Reason Magazine

Secrets For Sale

Do strangers with computers know too much about you?

Jacob Sullum from the April 1992 issue

In April 1990, Lotus Development Corp. proudly announced the release of Marketplace:Households, "a new desktop information product for Apple Macintosh personal computers thatallows any business person to perform sophisticated sales prospecting and market analysis."Marketplace: Households combined information about 120 million U.S. consumers, stored oncompact disks, with software that would have allowed users to select lists of names and addressesbased on nine marketing criteria.

Priced at $695 (plus additional fees for lists), the data base would have provided small businessesand nonprofit organizations with information that had previously been available only to largecompanies. For example, the owner of a trendy new restaurant could get a list of young, affluentpeople living near his establishment. A local political organization could target older, marriedhomeowners in a given neighborhood. Marketplace: Households was scheduled to hit computerstores in the fall.

It didn't. After unveiling the product, Lotus received some 30,000 letters of complaint, many ofthem by electronic mail. Privacy advocates, including the American Civil Liberties Union,condemned the data base. "It simply shouldn't be allowed on the market," said Marc Rotenberg,Washington director of Computer Professionals for Social Responsibility. In January 1991, Lotusannounced that it was canceling the information package.

Meanwhile, Equifax Inc., which provided the data for Marketplace: Households, was doing somerethinking of its own. Last August, the credit-reporting giant announced that it was getting out ofthe marketing-data business, except for credit-related purposes. "Continuing the business justwouldn't be consistent with a socially responsible position," Equifax senior vice president JohnBaker told The Wall Street Journal. Equifax urged its competitors to follow suit. In fact, inOctober it urged Congress to force its competitors to follow suit.

Underlying these two dramatic reversals is the amorphous concept of informational privacy,variously described as a right, a concern, an interest, and a preference. In the broadest sense, yourinformational privacy has been violated when someone knows something about you that you don'twant them to know. Traditionally, the "someone" has been the government, as represented infiction by Big Brother and in real life by J. Edgar Hoover. But in recent years, the focus of publicdebate has shifted to the private sector, especially large businesses and organizations. Privacyadvocates voice concern about a wide range of commercial activities, including credit reporting,job screening, direct marketing, insurance and medical record keeping, debit-card purchases, andelectronic toll collection.

For the most part, these activists are not talking about clearly illegal invasions of privacy, such aswire tapping or unauthorized access to computer files. They are more alarmed by the standardoperating procedures of credit bureaus, direct marketers, retailers, and others who deal incomputerized information. They complain that you can hardly engage in a business transactionthese days without leaving electronic footprints, often without realizing it.

Judging from press coverage, the commercial collection and dissemination of personalinformation, fueled by faster, cheaper computers and new software, have created a privacy crisis."Personal privacy is currently endangered, not because the information is available, but because itcan be accumulated, massaged, maybe even changed, with astonishing ease," an article in StudentLawyer reported in 1983. "If widely adopted, computer systems now in use experimentally couldcreate electronic records for the food we eat, the brand of toothpaste we buy, the newspaperarticles we read, and the routes we drive to work. Improperly used, these data banks coulddestroy the last vestiges of personal privacy in the United States....Both the private sector and thegovernment have shown themselves anxious to amass files that might allow them, ultimately, toknow more about us than we know about ourselves."

Nearly a decade later, such warnings are still common: "Privacy in the United States isincreasingly being invaded in today's world of computers and interconnected databanks" (TheChristian Science Monitor); the nation is moving "closer to the day when all the informationavailable on one person could be gathered in one place and then easily retrieved, sold ormanipulated by anyone" (The Washington Post); direct marketing "has been instrumental in theerosion of personal privacy" (The Wall Street Journal); "the combination of invasive technologiesand lax laws threatens to make the U.S. a nation of people who live in glass houses" (Time).

Even privacy advocates admit that much of the press coverage is speculative and overwrought."It's disappointing to me that all the stories in the press on this issue are what I call 'view withalarm' stories," says Robert Ellis Smith, publisher of Privacy Journal. "A large part of thepopulation probably thinks that there is a central data bank with all sorts of information aboutpeople in it. That's not the truth, but a lot of people think that. The rhetoric in the storiesreinforces that."

But the issue of informational privacy is not entirely a media creation. The letters protestingMarketplace: Households indicate that many Americans are worried that strangers withcomputers know too much about them. One consumer, under the misimpression that the Lotusdata base would include actual salaries, complained that "people's salaries are their ownbusiness....I could be fired for telling the person I sit next to what I make, and yet these peopleplan to publish it." Writing in The New York Times shortly after Marketplace: Households wascanceled, Mary J. Culuan, an associate professor of business administration at GeorgetownUniversity, compared discovering that a private data base has information about you to "learningthat you are being filmed secretly in the shower."

According to Lou Harris polling data, the percentage of Americans who said they were"concerned" about privacy increased from 33 percent to 79 percent between 1970 and 1991; thepercentage who were "very concerned" went from 25 percent to 48 percent. This dramatic riseprobably has a lotto do with the advent of computer-driven direct marketing, which has brought aflood of junk mail and junk phone calls into American homes.

Frustration with annoying solicitations has prompted some paradoxical responses. In November,Congress approved legislation that requires the Federal Communications Commission to maintaina list of people who say they don't want to receive telemarketing calls. Marketers are forbidden tocall anyone on the list. Thus, in the name of privacy, the government will keep a central record ofpeople with certain attitudes. How long will it be before a bureaucrat decides that taxpayers whoare especially concerned about privacy are also more likely to be hiding income from the IRS?

Still, the move to regulate telephone solicitations indicates growing hostility toward directmarketers. "It's the first thing that people think of when they think of privacy," says Smith. "It'sthe tip of the iceberg, the one time they can see the result of the pooling of computer data withouttheir knowledge to create information about them....It's symbolic, I guess, to a lot of people."

Just what it's symbolic of, though, is hard to get a handle on. When they discuss the perceivedthreat represented by the collection and dissemination of computerized information, consumers,business people, and privacy advocates are often talking about quite different things. Publicconcerns are vague, a mixture of annoyance at direct marketing, worries about data collection,and fear of computer technology. Business people tend to view these feelings as consumerpreferences, something to take into account along with concerns about cholesterol, aging, bodyodor, and the environment.

But privacy advocates generally consider expectations about how information will be handled amatter of right that should be enforced by law. "Our current laws are inadequate," declares a 1991report from Computer Professionals for Social Responsibility and the U.S. Privacy Council. "Nocitizen can be assured that information disclosed for one purpose will not be used for anotherpurpose...or that private companies will not exploit collections of personal information forcommercial gain." CPSR and the Privacy Council support legislation that would create a nationalData Protection Board, restrict the flow of computerized information, and ban some transfers,such as the sale of marketing data by credit bureaus.