Private Lives? Not Ours!
"You have zero privacy anyway," Sun Microsystems' CEO Scott McNealy said last year. "Get over it."
He's right on the facts, wrong on the attitude. It's undeniable that the existence of enormous databases on everything from our medical histories to whether we like beef jerky may make our lives an open book, thanks to the ability of computers to manipulate that information in every conceivable way. But I suspect even McNealy might have problems with somebody publishing his family's medical records on the Web, announcing his whereabouts to the world, or disseminating misinformation about his credit history. Instead of "getting over it," citizens need to demand clear rules on privacy, security, and confidentiality.
The sooner this happens, the better. Check out Simson Garfinkel's
trenchant and scary new book
Thanks to political outrage after Judge Robert Bork's video rental habits were unearthed during his Supreme Court nomination hearings in the late 1980s, it's now illegal for video stores to reveal your rental records. But Garfinkel points out that there are few similar confidentiality laws on the books. For instance, all sorts of highly sensitive medical information about you can travel back and forth throughout the health care and insurance industries, and sometimes beyond, with virtually no legal restraint.
Marketers think they deserve your information at least as much as you do. The creepy idea that somebody can follow you around the Net without your express permission is already commonplace. Web add-ons like Third Voice (which lets you post and read comments about specific Web sites) need to follow where you go in order to work and can collect your entire "clickstream" should they so choose. Ad companies like DoubleClick do their best to track your moves online, rendering individual sites' privacy policies meaningless--not that they're reassuring in the first place.
Garfinkel also demolishes the myth of infallibility among up-and-coming technologies like biometric identification. I've always been aghast that some fingerprint-ID schemes might allow a severed digit to unlock your ATM account. But ultimately it may be unnecessary for the bad guys to spoof the identification end of the chain; it's easier just to manipulate the underlying database to link someone else's fingerprint to you and your credit rating.
How hard is it to compromise a database? Just ask the tens of thousands whose credit card numbers have been filched from sites that did not take privacy and security seriously. My own credit files are still riddled with errors, thanks to someone who used my Social Security number to impersonate me. Microsoft's many security gaffes prove privacy is not considered a top product feature--probably because only those who have already been victimized seem to care.
Privacy violations by electronic means aren't limited to the obvious sources. Garfinkel discusses cameras mounted in public places that can pick up the images of every person or vehicle that passes, microphones that can capture conversations from afar, and cell phones that can report their users' peregrinations. If databases store this information in digital form, misuse is almost guaranteed.
We won't get real privacy or security until we demand it as a matter of law. Enough bad things have happened that the outcry should be deafening. But companies eager to improve their marketing efficiency or make billions selling personal data of questionable accuracy continue to wield immense influence. We probably won't see much change in electronic privacy law until some poor Supreme Court nominee gets caught downloading files from psychic-friends.net.