Reason Magazine

Database Nation

The upside of "zero privacy"

Declan McCullagh from the June 2004 issue

(Page 2 of 5)

Building on Reputation

All this was made possible by the convergence of several trends half a century ago. After the Depression, the pent-up demand for consumer goods exploded and the desire for an entirely cash-based society evaporated. The end of World War II brought a population boom and greater mobility. The most crucial change was the invention of the computer, which permitted more-efficient information storage and retrieval. The invention of high-capacity hard drives, fatter memory chips, and ever-speedier integrated circuits completed the databasification of American life.

While computers were essential to this latest phase of data gathering, the need to compile and exchange financial information is hardly new. Stanford economist Avner Greif's history of trade between 11th-century Mediterranean cities, published in the Journal of Economic History in 1989, showed how merchants used overseas agents, backed up by a web of information flows, to save money. For merchants, hiring agents to receive shipments when they arrived at the destination port was cheaper than traveling with the goods. To prevent agents from absconding with the merchandise, Maghrebi traders relied on a social network that provided agents and kept track of those who cheated. "Information was crucial to business decision-making," Greif noted. To keep agents honest, "coalition members blocked a cheater's access to the coalition's internal information flows." The traders' rudimentary paper ledgers served the same purpose as today's electronic credit reports: helping to distinguish honorable traders from frauds and deadbeats.

Adam Smith came to a similar conclusion in a 1766 paper titled "Lecture on the Influence of Commerce on Manners." He stressed the importance of a positive reputation, which necessarily means that others have access to information about your past actions and therefore feel they can predict your future behavior. "A dealer is afraid of losing his character, and is scrupulous in observing every engagement," Smith wrote. "When a person makes perhaps 20 contracts in a day, he cannot gain so much by endeavoring to impose on his neighbors, as the very appearance of a cheat would make him lose."

Modern databases trace the reputations not just of individuals but of corporations as well. Probably the most famous example is the credit reporting firm Dun & Bradstreet, which provides one of the most important tributaries to the pool of information about corporations and government agencies. It was founded as two different firms -- New York's Mercantile Agency in 1841 and Cincinnati's Bradstreet Company in 1849 -- that merged in 1933. Both were created in response to a 19th-century problem: false letters of credit.

As American pioneers headed westward, scoundrels occasionally would present forged letters of credit to wholesale merchants in larger towns. After obtaining merchandise on credit, the person responsible for the scam would silently vanish with the goods. Dun & Bradstreet's crucial innovation was to make the system more efficient by compiling credit information on traders and retailers into voluminous leather-bound tomes. Those were available for perusal at branch offices that moved west along with new cities as they became populated. Dun & Bradstreet even employed traveling "reporters" who would investigate both new and established businesses and make recommendations about their creditworthiness. (Ulysses S. Grant and William McKinley were once Dun & Bradstreet correspondents.)

Daniel Klein, an economist at Santa Clara University who studies reputation, says such systems arise because "trust has an important role in just about all dealings. Trust depends on confidence which depends on assurance. Information is one form of that."

Secret Weapon

Having a portion of your existence chronicled in a web of interlinked databases does raise some legitimate privacy concerns. Who has access? How long will your credit card purchases remain on file? Getting cheap mortgage quotes is fine, but what is in place to protect against misuse of the information?

In the U.S., there is no catch-all law that dictates who may access which information under what circumstances. Instead, a mesh of state, federal, and common law applies to different parts of the economy. Most important, information exchange in the private sector is regulated by contract law, and firms that break their promises can pay a price.

Last year JetBlue secretly gave personal information on some 5 million passengers to a private contractor, Torch Concepts of Huntsville, Alabama, that is working on a data mining project for the Bush administration. A presentation prepared by Torch Concepts describes how it merged the JetBlue database with U.S. Social Security numbers, home addresses, income levels, and vehicle ownership information it purchased elsewhere. Now JetBlue is facing lawsuits over the apparent breach of its privacy policy, which assured its Web customers that "financial and personal information collected on this site is not shared with any third parties."

The U.S. Department of Commerce summed up the issue with unusual succinctness in a 2000 letter to the European Commission: "The right to recover damages for invasion of personal privacy is well established under U.S. common law." Courts have found privacy violations when an insurance company used information about an actual accident in an advertising campaign, when an employer tried to snoop through workers' credit card records to verify sick day absences, and when a college tested students for HIV without their knowledge. In 2001 Amazon.com's Alexa subsidiary agreed to pay up to $1.9 million to settle a class action lawsuit alleging that Alexa was giving information to Amazon without customers' permission.

Not content with existing rules, privacy activists have been pressing for more regulations targeting U.S. businesses. Their recent successes include the 1999 Financial Services Modernization Act, better known as Gramm-Leach-Bliley, which regulates the data collection practices of financial services firms. The law has resulted in millions of disclosure statements mailed to consumers, who routinely ignore them. Then there's the Health Insurance Portability and Accountability Act of 1996, which regulates medical care providers. Credit bureaus are covered by the Fair Credit Reporting Act.

More efficient and less burdensome are the state laws known as privacy torts. Those punish snoops who pry into someone else's private affairs, anyone who publicly discloses embarrassing private facts, and publicity that shows someone in a false light. Jim Harper, a former Capitol Hill staffer who runs the advocacy site Privacilla.org, says left-leaning privacy advocates have willfully ignored state privacy torts when arguing for more-intrusive regulations. "Privacy advocates and others have helped to foster the impression that there is no law protecting Americans," Harper says. "This is a violation of the trust that many have placed with them. Substantial criticisms of the privacy torts can be made, but they should be made directly, rather than by telling the press, the public, and public officials that no privacy-protecting law exists in the United States."

In addition to ignoring existing protections, privacy advocates usually do not acknowledge the downside to impeding the flow of information. As Klein, the Santa Clara economist, observes, "There is a collision between privacy and social accountability mechanisms generally. You see this real clearly in social accountability mechanisms like the press, courtroom, or gossip. There the violations of privacy are so much worse than in credit reporting. They're more invasive, less reliable, less discreet. The thing is, people don't appreciate the social accountability aspect of things like credit reporting."