Database nation: the upside of "zero privacy"

Reason, June, 2004 by Declan McCullagh

As American pioneers headed westward, scoundrels occasionally would present forged letters of credit to wholesale merchants in larger towns. After obtaining merchandise on credit, the person responsible for the scam would silently vanish with the goods. Dun & Bradstreet's crucial innovation was to make the system more efficient by compiling credit information on traders and retailers into voluminous leather-bound tomes. Those were available for perusal at branch offices that moved west along with new cities as they became populated. Dun & Bradstreet even employed traveling "reporters" who would investigate both new and established businesses and make recommendations about their creditworthiness. (Ulysses S. Grant and William McKinley were once Dun & Bradstreet correspondents.)

Daniel Klein, an economist at Santa Clara University who studies reputation, says such systems arise because "trust has an important role in just about all dealings. Trust depends on confidence which depends on assurance. Information is one form of that."

Secret Weapon

Having a portion of your existence chronicled in a web of interlinked databases does raise some legitimate privacy concerns. Who has access? How long will your credit card purchases remain on file? Getting cheap mortgage quotes is fine, but what is in place to protect against misuse of the information?

In the U.S., there is no catch-all law that dictates who may access which information under what circumstances. Instead, a mesh of state, federal, and common law applies to different parts of the economy. Most important, information exchange in the private sector is regulated by contract law, and firms that break their promises can pay a price.

Last year JetBlue secretly gave personal information on some 5 million passengers to a private contractor, Torch Concepts of Huntsville, Alabama, that is working on a data mining project for the Bush administration. A presentation prepared by Torch Concepts describes how it merged the JetBlue database with U.S. Social Security numbers, home addresses, income levels, and vehicle ownership information it purchased elsewhere. Now JetBlue is facing lawsuits over the apparent breach of its privacy policy, which assured its Web customers that "financial and personal information collected on this site is not shared with any third parties."

The U.S. Department of Commerce summed up the issue with unusual succinctness in a 2000 letter to the European Commission: "The right to recover damages for invasion of personal privacy is well established under U.S. common law." Courts have found privacy violations when an insurance company used information about an actual accident in an advertising campaign, when an employer tried to snoop through workers' credit card records to verify sick day absences, and when a college tested students for HIV without their knowledge. In 2001 Amazon.com's Alexa subsidiary agreed to pay up to $1.9 million to settle a class action lawsuit alleging that Alexa was giving information to Amazon without customers' permission.