Someone to Watch over Me
Reports from the Electronic Frontier:
Someone to Watch over Me -- Tom Maddox <[email protected]>
From data to information to knowledge: ideally, a progression from simple fact to complex understanding; during our time a progression more and more shaped by systems for data acquisition and analysis, or, in a word, computers. Computers gather, store, and analyze data, share it with other computers and match it against their store. Sorting and logically combining ever larger stacks of data, doing so in ever quicker, more intelligent ways, and allowing easier, more effective access to the data--these are the goals of large numbers of software and hardware and systems designers, builders, implementors. Rather than the flashier technologies such as virtual reality, databases are having the most solid, often disturbing impact on our lives.
However most people who do not work in an area affected by such phenomena are only marginally aware of the accelerating rate of data acquisition and understanding. They might notice a sudden improvement in convenience of service (for instance, instant credit verification), or a sudden, novel mode of annoyance (for instance, cascading mailing lists), but by and large they live our lives in a kind of obliviousness to the information streams flowing all around them.
Until or unless something gets their particular attention, for instance by threatening them in some area where they are vulnerable, as almost all of us are, for instance, with regard to taxes. Consider the following story, told to me by the person to whom it happened.
She worked for a state agency and first knew something odd had taken place when she received a call from the personnel department, who told her that the Attorney- General's office of that state (which I will refer to as Current State) had just refused a request from another state (henceforth State of Anxiety, or S. of A.) to garnishee her wages.
She then received a copy of a letter from the State of Anxiety which said that the courts of the S. of A. had found that this woman owed the state a relatively modest amount in unpaid state income taxes (though of course the amount owed had ballooned because of the addition of various fees and interest) and had therefore issued a judgment against her. As a result, the S. of A. felt it worth its lawyers' while to pursue this woman in Current State, where, fortunately for her, the policy was not to honor garnishments from other states.
She was deeply puzzled. Though she had once lived and worked in the State of Anxiety for several years, she had paid her state income tax on time and had done the rather complicated paperwork necessary to split the tax due the year when she had moved to the Current State--a matter of proportionately dividing the amount owed according to the time spent in each state. So she called the agency number provided by the S. of A. and talked to a woman familiar with her case.
Quickly enough she found out what had happened. Her gross income that year, as reflected in her U. S. 1040, showed a figure larger than that she paid to the S. of A.--no puzzle there, she thought, because she paid the IRS on her whole year's income, while she paid the S. of A. only on the amount she earned while resident in that state.
However, a few years after the fact, the IRS's computer compared notes with the S. of A.'s computer, and the S. of A.'s computer generated a report saying that she had attempted to evade paying the full amount of income tax due to the S. of A. "But but but," she said. And she sputteringly explained that she had in fact carried out the procedures dictated by the S. of A.'s tax agency.
After a bit of verbal tangoing, she and the phone representative of the State of Anxiety decided that her case went to court (where it was, routinely, decided in the S. of A.'s favor) because the state had no current address for her, and so she had never seen any of the increasingly more threatening correspondence which the state had mailed to her.
And so the phone representative assured her that all would be well once her story was verified and that she should worry no more. At this point she almost hung up the phone, but she said very hesitantly, "You know, this whole business worried me--the IRS computer and state computers putting their heads together and drawing conclusions and causing trouble like this." And then, she says, there was a pause, and the S. of A.'s representative said, "People have no idea what goes on, how much information about them is being passed around by these computers. When we first started this system, I didn't think I could work here. I didn't see how I could do this all day and go home and face my children at night. But then I decided that someone was going to do it, and at least I could be honest about it and nice and try to help people when I could. But the situation's really terrible, and no one knows anything about it."
My informant hung up the phone in a mixed mood: on the one hand, reasonably sure that she owed the S. of A. nothing; on the other, alarmed at the idea that at any time she or anyone else might be forced to defend themselves against serious charges levied by an informal cabal of data-processing machines working for Big Brother.
She told me about her experiences a few months later when, in an ironic coda to the whole affair, she received a threatening letter from a collection agency in the S. of A. concerning the same debt. When she talked (long-distance, of course, and on her nickel) to the person at that collection agency responsible for such accounts, she brusquely told her story, and then was ready to scream, yell, and jump up and down, only to hear from the other end a meek, "Oh, okay. I'll take care of it." And the owner of that meek voice apparently did just that, because a few years have passed with no further word of the Phantom Income Tax Owed. However, my friend says, she would not be surprised if after her death, the S. of A. shows up to try to claim the debt from her estate.
About this story, note that there was no attempt by the particular taxpayer involved to escape paying the S. of A. its legally due income tax. But the IRS computer and the S. of A. computer compared notes and decided that the taxpayer had tried to short the S. of A. taxman. This happened more or less automatically, without benefit of the exercise of human judgment--though some semi- sentient beings presumably had to sign on various dotted lines to cause legal action to occur. It's a trivial business--the amounts involved relatively small and no great damage done--and no doubt takes place thousands of times a year, so there hardly seems any point in railing against it or even referring to it by so dignified a term as injustice.
But there's more. Another informant, who works for a city agency in the State of Anxiety, told me that IRS data is routinely made available illegally to workers in his agency (which serves applicants for social services, including Aid to Dependent Children). Further, though the agents processing applications for services and maintaining clients who receive them can never publicly acknowledge receiving IRS data, they are expected to use it. If IRS data show that a client has income in excess of that claimed in applying for services, the agent is expected to take appropriate action, such as terminating services, or perhaps even initiating prosecution of the applicant for a false claim.
My first story tells of two agency computers arriving at a reasonable and wrong conclusion, my second of two agency computers working together illegally to punish clients of one of those agencies; taken together, the two stories provide a cautionary tale against the possible effects of information technologies combined with governmental action.
To further the scenario of computers talking to computers with dire consequences, one can easily imagine that in addition to the original computers that drew conclusions about this taxpayer, other computers could do the same, and so, for instance, conclude from the legal action and garnishment of wages that this citizen should not have a good credit rating. There's a pretty good nightmare scenario in here in which someone's entire social existence could come crashing down, beginning with a simple transfer of data from one computer to another and ending in personal and professional ruin. In fact, I'd be willing to bet that something like it has already happened.
At this point I would like to issue a disclaimer. I am not a technophobe (on the order of the egregious Jeremy Rifkin, say) preaching that high technology is Bad For You & You Better Believe It, nor am I merely reiterating Orwell's 1984 scenario for zillionth time. As I said in an earlier column, I believe that the essential dynamism of information technology works at least as much against totalitarian attempts to use it for social control as for such attempts. Also, I believe that someone like Orwell, writing in the late 1940s, simply could not foresee how widely distributed and unstable this technology would be, or to put it another way, could not understand how impossible any Ministry of Information's task would be--propelled by the technology of the last half of this century, information spreads virus-like, for better and for worse, out of anyone's control.
Nonetheless, given our developing data environment and the will to social control that has made the United States "The Democracy Most Likely to Jail Its Citizens & If You Don't Believe It, Just Try Something Buddy," I believe we must be concerned about our civil liberties, most especially those poorly defined and poorly defended ones we know by the name of "privacy."
Also, government agencies do not represent the only threats to individual privacy, and perhaps they do not even represent the most virulent threats. As a convenient way of summarizing other menaces, I will refer to Jeffrey Rothfeder's Privacy for Sale (How Computerization Has Made Everyone's Private Life an Open Secret), a book by a former Business Week editor and Washington Post reporter.
According to Rothfeder's account, our privacy is threatened in several ways: first, by people who want to sell us things; next, by people who want to screen us to decide whether to extend us credit or employ us or insure us (and also, of course, by people working for agencies of social control, the ones we have been discussing). Examples of the first category would include marketers who want to focus advertising or other marketing techniques on particular categories of potential consumer--those with high incomes, or those who own Mercedes- Benzes and vacation in Cozumel, say. In the next we find credit checkers, life and medical insurers, employers of all kinds, large and small.
In the past few years, increasingly more efficient data collection and analysis technologies have allowed all these people to gather intelligence more effectively and less obtrusively than ever before. Furthermore, a rather daunting synergy has occurred, in which one kind of data collector (your local motor vehicles department, let us say) sells or gives data to another (for instance, your local auto insurance agency), which in turn sells or gives it to another (a marketing agency serving various automobile-related retailers), and so on, round and round in a dance of data carried on almost entirely without the knowledge or consent of the parties represented in the data.
The data may seem relatively trivial, your zip code for instance, but it may be extremely private and potentially damaging, such as the positive results of an HIV test or the record of a prescription for an anti- psychotic drug. Almost certainly, neither those who gather data nor those who receive it will care about you individually or have reason to use their data to do you harm. However, the same cannot be said about the insurance company that denies you coverage, the employer who finds you "unsuitable for the position," or the police investigator who concludes that you fit a drug seller's profile. And when you combine data gathered in separate, apparently harmless collections and analyze it with sophisticated inferencing programs, or, more simply, just hand it over to a clever marketer or insurance agent, you can strip away whatever small barriers most of us might possess to protect our privacy.
So Rothfeder says, so various civil libertarians say. Assuming they are right, what can you or I do?
In some ways, not much, I am afraid. Of course you should guard your privacy when you can. Rothfeder advises that you do not write your Social Security Number or credit card number on checks and do not give it to anyone who simply asks for it. I would add that you should not cooperate with the data gatherers, for instance when they call you around dinner-time and want to chat about your buying habits, preferences, and so on. Their assurances of anonymity are worthless (at the very least they have your telephone number), as are their assurances of good intentions. As Rothfeder also advises, get a copy of your credit report, but, I would add, do not give credit agencies such as Equifax or TRW more information in the process--some of them smilingly offer a "free" credit report (according to law these days, they must) but will use the occasion to update their files on you, a cute and cunning way of turning a burden into a benefit. And if you find out that someone has sold or given away information about you, raise hell.
However, these are largely ineffectual measures when put up against the arrayed powers of state and commerce. Congress cannot be counted upon to put up firm legal barriers to intrusions of privacy. A brief glimpse at the fate of the 1970 Fair Credit Reporting Act and the Privacy Act, both gutted before passage, shows as much, as does the repeated failure of "oversight" committees to control agencies such as the CIA, FBI, and NSA. And of course there is the legal and social fallout of various kinds from the "War on Drugs," which could perhaps be described equally well as the "War on the Bill of Rights."
I believe that our best hopes for preventing the abuses associated with data gathering and analysis come from the actions of an informed and active citizenry. To put it the other way round, I think we are vulnerable insofar as we are ignorant and inactive about these matters. Alas. I really do hate to think that we have to put American democracy to such a stern test, but I believe we do.
So I recommend that you do a couple of things:
First of all, join the Electronic Frontier Foundation. One of its stated goals is "to raise public awareness about civil liberties issues arising from the rapid advancement in the area of new computer-based communications media and, where necessary, support litigation in the public interest to preserve, protect, and extend First Amendment rights within the realm of computing and telecommunications technology." And while a certain amount of controversy surrounds the organization lately (concerning a recent reorganization and revision of goals), the EFF nonetheless remains the clearest voice for civil liberties in cyberspace and the most active organization working to secure those liberties. It can be reached at 666 Pennsylvania Ave. SE, Suite 303, Washington, DC 20003, phone (202) 544-9237, fax (202) 547-5481, Internet: [email protected] Membership is $40 a year, $20 if you're a student or poor (verified by the honor system).
If you work in even marginally appropriate areas, you should also consider joining Computer Professional for Social Responsibility. With regard to the matters I have been discussing in this column, the following information, gathered from the CPSR's information file on the WELL, is especially appropriate:
The growing use of computers for record- keeping has brought with it the danger that the vast amount of information maintained about individuals threatens our privacy. Centered in our Washington D.C. office, the Civil Liberties and Privacy Project is concerned with such topics as:
- the FBI National Crime Information Center
- the growing use of databases of personal information by both government and private industry
- the right of public access to government information
- extension of First Amendment rights to electronic communication
- establishing legal protections for privacy of computerized information.
Also, if you have Internet access, tune in to the sources available there. EFF's ftp server (ftp.eff.org) is an excellent source of news and general information, as are the EFF newsgroups, the alt.privacy newsgroup, and the Computer-Underground-Digest. Caveat: I am by no means attempting a comprehensive picture of the Internet's resources in these matters; the Internet is huge and constantly changing, and you really must jump in and see for yourself what is there; I am merely showing you where to start.
In fact, online is where most of the widespread discussion of civil liberties in cyberspace occurs on a daily basis. People talk about practical issues, such as how to get off mailing lists, and emerging technologies, such as public key encryption, which might be described as the People's Answer to Big Brother. They also argue the fundamental issues in that noisy and haphazard way characteristic of social interaction online.
In short, pay attention to which way the wind is blowing. In terms of both policy and practice, the fundamental civil liberties issues surrounding data gathering and analysis remain in flux, and if they evolve in the wrong direction, individual privacy may become only a fading memory.
[Oh Well I Tried Dept.: In a previous column, I endorsed The BMUG Guide to Bulletin Boards and Beyond by Bernard Adoba--just kidding, that's Aboba, and I got it wrong the first time and issued a correction and felt, well, okay, that's fine, just another dummheit in a life full of them, but: I was just informed by someone at BMUG that the Guide is currently out of print, not available, forget it for now, etc. They are planning a new edition but don't know when it'll be available. When it is, I'll let you know.]