O'Reilly logo

Database Nation by Simson Garfinkel

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Turning Back the Information tide

Faster machines, bigger hard disks, and intelligent database systems are all ultimately big threats to privacy. While the ability of computers to store information is increasing at something between 60% and 70% per year, the world's population is only increasing at 1.6%. All things being equal, over time, an increasing percentage of our daily activities will be captured by the world's datasphere.

So what's the answer? Are we facing a future in which all of our lives need to be read like an open book, in which all of our secrets are kept inside glass file cabinets? Will we be increasingly monitored by our neighbors, our family, and even our machines, until we are all living inside a transparent society? Perhaps. But we do have a choice. We cannot turn back the clock, but we can build a world in which sensitive data is respected and kept private.

Take the case of Judge Bork. The journalist who pulled Bork's video rental records triggered a series of hearings on Capitol Hill. Cynics said that the senators and congressmen were worried that their own video records might suddenly become fair game—and that the legislators, unlike Bork, had something to hide. But whatever their reason, the hearings revealed that the Bork incident was far from isolated. "Various examples of demands for video transactional records were mentioned [in the hearings], including an attempt to use video tape records to show that a spouse was an unfit parent, and a defendant in a child molestation case who wanted to show that the child's accusations were based on movies viewed at home," reported the Department of Commerce.[19]

Those hearings weren't idle chat. Before the end of that legislative session, Congress passed and President Bush signed the Video Privacy Protection Act of 1988 (18 USC 2710). Under the law, "A video tape service provider who knowingly discloses, to any person, personally identifiable information concerning any consumer" who rents or purchases a videotape is liable for civil action consisting of statutory actual damages of $2,500, punitive damages, reasonable attorney's fees, and any other relief that the court may deem appropriate. By forbidding your local video store from giving out the titles of the movies you rent (without a court order, that is), the act took video rental records off the table. And by defining statutory damages, Congress eliminated a problem that plagues many privacy suits: the need to prove real damages. Furthermore, by allowing an aggrieved individual to sue for reasonable attorney's fees and other litigation costs, Congress assured that lawyers would be willing to take such cases on a contingency basis.

In many ways, the 1988 law didn't go far enough—it permits video stores to maintain rental records after tapes are returned, rather than requiring that the records be destroyed. The law also allows video rental companies to distill individual rental records into aggregate information, which could then be used as the basis of privacy violations. Nevertheless, the Video Privacy Protection Act has been stunningly effective. Violations of the law are extremely rare. Americans know that they can rent whatever videos they wish and not be forced to answer to anybody.

The Video Privacy Protection Act proves what many privacy advocates have been saying since the 1960s: the free market and voluntary privacy standards are frequently not sufficient to protect consumer privacy. An editorial that appeared in USA Today put it this way: "While voluntary compliance might be preferable in an ideal world, it's not likely to work in the real world. The reality is that the absence of government prodding has resulted in too many companies doing too little to protect consumers' privacy rights."[20]

Many businesses collect large amounts of personal information in the course of day-to-day operations. But just because the data has been collected, it doesn't follow that the business has the right to make it publicly available, sell it on the open market, or use it for marketing. Data can be taken off the table. Strong privacy laws give businesses the incentive to do so.

An equally valid way to protect privacy is to prevent the accumulation of personal information in the first place. For example, instead of building an Electronic Toll Collection system that keeps account balances and toll-crossing information in a central database, it's possible to build anonymous toll-collection systems. These systems are based on smart cards and use a form of digital cash for the toll payments. The smart card in these systems can be programmed to keep a record of each toll crossing, for the driver's own use, or they can be programmed to throw this information away. Distributed smart card systems can be cheaper to build and operate than those based on massive centralized computers. Unfortunately, they are less popular—apparently because the technology is more difficult to explain to decision makers.

Overall, an informed and organized citizenry rarely fails to push through strong privacy measures. Consider Hong Kong: in the mid- 1980s, Hong Kong's colonial government built a sophisticated system for electronic road pricing. Shortly after the system was deployed, drivers began receiving statements showing where and when they had traveled—and they became alarmed. Fearing that the system could be used to track people for political purposes, especially after the 1997 handover of Hong Kong to the Chinese mainland, the citizens succeeded in having the system shut down.[21]

Failing responsible decision makers, there is always direct action. When people discover that their information is being used against them, they rebel — either by intentionally withholding their information, or by explicitly planting false data into the system. For example, many Internet users have responded to the problem of unsolicited junk email, also known as spam, by using mangled email addresses on their web pages and in their news postings. More people are using fake or intentionally misspelled names when subscribing to magazines. And many people use cash, rather than credit cards, even when it is inconvenient to do so. If these measures are not sufficient, even more aggressive techniques are likely to follow.



[19] U. S. Department of Commerce, Privacy and the NII: Safeguarding Telecommunications-Related Personal Information, October 1995. Available at http://nsi.org/Library/Comm/privnii.html.

[20] Editorial, USA Today, October 25, 1995.

[21] The Diebold Institute for Public Policy Studies, Inc., Transportation Infostructures (Westport, CT: Praeger, 1995).

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required