Reason Magazine

Secrets For Sale

Do strangers with computers know too much about you?

Jacob Sullum from the April 1992 issue

(Page 2 of 5)

Janlori Goldman, director of the ACLU's Privacy and Technology Project, would like to see aseparate statute for every business that deals with information about people. Congress has alreadypassed a number of laws covering specific industries, including the Fair Credit Reporting Act(credit bureaus), the Cable Communications Policy Act (cable TV), the Right to Financial PrivacyAct (banks), and the Family Educational Rights and Privacy Act (schools). Goldman saysCongress should strengthen these laws and add more as needed.

Others are leery of such a top-down approach. "It's a very bad solution," says Alan F. Westin, aprofessor of public law and government at Columbia University who has studied privacy issuesfor more than 40 years. "It would be horrendous for the flow of goods and services in theAmerican marketplace." Westin, who has done consulting work for Equifax, argues that a batchof complex legislation is unnecessary and undesirable, that concerns about informational privacycan be addressed through market mechanisms and established common-law principles.

When you consider the right to informational privacy in the abstract, the call for more laws andregulations may seem sensible. But once you try to define the right and apply it to real situations,the advantages of Westin's more flexible approach become apparent. Privacy expectations varyfrom person to person and depend heavily on the type of information involved. Rather thanimposing a one-size-fits-all solution, the law should allow people to attach enforceable conditionsto the disclosure of information about themselves. In the final analysis, the right to informationalprivacy is nothing more than a variation on the right of contract.

The contract model is a vital safeguard against the excesses of well-meaning but overzealousprivacy advocates. The power to control information about you is the power to control the speechof others. Based on contract, such control is strictly limited. Based on nebulous concerns aboutprivacy, it is open ended. Thus, a concept intended to protect individual dignity and autonomycould become a new rationale for censorship.

The controversy over Marketplace: Households shows how informational privacy relies on theidea of implicit contracts. When pressed, privacy advocates say the crucial problem with the database was that Equifax used information from its credit files to put it together. Equifax got namesand addresses directly from its files, determined sex from first names, identified married peoplethrough joint credit-card accounts, and placed people into age ranges based on dates of birth. Itused other information from its files, such as occupation, to help decide what sort of people (forexample, "successful singles") lived in which neighborhoods (identified by nine-digit zip codes).

Equifax supplemented information from the credit files with data from public sources such as theU.S. Census, the Bureau of Labor Statistics, and the U.S. Postal Service. It also purchased datafrom R.L. Polk & Co., a Detroit firm that compiles lists based on publicly available information,such as wedding announcements and vehicle registration records. Using these data, informationfrom its credit files, and results from consumer surveys, Equifax linked extended zip codes toshopping habits (for example, "plays tennis" or "buys do-it-yourself products"), enhancing itsneighborhood profiles.

When all was said and done, though, Marketplace: Households offered very little specificinformation about individuals. Instead, it included them on lists of people sharing certain broadcharacteristics (including income ranges), mostly based on where they lived. Lotus and Equifaxboth emphasized that the data base was not designed to allow a user to get even this roughinformation by typing in a name. The data base included other safeguards as well: no phonenumbers, no lists of single women, no lists of people over the age of 65.

Still, in the eyes of most privacy advocates, Equifax had broken a promise. "Credit informationought to be held in trust," Smith says. "It's the clear intention of the Fair Credit Reporting Actthat credit information be used only for credit, insurance, or employment. It was nevercontemplated that the information would be used for marketing purposes." Credit bureaus notethat the law also allows use of the information for any other "legitimate business need," and theyhave argued that this covers the sale of marketing data.

But Smith is making a broader point as well. When you apply for a credit card or a bank loan, youexpect that the information you divulge will be passed on to a credit bureau, which will then keeptrack of your purchases and payments. You know that other providers of credit, insurers,prospective employers, and perhaps landlords will have access to your file. (Indeed, in many casesyou explicitly authorize this access when you apply for a loan, insurance, a job, or an apartment.)But you probably don't expect that some of the information in your credit file will be sold to directmarketers. And you can't possibly consent to something you don't know about.

So by using information in its credit files for a purpose other than that intended by the originalsource, Equifax

violated an implicit contract. More precisely, the banks, department stores, and other businessesthat give Equifax information broke a tacit agreement with their customers by failing to stop thecredit bureau from sharing the information with direct marketers. The violation could haveoccurred with written records as well as electronic information; computers just made it easier.Moreover, the violation did not hinge on how sensitive the information in Marketplace:Households was or how effective the "privacy safeguards" built into it were, although most of thecomplaints from consumers focused on these issues.

Critics of Marketplace: Households agree that Equifax's chief sin was breaking the first rule ofinformational privacy: Information disclosed for one purpose should not be used for anotherpurpose without the subject's consent. First suggested in the early '70s, this principle is embodiedin the European Community's proposed privacy regulations and endorsed by virtually everyprivacy advocate. But although the rule seems quite reasonable, nailing down its implications inthe real world is tricky.

Much depends on how you define "consent" and what you think constitutes "another purpose."Under a loose interpretation, your information would be fair game once you revealed it to anyone,unless you explicitly indicated otherwise. Under a strict interpretation, you would have tospecifically authorize every transfer of information. At one extreme, you might find total strangersprivy to sensitive and perhaps embarrassing information about you)your salary, the movies yousee, the self-help books you buy. At the other extreme, investigative reporters might have to giveadvance notice to the subjects of their exposes, and many common business practices)such asrenting customer lists and soliciting orders by mail)could become prohibitively expensive.

Businesses with operations in Europe are worried that they will soon be at the mercy of E.C.bureaucrats charged with making such decisions. As proposed, the E.C. privacy regulations wouldrequire businesses to get explicit permission for secondary uses. For example, a magazine withEuropean subscribers would have to obtain consent from each one before selling or renting theirnames and addresses to direct marketers. The standard practice now is to notify subscribers thatthey can ask to be removed from such lists. If they don't, it's assumed that they have consented.By reversing that assumption, the E.C. would effectively ban the rental of subscription lists bymaking them too costly to be worthwhile.

Another troubling aspect of the proposed regulations is a ban on the transfer of computerizedinformation between the E.C. and any country without "adequate" privacy protection. This couldstop international businesses from sending personnel files or customer records from the UnitedStates to Europe, and vice versa. Smith suggests that the E.C. may distinguish betweeninformation, such as that in credit files, that is regulated by U.S. law and information, such as thatin personnel records, that is not. In the latter case, he says, the E.C. may be satisfied by a strictcompany policy, rather than insisting on a law. He acknowledges, though, that the bureaucraticcosts will be heavy.