"One of the remarkable things about ideas is that once you surface an idea, and it is a good idea, in the long term there is very little that can be done to stop it," Poindexter says of his proposals for aggressive data mining. "So I am convinced that research and development will continue, one way or another." Poindexter even hints that money for similar efforts remains buried deep within the Pentagon's budget.
Those candid remarks appear in Robert O'Harrow's "No Place to Hide," a new book that probes beneath the surface of the growing "databasification" of modern life.
O'Harrow, a reporter for The Washington Post, landed a series of interviews that capture how the federal government and its contractors have labored to compile digital dossiers on Americans in the years after the Sept. 11, 2001, attacks. "Law enforcement and intelligence services don't need to design their own surveillance systems from scratch," O'Harrow writes. "They only have to reach out to the companies that already track us so well."
The book's tone isn't shrill. Instead, it offers a reasoned and unparalleled glimpse into the minds of the bureaucrats and CEOs who are bent on creating a surveillance-industrial complex--not to monitor Americans for spying's sake, but to ward off future terrorist attacks. The problem, as O'Harrow notes as he profiles companies like Acxiom and ChoicePoint, is that a system created for one purpose can readily be turned into another.
That ominous warning also appears in a new book by Dan Solove, a law professor at George Washington University, called "The Digital Person."
Where O'Harrow is descriptive, Solove is prescriptive. He includes a nearly encyclopedic analysis of the current state of privacy law relating to "digital dossiers" and argues that it falls short. For proper legal protections in modern society, Solove argues, "our understandings of privacy must be significantly rethought."
One suggestion he offers--to amend the Privacy Act of 1974 to curb unchecked police use of outsourced databases--I also made in a September 2003 column. Others are more sweeping, such as increasing the legal protection for personal information that's in the hands of a third party such as a bank, bookseller or Internet service provider. A new federal law could go a long way toward repairing the damage to "third-party privacy" inflicted by a pair of Supreme Court decisions in the 1970s, Solove says.
Both O'Harrow and Solove do their topics justice when warning of police perusal of databases, the perils that secret "Do Not Fly" lists can hold for innocent travelers with unlucky names, and the shadowy surveillance-industrial complex. O'Harrow's book reveals the growing role of private-sector databases in government surveillance plans better than any other treatment so far.
If the books have any fault, it would be overlooking the unsung benefits that have accompanied the databasification of American society. While unchecked police snooping through databases is worrisome, lawful information-sharing in the private sector accelerates economic activity and helps consumers.
Data collection and information sharing emerged not through chance but because they result in lower prices and more choices for consumers. The ability to identify customers who are not likely to pay their bills, for instance, lets stores offer better deals to those who will.
These consumer benefits are given short shrift in privacy debates, which tend to be driven by anecdote and emotion and not by an appreciation of how businesses work in the real world.
Whatever its flaws, the credit-reporting system is a marvel of efficiency; just a few decades ago, if you wanted a loan, you'd have to visit a bank's loan officer in person and wait weeks while he or she checked your references before finally reaching a decision. Thanks to massive databases that sweep in credit histories, addresses, phone numbers, and public records such as bankruptcies and lawsuits by creditors, credit can be obtained in seconds today and at far cheaper prices.
Walter Kitchenman, an economist at Purchase Street Research, estimates that because of information sharing among financial companies, "mortgage rates in the United States are as much as two full percentage points lower" than they would be otherwise. That saves Americans at least $80 billion a year.
Unfortunately, the very features that make credit reports and other databases useful to businesses make them even more attractive to law enforcement. A more interesting question to answer could be: How can government access to these data stores be better controlled without curbing beneficial uses as well?
Biography
Declan McCullagh is CNET News.com's chief political correspondent. He spent more than a decade in Washington, D.C., chronicling the busy intersection between technology and politics. Previously, he was the Washington bureau chief for Wired News, and a reporter for Time.com, Time magazine and HotWired. McCullagh has taught journalism at American University and been an adjunct professor at Case Western University.
See more CNET content tagged:
police,
database,
idea
There actually are regulations about how, who, where, when, etc. Getting the DHS to acknowledge these is a different problem, but your local agencies are well aware of them.
when reading of these "big brother" database and
datamining projects is the prevalence of bad
data. This could be a good or bad thing,
depending on the situation of course. The problem
is, however, that the more certain individuals
become savvy to how data is collected, the lower
the signal-to-noise ratio will become. Moreover,
the more common sharing of accounts and services
is likely to be done (so as to limit tracing back
to a specific individual).
Doubly important, however, is how poorly the
databases and the queries against them are
becoming. The notion of a no-fly list based on a
person's name is just plain silly, for instance.
Names are not unique identifiers, they are
mutable chracterisitics (change name, modify
spellings, change name order, etc.), and the
association with an individual is loose (easy to
credential yourself as another person). Yet,
companies that are integrating data-sources will
join two records based on tenuous relations all
of the time; they accept all sorts of useless
information as gospel, and they don't provide
metrics of confidence for the information they
have... I guarantee that for the average
individual with information covered by
checkpoint, at least 1/2 of it is incorrect, and
at least 1/3 of that half is tainted with
information associated with another individual.
I had a friend once that lost out on buying a
house because the bank told him he was dead. It
took some work, but it seems that after moving
from an old apartment, his old phone number was
quickly assigned to another person. This person
got tired of receiving phone calls for the
previous occupant, so, one day when Sears called
to ask about a late credit payment, the new
occupant said "he's not here, he's dead". Sears
accepted that as accurate, and duly notified all
three credit agencies, which likewise accepted it
as accurate. A couple weeks later, he was
effectively deceased. The bank wouldn't offer him
a mortgage and the police eventually pick him up
for identity theft related charges (he was, after
all, pretending to be himself, who was deceased).
It may sound outrageous, but I can't see how this
won't happen more often in the future.
proliferation of data gathering and false
information would be mandatory notification and
(read-only) access to all data collected about
you. There's no legitimate reason that you should
not have access to your own dossier -- albeit
with significant costs to be absorbed by
businesses and aggregators that would have to
report back to you (in some sensible format).
Poindexter's Total Information Awareness database, if ever completed, would be the information equivalent of an atomic bomb. With the poor security measures demonstrated by the government, this data would eventually leak and end up in wrong hands.
Imagine if other countries had collected such all encompassing profiles of their own people. Would you not expect American intelligence to work very hard to get their hands on it? And for what ends?
The very existence of such a store would be a security risk not just for the country, but for all it?s citizens. Best to let this project die.
Let's not make the mistake of trying to regulate the tool out of existence. That's a classic case of throwing out the baby with the bathwater. Instead let us focus on regulating and curbing misuse of data mining. Court supervision of information USED by law enforcement from data mining would be a good start.
The credit system is a marvel of efficiencey? Criminy! You have obviously never tried to have incorrect data removed from a credit report or persuade a lender to disregard data that was patently silly contained on a credit report. The credit databases are a huge shambles and a perfect example of what happens when mane relies on machines (and data entry operators) to be infallible.
I know, for example, that the Washington Post compiles personnel record of all Federal Employees, including promotions, awards and pay level, and makes that information availabe to the world at large. Is that fair? Is it honest to ignore their transgressions? I suggest that you need to take the high ground.
You make a good point that, as you say, I didn't address in the limited space I had. Personally, I draw a distinction between the private sector and government workers. We need strict oversight of government workers, including their salaries and promotions etc. to ensure that tax money isn't misspent. That's because the government is essentially a monopoly so you can't trust competition to keep it efficient.
In the private sector, competition tends to be vigorous and there's no need for disclosure. A similar argument applies regarding court records (though there's an even more pressing reason to keep those public as a general rule, which is to prevent secret arrests and trials).
-Declan
Data currency and accuracy aside, the most that private companies usually want from you is your money and wealth, but not your life and liberty. On the other hand, Uncle Sammy Big Buck$ and his Big Brother want not just their annual ?fair share? of your wealth and money, but a bit more. Citizen, if you loose at Database Lotto, Good Uncle and his Black Helicopter flying Big Bro will pounce on your liberty, interfere with your pursuit of happiness and worst-case maybe even take your life.
If your name rhymes with Ali bin Noncitizen, or some variant there of, you have a high-probability of e-bubbling to the top of the TSA, DOS and U.S. Customs-INS Persons-of-Interest Body & Cavity Search List during any of your business and pleasure travel via bus, train or air.
When was the last time American Express, Visa or Master Charge asked the restaurant maitre d? to conduct a body and cavity search on your person before approving a charge when you charged the tab for a business or family meal on their plastic? DEAD SILENCE?that?s because it Neva Hatchi Watashi.
When the maitre d? swiped your card through the credit card reader, if the Credit Card company database said that you didn?t exceed your card limit, your got a ?Sign here, Please? and got to keep cloths and shoes on, and car keys and loose change in your pocket. Now that?s the ?Private Company Threat.?
Now go on an international or domestic business or pleasure trip. A government TSA security clerk-agent will have you remove your wallet-credit cards, empty your pockets, remove your shoes, etc. and if you wince, grumble, look at them ?funny? or if their MATRIX, CAPPS II, Secure Flight databases hiccup, they?ll treat you to an impromptu body search. Now that?s the ?Government Threat.?
Enjoy your all expense paid vacation in GITMO.
I couldn't have said it better myself. When a private company stores your name in a database, it's typically the result of a business transaction. When a private company accesses that record, it's typically trying to sell you something.
Governments, on the other hand, are the only entities that can do the body cavity searches, "temporary" detainments in secret for a few days, "random" IRS audits, "accidental" addition of your name to a No Fly List, and so on...
-Declan
The credit reporting industry may be very efficient at distributing information, but it is prone to providing inaccurate information and is not efficient at correcting errors. Because the information is efficiently delivered, and packaged with lots of impressive numbers and scores that can easily be plugged into formulas and used for comparisons, creditors can easily be lulled into placing great trust in that information.
This is where privacy laws can be useful (in addition to providing comfort to individuals). Privacy laws can be government guarantees that individuals must have access to and control over their information--not just guarantees that individuals may withhold information. In that sense, they can actually improve informational efficiencies by ensuring that information made available to a market is accurate and complete. That's why (for example) it's important for people to have a right to see their credit reports if we're going to have a credit reporting system.
For more on my perspective, see my reaction to this article on Privacy Spot: http://privacyspot.com/?q=node/view/558
- I wonder if any of Declan's opinions have changed...
-
by
March 11, 2005 10:37 AM PST
- in light of the recent incidents at ChoicePoint, Bank of America, etc. I can't help but think that compromising the financial identities of 1.5 million people will have a negative impact on the economy.
-
Reply to this comment
-
(15 Comments)Lots of things might make life easier for law enforcement or the financial industry, but that neither makes them right nor appropriate. I personally could wait a little longer for a loan approval if that meant that I had greater control over my own data.
What is my recourse when the people providing information about me are under no legal obligation to ensure the accuracy of that information?