All is not lost for privacy

Since I began writing about the flawed notion of imposing a national ID system in response to the terrorist threat, I’ve heard from a lot of people telling me that with all the databases in which we find ourselves, we no longer have any privacy. So, they say, we should just relax and get used to the idea. After all, what’s one more?

On one hand they’re absolutely right. Privacy is under attack, and I said just that about a year ago in a series of columns (see Ethics Matters archive ). I’d like to claim some sort of prescience, but even I couldn’t have imagined last February where events would have taken us by now.

The assault on privacy is nothing new, although people seem to be gaining some appreciation of just how exposed we are. When I cut my teeth as a reporter many years ago, I learned that I could usually find out just about anything I wanted to know about an individual. It took a lot of work and involved a lot of blind alleys and dead ends, and success depended on how much information I had to begin with.

Even 20 years ago most people were unaware of just how much information about them existed in public records and often in the unlikeliest of places. But then the search was tedious. You needed to start with some information — at least a name — and build a database on that. Sometimes you’d work for two days and come up empty. Sometimes, you’d hit the jackpot.

But even when you hit the jackpot, the whole effort was labor-intensive, time-intensive, and often expensive. The biggest drawback was that you left a trail — a paper trail, a “face trail” (someone would remember you were asking questions), and a money trail. Many times, the subject of the inquiry would find out halfway through that you were asking about him or her.

Computers and their databases changed all that. Searches became quicker and easier and more anonymous, although not completely. You still needed to have some information to work with, but the databases, when available, provided instant information. The drawback: they weren’t always available. And in the early days of high tech, a lack of knowledge and equipment that wasn’t available to the common person were significant roadblocks. Still, the dangers to privacy were there.

As various organizations began the move to computerized records, privacy violations became more common. While working in medical ethics years ago, I would hear cases of bored hospital workers whiling away the lonely overnight hours by plugging their friends’ and acquaintances’ names into the medical records computer to see what they could come up with. Before computerized records, to find the same information they would have had to go to the records office and sign the file out, plow through the stack of forms to get any useful information, and risk being caught with the chart. Consequently, most people wouldn’t do it. It just wasn’t worth the effort. Computerizing the records made searching them safer and easier for ethically challenged people. As we’ve become more sophisticated about these things, many such databases are under tighter control, although breaches are still possible.

As electronic databases have become more prevalent and the technology to search them more accessible, the threat to our privacy has grown proportionally. The arrival of the Internet changed not only the scope of the problem, but the nature. Along with data collection and mining techniques, the easy availability of data online — whether through legitimate or illegitimate means — is something about which we should all be worried.

The only thing that stands as a deterrent now is that the data resides in so many places. Some is in the Department of Motor Vehicles, some in the tax office, some in the medical records computer. Anyone wanting to get information on me, for example, could still do it, but it would be an effort. Tracking me down, while not impossible, would be time- and labor-intensive. It wouldn’t be as much of an effort as it was in the days of paper records, but it would involve some work. People who wanted to do it wouldn’t take on the task lightly. If the motives were illegitimate, every step along the way becomes a place where it could all go wrong.

With a central national database, we’d provide one-stop shopping. Even “legitimate” searchers would be able to go on fishing expeditions to see what they could find — if only because it was so easy and they might find something they could use. This is the high-tech equivalent of stopping people on the street and making them empty out their pockets with no suspicion that they’ve committed any crime.

So, my critics, who say our privacy is under assault, are right. I agree with them on this. Where we disagree is that I see a need to correct this — to tighten up on the information that’s now available and to plug up the holes. We need to build walls around existing databases, restrict access to those who have a need to know, and prevent the dissemination of personal data without our specific consent.

I don’t think the answer is to survey the landscape, throw up our hands, and surrender to those who would leave us with no privacy at all. Just because something is bad to begin with is no reason to make it worse.

Share your thoughts with other InfoWorld readers and me. Go to our InfoWorld Ethics Matters forum at www.infoworld.com/forums/ethics or write to me at ethics_matters@infoworld.com.