Corporate
America and corporate Earth, for that matter is intent
on forcing new ID and tracking technologies upon you. The
examples above are typical of the thousands of corporate
initiatives that, in one way or another, are rapidly shifting
your information into their hands.
The
reasons corporations give are many. Some are bogus; a few
are actually legitimate. But why if all this tracking,
databasing and ID-ing is benevolent, as they and the media
invariably claim are corporations so desperate to keep
you in the dark about their plans for you?
Perhaps
because you're not the customer any more. You're simply
a "resource" to be managed for profit. The customer is someone
else now and usually someone without your best interests
at heart.
Watch
them in action
GM
and the black boxes: According to the New York Times,
six million data recorders have been:
quietly
put into various models of General Motors cars since 1990.
A newly developed model being installed in hundreds of
thousands of GM cars this year records not only the force
of collisions and the air bag's performance, but also
captures five seconds of data before impact. It can determine,
for example, whether the driver applied the brakes in
the fifth second, third second or last second. It also
records the last five seconds of vehicle speed, engine
speed, gas pedal position and whether the driver was wearing
a seat belt.
The advanced model, which records the final five seconds
of data, was first installed in 1998 Cadillacs sold to
rental car companies, but it was done so quietly that
even executives at Avis, which buys hundreds of such cars,
were unaware of the recorders.
Now,
here's a case where an innovation seems truly benign and
useful. It's such a cool thing you'd think they'd be bragging
about it in their ads.
But
who
does this data belong to? You? Your insurance company? General
Motors? The police? If you're in a wreck, who can get it
and how, and why? Do they need a warrant? Is the information
admissible in court? Is it self-incrimination? What?
GM has
decided that these questions simply aren't your business
even though, in a worst-case accident the answers could
determine whether you go to prison, get clobbered by a million-dollar
civil judgment or walk free. Pay $40,000 for a top-of-the-line
GM car? You're still too unimportant to be consulted in
these crucial matters of your own future. Who is the customer?
Not you, who pays for the car. It's insurance companies
and police agencies.
Big
Brother Inside. When Intel revealed its Pentium
III chip early in 1999, boasting that the chip was capable
of sending information about you to Web site operators,
the company took the now-standard "for the children" line.
According to ScanThisNews, Intel claimed:
"Some
of the most popular Internet communities on the Web will
use the Pentium III processor as a virtual access card,
giving [users] more control over how [they] experience age-appropriate
content on their sites."
Here
are the consequences Intel doesn't want you to consider:
Intel
admits
.The chip ID used in combination with other individual
identifying data such as an electronic fingerscan or PIN
can also be used to build databases of user habits, trace
e-mail, and to monitor usage of copyrighted material, among
other things.
But more importantly, if Intel is allowed to establish
this as a standard, Web page administrators will undoubtedly
begin requiring that the processor IDs be turned "ON"
in order for users to access their pages. And, as electronic,
online purchases steadily increase, States are going to
demand some method to identify purchasers within their
borders so that sales tax can be levied against e-transactions.
At such time in the near future, laws will be passed requiring
CPU IDs to be "voluntarily" transmitted before a sale
can be conducted. Anyone who doesn't "volunteer" will
not be allowed to conduct electronic business over the
Internet, and some if not all web pages will become
"off limits."
Volunteer
or else. Where have we heard that line before?
Under
pressure from privacy advocates, Intel ultimately agreed
to deliver computers with the ID feature turned off a
move opponents deemed both deceptive and inadequate. Privacy
buffs began a boycott of "Big Brother Inside." But Intel
continues to market the chip, and is extending the feature
to its other chips, as well.
Who
is the customer? Not you, who pays for the chip. It's commercial
Web site operators and government agencies.
Your
helpful banker. Albert Newman is 79 and has a little
money saved up. Heritage Bank of Olympia, Washington, figured
he'd be a good marketing target, so they sold his name and
account number to an insurance company. The insurance company,
not wanting prospects to know it had such confidential information,
encrypted account numbers on its solicitations.
Nobody
bargained on Mr. Newman having been a code expert in World
War II. He figured out what they were doing and demanded
that they stop. They didn't. He sued. An isolated incident?
In Minnesota, June 1999, U.S. Bankcorp, was forced to settle
with the state for $3 million after being caught illegally
and covertly selling account-holder information including
credit limits and social security numbers.
The
Congressional response? To pass a bill making it easier
and more clearly legal for banks to conduct such sales.
Who
is the customer? Not you, who entrusts your money and your
privacy to the bank. It's insurance companies, investment
firms and other direct marketers.
Microsoft
wants you. In late February, 1999, Richard M. Smith
of Brookline, Mass., noticed that Microsoft Word or Excel
on Windows 98 inserted a hidden 32-digit number into his
documents. Do you imagine you're sending that controversial
political pamphlet or whistle-blowing letter anonymously?
You're not.
Guess
what else? When you registered your software, you even sent
the number ominously called a Global Unique Identifier,
or GUID to Microsoft. When the cops come looking for the
creator of that seditious literature, Microsoft can tell
'em it was you. MS also grabbed information about your hardware
and stored it in their marketing databases. Richard Smith
told the world. But naturally, Microsoft didn't tell anyone
until it was forced to. Later once again under public
pressure Microsoft provided a patch to fix the "bug" and
swore it had deleted any ill-gotten data from its systems.
Still, most Windows users blithely add a GUID to their documents
without a clue they're doing so exactly as Microsoft always
planned.
Who
is the customer? Not you, who pays for the software. It's
government agencies, random snoops and Microsoft itself.
The
evil empire of UPS? UPS is big. UPS ships 12 million
packages a day and owns the largest private database in
the world. When UPS says every, single commercial shipper
must have an online connection to it by October 1999, shippers
jump. Loompanics also jumped when its UPS rep and an equipment
vendor said it had to get a new computer system and set
up a dedicated phone line to share data with UPS. They jumped
more in shock than in a rush to do UPS' bidding, however.
Put our confidential customer info online with you, where
it could be hacked by private or government snoops? No way!
That's
actually how this article got started. Loompanics asked
me to look into what they considered a rape of privacy.
That's
also where things got tricky, though. Did UPS say they require
Loompanics to get a new computer system and a dedicated
phone line for 24-hour data sharing?
"Oh,
no, oh no, we wouldn't say that," insisted PR flacks at
UPS's Atlanta HQ and New Jersey tech center. They did, insists
Anita Day of Loompanics.
"Well,
maybe we used the word 'required,'" said one flack. "But
we didn't mean it the way it sounded."
Did
Loompanics' UPS rep say "required"? Who knows? His calls
are returned by yet one more PR flack. Did UPS ever officially
say "required"? Who knows? The info has been removed from
their Web site.
But
even by the most charitable interpretation, UPS is now "encouraging"
every commercial shipper, no matter how small, to use one
of several online data-exchange options. Efficient? No doubt.
The efficiency comes from the fact that all these options
put names and addresses of package recipients right into
the world's largest private database.
Of course,
UPS has long had recipients' addresses in their database.
But the new systems particularly those used by the largest
shippers have the potential to dump vastly more information
into UPS computers. For instance, there's a label feature
called the "maxi-code" that can hold up to 350 separate
pieces of information about you or the contents of your
package. It's for the convenience of the shipper, says UPS.
And the convenience of anyone else who cares to read it.
Loompanics
has compromised switching to the required computer system,
but refusing to enter customer names, put revealing information
in the maxi-code, or give UPS direct access to the closely
held Loompanics database.
"If
they tell me they have to have a name in their computer
or they won't pick up my packages," Day says, "I won't do
business with UPS again."
Still,
most shippers even some whose customer information ought
to be highly confidential seem unconcerned. Without the
knowledge or consent of their customers, they're taking
sensitive, private data and giving it to UPS.
UPS
says it doesn't sell data, and that all information is safe
behind the world's most sophisticated anti-hacking systems.
The publisher of Secrets of a Super Hacker is
not reassured.
Who
is the customer? Not you, who pays for the shipping. It's
UPS itself and anyone who can gain access to its databases.
Say
cheese. By early 1999, Image Data, LLC, a startup
company in Nashua, New Hampshire, had quietly negotiated
to buy the drivers license databases of five states and
aimed to get all 50 when South Carolina attorney general,
Charles Condon, protested.
The
company intended to put digitized photos of millions of
Americans into a system to be used by retailers as part
of their check-cashing procedures.
When
its maneuvers were discovered, the company immediately adopted
a "poor innocent me" posture:
Spokeswoman
Lorna Christie said the two-year-old company, founded by
a victim of credit card fraud, created the system out of
concern for identity fraud, which she said costs the nation
up to $50 billion a year
. "This is a service for the protection
of the residents of South Carolina."
But
again, if its service was so reasonable and valuable, why
the secrecy both by the company and the state governments
with which it worked? One very large reason soon came to
light.
Image
Data turned out to be largely funded by $1.4 million dollars
from the U.S. Secret Service, which no doubt found this
a clever way to create one more federal database with a
private company as a front.
Public
outrage has, for the time being, forced states to back out
of their deals with Image Data. But don't expect this plan
to die.
Who
is the customer? Guess. [NOTE 9/22/99; This month it was
confirmed -- through FOIA documents obtained by a privacy-rights
group -- that the Image Data scheme was indeed a plan to
create an unauthorized government using a private firm as
a front. The feds even chose which states would be first
to submit their citizens.]
Beneficial?
Most
arguments for widespread corporate databasing, tracking
and ID don't hold up when closely examined. For instance,
the oft-heard claim that databases such as Image Data's
"help prevent identity theft" is an example of the Hitlerian
Big Lie. By making vast amounts of information easily available,
they actually create opportunities for malicious people
to adopt your entire credit history, job history and persona.
The
crime of "identity theft" barely existed before "identity"
was an electronic measure. But even if databases and tracking
devices were truly beneficial, that isn't the point. The
point is that they are increasingly being imposed upon us
covertly or through deception. We are unable to evaluate
their impact or make an informed choice about whether or
not to participate. The very secrecy tells us that something
dangerous to our freedom, or at least supremely arrogant,
is going on.
But
what if companies did bother to ask your opinion or permission?
The sorry fact is, most people might say, "No problem."
Consider
the smart card soon to replace your credit cards, drivers
license, health insurance card, social security card and
the cash in your pocket. Soon to contain your school transcripts,
your health history, your employment records and your criminal
file. It will be a portable database you carry everywhere
you go. Every dime you spend, every disease you get, every
job, every arrest, every hobby, habit, pleasure and vice
you have will be tracked by someone, reported somewhere,
available to anyone who knows how to get it. For anyone
who even thinks about the potential dangers, it's a horrifying
prospect.
Still,
reports like this are common:
WASHINGTON:
Americans are ready, willing and anxious to start using
smart cards, the next stage in personal electronic technology
that allows them to perform financial and other activities
through credit card-sized high-tech devices, according to
industry research made widely available today. In the survey,
conducted for the Smart Card Forum, a Washington-based multi-industry
trade group, three-quarters of those polled showed interest
in the smart card concept. A significant number of respondents
said they would want to use the cards for functions including
bank access and ATM services, to carry a record of driver
and health insurance information, and as credit cards.
In this
case, consider the source PRNewswire, a public relations
news service. Industry propaganda. But read any alleged
news article about ID or tracking technology and you'll
see the same story, over and over: biometric ID and databases
will make you secure; gee whiz they can catch real bad criminals
with this stuff, too; so what if a few kooky "privacy groups"
get their undies in a bunch over it?
Who
is the customer? Not you, whose life is reduced to someone
else's salable, searchable, investigatable data. The customer
is everyone who wishes to own a piece of your life.
Government's
not the solution
Recently,
some privacy advocates have been crying for government to
legislate against abuse of personal information. They point
to a legal model, now popular in Europe, which acknowledges
that individuals have a right to control most information
about themselves.
That's
good theory. But instead of empowering individuals to manage
their own data, the European model sets up a huge government
bureau with a "privacy czar" virtually above the law. In
the Fall of '99, for instance, the Canadian parliament will
consider Euro-style privacy legislation (resurrected from
omnibus bill C-54, which failed to pass in the spring session).
If it becomes law, it will allow a newly minted "federal
privacy commissioner" to enter any non-residential building
without a warrant, examine and copy any records he wishes
without any standard of probable cause, and to compel anyone
in the targeted establishment "to give written or oral testimony
under oath."
Privacy?
Protection? For whom? From whom?
Anyone
who still believes the foxes of the U.S. government should
be trusted with guarding the privacy hen house need only
look at what the House of Representatives did in June of
1999, in the name of "privacy." The L.A. Times says:
