Privacy is something that most people tend to take for granted. They believe that they control information about themselves, and that others can't see most of what they do. This is how it was in the old days, back when information was stored in millions of tiny little record books. Each shop might keep information about what their customers purchased, but this information was limited to that shop by the inability to efficiently combine data sources. The information age and new database technologies have destroyed this protection, making it easy for incredibly large quantities of information to be sorted, processed, and stored for easy access. Although it is a right guaranteed to United States citizens, both public and private sector interests are increasingly stripping away privacy in the information age.
Privacy rights in the United States began very early. The Rhode Island Code of 1647 asserted that "a man's house is to himself, his family and goods as a castle" (Henderson 14). This ran contrary to the current opinion in the rest of the world. Due to the large numbers of people in small houses, there simply wasn't a concept of privacy in much of the world during the 17th century. Privacy was viewed as a threat to society, and neighborhood spying was considered to be a civil obligation. In the 19th century technological advances such as the mass-circulation paper and photography brought with them new fears, and the first invasion of privacy lawsuits began to appear in our nation's courts (Horn 57).
The 4th Amendment to the United States Constitution restates the home as a castle ideal and prevents the federal government from forcibly probing into the lives of citizens. The Supreme Court, in Brown vs. Board of Education, indirectly extended this restriction to states by implying that the Bill of Rights applies to not only the federal government, but to states as well (Henderson 15).
You might think that since privacy has such an established spot in our nation's law, the government would be the last place you would look for invasions of privacy. In reality, the situation is quite the opposite. Privacy depends not only on the government providing guarantees, but also abiding by them (Henderson 60). Recently government agencies have been the source of several initiatives that would drastically reduce the privacy of individuals.
One of the biggest threats to privacy lies in the compilation of data from many different sources to produce a comprehensive profile of an individual. This compilation is made much easier if there is a unique identifier that can be used for querying to find all records for an individual. Since there are restrictions on where the Social Security Number may be used, government agencies currently don't have a number they can use for unique identification of individuals. The most recent effort to require such an identifier came in 1998, when the Clinton administration proposed a "universal healthcare identifier number" as part of an HMO reform package (Henderson 27-32). Strong opposition erupted after the media publicized the dangers of unique identifiers, and the administration withdrew their proposal.
On December 07, 1998, the government issued one of its most controversial privacy proposals ever. The proposal, known as "Know Your Customer," would have required banks to determine the identity of its customers and their source of funds. Most scarily, it would have required banks to "determine, monitor, and understand the normal and expected transactions of its customers" in order to attempt to spot illegal transactions (McTaggart 60). The proposal was withdrawn after it received over 250,000 critical comments.
The tasks our government is expected to perform often require it to gather information about citizens. When people submit this information, they expect it to be used only for the task that necessitates its gathering. Sometimes, however, this isn't the case. In 1999, three states agreed to sell drivers license photos to a private company. Combined, this would have led to a database of 22.5 million photographs, all being used without the consent of those pictured. Once again public outrage ensued, and the deal was halted (Henderson 43-44).
Comprehensive databases are not solely the domain of government. Many large corporations base their businesses off of the mining, analysis, and packaging of information about private citizens. These databases have a variety of uses, including creating profile groups and selling lists of names and addresses to direct marketers. One such corporation, KnowledgeBase Marketing, claims to have profiles of 200 million Americans, including the date of birth on 72 percent of these and income information cross-checked from five different sources (Feds 18).
A recent PC/Computing article stated that "If you can supply a Social Security number, you can get credit histories, driving records, employment information, addresses, phone numbers, and virtually anything else contained in a public record" (Feds 18). The creation of Internet access to many previously shrouded databases that compile public information has made it possible for almost anyone to get whatever information they wish to know. Shady online businesses promise to uncover information on anyone with simply a few clicks of a button.
Profiling has been a large part of the Internet ever since corporate America decided to make a presence for itself. Ad services, which provide ads to many sites, use "cookies" to track users browsing habits as they travel the web. They can then compile these browsing habits in order to determine what types of ads the user is most likely to respond to. DoubleClick is the largest of these agencies, providing banner ads for sites representing 50 percent of web traffic. Through the 1800 sites using DoubleClick ads, they average 1.5 billion ad serves per day. Consumer fears emerged recently when DoubleClick bought Abacus Direct, a direct marketer with a database of 88 million names, addresses, and purchase histories (Vogelstein 39). They hoped to use browsing analysis to match actual names to the previously anonymous web users. In the face of threatened lawsuits, DoubleClick shelved their plans until the government and industry could agree on guidelines (Hamilton 95).
How long can these consumer outcries continue to stave off potential violations of privacy? If guidelines are not established, the line will continue to blur until one day we look back and realize that the line we once toed has been left far behind us. The dangers of privacy loss are very real. In 1997 the Secret Service reported 9,455 arrests for identity theft (Henderson 22). A damaged credit report can lead to the denial of loans and credit cards, and yet the databases that store this information are fragile and fraught with problems. One-third of credit files examined in a random sample have errors, and it's not uncommon for information to get switched between people with similar names (Henderson 22).
The debate today is not over the need for privacy guidelines. Instead, opinions are split on how these guidelines should be enforced. Many people support having the government create regulations, but some fear the results of more government intervention. According to Paul Terry, "The beauty of the web is the fact that you can create these profiles" (qtd. in Thibodeau 10). The fear is that government regulations might limit the ability of corporations to meet the desires of consumers, such as the desire for personalized sites.
Many people instead prefer private sector self-regulation. In their Internet policy recommendations, the Maryland Information Technology Board stated that "While the state should set forth principles regarding Internet privacy, such principles should not be mandated in law" (8). Several groups have stepped forth encouraging Internet organizations to take privacy seriously. TRUSTe, one of the groups, certifies sites providing clear privacy statements (Henderson 26).
The average consumer really doesn't care about this struggle. All the average consumer cares about is the fact that in 1999 only 66 percent of sites surveyed had any kind of a privacy policy, and that only 10 percent had policies considered adequate (Vogelstein 39). Something must be done before the Internet grows to be such a large part of people's lives that irreparable damage is done and change becomes impractical. If self-regulation can prove that it works, it will provide a solution that is far better in light of the truly global nature of modern business. However, if self-regulation continues to struggle as it has so far, the government must take action to protect the interests of its citizens and force the corporate world into line.