|
Privacy in the new millennium by Tom Painter tbp@oped.com It seems that the world does not develop so much by design as by the unexpected consequences of our designs. Fifty one years ago George Orwell's novel Nineteen Eighty-Four was published. That book has a character whose title later became a common expression for an all-knowing government - Big Brother. In Orwell's vision of Nineteen Eighty-four, everything about you, every place you went and everything you did was known to Big Brother. Orwell portrayed his vision of the future as a logical outcome if totalitarian socialism conquered the world. But, seven years after 1984, the Soviet Union imploded and most communist countries moved towards some type of democratic government. Communist China has embraced capitalism so much that now it wants to join the World Trade Organization (WTO). So, if the era that began at the end of World War Two did not give us Big Brother, from Mr. Orwell's vision, what has it brought us? In five very rapid decades, advances in technology generated a second industrial revolution and improved nearly every industry and every thing we produce. The expanding use of computerized files and the constantly increasing ability to process and store huge amounts of data has affected every aspect of daily life and created The Information Age. Yet, one of the primary products of this new age, the records of your activities stored in computer files, is one of our least talked about achievements, with consequences for our privacy that are only now being fully appreciated. Personal Identification Today, every employer, financial institution, doctor, hospital, clinic and insurance company requires your Social Security Number, for the information they must report to federal and state agencies to satisfy tax or insurance regulations. Some businesses, which do not need to report customers' tax or insurance data, demand your Social Security Number, if only to run a credit check. Many states require the Social Security Number for motor vehicle registrations, drivers' licenses and court cases. Most companies, organizations, and government agencies have computer files of personal information on the individuals they have business with. Many of those files have your Social Security Number and if they don't then your name and birth date can often be used to find it in files which have it. Yet, when the Social Security system was first debated, it was agreed that the Social Security Number would not be used as a general, national ID number. By default and not by design, the Social Security Number became a de-facto national identification number. Your Information Individually, each computer file with personal information starts with a legitimate record keeping purpose - your bank account, credit card transactions, telephone bill, college transcript, investments, club membership, charitable donation, hospital visit, insurance claim, drivers' license, vehicle registration, mortgage, airline, bus or train ticket, utility bill, et al. But the original purpose is quickly subverted. Your personal information is no longer considered yours. It's a product, a commodity to sell to the highest bidder. Catalogue companies, marketing companies, pollsters, fund raising hucksters and others buy your personal information. Even government agencies find no ethical reason to keep all your information private; it's another source of revenue. The masses of computer files of personal information have benefits, like very fast and complete credit checks. However, by merging information from different files, very thorough personal profiles can be created. How much of your profile is for sale? Who can create it, who can sell it, who can buy it, and who protects it? Although we did not intend for the details of our life to become so open, that is a consequence of the computerized world which has grown up around us. The Internet In the 1980's the Internet was created to help federally funded scientists share research information, and to share their computer resources with each other. It was not long before the Internet community expanded from its base and mushroomed into the information highway of our future. And, why not, if instantaneously sharing huge files of information from anywhere in the world can help our scientists, then certainly the rest of us can benefit from those capabilities as well. Thus was born the World Wide Web. If an organization does not yet conduct business through the Internet, it most likely has computer systems connected to the Internet and at least has a place on the Internet (a web site) where some information is available - to view, print, or copy. Today, there are web sites on the Internet, where just about anyone can obtain some personal information on someone else, sometimes for free. Are other individuals prevented from stealing our computerized identity or from disrupting our identity when their own activities are mistakenly recorded into our profiles? Apparently not, because we all know these abuses happen more frequently now. Every type of communication that continues to use printed formats delivered to your home, have equivalent electronic formats that can be processed, viewed or delivered via the Internet. Internet-based commerce and exchange of information increases exponentially every month, and more companies are choosing the Internet as the medium for doing business with each other - for buying, selling, marketing and exchanging products and information. Does that include "your" information? Marketing Just as the ever present field of marketing turned your personal information into a revenue source, so too is marketing the current excuse for the privacy abuses which the Internet is capable of. Almost any web site you visit on the Internet leaves a present on your personal computer; it's a particular type of file referred to as a "cookie". This little present is actually a spy. It tracks where you go and what you do during your visit to a web site. It also keeps track of any advertisements you chose to link to from that site. The cookie makers say they only want to improve and tailor what each web site gives you, and to do a better job of marketing the advertisements. What they don't tell you too loudly is that, they sell the data they collect from your visits to their web site. They sell it to advertisers and to other Internet and non-Internet companies, and to businesses who simply collect and merge the information, to sell to others - for who knows what purposes. In addition, there is a special cookie that is often put on your computer. It comes from either one of a few dominant Internet marketing companies that want to know every web site and web page you go to and every date and time you go there - what a nice little cookie. Literally every time your screen changes in your browser, these special cookies pass the change along to a computer file somewhere. If you have a profile on a particular web site, these cookies can pick it up. They can also pass along personal information from the pages you display. The companies that employ these cookies say that only marketing data and your computer's ID on the Internet is saved; your personal identification is discarded. Do they verify that? Does anyone check? Are they legally required to? The answer to all three questions is no. Of course, the stated marketing purpose of this cookie is to record and understand all your interests, as expressed by your Internet activity. It also means there is nothing you do via the Internet that won't be recorded someplace. Consider also that one of the Internet companies that provides the special cookies - Double Click is their name - recently bought rights to some large computer files of information. One of their purchases gives them marketing data from non-Internet activity. Another purchase gives them the ability to connect your personal identification with your computer's ID for the Internet. Although Double Click said they would not make that connection, some Internet companies decided they would not handle Double Click's cookies any more, because of the potential for abuse. But who is watching? Far beyond it's original design; the Internet is becoming the point at which information from all computers everywhere can intersect. But we never give enough thought to the ethical considerations of privacy, before our technology delivers some unforeseen consequence. The increasing amount of daily activity that contributes to the Internet's web of information demonstrates the pervasiveness of our new technologies. The benefits have come from the speed and ease with which information is exchanged and financial transactions take place. The consequences are reflected in the increased vulnerability of our privacy, and our very identities. Not by design, but by default, the personal information we so easily give up takes on a life of its own. 2020 Now fast forward fifteen or twenty years. Your home, its appliances, household utilities, all communications, all types of transportation and all information systems are Internet enabled. Life is easier for you. The Internet manages all information, tailored to your needs and your taste, performs all record keeping and keeps you globally connected, twenty-four hours day. The final two remaining world-class conglomerates have completed their Federal Trade Commission approved merger, for the sake of the economic efficiency of the global market. And, who makes the cookies? And what if you don't like cookies? Can you run your Internet connected life if you refuse them? Who owns the data, which originated as your personal information? What can they do with it, and for whom? Yes, it sounds like our technology is capable of creating a commercial version of a Big Brother type world-dominating enterprise, as George Orwell assumed Socialism would produce. Is that development inevitable? No. Should we be paranoid about it now? No, not yet. Where is the Law? Two federal institutions have now started to look at the privacy questions raised by the new Internet technologies - the Federal Trade Commission and the United States Congress, through its various committees. Meanwhile the Internet industries and their friends are running public relations campaigns and lobbying the government. They have two arguments. The first argument is that the Internet should be a regulation free zone. Why? Because, it exemplifies unfettered innovation and creativity which enables the exchange of products and information at a lower cost per unit than ever before. Regulation will stifle that creativity and innovation and diminish the extensive, dynamic exchange of information the Internet provides. That exchange is what is driving the new economy. If you want to use the Internet then you accept there are few rules. If Internet technology makes it possible, then it's O.K., just because it's possible. The second argument takes the position that if you want to control your privacy on the Internet, then you can chose to opt in or opt out of any web site's privacy rules. That adds up to an Internet privacy position of 'let us do it and if you don’t like what we do then leave'. Your ability, or willingness to chose to opt out of a company's privacy rules is diminished because you are often not even told you can opt out of them, and the company (or the entire industry) may refuse your business if you do. That mindset prevails because we have allowed businesses to plan on the assumption that they do not need your consent to turn your information into a product. That position should not surprise anyone. From the beginning, at the start of this Information Age, we never really demanded our privacy rights. Once your information is given to a company or government agency, it is generally no longer your information - it has become their data. Why should the Internet be any different? What is needed Maybe it should all be different now, because now we can see where the technology has lead us - to the merger of our personal information in huge computerized files, controlled by the interests of the commercial outfits that own it, and completely interconnected throughout the world. Biotechnology, cloning, the human genome project, and your life displayed on your neighborhood Internet web page - in detail - have all been made possible by computers. Many of these things are moving faster than we can see what the affects will be and they come into use before we develop ethical rules about them. The Internet industries should accept that our world lives and breathes on more than just freedom. And, we survive because of rules based on ethical understanding of rights and obligations. Without such rules we go back to the jungles and the caves. Internet regulations should try to not kill the abundant creative energy it releases. But just as nuclear energy can be used for good or for ill, any creative energy needs to be guided toward means and ends that sustain life, not harm or threaten it. Our privacy is as valuable as our freedom, in sustaining the life we enjoy today. Somewhere between those two ideals we need to define rules for the Internet - based on past experience and future expectations. A good starting point would be to acknowledge where information originates, and make clear what rights the original source of any information should have. We should not accept the concept that our information automatically becomes someone else's product, to sell or manipulate for a purpose we did not agree to. And, there should be few restrictions on our right to see our own personal information that someone else has collected. Privacy rules should be based on the requirement for our explicit consent. They should not require us to ask and investigate how someone might use our personal information. Instead, no one should have the right to use our information, other than for the purpose for which we gave it to them, unless they ask for and get our consent. The Internet advocates and the old economy merchants will protest that regulation will sacrifice economic progress for unwarranted privacy. Who has a right to claim your privacy is unwarranted? Write your federal, state and local representatives and tell them what you think
|