Should your boss know about those visits to the shrink?

Employers sniffing through medical records, would-be forgers having UPS deliver your signature -- Simson Garfinkel reveals a world rife with privacy violations in "Database Nation."

Published March 1, 2000 5:00PM (EST)

When the Berlin Wall came down in October 1989, there was, of course, a lot of gloating in the West. We'd won; capitalism and free markets had triumphed over the dark forces of Soviet tyranny and centralized control, conspicuously vindicating the American way.

But what about the age-old advice: Ignore at your peril the ominous shadows cast by the creepy glow of hubris; if there's any time the gods love to strike you down, it's during your victory lap. I was haunted by a half-formed notion that, despite all the economic chest-thumping and political high-fiving in the so-called Free World, we were converging on our own reckoning, a day when we would realize our own failures beneath the weight of unacknowledged Western tyrannies.

I had no good idea how this might actually come to pass. But reading Simson Garfinkel's new book, it's starting to become clear: The combination of free markets and ubiquitous information technology imposes its own kind of tyranny, the end results being often as scary as a KGB nightmare.

"Database Nation: The Death of Privacy in the 21st Century" is a dense treatise on electronic identification and surveillance technology, as well as a guide to the workings of the modern consumer tracking complex. Garfinkel, a technology writer who runs an ISP on Martha's Vineyard, outlines the laws and policies that make these mechanisms possible and explains the commercial appetites that motivate the relentless corporate mining of the mountains of consumer data.

The picture is more than a little hair-raising. Take, for instance, the hazards of corporate credit-tracking databases: In the tangled web of electronic repositories that chronicle your personal credit history, a single mistake or false report can be propagated to multiple agencies, ensuring that you'll never be approved for a credit card or a mortgage. Worse, errors can never be expunged, but only mitigated with supplemental reports. Of course, the burden of proof is on the individual. Equifax, Inc. may have made the mistake, but the consumer suffers the consequences, which can last for years.

Then there are the hidden perils of those ubiquitous enticements to give up a few shreds of your identity to the commercial data sphere. Think that supermarket discount card was a bargain? Tell it to the man who slipped and injured himself while shopping, then sued the store. His corporate grocers used his consumer profile against him, courtesy of the discount card. A history of large liquor purchases undermined the credibility of the customer's claim.

Then there are the databases tracking your medical history: Garfinkel reports that 35 percent of Fortune 500 companies acknowledge that they have drawn on personal health records to make employment decisions. Think you're in line for a big promotion? Not with your record of psychiatric treatment, or that one-time abnormal T-cell count after a nasty virus. For HMOs, controlling costs also means the permanent suspension of patient confidentiality; the ramifications of this are nightmarish. Suddenly insurance companies, marketers and mass-mailers have access to the most intimate details of your flesh and blood.

The deeper Garfinkel digs, the more ghoulish the picture becomes: Near the bottom of the pit, there's the Medical Information Bureau, a widely used clearinghouse of patient data for medical insurers, which cloaks itself as would any sinister covert agency: unlisted phone numbers, a profile so low as to approach invisibility, concentric layers of codes and obfuscation in reporting procedures. And though its data remains invisible to consumers, its effects do not; with the wrong codes affixed to your name in the MIB data cores, you'll never get health insurance again. And you may never know why.

Corporate databases also greatly increase the individual's vulnerability to fraud, identity theft and a host of other criminal abuses. I was surprised to read, for instance, that United Parcel Service stores customers' digitized signatures as proof of delivery. UPS will fax you a receiver's signature if you supply them with a package tracking number. It appears to be relatively easy for someone to arrange for UPS to deliver a facsimile of my signature.

Garfinkel makes the infuriating revelation that much of the most promising technology that could decrease consumer jeopardy isn't implemented because of the marginal costs to corporations; profits are more important than individual welfare, apparently. Indeed, this inversion of corporate over individual rights emerges as the dominant theme of "Database Nation."

Certainly, Garfinkel finds corporate disdain for consumer privacy rights is right out in the open. Most incensing is the attitude of a mass-mailing maven, the kind of marketer who upholsters your mailbox daily with unwanted catalogs: "There is no such thing as 'junk mail' -- only junk people." In other words, corporation |ber alles.

Starting to sound a little like tyranny?

Of course, resistance doesn't seem to be coming from the technology sector -- the Internet's masters of the universe are too busy pawing through your e-commerce cookies and profiling your Web surfing to take much notice. The onslaught of corporate privacy abuses has been resisted by only a few: whistleblowers like Garfinkel, underground groups like the Cypherpunks and -- in a most un-Orwellian turn -- by the federal government, which has passed legislation to slow the invasion.

There are a few problems with "Database Nation." At times Garfinkel seems to wander outside the implicit charter of the book. For instance, his extended taxonomy of surveillance techniques veers away from credibility and dangerously close to "X-Files" territory with accounts of thought-tapping and remote viewing experiments. At other times he seems to want to write a completely different book on spy technology, more appropriate for, say, Jane's Defense Weekly.

Garfinkel also has an annoying habit of creating shocking anecdotes of privacy abuse out of whole cloth, not telling the reader until afterward these horror stories only represent possible portraits of the future. He opens one chapter with an account of his e-mail correspondence with a person who turns out to be a program sucking data about his shopping habits and movie preferences -- then reveals that the scenario is make-believe. This sensationalist technique is more suited to National Enquirer than anything else, and serves to subtly undermine his audience's trust.

Overall, though, "Database Nation" is well worth the read. In the face of escalating corporate incursions onto our fundamental liberties, popular opposition is in alarmingly short supply; those determined to galvanize public indignation are performing a valuable service, and deserve to be heard.

By Thomas Scoville

Thomas Scoville is either an Information Age savant or an ex-Silicon Valley programmer with a bad attitude. He is the author of the Silicon Valley Tarot.

MORE FROM Thomas Scoville

Related Topics ------------------------------------------

Books Business Privacy