Den Links Literature Reviews Bookstore Friends Humor Claire's Essays Claire's Books Wolfe's Lodge

Previous Next

Wolf Tracks


LITTLE BROTHER IS WATCHING

How corporate America assumes ownership of
your identity and your life

This article originally appeared in the Loompanics Unlimited Winter 1999 catalog supplement. Many of the privacy invasions I mention will be familiar to net-savvy privacy protectors; they were less familiar to the print audience.

Corporate America – and corporate Earth, for that matter – is intent on forcing new ID and tracking technologies upon you. The examples above are typical of the thousands of corporate initiatives that, in one way or another, are rapidly shifting your information into their hands.

The reasons corporations give are many. Some are bogus; a few are actually legitimate. But why – if all this tracking, databasing and ID-ing is benevolent, as they and the media invariably claim – are corporations so desperate to keep you in the dark about their plans for you?

Perhaps because you're not the customer any more. You're simply a "resource" to be managed for profit. The customer is someone else now – and usually someone without your best interests at heart.

Watch them in action

GM and the black boxes: According to the New York Times, six million data recorders have been:

…quietly put into various models of General Motors cars since 1990.

A newly developed model being installed in hundreds of thousands of GM cars this year records not only the force of collisions and the air bag's performance, but also captures five seconds of data before impact. It can determine, for example, whether the driver applied the brakes in the fifth second, third second or last second. It also records the last five seconds of vehicle speed, engine speed, gas pedal position and whether the driver was wearing a seat belt.

The advanced model, which records the final five seconds of data, was first installed in 1998 Cadillacs sold to rental car companies, but it was done so quietly that even executives at Avis, which buys hundreds of such cars, were unaware of the recorders.

Now, here's a case where an innovation seems truly benign and useful. It's such a cool thing you'd think they'd be bragging about it in their ads.

But…who does this data belong to? You? Your insurance company? General Motors? The police? If you're in a wreck, who can get it – and how, and why? Do they need a warrant? Is the information admissible in court? Is it self-incrimination? What?

GM has decided that these questions simply aren't your business – even though, in a worst-case accident – the answers could determine whether you go to prison, get clobbered by a million-dollar civil judgment or walk free. Pay $40,000 for a top-of-the-line GM car? You're still too unimportant to be consulted in these crucial matters of your own future. Who is the customer? Not you, who pays for the car. It's insurance companies and police agencies.

Big Brother Inside. When Intel revealed its Pentium III chip early in 1999, boasting that the chip was capable of sending information about you to Web site operators, the company took the now-standard "for the children" line. According to ScanThisNews, Intel claimed:

"Some of the most popular Internet communities on the Web will use the Pentium III processor as a virtual access card, giving [users] more control over how [they] experience age-appropriate content on their sites."

Here are the consequences Intel doesn't want you to consider:

Intel admits….The chip ID used in combination with other individual identifying data – such as an electronic fingerscan or PIN – can also be used to build databases of user habits, trace e-mail, and to monitor usage of copyrighted material, among other things.

But more importantly, if Intel is allowed to establish this as a standard, Web page administrators will undoubtedly begin requiring that the processor IDs be turned "ON" in order for users to access their pages. And, as electronic, online purchases steadily increase, States are going to demand some method to identify purchasers within their borders so that sales tax can be levied against e-transactions. At such time in the near future, laws will be passed requiring CPU IDs to be "voluntarily" transmitted before a sale can be conducted. Anyone who doesn't "volunteer" will not be allowed to conduct electronic business over the Internet, and some – if not all – web pages will become "off limits."

Volunteer or else. Where have we heard that line before?

Under pressure from privacy advocates, Intel ultimately agreed to deliver computers with the ID feature turned off – a move opponents deemed both deceptive and inadequate. Privacy buffs began a boycott of "Big Brother Inside." But Intel continues to market the chip, and is extending the feature to its other chips, as well.

Who is the customer? Not you, who pays for the chip. It's commercial Web site operators and government agencies.

Your helpful banker. Albert Newman is 79 and has a little money saved up. Heritage Bank of Olympia, Washington, figured he'd be a good marketing target, so they sold his name and account number to an insurance company. The insurance company, not wanting prospects to know it had such confidential information, encrypted account numbers on its solicitations.

Nobody bargained on Mr. Newman having been a code expert in World War II. He figured out what they were doing and demanded that they stop. They didn't. He sued. An isolated incident? In Minnesota, June 1999, U.S. Bankcorp, was forced to settle with the state for $3 million after being caught illegally and covertly selling account-holder information – including credit limits and social security numbers.

The Congressional response? To pass a bill making it easier and more clearly legal for banks to conduct such sales.

Who is the customer? Not you, who entrusts your money and your privacy to the bank. It's insurance companies, investment firms and other direct marketers.

Microsoft wants you. In late February, 1999, Richard M. Smith of Brookline, Mass., noticed that Microsoft Word or Excel on Windows 98 inserted a hidden 32-digit number into his documents. Do you imagine you're sending that controversial political pamphlet or whistle-blowing letter anonymously? You're not.

Guess what else? When you registered your software, you even sent the number – ominously called a Global Unique Identifier, or GUID – to Microsoft. When the cops come looking for the creator of that seditious literature, Microsoft can tell 'em it was you. MS also grabbed information about your hardware and stored it in their marketing databases. Richard Smith told the world. But naturally, Microsoft didn't tell anyone – until it was forced to. Later – once again under public pressure – Microsoft provided a patch to fix the "bug" and swore it had deleted any ill-gotten data from its systems. Still, most Windows users blithely add a GUID to their documents without a clue they're doing so – exactly as Microsoft always planned.

Who is the customer? Not you, who pays for the software. It's government agencies, random snoops and Microsoft itself.

The evil empire of UPS? UPS is big. UPS ships 12 million packages a day and owns the largest private database in the world. When UPS says every, single commercial shipper must have an online connection to it by October 1999, shippers jump. Loompanics also jumped when its UPS rep and an equipment vendor said it had to get a new computer system and set up a dedicated phone line to share data with UPS. They jumped more in shock than in a rush to do UPS' bidding, however. Put our confidential customer info online with you, where it could be hacked by private or government snoops? No way!

That's actually how this article got started. Loompanics asked me to look into what they considered a rape of privacy.

That's also where things got tricky, though. Did UPS say they require Loompanics to get a new computer system and a dedicated phone line for 24-hour data sharing?

"Oh, no, oh no, we wouldn't say that," insisted PR flacks at UPS's Atlanta HQ and New Jersey tech center. They did, insists Anita Day of Loompanics.

"Well, maybe we used the word 'required,'" said one flack. "But we didn't mean it the way it sounded."

Did Loompanics' UPS rep say "required"? Who knows? His calls are returned by yet one more PR flack. Did UPS ever officially say "required"? Who knows? The info has been removed from their Web site.

But even by the most charitable interpretation, UPS is now "encouraging" every commercial shipper, no matter how small, to use one of several online data-exchange options. Efficient? No doubt. The efficiency comes from the fact that all these options put names and addresses of package recipients right into the world's largest private database.

Of course, UPS has long had recipients' addresses in their database. But the new systems – particularly those used by the largest shippers – have the potential to dump vastly more information into UPS computers. For instance, there's a label feature called the "maxi-code" that can hold up to 350 separate pieces of information about you or the contents of your package. It's for the convenience of the shipper, says UPS. And the convenience of anyone else who cares to read it.

Loompanics has compromised – switching to the required computer system, but refusing to enter customer names, put revealing information in the maxi-code, or give UPS direct access to the closely held Loompanics database.

"If they tell me they have to have a name in their computer or they won't pick up my packages," Day says, "I won't do business with UPS again."

Still, most shippers – even some whose customer information ought to be highly confidential – seem unconcerned. Without the knowledge or consent of their customers, they're taking sensitive, private data and giving it to UPS.

UPS says it doesn't sell data, and that all information is safe behind the world's most sophisticated anti-hacking systems. The publisher of Secrets of a Super Hacker is not reassured.

Who is the customer? Not you, who pays for the shipping. It's UPS itself – and anyone who can gain access to its databases.

Say cheese. By early 1999, Image Data, LLC, a startup company in Nashua, New Hampshire, had quietly negotiated to buy the drivers license databases of five states – and aimed to get all 50 – when South Carolina attorney general, Charles Condon, protested.

The company intended to put digitized photos of millions of Americans into a system to be used by retailers as part of their check-cashing procedures.

When its maneuvers were discovered, the company immediately adopted a "poor innocent me" posture:

Spokeswoman Lorna Christie said the two-year-old company, founded by a victim of credit card fraud, created the system out of concern for identity fraud, which she said costs the nation up to $50 billion a year…. "This is a service for the protection of the residents of South Carolina."

But again, if its service was so reasonable and valuable, why the secrecy – both by the company and the state governments with which it worked? One very large reason soon came to light.

Image Data turned out to be largely funded by $1.4 million dollars from the U.S. Secret Service, which no doubt found this a clever way to create one more federal database with a private company as a front.

Public outrage has, for the time being, forced states to back out of their deals with Image Data. But don't expect this plan to die.

Who is the customer? Guess. [NOTE 9/22/99; This month it was confirmed -- through FOIA documents obtained by a privacy-rights group -- that the Image Data scheme was indeed a plan to create an unauthorized government using a private firm as a front. The feds even chose which states would be first to submit their citizens.]

Beneficial?

Most arguments for widespread corporate databasing, tracking and ID don't hold up when closely examined. For instance, the oft-heard claim that databases such as Image Data's "help prevent identity theft" is an example of the Hitlerian Big Lie. By making vast amounts of information easily available, they actually create opportunities for malicious people to adopt your entire credit history, job history and persona.

The crime of "identity theft" barely existed before "identity" was an electronic measure. But even if databases and tracking devices were truly beneficial, that isn't the point. The point is that they are increasingly being imposed upon us covertly or through deception. We are unable to evaluate their impact or make an informed choice about whether or not to participate. The very secrecy tells us that something dangerous to our freedom, or at least supremely arrogant, is going on.

But what if companies did bother to ask your opinion or permission? The sorry fact is, most people might say, "No problem."

Consider the smart card – soon to replace your credit cards, drivers license, health insurance card, social security card and the cash in your pocket. Soon to contain your school transcripts, your health history, your employment records and your criminal file. It will be a portable database you carry everywhere you go. Every dime you spend, every disease you get, every job, every arrest, every hobby, habit, pleasure and vice you have will be tracked by someone, reported somewhere, available to anyone who knows how to get it. For anyone who even thinks about the potential dangers, it's a horrifying prospect.

Still, reports like this are common:

WASHINGTON: Americans are ready, willing and anxious to start using smart cards, the next stage in personal electronic technology that allows them to perform financial and other activities through credit card-sized high-tech devices, according to industry research made widely available today. In the survey, conducted for the Smart Card Forum, a Washington-based multi-industry trade group, three-quarters of those polled showed interest in the smart card concept. A significant number of respondents said they would want to use the cards for functions including bank access and ATM services, to carry a record of driver and health insurance information, and as credit cards.

In this case, consider the source – PRNewswire, a public relations news service. Industry propaganda. But read any alleged news article about ID or tracking technology and you'll see the same story, over and over: biometric ID and databases will make you secure; gee whiz they can catch real bad criminals with this stuff, too; so what if a few kooky "privacy groups" get their undies in a bunch over it?

Who is the customer? Not you, whose life is reduced to someone else's salable, searchable, investigatable data. The customer is everyone who wishes to own a piece of your life.

Government's not the solution

Recently, some privacy advocates have been crying for government to legislate against abuse of personal information. They point to a legal model, now popular in Europe, which acknowledges that individuals have a right to control most information about themselves.

That's good theory. But instead of empowering individuals to manage their own data, the European model sets up a huge government bureau with a "privacy czar" virtually above the law. In the Fall of '99, for instance, the Canadian parliament will consider Euro-style privacy legislation (resurrected from omnibus bill C-54, which failed to pass in the spring session). If it becomes law, it will allow a newly minted "federal privacy commissioner" to enter any non-residential building without a warrant, examine and copy any records he wishes without any standard of probable cause, and to compel anyone in the targeted establishment "to give written or oral testimony under oath."

Privacy? Protection? For whom? From whom?

Anyone who still believes the foxes of the U.S. government should be trusted with guarding the privacy hen house need only look at what the House of Representatives did in June of 1999, in the name of "privacy." The L.A. Times says:

Individual medical records, including patients' genetic information, could be disclosed by health insurers to credit card companies and other financial institutions under legislation overwhelmingly approved Thursday by the House. The controversial provision is embedded in a massive bill overhauling the financial services industry, which passed, 343 to 86….

[P]rivacy experts said that it is virtually a "publicity" provision that, because of the way it is worded, would allow broad disclosures of private medical information without a patient's permission.

"Under this legislation, a health insurer can send a patient's diagnosis to a credit agency. They can say, in effect, 'By the way, Joan Smith has a brain tumor; don't lend her any money,' " said Tim Westmoreland, a senior policy fellow at Georgetown University Law Center.

As I write this, the bill hasn't yet become law. But remember that this "privacy protection" – Yes, that's what its sponsor, Greg Ganske (R-Iowa) calls it – is brought to you by the same people who already gave you the upcoming national ID drivers license and a database to track you from job to job and city to city for the rest of your life.

No, the government won't protect you – though any government will gladly use "protection" precisely as it uses "safety," "security," "crime prevention" and "for the children" – to con you out of your liberties. Don't turn to Little Brother, the corporate world, for help. It's interested in you only as a resource.

Doomed self-protection

If you care, you will have to protect yourself. You will have to foil snooping banks, buy computers that don't have "Big Brother Inside," ship with someone other than UPS, refuse to get a drivers license, always wonder what's really under the hood of your car, and be ever-watchful for the next development in snoopery and "human resource management."

But the reality is that most of us won't bother. Even something as simple as writing to our bank to demand that they remove us from their marketing lists takes more effort than most of us are willing to give.

In other cases, there's very little we can do, since we don't even know what's being done to us.

We must – as best we can – stay aware, try not to patronize companies that patronize us, raise holy hell when privacy is stolen, and occasionally throw a few good, heavy monkeywrenches into the works.

But the day will come when it will be either impossible, or illegal, to function in normal society without a smart card, a tracking device on our vehicles, or a computer that automatically reports our activities to distant Watchers.

On that day – when privacy is outlawed – only outlaws will have privacy.


© 1999 Claire Wolfe. This article may be reprinted for non-commercial purposes, as long as it is reprinted in full with no content changes whatsoever, and is accompanied by this credit line. The article may not be re-titled, edited or excerpted (beyond the limits of the fair use doctrine) without the written permission of the author. For-profit publications will be expected to pay a nominal reprint fee.

# # #



Previous Top Next

Wolf Tracks

| The Lodge | Claire's Books | CW Essays | CW Sillies | Patricia Neill | Friends
| Bookstore | Reviews | Literature | Sound-Off Archive | Den | Links |

If you find anything awry at this site,
please contact the Web Tender.



22 September, 1998