it.gen.nz

Writings on technology and society from Wellington, New Zealand

Tuesday, July 17, 2007

Technology and privacy

On July 12th I talked on Radio New Zealand National about privacy and the impact of technology. The take-home message is that mass privacy invasion is very much a problem of the technological age and that there are sound reasons for trying to protect your privacy. My notes are below, and there are some links at the bottom of the page.

Q:Do we have any privacy?

A: Not according to Scott McNeally, the head of computer company Sun Microsystems. He was asked about privacy when he was promoting a big database built on his computers, and he said: You have zero privacy already. Get over it.

Q: That’s a bit pessimistic isn’t it?

A: It is. But the privacy laws in the States are very different from how they are in Europe and in New Zealand. People in the US tend to have less privacy because of that.

Q: Why are the rules different in the US?

A: Some commentators say that’s because of the Nazi regime’s use of data processing to categorise people.

Q: Surely they didn’t have computers back then?

A: They had card processing machines. People who are a bit older than me may remember punch cards. They were rectangular cards, about 20 cm by 10 cm – that’s about 7.5 inches by 3.25 in the old money – and on the cards were printed rows and rows of numbers. They were used to store data by making holes in them – a machine called a card punch would punch out a pattern of little holes, removing some of the printed numbers and leaving others. Each card might represent a specific individual and the pattern of holes on it might contain information about that person – date of birth, address and so on. There were machines to read the cards, and other machines to sort them according the information on them. That’s quite useful because you can ask questions like: give me the card for everyone in Wellington who hasn’t paid their rates bill. Cards like this have been around since the turn of the last century, and the 1950s most big firms used them to manage their databases. As well as for storing data, computers were programmed using decks of cards right into the 70s and early 80s. When you wrote a program, you had to first of all use a card punch to generate a card for every line of the program. Woe betide you if you dropped a big box of cards! And you’d feed those cards into the computer’s card reader and it would come back with a stack of error messages, or occasionally do what you wanted it to.

Anyway, the Nazi regime saw the potential of this technology quite early and it compiled decks of cards covering its whole population. The Nazis were particularly interested in people’s parentage – racial purity and all that – and they came up with a complicated formula for whether someone was to be seen as Jewish or not. And there they went with their card sorting machines, spitting out the cards for everyone who was defined to be Jewish, so they could be arrested and sent off to the camps. In every camp there was a room full of cards and card equipment so they could track what happened to people. The whole appalling crime was supported by technology.

Q: And that’s why people in Europe are so concerned about privacy?

A: Partly that, partly what happened in East Germany after the war. East Germany was communist of course, but it went much further than Russia in the control it extended over its citizens’ lives. It was much better organized. The State Security Service, the Stasi, maintained detailed files on absolutely everyone. Something like ten percent of the population was informing on the rest of it. It led to an intensely bureaucratic state in which people had no freedom, everything was controlled by the state. And of course they were shot if they tried to leave. That’s another experience which formed the European notions of privacy. In fact the first place in the world to pass a law specifically about preserving privacy was Hesse, which is a Land, a province of Germany.

Q: What’s the link between privacy and technology?

A: Essentially it comes down to computers and the Internet being needed to violate privacy. There are exceptions: if you are the subject of a law enforcement investigation then the state will use considerable resources to find about you. That’s not necessarily technological, although it may use some tech. The second exception is stalking – obsessive behaviour by a sick or misguided individual, and while that can be quite distressing it’s not common practice. The kind of casual, mass privacy violation which worries most people definitely needs technology. To find out lots of information about thousands or millions of people you need computers to store and analyse that information. And the Internet is a great way of extracting that information from people.

Q: How so? How is the Internet used like that?

A: Every time you visit a web site you leave a trace. Every time you do a transaction online you leave more than a trace – you probably leave your calling card and perhaps your credit card as well. It’s really important – I’m going to stress this – that you check the privacy policy of any site you intend to give information to. Most websites are not in New Zealand and not subject to New Zealand privacy law. Always check that.

Q: So what should a privacy policy say?

A: Ideally it should say that we won’t give your details to anyone else. Look for language about trusted partners, selected other firms etc. All this means that we will in fact sell your information to other companies who will bombard you with offer for their products also. New Zealand based companies aren’t allowed to behave like that: the Privacy Act prevents them. But overseas companies aren’t bound by that.

And there is a sneakier problem too. In the US there is a law called the Patriot Act which says that the US Government can demand information about from any US based web site and they have to hand it over, and the web site operator isn’t allowed to tell you that its happened. There’s evidence that the US government has been asking for really large amounts of information such as search histories for everybody. Like I said, computers give them the power to trawl through this. A recent report from a Privacy Commissioner in Canada argued that Canadian health data should not be processed by US based companies for exactly this reason.

Q: So don’t they care about privacy in the US?

A: lots of people do, of course. One famous US jurist held that the fourth amendment to the US constitution – that’s one that guarantees freedom from unreasonable search and seizure – enshrined the right to be left alone. There have been differing views about this in the US, and in the 80s it looked as though a man named Robert Bork would be appointed to the Supreme Court. Bork was very conservative and he held that US citizens had no right at all to privacy. His nomination to the Supreme Court was very controversial. In the run-up to Bork’s nomination a newspaper published the records of the videos he had rented at the local video rental store. There was consternation in Congress, and it rushed through a law making it illegal to reveal people’s video rental records. It didn’t cover anything else – not library records, not purchases, and it certainly wasn’t a general privacy law. But there was something vaguely grubby about the haste that Congress moved to conceal something which its members could imagine affecting them personally and leaving the overall problem unsolved.

Q: I can understand why governments might want to violate privacy – although we obviously have to watch that we don’t end up in a kind of East German state. But why are private companies interested?

A: Marketing, and price discrimination. A company would love to know how much you are prepared to pay for something. And if they can see what you habitually spend on other things, they can make a good guess. You see that going on in the supermarket with “own brands” with dowdy labels, the contents of which are probably just the same thing as the named brands. But with that they are trying to get you to self-select to buy the named brand if you can afford it. If they actually know in advance what you can afford for something you’ll never even be presented with a cheaper offer.
That’s what drives store loyalty cards and things like Fly Buys. To use these you are giving up some personal information.

There are also far more sinister motives. Identity theft is a lucrative crime with a low risk for the criminal. The more someone can find out about you the easier it is for them to impersonate you online. Identity theft is very common in the US, partly because there is no culture of privacy there and companies will habitually demand your social security number as a condition of doing business. Once you know someone’s social security number and one or two other pieces of information about them you can often convince a bank you are them and borrow money in their name. They are left with a damaged credit history which takes weeks or months to sort out, and a criminal gets away with stealing money from the bank.

Q: So, what’s to be done about it?

A: To give up no personal information would involve a very solitary life. All we can realistically do is make informed decisions about what information we give to people and companies. If a web site you are dealing is a local company it’s bound by the New Zealand Privacy Act and it can’t abuse your information. If it’s somewhere else on the Internet, you need to look at the privacy policy on the web page and decide whether that policy is good enough, whether you think the company will keep to it, and how much it matters to you if it doesn’t.

And the other thing you must, must do is make sure that your PC isn’t leaking personal information. Run a good, up to date, spyware and virus scanner. Don’t use your Internet banking or your credit card number through a machine in a cyber café.

Links:

A book about IBM and the Holocaust. IBM is now a computer company, but in the mid-twentieth it was a punched-card company.
Stasiland, a book by Anna Funder who went to East Germany after the wall came down and started asking questions about the Stasi and its files.
Privacy International, a not for profit which compares privacy around the world.
A Wikipedia article about punch cards.

posted by colin at 7:27 am  

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress