Database Nation: The Death of Privacy in the 21st Centuryby Simson Garfinkel
Fifty years ago, in 1984, George Orwell imagined a future in which privacy was demolished by a totalitarian state that used spies, video surveillance, historical revisionism, and control over the media to maintain its power. Those who worry about personal privacy and identityespecially in this day of technologies that encroach upon these/i>
- Editorial Reviews
- Product Details
- Related Subjects
- Read an Excerpt
- What People Are Saying
- Meet the author
Fifty years ago, in 1984, George Orwell imagined a future in which privacy was demolished by a totalitarian state that used spies, video surveillance, historical revisionism, and control over the media to maintain its power. Those who worry about personal privacy and identityespecially in this day of technologies that encroach upon these rightsstill use Orwell's "Big Brother" language to discuss privacy issues. But the reality is that the age of a monolithic Big Brother is over. And yet the threats are perhaps even more likely to destroy the rights we've assumed were ours.Database Nation: The Death of Privacy in the 21st Century shows how, in these early years of the 21st century, advances in technology endanger our privacy in ways never before imagined. Direct marketers and retailers track our every purchase; surveillance cameras observe our movements; mobile phones will soon report our location to those who want to track us; government eavesdroppers listen in on private communications; misused medical records turn our bodies and our histories against us; and linked databases assemble detailed consumer profiles used to predict and influence our behavior. Privacythe most basic of our civil rightsis in grave peril.Simson Garfinkeljournalist, entrepreneur, and international authority on computer securityhas devoted his career to testing new technologies and warning about their implications. This newly revised update of the popular hardcover edition of Database Nation is his compelling account of how invasive technologies will affect our lives in the coming years. It's a timely, far-reaching, entertaining, and thought-provoking look at the serious threats to privacy facing us today. The book poses a disturbing question: how can we protect our basic rights to privacy, identity, and autonomy when technology is making invasion and control easier than ever before? Garfinkel's captivating blend of journalism, storytelling, and futurism is a call to arms. It will frighten, entertain, and ultimately convince us that we must take action now to protect our privacy and identity before it's too late.
Rather than see these beguiling innovations as a positive development, veteran tech writer Simson Garfinkel sees them as enablers of a technological future in which our personal preferences and private lives are thrown open for all to see and cash in on. In his new book, Database Nation, he launches into a meticulous examination of the seemingly endless ways in which our privacy is under attack.
This isn't simply another cautionary tale about the Internet. Garfinkel has the historical vision and storytelling chops, both sorely lacking among today's tech and business press, to stitch together an exhaustive range of topics - medical records, biological warfare, United Parcel Service's package tracking system, even satellite pictures of Earth - into a panoply of privacy concerns. The Internet is just the tip of a very frightening iceberg.
Garfinkel is both a skeptic and an enthusiast of new technology: For five years, he relied on a voice-recognition system to guard his house rather than a lock and key. And with the exception of a gloomy prediction for a future filled with nuclear or biochemical terrorism, Database Nation is mostly an earnest call to arms (he even ends with a "Privacy Now" manifesto).
Indeed, the book devotes much of the last 100 pages to the growing threat of terrorism and the "democratization" of deadly weapons. It's the "irrational terrorist," the loner who cares little about the repercussions of his actions, who scares Garfinkel and forces him to side, to some extent, with government. In the process, though, he relegates skeptics of the government's good intentions to a few meager quotes.
Unlike many in the tech industry, Garfinkel welcomes legislation to rein in private industry. He draws on the early history of the information-collection business to make his point: "Left to its own devices, private industry created a system in the 1960s that was tremendously unfair to private citizens. Yes, there was a free information market, but it was a market in which only businesses could participate."
He's no Pollyanna about government abuse either, citing a litany of cases including the World War II internment of Japanese Americans and the excesses of J. Edgar Hoover's FBI. Nevertheless, it isn't a centralized government database Garfinkel fears - it's the unchecked, unregulated power of marketers.
For those who claim that improved technology will allow advertisers to target consumers with personal, customized offers, Garfinkel foresees a future snag: A man decides to take his mistress to New York for Valentine's Day. His airline and hotel reservations trigger a flood of "personalized" ads once he's back home that hawk special offers from every romantic eatery and jewelry store in Manhattan.
It's not only spam that worries Garfinkel. It's the power that businesses wield with personal information. Take the case of a Los Angeles man who injured his leg in a supermarket; when he sued, the market used records of his alcohol purchases to malign his character. Our "data shadows" - a term coined by Columbia professor Alan Westin - "force us to live up to a new standard of accountability," Garfinkel writes. "And because the information that makes up these shadows is occasionally incorrect, they leave us all vulnerable to punishment or retaliation for action that we did not even commit."
Sure, such inaccuracies are not the norm. But even in the best-case scenarios offered by information gatherers, any margin of error can ruin hundreds of lives. The Medical Information Bureau, the insurance industry's private clearinghouse of medical data, boasts a 97 percent accuracy rate. Unfortunately, that leaves hundreds of people with inaccuracies that could determine the price of their insurance - or whether they get insurance at all.
For all but the most studied privacy expert, Database Nation will provide not only valuable history and insight, but a rousing call to arms. For marketers on the Net, Garfinkel's book shows what they're likely to be up against from newly awakened customers.
- O'Reilly Media, Incorporated
- Publication date:
- Product dimensions:
- 6.05(w) x 9.02(h) x 0.96(d)
Read an Excerpt
Identity Theft: The Case of Steven Shaw
In recent years, there has been a sudden and dramatic growth of a new kind of crime, made possible by the ready availability of both credit and once-private information on Americans. In these cases one person finds another's name and Social Security number, applies for a dozen credit cards, and proceeds to run up huge bills. (Many banks make this kind of theft far easier than it should be, by printing their customers' Social Security number on their bank statements.) Sometimes the thieves enjoy the merchandise for themselves, go on lavish trips, and eat in fine restaurants. Other times the thieves fence the ill-gotten merchandise, turning it into cash. This crime has become so common that it has earned its own special name: identity theft.
A typical case is what happened to Stephen Shaw, a Washington-based journalist. Sometime during the summer of 1991 a car salesman from Orlando, FL, with a similar name-Steven Shaw-obtained Stephen Shaw's credit report. This is actually easier than it sounds. For years, Equifax had aggressively marketed its credit reporting service to car dealers. The service lets salespeople weed out the Sunday window-shoppers from the serious prospects by asking a customer's name and then surreptitiously disappearing to the back room and running a quick credit check. In all likelihood, says the Washington-based Shaw, the Shaw in Florida had simply gone fishing for someone with a similar-sounding name and a good credit history.
Once Steven Shaw in Florida had Stephen Shaw's Social Security number and credit report, he had all that he needed to steal the journalist's identity. Besides stating that Stephen Shaw had excellent credit, the report listed his current and previous addresses, his mother's maiden name, and the account numbers of all of his major credit cards. Jackpot!
"He used my information to open 35 accounts and racked up $100,000 worth of charges," says Stephen Shaw. "He tagged me for everything under the sun-car loans, personal loans, bank accounts, stereos, furniture, appliances, clothes, airline tickets."
Because all the accounts were opened with Stephen Shaw's name and Social Security number, all of the businesses held the Washington-based Stephen Shaw liable for the money that the other Shaw spent. And when the bills weren't paid, the companies told Equifax and the other credit bureaus that Stephen Shaw, the man who once had stellar credit, was now a deadbeat.
Shaw says that it took him more than four years to resolve his problems-a period that appears to be typical for most identity theft victims. That's four years of harassing calls from bill collectors, of getting more and more angry letters in the mail, or not knowing what else is being done in your name. Four years of having your creditors think of you as a deadbeat. During this period, it's virtually impossible for the victim to obtain a new credit card or a mortgage. One of the cruelest results of identity theft is that many victims find themselves unemployable; in addition to references, many businesses routinely check credit reports of their job applicants.
Identity theft is made possible because credit-card companies, always on the lookout for new customers, don't have a good way to verify the identity of a person who mails in an application or orders a credit card over the telephone. So the credit card companies make a dangerous assumption: they take it for granted that if you know a person's name, address, telephone number, Social Security number, and mother's maiden name, then you must be that person. And when the merchandise is bought and the bills aren't paid, that person is the one held responsible.
Nobody is really sure how prevalent identity theft is today, but it is definitely on the rise. Ideally the perpetrators should be jailed, fined, and otherwise punished. But law enforcement agencies are overwhelmed, and the courts have not allowed the true victims-the people who have had their identity stolen-to press charges against the perpetrators. That's because the law sees the company that issued the credit as the aggrieved party, not the person who had their identity stolen. That's great for the identity thieves: for most large banks, it's rarely worth the expense to prosecute a case.
But ultimately, identity theft is flourishing because credit-issuing companies are not being forced to cover the costs of their lax security procedures. The eagerness with which credit companies send out pre-approved credit-card applications creates the risk of fraud; when the fraud takes place, the credit issuer simply notes that information in the consumer's credit file and moves on; the consumer is left to pick up the pieces and otherwise deal with the cost of a stolen identity. It stands to reason, then, that the easiest way to reduce fraud would be to force the companies that are creating the risk to suffer the consequences. One way to do that would by penalizing companies that add provably false information to a consumer credit report the same way we penalize individuals who file false police reports. Such penalties would force credit grantors to do a better job identifying the individuals to whom they grant credit, which would, in turn, do a good job of limiting the crime of identity theft.
What People are saying about this
Peter G. Neumann, author of Computer-Related Risks ; Moderator of Risks Forum; Principal Scientist of Computer Science Lab, SRI International
Ralph Nader, Consumer Advocate
Meet the Author
Simson Garfinkel, CISSP, is a journalist, entrepreneur, and international authority on computer security. Garfinkel is chief technology officer at Sandstorm Enterprises, a Boston-based firm that develops state-of-the-art computer security tools. Garfinkel is also a columnist for Technology Review Magazine and has written for more than 50 publications, including Computerworld, Forbes, and The New York Times. He is also the author of Database Nation; Web Security, Privacy, and Commerce; PGP: Pretty Good Privacy; and seven other books. Garfinkel earned a master's degree in journalism at Columbia University in 1988 and holds three undergraduate degrees from MIT. He is currently working on his doctorate at MIT's Laboratory for Computer Science.
and post it to your social network
Most Helpful Customer Reviews
See all customer reviews >