Know Data, No Freedom; No Data, Know Freedom

Is it okay to gather and store information about friends and strangers? It seems reasonable - even unavoidable - that personal data is collected and stored in the memory of persons interacting with each other in normal, daily activities. One might note that a check out clerk has a nice smile, though she wears too much makeup, or that a co-worker tends to arrive at work late. Businesses and organizations find themselves in exactly the same situation. Is it in any way immoral for individuals to share their observations with others? Having been provided some interesting facts, different branches of an organization might also feel comfortable combining collected data so as to evaluate the amalgamated results 'in-house'. The next logical step here is to share this data with other organizations engaged in the same activity, thus allowing all parties to gain a greater understanding of their customer base. If this is okay, then one should also feel comfortable if the data was shared with a broader range of interested parties for whom the collected facts hold some interesting characteristics. Of course, the data in question could become unruly in its size with just a few contributors, making it necessary to apply considerable company resources to the task of organizing and maintaining the information. But for every need there is someone willing to provide a solution: enter the data broker. Rather than one party shouldering the expense and time managing the data, an organized group can care for it all while charging a modest fee for their labor. It's all so very reasonable, isn't it?

Know Data, No Freedom

Now that we have all this useful information, it would be nice to do something with it. (Actually, it can be emotionally fulfilling just to get the information. This is usually only true, however, if you have the social life of a kumquat.) ~ Unix Programmer's Manual
Knowledge is of two kinds. We know a subject ourselves, or we know where we can find information on it. ~ Samuel Johnson (1709 - 1784)

There are scores of businesses involved in the not-so-free exchange of personal information. The number and variety of organizations engaged in the lucrative data trading industry has grown and flourished in pace with the growth of technology in our daily lives. One such company is ChoicePoint, whose opening page sports the motto "Smarter Decisions, Safer World" emblazoned on various images of children at play1. Their primary customers are government and law enforcement professionals who utilize their services to locate missing children and locate terrorist cells. However, ChoicePoint also provides extensive assistance to businesses and private citizens, such as lawsuit checks, asset locations, drivers license information, locating listed and unlisted numbers of telephones or cell phones, finding misplaced witnesses, and more. See the attached graphic for a more complete example of their services and customers.

Docusearch and Abika provide data services similar to ChoicePoint, though they cater more to the private user and are a bit more severe in their approach. Docusearch's homepage proclaims that "Obtaining the critical information you need has never been easier. Give us a try, you won't be disappointed," stating further that the company "is the America's premier provider of on-line investigative solutions."2 Although they "don't take invasions of privacy lightly," they recognize that "there are many examples of warranted intrusions into people's cozy, fortressed lives."3 Abika's services4 are geared toward a more casual user base, emphasizing services such email source tracking and cell phone LUDS (incoming and outgoing call records).

The variety of services offered is available through each company's website, and search results rarely take longer than a couple of days to process. An employer can comfortably request that prospective workers allow for a few days while their applications are considered and then receive an in-depth profile of these workers in plenty of time to help their decision-making. Unsure of that shady character your daughter wants to marry? No problem - a few minutes at the keyboard and all of his seedy exploits will be revealed. Of course, certain persons may be ineligible to receive results for particular types of searches, so clients are screened and occasionally required to explain what the information will be used for (e.g. such as queries on bank or securities account records).

The information made available through data brokers originates from a wide and sometimes surprising range of sources. These start with data that is freely available to anyone (e.g. phone books and other public databases) and are usually provided at no charge. Private records (i.e. records which private companies and individuals create and maintain such as personal lists, marketing lists and warranty lists) are purchased by data brokers who then pass on access to clients for a modest free. For those willing to make a larger investment, one can purchase comprehensive background checks including complete transcripts from nationwide state and federal criminal checks, social security numbers, and twenty odd years of address history. Of particular note, Abika offers complete psychological profiling based solely on information gained without the subject's knowledge. They claim that the "psychological profiles compiled from background information can surpass Myers Briggs and other psychological testing methods as they are compiled from what people do and not just what they say."

These businesses also offer targeted searches with data provided by private citizens. Abika provides users the opportunity to parley their personal data stores to clients through their website - especially if they are a "Court Researcher, Internet Researcher, Private Investigator, Librarian, Professional Searcher, Information Professional or someone who knows a lot about people around you"5.

No Data, Know Freedom

"It's actually obsene [sic] what you can find out about people on the Internet." ~ Liam Youens (the man who used Docusearch to locate and kill Amy Boyer.)
There is nothing new in the realization that the Constitution sometimes insulates the criminality of a few in order to protect the privacy of us all. ~ Antonin Scalia (Majority opinion in 6-3 ruling that refused to expand police powers to search or seize evidence that they suspect may be stolen, 3 Mar 87)

Even strong supporters of "the free dissemination of all information" agree that this concept has certain limits that should never be crossed. Steven Levy's Hackers believe strongly in the decentralized, non-bureaucratic flow of information. The Community Memory concept espoused the belief that the terminal was "a communication system which allows people to make contact with each other on the basis of mutually expressed interests, without having to cede judgment to third parties."6 However, these hackers also acknowledge a certain line over which the abdication of personal rights (be they property or information) cease to apply. The Community Memory project was designed around the idea that its users would decide what pieces of their information would be allowed to enter the system and what pieces of their information would be kept private. By and large, these hackers would undoubtedly agree that the "free dissemination of all information" does not pertain to every minute detail of their lives.

Conversely, there are limits to what secrets one's good conscience might allow to remain untold. In William M. Evans' Minding the Machine, the Johns-Manvilled Corporation and W.R Grace Inc. knew about the dangers of inhaling asbestos fibers for decades but kept this information secret so that employees, customers, and government officials were unaware of the risks7. These instances would seem to suggest that the fair and open access to information would have saved lives in these instances.

The data brokering companies are no less susceptible to dangers such as these when they drop their guard against the unethical use of their services. ChoicePoint was recently subject to much scrutiny following an extensive security breach against its extensive data stores8. Thieves acting as legitimate businesses gained access to Social Security numbers, credit histories, criminal records and more. Although investigators identified the issue in October, the company neglected to notify anyone outside the company until this month (February, 2005). Notices of the identification theft were mailed to some 35,000 California residents as that state's laws require companies to disclose all such security breaches. ChoicePoint is said to maintain data on over 95 percent of US consumers (i.e. almost everyone who has purchased something in the US), but the company has not made any special effort to notify these victims of the potential ID theft problems they may be facing.

However, this lapse in ethical behavior is relatively minor when compared to Docusearch's participation in the murder of Amy Lynn Boyer. On July 29, 1999, Liam Youens purchased Amy's date of birth, social security number, and employment address. This employment information was gained by a subcontractor by the name of Michelle Gambino, who phoned Amy and claimed that she needed her work address so that an insurance overpayment could be mailed back to her. Youens arrived at Amy's workplace a few months later, killing her as she was leaving before turning the gun on himself9.

As a whole, these cases illustrate that the issue of information security and privacy is both complex and consequential. Absolute access to all information anywhere at any time provides unwanted and warranted access into everyone's personal lives, causing pain or even death in doing so. However, these cases also demonstrate that we cannot rely on the personal integrity of individuals to publicize a company's internal information just because it will save people's lives. Where morality fails, laws must prevail, so it is in the lawmakers that we must seek some resolution to the matter. In regards to data brokers, CNN has referred to their business as "the new wild-wild west" as there are essentially no regulations restraining or defining their business practices. Richard Spinello sums this up nicely in his text on CyberEthics10:

Is there anything truly immoral in collecting this data and selling it without [a customer's] permission to generate extra revenues? Given the importance of privacy as a condition for security in an information intensive society, a potent case can be constructed that those corporations infringing on privacy rights are acting immorally. They are committed to policies that create the risk of harm for people. As we have noted, when information is sold and recombined a more thorough profile of the data subject is created, and this creates the risk of manipulation by other private parties or organizations. One of the big problems that can occur through electronic profiling is that people can be judged out of context. . Monitoring technologies, profiling, and far-reaching searches often threaten the presumption of innocence. According to Lessig, in these situations, "The burden is on you, the monitored first to establish your innocence and second, to assure all who might see these ambiguous facts that you are innocent."

Broken Data Brokers

Biographical data, even those recorded in the public registers, are the most private things one has, and to declare them openly is rather like facing a psychoanalyst. ~ Italo Calvino (1923 - 1985)
What you have when everyone wears the same play-clothes for all occasions, is addressed by nickname, expected to participate in Show And Tell, and bullied out of any desire for privacy, is not democracy; it is kindergarten. ~ Judith Martin, (a.k.a. Miss Manners)

Personal freedoms are directly threatened, abused, and even abolished by the ready availability of personal information (especially with highly sensitive data) through data brokering companies who offer essentially unfettered access to all comers. The organizations that sell these services offer as justification that by doing so they are protecting the public against immoral, unscrupulous people. If this were truly their motivation then one would expect them to take pains to ensure their services are never abused by those immoral, unscrupulous people. But because this new industry is so unregulated, it is particularly susceptible to abuse by immoral persons with ill intentions, and it is the law-abiding members of our society who pay the price - sometimes the ultimate price - for the indiscretion of these information peddlers.

  • 1. ChoicePoint - identification and credential verification. Leading provider of insurance services, pre-employment services, public record information and direct marketing services. , www.choicepoint.com
  • 2. Docusearch Home Page: www.docusearch.com
  • 3. Docusearch About Page: ABOUT US...Docusearch can extend its services to virtually...www.abika.com
  • 4. Docusearch Search Page: Background Check, Phone Number Lookupwww.abika.com/help/help.htm
  • 5. Docusearch Search Page: Background Check, Phone Number Lookupwww.abika.com/help/help.htm
  • 6. Steven Levy, Hackers, Community Memory concept espoused the belief that the terminal was "a communication system which ..."
  • 7. William M. Evans, Minding the Machine, ... the Johns-Manvilled Corporation and W.R Grace Inc. knew about the dangers of inhaling asbestos fibers for decades but kept this information secret.. In another example, Ford engineers and executives knew of the problems existing in their new Pinto model, but consciously and deliberately elected not to inform the customers of the issue, causing several deaths by doing soWilliam M. Evans, Minding the Machine, ... Ford engineers and executives knew of the problems existing in their new Pinto model, but consciously and deliberately elected not to inform the customers of the issue, causing several deaths.
  • 8. CNN.com, Security experts: Hacking attacks rarely made public, Feb 18, 2005, www.cnn.com/2005/TECH/02/18/hacking.disclosure.reut/index.html
  • 9. EPIC (Electronic Privacy Information Center), Amy Boyer, www.epic.org/privacy/boyer/
  • 10. Richard Spinello, CyberEthics, pg 155