Harley Hahn's
Internet Insecurity


Chapter 7...

The Politics Of Privacy

The Rules

On December 14, 1990, the General Assembly of the United Nations adopted a resolution entitled "Guidelines for the Regulation of Computerized Personal Data Files". The intent of this resolution is to establish a set of minimum guarantees as to how information about people should be handled.

The idea is that each country is responsible for creating, and then enforcing, laws that embody the spirit and the details of the resolution. U.N. resolutions, of course, do not carry the force of law; they are suggestions. This particular resolution is well thought-out, and was obviously written to put the interests of people above the interests of corporations, government departments, and other organizations.

The declaration sets ten main rules for safeguarding personal data. For reference, I have included the entire text of the document in Appendix A, so you can read the official legal language if you want. For our purposes, I will summarize the main points in English.

The ten rules are as follows:

1. An organization that gathers information about you must do so in a way that is legal and fair.

2. The organization must check the data regularly to ensure that it is accurate, relevant and complete.

3. Information must only be compiled for legitimate purposes. The organization must tell you that it is gathering information about you and explain why. They must ensure that all data remains relevant to the specified purpose. Unless you have given permission, they may not disclose data to anyone else unless it is for the specified purpose. Moreover, they may not keep the data any longer than is necessary to fulfill the specified purpose.

4. You have the right to know whether someone is using information about you. If so, you should be able to examine the data in a form that is easy for you to understand. You should be able to do this quickly and inexpensively. If you find mistakes, you have the right to have them corrected at no cost to you. If the data is being transmitted to another party, you must be told the name of the party and how to contact them.

5. No one may compile personal information that would lead to illegal or arbitrary discrimination.

6. Exceptions to these rules are allowed, but only for very important reasons, such as maintaining national security, public order, public health or morality, or to protect the rights and freedoms of other people. However, exceptions can only be made according to law, and such laws must be specific, must limit the exceptions, and must require appropriate safeguards.

7. If an organization stores personal information about you, they must protect that data against loss or damage. This includes protecting the data against accidents, the actions of other people, computer viruses, unauthorized access and fraud.

8. Each country must designate an authority with the legal power to make sure these rules are followed. This authority must be impartial, independent and technically competent. By law, there must be appropriate penalties for not following the rules, and there must be a way for individuals who have been injured to seek redress.

9. Information should be allowed to flow freely across national boundaries, as long as all the countries concerned have appropriate safeguards.

10. These rules apply to all files containing personal data, whether they are public or private.

Jump to top of page

Privacy Policies

So where are we? Thanks to the United Nations, we have a wonderful declaration of how personal data should be respected and what rights an individual has regarding such data. We also have many people who are sensitive to privacy issues, and elected officials who have started to take notice. At the same time, we have many, many companies that want full control over any information they might have about you, so they can use it as they see fit. The last thing these companies want is to have to work under a system of strict privacy regulations.

So what do they do? They do what companies always do in such situations. They ignore, they stall, and they mislead.

If I were to describe a person who deals with unpleasant issues by ignoring, stalling and misleading, I am sure you would say that he has significant faults. You and I would not want to spend time with such a person. However, as I have discussed earlier, companies are not people and it is a mistake for us to think of them as if they were. When companies ignore, stall and mislead, they are not being evil; they are only acting according to their nature which, as you will see later in the chapter, is not human nature.

Why do they adopt such tactics? Because they work.

One way to see what I mean is to examine the privacy policies that companies post on their Web sites. A PRIVACY POLICY is a statement of how a company deals with issues related to personal information. Having a privacy policy allows companies to deflect criticism of their actions and, at the same time, to nullify in advance any legal action that might arise.

If you think I am being harsh, take a few moments to read the privacy policy of any company doing business on the Net. In most cases, you will find (1) the policy is carefully written in legal language in a way that you can't really be sure what it means, and (2) the policy is completely slanted in favor of the company. In other words, companies make sure their privacy policies are obtuse and one-sided.

Organizations with power use that power to protect themselves at the expense of others.

I'm sure you are not surprised. Organizations — and people — with power generally do their best to use that power to protect themselves at the expense of others. (If you have ever read a standard landlord/tenant contract, you know exactly what I mean.) Even when you are dealing with a company that is honorable and run well, this is still the case. Let me give you an example.

Charles Schwab & Company is a large financial services firm. I'm going to show you part of their privacy policy, but before I do, I want to tell you that, personally, I think a lot of the company. I have dealt with Schwab for several years, and in that time, I have always found the company to be well-managed and customer oriented. The people I have talked to have been, without exception, pleasant, knowledgeable and happy at their jobs. In other words, when it comes to customer service, in many ways Schwab is as good a company as you might find.

And yet, take a look at the following quote from their privacy policy:

"Schwab Alliances and Promotions

"When Schwab joins with another company to offer or provide products and services, both parties may cross-reference their databases to search for customers in common. This existing information may be used to help identify business alliance opportunities and to enhance the information already contained in the existing databases.

"Schwab on its own, or jointly with other organizations and Web sites, may offer contests, sweepstakes, and promotions. You may be asked to supply certain personal information to participate in these promotional events, which may then be used by the sponsoring parties for marketing purposes. Even if you have previously opted not to receive information or mailings about Schwab, you may still receive information about Schwab via these promotions if you choose to register for them. Rules and guidelines for each promotion will be clearly posted, as will notification about how the information gathered may be used. You may opt not to participate in these special promotions if you do not want to receive information about Schwab or share your information with all sponsoring parties."

Let's translate this into English. The first paragraph means: "Schwab may share personal data with other companies."

The second paragraph means: "If you supply Schwab with certain types of personal information they, along with any other company with whom they have made a deal, can target you for marketing, even against your wishes. Schwab will disclose their guidelines, but it is up to you to find them, read them, and figure out the details. It is also up to you to tell Schwab if you don't want them to share your personal data."

Does that look a bit one-sided to you? You betcha. And this is from a company that really cares about their customers and is doing well. (In 2000, Schwab had revenues of $5.79 billion and earned a profit of $718.1 million.)

Let's consider the privacy policy of another company, one that has not done as well, Amazon.com. (In 2000, Amazon had revenues of $2.76 billion and managed to lose $1.41 billion.)

On August 31, 2000, Amazon sent notice to its customers that it was unilaterally changing its privacy policy. In a press release, Amazon quoted its CEO, Jeff Bezos as follows:

"In revising our privacy policy, we tried to take into consideration not only our current activities but also those things we could imagine possibly happening in the future."

The press release was ominously silent in one particular area. It did not mention the nature of the changes. However, once the news was announced, people were quick to react. Why? Because Amazon's new privacy policy made it perfectly clear that, like other marketing companies, they will do whatever they need to do with personal data in order to make money.

The new policy begins nicely enough:

"Amazon.com knows that you care how information about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly." (Remember what companies do: they ignore, stall and mislead.)

Later in the policy, Amazon says:

"For reasons such as improving personalization of our service (for example, providing better product recommendations or special offers that we think will interest you), we might receive information about you from other sources and add it to our account information. We also sometimes receive updated delivery and address information from our shippers or other sources so that we can correct our records and deliver your next purchase or communication more easily."

Translation: Amazon obtains personal information about their customers from other companies, and integrates such information into their own databases.

Let's take a look at a few other quotes:

"Information about our customers is an important part of our business, and we are not in the business of selling it to others..."

"We work closely with our affiliated businesses... In some cases, these businesses operate stores at Amazon.com... In other cases, we operate stores, provide services, or sell product lines jointly with these businesses... we share customer information related to those transactions..."

"Sometimes we send offers to selected groups of Amazon.com customers on behalf of other businesses..."

"As we continue to develop our business, we might sell or buy stores or assets. In such transactions, customer information generally is one of the transferred business assets. Also, in the unlikely event that Amazon.com, Inc., or substantially all of its assets are acquired, customer information will of course be one of the transferred assets..."

(Note how they use "of course".)

A lot of people were unhappy with Amazon's new privacy policy. One of the main complaints was that they broke their original promises. In an earlier version of the privacy policy, Amazon promised:

"We respect your personal privacy. We do not now sell or rent our list of customers to anyone. In fact, the Electronic Privacy Information Center cites the quality of our concern with customer privacy as one of the reasons they became an Amazon.com Associate. If you would like to make sure we never sell or rent information about you to third parties, just send an e-mail message to never@amazon.com."

This promise completely vanished in the new policy (along with the special email address).

What about the people who had previously sent personal data to the company, thinking that their data would never be shared? Some customers who were unhappy with the new policy wrote Amazon asking to be taken out of the database. They were ignored. When it was in their interests to do so, Amazon changed the rules, and then refused to delete the personal data for old customers who wished to opt out of the new system.

Just for fun, as I was working on this chapter, I sent a message to never@amazon.com address. Within seconds, I got back a reply from the Amazon mail server:

I'm sorry to have to inform you that the message
returned below could not be delivered to one or
more destinations.
: unknown user: "never"

Now, take another look at the quote above. Do you see the reference to the Electronic Privacy Information Center or EPIC? EPIC is a Washington, D.C.-based public interest research center concerned with civil liberties and privacy. At one time, Amazon was proud that a well-known privacy organization had chosen to deal with them. Two weeks after Amazon released their new policy, EPIC issued their own press release.

"The Electronic Privacy Information Center (EPIC) announced today that it would end its relationship with Amazon.com, the Internet's largest bookseller and one of the most closely watched companies in the online economy. EPIC had previously sold its publications and the publications of others in association with the Seattle-based retailer.

"In a letter to EPIC subscribers, Executive Director Marc Rotenberg cited the recent change in Amazon's privacy policy as the reason for the organization's decision. 'Because Amazon announced that it could no longer guarantee that it would not disclose customer information to third parties, and in the absence of legal or technical means to assure privacy for Amazon customers, we have decided that we can no longer continue our relationship with Amazon'..."

Since its founding in July 1995, Amazon has never made a profit. As you might imagine, their stock price eventually reflected their continued lack of earnings. In December of 1999, Amazon stock sold at $105/share. By February 2001, it was selling at $13/share.

If you are like me, you are probably worried about Jeff Bezos, the Amazon CEO I quoted above. "How," you ask yourself, "will Mr. Bezos manage to make ends meet? Should I be sending him a couple of bucks to help him through a tough time?" Not to worry. In spite of the fact that Amazon lost $1.41 billion in 2000, Mr. Bezos managed — on May 12 of that year — to sell 368,650 shares at $54.24/share, netting him a cool $19,995,576.

Still, a million dollars isn't what it used to be, and $19,995,576 won't last forever. But there's no need to fret. As of February 2001, Bezos had another 117,077,631 shares tucked away under the mattress. Even at the bargain basement price of $13/share, his holdings are worth $1,522,009,203.

I chose these two examples — Schwab and Amazon — to illustrate a point. When a company is doing well (as Schwab is) they treat their customers well. As a company does more and more poorly (like Amazon), they begin to cast about for any way they can make money. At that time, their customers' needs for privacy become less important than the need to generate income, and old promises fall by the wayside.

Personally, I am pleased in my dealings with Schwab, and I have no complaints whatsoever. However, I have no illusions that, if times got rough, Schwab, like Amazon and many other companies, would do what they had to do to squeeze out more money, even if it meant selling personal information. Take a closer look at the quote from the Schwab privacy policy, and you can see that they are already preparing for that day.

In Chapter 1, I explained that when an Internet company gets too large, it starts to collapse from its own weight, and what follows is an intense pressure to generate profits. Since it is the Internet companies that hold a great deal of personal information about us, it is prudent to have real concerns about what will happen to that data when the company nears the end of its lifespan.

Jump to top of page

How to Think About Privacy Policies

Earlier in the chapter, I discussed a United Nations resolution that addressed privacy concerns related to personal data. This resolution requires organizations to ensure that any personal data they gather about you must be relevant to a specified purpose, and the data may not be kept longer than is necessary to fulfill that purpose. Moreover, unless you give permission, the organization may not disclose data to anyone else for a different purpose.

The basic idea seems so simple. When we buy or sell something on the Net, the data should be used only for the purpose for which it was intended: to complete the transaction. Yet most companies will never adhere to such a practice unless they are forced to. To them, personal data is an asset, something to be bought and sold in order to make a profit.

So what about the privacy policies you see all over the Web? Should you feel comfortable just because a corporation is willing to tell you their policy?

They want you to think so. Companies, especially computer and Internet companies put a lot of energy into public relations to convince the public that, if a company has a privacy policy, everything is hunky-dory.

The reality is that privacy policies are smokescreens designed to forestall criticism and to keep the government from regulating Internet commerce. Providing such a policy on a Web site is seen as a way for a company to lower its exposure to lawsuits, even when the policy is obscure and one-sided. No matter what anyone says, privacy policies are worth nothing. They are designed to sidetrack you from the real issues.

Similarly, don't be fooled when large companies join a privacy organization or subscribe to a third-party monitoring service to certify them in some way. It means nothing. The minute a company wants to change its mind, it simply rewrites its policy, and there is nothing anyone can do about it.

This can happen for many reasons. A company may need money, or it may go bankrupt and have to liquidate its assets, or it may be bought by another company with a different policy, or it may be as simple as a new CEO changing how the company does business.

In the world of business, a company that wants to change the rules will change the rules, as long as they think they can get away with it. When this happens, everything they promised you is history, and before you can say "potential cross-selling opportunities" and "strategic marketing alliance", your personal data is personal no more.

Jump to top of page

Why ID Numbers Are Important

We have talked a lot about personal information, but we haven't talked much about how it is stored. On a computer, an organized collection of information is called a DATABASE. Within a database, information must be stored in such a way that it is easy to retrieve specific data as it is needed. In particular, a database holding personal information must be designed to make it easy to retrieve data relating to a specific person.

The easiest way to design such a system is to have it use a number that uniquely identifies each person. For example, on your driver's license, you will see an ID number. No one else in your state (or province or country) has that exact same number. This is no accident. Within the driver's license database, this number is used to identify you and only you.

As you know, there is information about you in many different databases. Some of these databases are maintained by government departments; others are maintained by companies. Information about you is put in some database or another every time you apply for any type of license or government benefit, file a tax return, use a credit card, perform a banking transaction, buy something over the phone or over the Internet, subscribe to a magazine, and so on.

You see how it would be handy if the information in various databases could be combined and manipulated. Consider the following example.

John Smith is a father who is required to pay child support but refuses to do so. John's name is in a database kept by the government department whose job it is to enforce such obligations. However, if John refuses to pay, what can they do? By themselves, not much. It's too hard to keep track of John and what he is doing.

However, one day John applies for a job. By law, he must furnish his employer with an ID number for tax purposes. The employer sends that number to the tax department, which passes the information on to the child support department.

A computer at the child support department searches for John's ID number in their database and finds his record. It then sends the employer a legal notice telling him to deduct money from every one of John's paychecks and send it to the child support department. They then send the money to John's family, and everyone (except John) lives happily ever after.

But there's more. It happens that John has two children and, on his income tax, he claims them both as dependents in order to get a deduction. At the same time, his ex-wife also claims them as dependents. When John and his wife file their tax returns, they are required to list the ID numbers of all their dependents. This allows the tax department computer to cross-check and discover that two people are trying to claim deductions for the same kids (which is illegal). As a consequence, John's deductions are disallowed.

And there's even more. It happens that John's ex-wife is no bargain either. Even though she is finally receiving money from John's paycheck and she has a job of her own, she tries to apply for government welfare assistance. When she does, she is required to specify her own ID number on the application. The welfare department's computer makes a quick check with the tax department's computer, which finds a record of her employment. Because people with a job are not entitled to welfare, Mrs. John's application is denied.

So, in this example, the fact that John, Mrs. John, and the two kids all have standard ID numbers has enabled the government to (1) force John to pay child support, (2) disallow illegal tax deductions, and (3) catch an unlawful welfare application.

Now, let's consider another example, that of John's sister Clarissa.

Clarissa has always been a good person. She and her husband Adolfo work hard, make a good living, and pay all their taxes. Last month, for Adolfo's 35th birthday, Clarissa bought Adolfo a plastic duck from a company on the Internet. (Adolfo is a duck hunter.)

The company from which Clarissa ordered the duck used the information she provided to check with a credit bureau. The credit bureau sent back a report, which contained a lot of information about Clarissa, including her ID number. The plastic duck company sold this data (including her email address and the fact that Clarissa buys duck merchandise) to a magazine service. Using Clarissa's ID number, the magazine service checked their database and found that Clarissa had already subscribed to several magazines. They then sent her email asking if she wanted to subscribe to one more publication, the Duck Fancier's Gazette. Clarissa loved the idea, and she immediately ordered a subscription for Adolfo.

As this example shows, companies as well as governments can use people's ID numbers to keep track of personal information. In this case, the magazine company was able to determine that Clarissa was the type of person who subscribed to magazines and bought duck merchandise. This enabled them to offer her a subscription to a specific magazine that was of interest to her.

So far, so good. By using the same ID numbers for government and consumer transactions, the computerized databases were able to correlate information so as to make our world a finer, more enjoyable place in which to live.

But let's fast forward three months.

John, realizing that he has been caught, quits his job and gets another one. However, this time, he gives his employer a false ID number, the number of his brother-in-law Adolfo.

The wheels of government turn quickly, and within a week, Adolfo's employer receives a notice that Adolfo is a deadbeat dad. The employer is told to withhold a portion of Adolfo's pay and send it to the child support department. Unfortunately, this happens at a time when Adolfo is up for an important promotion at a job that requires handling of sensitive data.

At the same time, since Adolfo is now considered to be a deadbeat dad, his ID number is sent to various other government departments, who start checking information in their databases. He gets a notice from the tax department, with a copy sent to his employer, telling him that he owes penalties for unlawful deductions. If he doesn't send a payment immediately, they will take steps to deduct money from his wages.

On the home front, the magazine service that sold the subscription to Clarissa has resold all her personal information to the Fly-By-Night Marketing Company. Within a week, her name, ID number, email address, street address, phone number, and credit rating is sold and resold to dozens of companies. One evening, after she arrives home from work, she checks her personal email (Clarissa would never check personal mail at work) only to find her inbox filled with 86 pieces of spam, 56 of which are selling pornography.

(Would you like to hear how the story ends? It gets even worse. Adolfo sees a carefully crafted marketing message on Clarissa's computer that looks as if it has come from a secret lover, and he wrongly accuses her of using the Net to have an affair. She denies it and they have a big fight, ending with Adolfo spending the night on the couch. In the morning, he wakes up with a terrible backache, so he decides to go to the chiropractor. On the way to the chiropractor's office, he gets into a serious car accident because he can't turn around while he is backing up next to a parking space. Adolfo undergoes emergency surgery and spends two weeks in the hospital. When he finally comes home, he finds that Clarissa has gone to live with her mother, his boss has left a phone message informing him that he has been fired, and his car insurance company has sent him a letter canceling his insurance.

As for Clarissa, she is now getting so much spam, that she is forced to change her personal email address. Adolfo tries to send her a message to see if they can get back together, but he is unable to do so because he does not have her new address.)

Jump to top of page

U.S. Social Security Numbers

Clearly, there are both advantages and disadvantages to living in a computerized society in which everyone has a unique ID number. However, it looks as if we will not get much of a choice. There is a slow, inexorable trend toward creating such numbers on a national level. Moreover, the European Union is (at the time I am writing) considering a system that would assign a unique international ID number to every citizen throughout the union.

With respect to privacy, there are obvious drawbacks to forcing everyone to participate in such a system. However, there are a great many people and organizations who are against such ID systems and do not hesitate to make their opinions known. How is it, then, that national (and international) ID systems seem so inevitable?

The answer is that the only organizations powerful enough to control such a system are national governments and, unfortunately, it is the governments who are responsible for building up such systems, one step at a time.

Right now (as I write this) over 100 countries have some type of official, compulsory national ID card. This is true of most of the countries in the European Union, including Germany, France, Belgium, Greece, Luxembourg, Portugal and Spain.

In countries that do not have an official system, there is usually a de facto national ID number, often the one used for health care or social security. For example, the United States uses the Social Security Number, Canada uses their Social Insurance Number, and Australia the Medicare Card number.

When it comes to national ID numbers, governments demonstrate a contradictory approach. On the one hand, they act as if they are aware of the pitfalls, and they make a big show out of studying the problem and recommending significant safeguards. On the other hand, they continually approve new ways for various government agencies to use such national ID numbers as exists in the country. To show you what I mean, let's take a look at the history of the United States Social Security number.

The U.S. Social Security system was established in 1935. In 1936, the Treasury Department issued a regulation (called Treasury Decision 4704) which mandated that every person who was covered by Social Security should be issued an account number. Within a year, the first applications for Social Security Numbers (SSNs) were processed.

In 1943, a rule was established that, whenever a federal agency found it necessary to set up an ID system to track individuals, they should use the SSN. At the same time, the Social Security Board was instructed to cooperate with other agencies with respect to issuing and verifying such numbers.

Skip forward about twenty years. In 1961, the SSN was adopted as the official ID number for all federal government employees. A year later, the Internal Revenue Service declared the SSN to be the official taxpayer ID number. In 1965, Medicare was started, which required a SSN from each person enrolled in the program. In 1966, the Veterans Administration began to use the SSN for all their patients, and in 1967 the Department of Defense decided that the SSN would replace the existing military service number for everyone in the armed services.

At the same time, the government started to push the private sector toward a universal ID. For example, in 1970, they began to require financial institutions — such as banks, savings and loans, credit unions, brokers — to obtain the SSN of all their customers.

The slow encroachment of the SSN as a national ID number did not go unnoticed. While one part of government was pushing it down the collective throats of its citizens and businesses, other branches of the same government were warning of the dangers to privacy.

By the early 1970s, the Social Security Administration (SSA) found themselves in the national ID business, something that was way beyond their original charter. They formed a task force to study the problem, and in 1971, the task force came to the conclusion that the SSA should not promote the SSN as a universal identifier. They counseled the SSA to be "cautious and conservative". At the same time, in a fit of enthusiastic contradiction, the same committee recommended that all school children should be given numbers (to tighten up the system). Moreover, they said, the SSA should cooperate with state, local and non-profit organizations to help them use the SSN to promote health- and education-related goals.

The school recommendation was adopted by the government. Starting in 1972, children would be assigned a SSN as they entered the school system. In addition, a SSN was now required of anyone receiving any benefit provided by the federal government.

Throughout this time, the U.S. Congress was mostly silent, but in 1974, they spoke up by passing the so-called Privacy Act. A year before, a special committee reported to the Secretary of Health, Education and Welfare (who oversees the SSA) that it was a bad idea for the country to adopt a universal ID system. Moreover (said the committee), even if the country wanted such a system, using the SSN would not be adequate.

Thus, the Privacy Act was passed to limit governmental use of the SSN. From now on, no state or local agency could withhold any benefit from someone if he or she refused to give out their SSN. The next year, Congress passed a law making it mandatory for anyone who wanted welfare benefits to disclose their SSN.

Since then, the history of the SSN has been the same. The federal government will pass a law or make a recommendation restricting the use of the SSN in order to safeguard people's privacy. Then, they turn around and pass another law mandating the use of the SSN for yet one more purpose.

In the last 25 years, the SSN has, by law, come into use as an aid to locating parents who owe child support; a mandatory ID for paying state taxes and applying for driver's licenses; a universal federal tax ID number; a requirement for families participating in the food stamp program and school lunch programs; an identifier for people applying for federal loans or any interest-bearing accounts; a way to report alimony payments; a tool to check eligibility of prospective employees; a way to keep track of students applying for a student loan; and on and on.

If you are American, the law requires you to get a SSN when you are born, and to use it when you go to school, get married, get divorced, get a job, pay taxes and die. (It must be on your death certificate.) Today, government agencies at all levels routinely use SSNs to correlate personal information from a variety of databases in order to find tax cheats, catch law breakers and disqualify people who are ineligible for government programs.

In the more than 65 years since the first SSN was issued, all that has happened is that the United States government has put a great deal of effort into developing a national ID system while denying that they were doing so. As a result, social security numbers are used — by government and business alike — to track people's activities and control their lives to an enormous degree. However, because of the constant denial and political posturing, American citizens are deprived of the safeguards and limitations that would have been put into place if a national ID system had been implemented openly and wisely.

Jump to top of page

Should We Be Worried?

Ten years ago, a person who was reluctant to give out his or her Social Security Number (or any ID number, for that matter) was looked upon as a privacy nut. Today, we understand such people. They are not only tolerated, in many quarters they are venerated. We have seen what happens when too many computers have too much information about us, and we can't do anything about it.

Not only do companies run amuck when it comes to buying, selling and using our personal data, but when we want to talk to them about controlling the information, they go to great lengths to make themselves as inaccessible as possible.

I'm going to tell you about an experience I had, and you tell me if it sounds familiar.

I hate getting junk mail, so when I discovered an advertisement for a chain of clothing stores in my mailbox, I decided to call the company to get my address taken off their mailing list. (The advertisement was actually sent to another person who used to have the same address.)

I started with the company's Web site and discovered it was carefully crafted to provide no clue whatsoever as to how to contact the company. There was no postal address, no phone number, no hint as to if they were even located on Planet Earth. So I called one of the stores and the Person Who Answered The Phone gave me a toll-free number.

I called the number to find only an automated voice mail menu. None of the choices were helpful, customer service only had voice mail, and there was no way to reach a live operator. So I called the store again and got the PWATP. She had absolutely no clue as to how to contact the mother company (the company that owns the store she works in). I asked her, "Where is the headquarters?" and she was able to tell me the name of the city in which the chain had their corporate offices.

I then used a find-a-telephone-number Web site to look up the phone numbers of stores that this company might have in that city. I called one of them. Because they were in the same city as the corporate headquarters, the PWATP was able to tell me what street the company's offices were on. Back to the Web, and armed with the street address, it was the work of a moment for me to look up the main office phone number.

I called and, by making the right phone menu choices, was able to talk to a snarky receptionist. I asked her who could take my address off their mailing list. She said, "I'll transfer you to someone in public relations." "Fine," I said. "Can you please tell me the extension in case I need to call back?" "That line is answered by a person," she said, "so for privacy reasons, I am not allowed to give you that number. I can only transfer you."

"Do you mean," I asked "that your company is willing to put my address in a database, send me unsolicited junk mail, sell my address to other companies without my permission, do everything possible to make it difficult for me to have my address removed from the database, and, for privacy reasons, you won't tell me the extension of someone who works in your building?"

The irony was lost on her. "Do you want me to transfer you or not?"

So she transferred me to someone in the human resources department (not public relations). I explained what I was looking for. "I can't help you," said the woman, "I'm in human resources, but I can transfer you to an assistant in the marketing department." By this time, I would have settled for the guy who empties the trash.

So she transferred me and, according to another voice message, the assistant was out of town for a few days. "But if you need help while I am gone," said the recording, "please call my manager Kathy unintelligible-name at extension 4722."

At extension 4722, I once again got voice mail. "This is Kathy unintelligible-name. I am either on the phone or away from my desk. Please leave a message, and I'll get back to you as soon as I can."

(Now, tell me the truth. Aren't you sick of hearing unimaginative people tell you that they are either on the phone or away from their desks? I am sure there was a time, say, for about five minutes in 1971, when such a message was not an irritating cliché. But in an age in which there is now an entire generation of people who have grown up with answering machines and voice mail, why do we still have to listen to such moronic statements?)

At this point, I knew better than to leave a message, so I decided to call back at intervals. Finally, two days later, Kathy unintelligible-name answered the phone. "I'll be glad to remove your address from our database," she said in a voice that was sweeter than honeydew-flavored nectar.

So Kathy, when I finally was able to talk to her, was sweet. Her manner was friendly and cooperative, as if to say, why didn't you just call me in the first place?

What is the problem here? Is this company disorganized? Not at all. They are exquisitely organized in a way that makes sense to them. It's just that being responsible about personal data and how they use it is not one of their priorities.

Why should it be? There are no major rules for them to follow, and — at least in the U.S. — there is no government department to watch how they use personal data. So what is the solution?

Jump to top of page

What Privacy Commissioner Slane Has to Say

How can the privacy rights of the individual be protected in an environment controlled by big government and big business?

One solution, chosen by various countries around the world, is to appoint a special official called a privacy commissioner, to represent the interests of the people. In most cases, a privacy commissioner is a government official with an extraordinary degree of independence. His or her job is to go to the mat with both government and business organizations in order to serve the needs of the individual.

Some of the countries and other jurisdictions that have special privacy agencies are Australia (as well as New South Wales), Belgium, Canada (as well as Alberta, British Columbia and Ontario), Denmark, Finland, France, Germany (as well as Berlin, Brandenburg and Hamburg), Greece, Hong Kong, Hungary, Netherlands, New Zealand, Norway, Portugal, Spain, Sweden, Switzerland and the United Kingdom (as well as the Isle of Man). In addition, the European Union has its own privacy commissioner.

(The United States does not have a privacy commissioner or any comparable office. Hawaii does have a state agency called the Office of Information Practices. However, their main job is to oversee Hawaii's Uniform Information Practices Act, a law that details how state records are to be open to public access.)

To get an idea of how a privacy commissioner thinks about the world, I interviewed Bruce Slane, the peripatetic privacy commissioner for New Zealand (which also gave me the opportunity to use the word "peripatetic" in a book). Slane was appointed by the New Zealand government. However, he emphasizes that his office is an independent entity, not part of the government.

To start, we discussed the basic question:

What exactly is privacy?

"Privacy [explained Slane] is the right to control who has the right to information. Privacy is not the same as secrecy. Secrecy is withholding information from everyone. If you tell something to someone, it's no longer a secret but it could still be private."

Why do people want privacy?

"Having privacy gives people a feeling of autonomy. To me, privacy is a mark of Western civilization. My colleague in Hong Kong, [Privacy Commissioner] Steven Lau tells me that there is no Chinese word for privacy, and that he had a difficult job creating a privacy culture within his society.

"Some people are more comfortable with authority and will accept, without questioning it, that big business can have information about them. However, even people like this will have their limits.

"This is especially true for people at the bottom of the heap, who feel so vulnerable that other people have personal information about them. This creates a feeling of powerlessness, a feeling that the other people mostly use this information against them and not for them."

Do people have a fundamental human right to privacy?

"The European Convention on Human Rights and Fundamental Freedoms [ratified in 1953] describes a right to a private life. It's not an unqualified right, because it sometimes conflicts with other rights.

"In New Zealand, the 1993 Privacy Act [which established the office of Privacy Commissioner] says that agencies may, within reason, set their own purposes for collecting, holding, using, and disclosing personal information. But an agency must be open about these purposes. If they collect information from someone, they must tell that person why it is being collected and what it will be used for. They must also tell the individual if the information is to be disclosed to anyone else.

"The Act does not create a right of privacy. Nor is its recognition of privacy interests absolute. It is my opinion, however, that privacy is the mark of a civilized nation. The more a country advances, the more people value their information privacy."

How much do people care about privacy?

"It depends on what you are talking about. There's a lot of concern, for example, about medical privacy. If people lose privacy, they will lament it and they will always care. Still, privacy values vary. For example, in Sweden, anyone can inspect anyone else's tax return.

"Some people understand that everyone does not have the same privacy values. Other people have trouble accepting the fact that everyone else does not share the exact same opinions as they do."

The basic privacy issue has to do with control.

What is the basic privacy issue?

"It has to do with control, who your information is made available to. For instance, you may allow your information to go to some people or organizations, but not to others."

We all know that information is worth money. Does an individual have any right to the value of his personal information?

"No. I shy away from the idea of ownership. If you get some information and then add to it, who owns it?"

Do children have privacy rights?

"In New Zealand, the law is delightfully vague. In general, children have the same rights as adults."

You are one of many privacy commissioners around the world. Is there much international cooperation?

"Yes. Privacy commissioners and data protection commissioners around the world have been having meetings since the 1970s. The movement started in Europe. Today, there are 35-40 countries that have privacy commissioners, and there is a lot of cooperation and exchange of information.

"In the European Union there is a directive for the transfer of data. You can't transfer personal data to a country that does not offer adequate protection. However, in the U.S., lobby groups have been adamantly opposed to creating a privacy advisory organization."

U.S. business groups would rather have self-regulation?

"That's right. But self-regulation for privacy has never worked in the United States, because it has never offered a remedy for people who have been harmed. Europe is used to having detailed consumer laws, while the United States is not used to them at all. Both sides have myths about one another's cultures."

Are the issues of privacy actually issues of conflict between individuals and organizations?

"The conflict is not nearly as great as some U.S. businesses have made it out to be. Well-designed information laws actually enhance the efficiency of the market, because they require an openness with respect to collection and usage of information. This allows the consumer to act in a more rational way and, hence, the market is more efficient."

So better informed consumers make for a better marketplace?

"Yes. Companies — indeed all organizations — have a natural tendency to want to become secretive. They claim it is for competitive reasons, but very often it is overdone due to cultural influences. 'This is our secret plan and the opposition shouldn't know about it.'

"Trying to use technological solutions to solve personal problems is not very satisfactory. Privacy rights enhance accountability, because they give you the right to access your own information. Openness in disclosing your privacy, openness in corporate privacy policies, and openness in allowing people to access their own information and make corrections lead to better operation of the capitalist market."

In January 1999, Scott McNealy, the chief executive officer of Sun Microsystems publicly said that consumer privacy issues are a 'red herring'. He was quoted as saying "You have zero privacy anyway. Get over it." What do you think of such a statement?

"Such people may be more influential than other people, but their opinions are not necessarily more worthwhile.

"People like this are driven by their corporate purpose, not by their personal preferences. It's quite funny. Such a person will make this type of comment at work, but then he'll go home and want privacy regarding his own financial information."

What would you like everyone to understand about privacy rights in the twenty-first century?

"In a speech I gave in 1997, I observed that the use and capacity of computers enables the manipulation of vast quantities of information quickly and economically. The privacy problems this creates are not new problems. What we have are new applications of existing privacy issues.

"In general, you have a right to see any information someone has about you. However, this right must be balanced, especially with respect to the privacy of other people.

"I mentioned earlier that people will always care about privacy, and if they lose it they will lament it. What I want people to understand is that preserving privacy is like protecting the environment. There will be constant efforts to chip away at it, and once it is gone you can't get it back."

One final question. Does New Zealand have unlisted phone numbers?

"Yes. In New Zealand, you have three choices. You can be listed in the public directory; you can be unlisted but have your number given out if someone asks for it [directory assistance]; or your can specify that you want your number to be completely confidential."

Does it cost money to have your phone number be completely confidential?

"Of course not."

Jump to top of page

Why We Need Regulation

Our world is one of instant communication and computerized databases, run by enormous corporations whose power is beyond the comprehension of ordinary human beings. We live in an environment in which we are continually affected by forces we can barely comprehend, let alone control.

Yet, if we are to improve our lives and our destiny, it is these very forces that we need to understand. As odd as it may seem, we must start with ourselves, because the forces that buffet us from without — the large organizations and the bureaucratic governments that seem so impervious to individual control — are in many ways a manifestation of our internal qualities as human beings. Let me explain.

One of the great insights of Sigmund Freud was to realize that our minds consist of both conscious and unconscious elements, and that much of our mental activity takes place under the surface, inaccessible to our awareness. In his investigations, Freud discovered that the unconscious mind is not a deep, peaceful sea of tranquillity. Rather, it is a place of everlasting turmoil, in which primeval urges continually fight forces of repression in an attempt to express themselves through action and emotion.

Eventually, Freud developed a powerful metaphor to describe these forces and their qualities. He described the human psyche as consisting of three interacting components: the ego, the id and the superego. I'm going to take a moment to explain these components because, as you will see, the ideas will come in handy as we move toward an understanding of the forces that control our society. (Remember, though, this is just a metaphor, so don't have a cow.)

The ego is what we think of as the "self", a mostly conscious entity which embodies our awareness of being distinct from other people and from the rest of the world. It is the ego that is in touch with the outside world and which has immediate control over our thoughts and our behavior.

The id is the seat of primitive, instinctual impulses and animalistic urges, and is completely unconscious. Although it is not directly accessible to us — that is, to our ego — the id serves as the source of our most personal demands. Most important, it is a defining quality of the id that, if unopposed, it will do its best to force the ego into actions that will attempt to satisfy its immediate desires.

The superego is the part of our psyche that censors and restrains the ego. It is the superego that allows us to live together and (except for certain parts of Los Angeles) to act as civilized human beings. The superego is mostly unconscious and is formed from the internalization of the moral standards of our society and our parents.

On a personal level, we are continually engaged in an eternal struggle between the ego and the id. To influence this struggle, we put effort into developing and using our superego. It is this effort that drives our lifelong process of maturation. This is why adults are better able to control themselves and act with more wisdom than children. (This is also why children have more fun than adults.)

On a larger level, we structure our society more or less along the same lines. Society is formed by the interplay of groups, not individuals, and it is in the nature of most groups to act mindlessly, without wisdom or conscience. For this reason, we create special organizations, vested with influence and power, in order to govern, advise, and police us.

If we consider society to be a single, large social organism and we look inside that entity, we will find forces that are analogous to the ego, the id and the superego. In particular, we will find that our collective awareness acts as the ego, the world of business acts as the id, and our governments take on the role of superego.

Obviously, we are traveling through the Land of Metaphor without a map, so we shouldn't get too carried away. However, I do want you to appreciate that the many business organizations we create and maintain act without wisdom and without conscience. Their principle goal is to survive and grow and, to do so, they strive to earn ever-increasing amounts of money and acquire ever-increasing amounts of power. In the aggregate, companies are large and powerful, and it takes a large and powerful force to keep them in line. That force is government.

It is only the forces of government — and inter-business competition — that hold back this otherwise unbridled lust for self-indulgence. If you think I am exaggerating, take a look at the business section of any newspaper. Once you know what you are looking for, it is easy to recognize the thrust and parry of everyday business activity for what it is. Believe me, it's not subtle. Just like the id that lies inside each and every one of us, the businesses of our world take advantage of every opportunity to get what they want.

Don't get me wrong. I am not saying that corporations are evil. Quite the contrary. It is the world of business and our free marketplace that gives us such a high standard of living and provides us with so much material comfort. Moreover, most of us work for companies and, as such, they provide us with employment, salary and benefits.

My point is that companies are powerful and their interests are not the same as ours. Once we recognize this, we can understand that when corporations invade our privacy in order to increase their profits, they are only acting according to their nature. However, mere understanding is not enough. We must also take action to ensure that the world unfolds in a way that is in our best interests.

In the case of privacy, this means establishing organs of government that are independent, reliable and controllable, and putting them to work as our privacy advocates, something we cannot do as individuals. That is why we need government privacy agencies as well as privacy commissioners.

In the last section, I described a conversation I had with Bruce Slane, the New Zealand Privacy Commissioner. During our conversation, Slane made an interesting comment. "People have a sense," he told me, "that there is a problem that needs to be solved by government."

Certainly, when it comes to protecting our privacy, a lot of people feel that way. Many countries — as well as the European Union — have their own privacy commissioners, as do some states and cities. However, the United States has still not extended this level of protection to its citizens.

In Chapter 6, we discussed American history and how the country was born out of revolution. I explained why Americans developed a tradition of individualism and, at the same time, a suspicion of government restrictions, especially with respect to personal freedom.

Since the American Revolution, however, conditions have changed enormously. As you consider these issues, I urge you to do your best not to be fooled by the machinations of business (companies do not want to be regulated) or the internal shortsightedness of your culture. Although we often sneer at politics and politicians, let us remember how important they are. As imperfect as politics may be, it is, ultimately, the art of compromise, our way of allotting scarce resources, planning for the common good, and governing ourselves in a civilized manner. (It is no accident that this chapter is entitled "The Politics of Privacy", rather than the "Business of Privacy" or the "Technology of Privacy".)

Have you ever seen the classic 1965 science fiction movie Forbidden Planet? Toward the end of the film, Commander John J. Adams (a young Leslie Nielsen) is arguing with Dr. Edward Morbius (Walter Pidgeon). Adams is explaining that it was Morbius who had inadvertently been the cause of several great disasters. An alien machine with limitless power had connected to Morbius's mind and had brought to life the unchecked and selfish desires of Morbius's id.

Morbius refuses to accept the truth, and as he and Adams wrestle in front of the machine, he cries out, "I am not a monster."

Adams, however, is not one for self-deception. He realizes the truth and he well understands the fallibility of human beings.

"We are all monsters in our subconscious," he responds. "That's why we have laws and religion."

Jump to top of page