Washington Apple Pi

A Community of Apple iPad, iPhone and Mac Users

Privacy Wars

Copyright © 2000 by John O. Ludwigson

Washington Apple Pi Journal, July/August 2000, pp. 26-28, reprint information

A review of:

Database Nation:The Death of Privacy in the 21st Century, by Simson Garfinkel*
O'Reilly & Associates, Inc.
ISBN 1-56592-653-6

When you fill out the registration card that comes with your new computer, does the information just go to good old Apple? Or does it wind up lumped with information from your insurance company, your credit card company, your local hospital, or state motor vehicle records in a database you may not even know exists, let alone have the ability to see or influence?

Don't know the answer? You're not alone. And, given how fast data can travel these days, no one else may know the answer, either.

Simson Garfinkel has written a book about that. That and the myriad other hazards and traps of the still-aborning computer age. There's a lot of them, and Database Nation provides a quick but comprehensive survey.

Garfinkel's list, paraphrased, runs like this:

  • The end of due process--welcome to a world in which computers are assumed to be right and people wrong.
  • Biometrics--even people long dead can be identified from the DNA in a scrap of tissue; children are fingerprinted for their own protection; iris scans identify almost infallibly those authorized to access data or places.
  • Pervasive data collection--every transaction you enter into, all your records of any kind, emails and web pages are being collected, mostly automatically in databases that are never purged.
  • Surveillance everywhere--video cameras scan our world, the highways (Aggressive Driver Imaging in Use for Your Protection!), stores, banks, backyards...wherever paranoia prevails.
  • Medical confidentiality vs. the insurance industry--your doctor may protect your secrets, but insurance companies do their best to find them out and add them to their databases.
  • Targeted marketing--increasingly, junk mail, evening sales calls, and email Spam are based on personal information in the perpetrators' databases.

    As an example of how the move toward coping with the electronic world has long been sidelined, Database Nation cites the following, from a report prepared by a commission appointed by Elliot Richardson, President Richard Nixon's Secretary of Health, Education, and Welfare.

    The Code of Fair Information Practices*

    The Code of Fair Information Practices was the central contribution of the HEW (Health, Education, Welfare) Advisory Committee on Automated Data Systems. The Advisory Committee was established in 1972, and the report released in July. The citation for the report is as follows:

    U.S. Dep't. of Health, Education and Welfare, Secretary's Advisory Committee on Automated Personal Data Systems, Records, computers, and the Rights of Citizens viii (1973).

    The Code of Fair Information Practices is based on five principles:

    1. There must be no personal data record-keeping systems whose very existence is secret.

    2. There must be a way for a person to find out what information about the person is in a record and how it is used.

    3. There must be a way for a person to prevent information about the person that was obtained for one purpose from being used or made available for other purposes without the person's consent.

    4. There must be a way for a person to correct or amend a record of identifiable information about the person.

    5. Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuses of the data.

    * From:
    http://www.epic.org/privacy/consumer/code_fair_info.html

  • Personal information as a commodity--data on your life is bought and sold as a product, entirely without your consent or even knowledge.
  • Genetic information--based on the belief that your destiny is written in your chromosomes, you soon may be evaluated for a job, for insurance, or for medical treatment on the basis of analysis of your DNA.
  • Micromanagement of intellectual property--encrypted keys on DVDs was only the beginning, "magic cookies" only the camel's nose under the tent; today software calls home to make sure it's authorized to do its job for you, and laws ever more friendly to manufacturers (UCITA, for example) are being passed in state legislatures.
  • Terrorism--from political/religious fanatics slaughtering their neighbors in the name of their cause, to police crashing into citizens' homes with submachine guns at the ready, terrorism is not only common, but all too easy thanks to the ready availability of "...astonishingly lethal technologies...".
  • HAL unleashed--computers are closing in; "The ultimate threat to privacy will be intelligent computers....that can use human-like reasoning powers...to assemble coherent data portraits, interpret and anticipate our mental states, and betray us with false relationships."

It's vastly more than privacy, as Garfinkel realizes: "The problem with this word 'privacy' is that it falls short of conveying the really big picture. Privacy isn't just about hiding things. It's about self-possession, autonomy, and integrity. .... It's the right of people to control what details about their lives stay inside their own houses and what leaks to the outside. .... Privacy is fundamentally about the power of the individual."

Indeed it is, and it's on the run as witness just these recent headlines:

  • "Credit card thieves steal, shop, swap online worldwide; Hackers gain access to account information on retailers' computers; Data traded in chat rooms" -- from The Baltimore Sun web site, April 2, 2000.
  • "Aided by Internet, Identity Theft Soars" -- from The New York Times web site, April 3, 2000.
  • "When Your Good Name Is Stolen" -- a column by Michelle Singletary in The Washington Post, Business section, Sunday, May 7, 2000.
  • "Clinton says reforms would protect Americans' privacy" -- on the President's proposed financial privacy legislation, from the CNN web site, May 1, 2000
  • "FTC official: Net privacy violators not immune" -- from the IDG web site, April 10, 2000.
  • "Multi-Nation Conference Confronts Cybercrime..." -- from The Washington Post, World News section, May 17, 2000.

This last story, datelined Paris, quoted French President Jacques Chirac as telling the 300 delegates to an international conference, "The Internet, whose construction was fired by the universal ideals of freedom and solidarity, is testing our institutions."

And a U.S. Assistant Attorney General observed, "These technologies grow on a daily basis, and people are exploiting them all the time."

Garfinkel describes the many faces of the problem clearly, but his book presents only a lukewarm agenda for a solution. In a chapter with the promising title of "Privacy Now!" he introduces a series of proposals with very little discussion of what it will take to actually move forward with any of them.

For example, in a section entitled "A Government Privacy Agenda for the Twenty-First Century" he suggests the creation of "... a permanent federal oversight agency charged with protecting privacy." The agency (Garfinkel doesn't offer a name for it.... maybe the Privy Council?) would rein in the feds' tendency to sacrifice people's privacy for other goals, enforce the few existing privacy laws, guard individual privacy in the business world, and "be an ombudsman for the American public....".

"It is estimated that such an agency could be created for less than $5 million..." he offers. A glance at the notes in the back of the book shows the single source of this optimistic estimate to be: "Estimate by Evan Hendricks, chairman, U.S. Privacy council; publisher, Privacy Times." How to establish this agency? Who would sponsor the legislation? The book is silent, noting only that there might be considerable public support for governmental controls .... on key issues such as the protection of medical records.

There are more proposals (bringing back the Office of Technology Assessment, an arm of Congress that used to turn out some of the best information in Washington D.C., is my favorite), but precious little in the way of suggestions for actually accomplishing any of them.

Still, it's obvious that our author has done his homework. He clearly sees a growing civic problem and the need to do something about it before things get farther out of hand. The book provides a good bibliography, a helpful notes section, organized by chapter, a list of pertinent web sites (But why aren't these cited as pertinent throughout the book?), and a useful index.

This book is a beginning; it would be a good primer for members of Congress and their staffs considering the problems of privacy in the electronic age and what to do about them; and it's a good intro for anyone who might be just a little worried about where all those customer registration forms, medical forms, insurance forms, driver's license records, and web site sign-ins are winding up.

And as for "good old Apple"? Their web site privacy policy statement http://www.apple.com/legal/privacy/ says, in part:

"If you browse Apple's web site, you do so anonymously. .... We do log your IP address (the Internet address of your computer) to give us an idea of which parts of our web site you visit and how long you spend there. But we do not link your IP address to anything personally identifiable. The only other information automatically provided to us is the type of computer and operating system you are using. ....

"At times we may request that you voluntarily supply us with personal information, such as your email address and postal address, for purposes such as corresponding with us, registering at a site, making a purchase, .....

"We use the personal information you provide to create a personal ID, called Apple ID. Your Apple ID gives you easy access to Apple services including product registration and the Apple Store. ....

"If you provide us with your email or postal address,... we will ask you if we can use it to send you updates on the latest Apple products and promotions. We also ask if you want us to share your personal information with other companies that offer related services. If you do not want us or other companies to contact you, you can choose to "opt out," and Apple will respect your wishes.

"Apple is actively involved in current industry initiatives-- such as the Online Privacy Alliance http://www.privacyalliance.org -- to preserve individual privacy rights on the Internet and in all aspects of electronic commerce. If you have a question specific to privacy, please contact us at privacy@apple.com.

"Apple's privacy policy is subject to change at any time and without notice. For updates, please check here."

* Simson L. Garfinkel: http://simson.vineyard.net/