash has also developed a smart card-- compatible with Eurocard, Visa and Mastercard--that makes payment anonymous.
It is in the computer industry's interest to sort the issues out. Computer networks will not fulfil their commercial potential if consumers worry that their credit-card security and personal privacy will be snagged in the Internet. Already, certain sites on the Internet make an explicit commitment to privacy. Confidentiality, like information, is attractive to customers--and thus should be marketable. Attention, Kmart shoppers: privacy for sale, aisle nine.
No comments:
Post a Comment