Reason Magazine - Staff

Database Nation

declan@well.com (Declan McCullagh) — Tue, 01 Jun 2004 00:00:00 EDT

If you haven't noticed it already, flip back a few pages and take a good look at the front cover. Unless you picked this magazine up on a newsstand, you should see your neighborhood's grinning mug shot, exposed in all its glory from above. Depending on where you live, you may be able to glimpse your neighbors' homes, a gas station or two, and perhaps the local elementary school.

Welcome to the database nation, where the tiny chunk of data that represents your physical address can pull up an overhead view and driving directions to your front door. And that's not all. When your address is linked to databases like those used by Yahoo! People Search, your phone number may be readily accessible. Your county government's Web site probably displays your home's floor plan and assessed value, letting nosy neighbors chuckle over Alice's quaint split-level or Bob's lack of elbow room when the in-laws visit. Pay-as-you-go databases like Lexis-Nexis' P-TRAK, P-FIND, and P-SEEK tie together mortgage records, vehicle registrations, court judgments, bankruptcy histories, and any other public information they can gather. Google and Yahoo! can record every search you've ever made and link it to whatever computer you used at the time. Credit card companies know what you buy, frequent shopper programs know what you eat, and your insurance company knows what medical procedures you've undergone.

Is it any wonder that public concern about privacy has risen dramatically during the last decade? Self-help and advocacy books abound, with titles like I Love the Internet But I Want My Privacy Too! and Privacy for Sale: How Big Brother and Others Are Selling Your Private Secrets for Profit. Hundreds of privacy-related bills have been proposed in the U.S. Congress and state legislatures. In a February 2003 Harris poll, 69 percent of those surveyed agreed that "consumers have lost all control over how personal information is collected and used by companies." That view was summed up with cynical certitude by Sun Microsystems CEO Scott McNealy. "You have zero privacy anyway," he said a few years ago. "Get over it."

What McNealy didn't mention, and polls and politicians don't recognize, is the unsung benefits that have accompanied the databasification of American society. More precisely, they're unacknowledged or invisible benefits. It's easy to complain about a subjective loss of privacy. It's more difficult to appreciate how information swapping accelerates economic activity. Like many other aspects of modern society, benefits are dispersed, amounting to a penny saved here or a dollar discounted there. But those sums add up quickly.

Markets function more efficiently when it costs little to identify and deliver the right product to the right consumer at the right time. Data collection and information sharing emerged not through chance but because they bring lower prices and more choices for consumers. The ability to identify customers who are not likely to pay their bills lets stores offer better deals to those people who will. In films like The Net and Changing Lanes, Hollywood tells us that databases can be very dangerous. The truth is more complex. Being a citizen of a database nation, it turns out, can be very good for you.

Mistreat Me, Please

When Safeway or Giant offers you a supermarket discount card, it's not because their executives are making value judgments about whether it's appropriate for you to nosh on mocha fudge ice cream instead of wheatgerm�infused organic macrobiotica. They don't care. Instead, supermarket managers use the cards to evaluate the effects of promotional campaigns, understand the impact of price on consumer demand, and make better predictions about what you might be looking for on your next shopping trip. IBM even sells grocers software to "quickly roll out a loyalty program designed to reward and retain your best customers and track shopping patterns." Technological innovations are crucial in the cutthroat supermarket business, where profit margins hover around 2 percent and sales at rival superstores like Wal-Mart and BJ's Wholesale Club have been increasing by 19 percent a year. Far from a means to snoop on customers, discount cards are more like a way for supermarket chains simply to survive.

Some vocal activists don't see it that way. A group called Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN) has sprung up for the sole purpose of condemning supermarket discount cards. "We've got to stop supermarkets from manipulating us into surrendering one of our most intimate possessions -- the ability to make reasoned, non-coercive decisions about how and to whom to disclose intimate information about ourselves," CASPIAN warns. "How can supermarkets justify this vicious mistreatment of the very patrons who keep them in business?" Simple: Nobody is forcing shoppers to sign up for discount cards; they do it because the benefits outweigh the costs.

The implications of living in a database-driven society go far beyond supermarket cards. Consider Gateway, which in 1997 was looking for a way to boost Internet purchases of its computers. It decided to offer would-be purchasers a way to obtain instant credit through its Web site. By filling out an online form, customers could apply for immediate financing and, in nearly all cases, receive an answer in just 15 seconds.

The idea proved to be a terrific success. By providing instant credit, Gateway was able to attract customers who didn't have credit cards or didn't want to use them. Its previous, manual method of approving loans took an average of five hours and resulted in $377 million a year in consumer financing. After Gateway offered instant credit, sales picked up and financing ballooned to more than $2 billion by 1999.

Gateway was able to do that by taking advantage of one of the marvels of modern American society: the credit reporting system. Every day this system churns through millions of transactions relating to approximately 1.5 billion credit accounts held by 190 million people, each with his or her own FICO (Fair Isaac Corporation) score, a rough estimate of how credit-worthy that person is. This constant flow of information lets businesses and lenders make more accurate -- that is, less risky -- decisions about whether to grant or withhold credit. Thanks to this system, you can log on to Gateway.com and have a custom-built computer immediately shipped to you; you can apply for a mortgage at ditech.com, Moneywarehouse.com, or LendingTree.com and receive an instant answer. Go to a shopping mall, and you'll find that nearly every store seems to be pitching its own brand of credit card. You can visit a car dealer you've never been to before, obtain a five-figure loan, and drive your new purchase home the same day. In 1999 credit cards were used in the U.S. for 14 billion transactions totaling about $1.1 trillion, with an average purchase of $76, according to the U.S. Department of Commerce.

This incredible convenience is something our grandparents never enjoyed. Just a few decades ago, applying for credit meant an in-person visit to a loan officer. If the loan officer didn't know you personally, he or she would contact your references and other creditors and eventually make a decision a few weeks later. If you had just moved to the community, you might be turned down or be approved for only a small loan. It was a slow, painful process that was hardly consumer-friendly.

Today, not only can you get a loan nearly instantly; you'll pay less for it than in countries that prevent the free flow of information. Some nations permit only negative information in credit reports, instead of the mix of positive and negative details that form the backbone of the U.S. system. Walter Kitchenman, an economist at Purchase Street Research, estimates that because of information sharing among financial firms "mortgage rates in the United States are as much as two full percentage points lower" than they would be otherwise. In the words of Fred Cate, a law professor at Indiana University, "with outstanding mortgage rates approaching $4 trillion, American consumers save as much as $80 billion a year because of the efficiency and liquidity that information makes possible. The cost of credit in the United States is also lower [than in most places in the world] because the information that credit decisions depend on is assembled routinely and efficiently, rather than at the time the consumer desires credit." That's a few hundred dollars per American every year.

Most of us know people who misuse their credit cards through holiday spending sprees or random acts of profligacy. But millions of us do not; we use credit cards because they're safer and more convenient than carrying thick wads of dollar bills. Cash is dirty and carries germs. It can be ripped or torn accidentally. Unlike a credit card, if you lose it, you're out of luck.

Also, few of us can buy our homes outright. By giving us a schedule of regular payments, a bank loan to buy our home lets us plan for the future.

Building on Reputation

All this was made possible by the convergence of several trends half a century ago. After the Depression, the pent-up demand for consumer goods exploded and the desire for an entirely cash-based society evaporated. The end of World War II brought a population boom and greater mobility. The most crucial change was the invention of the computer, which permitted more-efficient information storage and retrieval. The invention of high-capacity hard drives, fatter memory chips, and ever-speedier integrated circuits completed the databasification of American life.

While computers were essential to this latest phase of data gathering, the need to compile and exchange financial information is hardly new. Stanford economist Avner Greif's history of trade between 11th-century Mediterranean cities, published in the Journal of Economic History in 1989, showed how merchants used overseas agents, backed up by a web of information flows, to save money. For merchants, hiring agents to receive shipments when they arrived at the destination port was cheaper than traveling with the goods. To prevent agents from absconding with the merchandise, Maghrebi traders relied on a social network that provided agents and kept track of those who cheated. "Information was crucial to business decision-making," Greif noted. To keep agents honest, "coalition members blocked a cheater's access to the coalition's internal information flows." The traders' rudimentary paper ledgers served the same purpose as today's electronic credit reports: helping to distinguish honorable traders from frauds and deadbeats.

Adam Smith came to a similar conclusion in a 1766 paper titled "Lecture on the Influence of Commerce on Manners." He stressed the importance of a positive reputation, which necessarily means that others have access to information about your past actions and therefore feel they can predict your future behavior. "A dealer is afraid of losing his character, and is scrupulous in observing every engagement," Smith wrote. "When a person makes perhaps 20 contracts in a day, he cannot gain so much by endeavoring to impose on his neighbors, as the very appearance of a cheat would make him lose."

Modern databases trace the reputations not just of individuals but of corporations as well. Probably the most famous example is the credit reporting firm Dun & Bradstreet, which provides one of the most important tributaries to the pool of information about corporations and government agencies. It was founded as two different firms -- New York's Mercantile Agency in 1841 and Cincinnati's Bradstreet Company in 1849 -- that merged in 1933. Both were created in response to a 19th-century problem: false letters of credit.

As American pioneers headed westward, scoundrels occasionally would present forged letters of credit to wholesale merchants in larger towns. After obtaining merchandise on credit, the person responsible for the scam would silently vanish with the goods. Dun & Bradstreet's crucial innovation was to make the system more efficient by compiling credit information on traders and retailers into voluminous leather-bound tomes. Those were available for perusal at branch offices that moved west along with new cities as they became populated. Dun & Bradstreet even employed traveling "reporters" who would investigate both new and established businesses and make recommendations about their creditworthiness. (Ulysses S. Grant and William McKinley were once Dun & Bradstreet correspondents.)

Daniel Klein, an economist at Santa Clara University who studies reputation, says such systems arise because "trust has an important role in just about all dealings. Trust depends on confidence which depends on assurance. Information is one form of that."

Secret Weapon

Having a portion of your existence chronicled in a web of interlinked databases does raise some legitimate privacy concerns. Who has access? How long will your credit card purchases remain on file? Getting cheap mortgage quotes is fine, but what is in place to protect against misuse of the information?

In the U.S., there is no catch-all law that dictates who may access which information under what circumstances. Instead, a mesh of state, federal, and common law applies to different parts of the economy. Most important, information exchange in the private sector is regulated by contract law, and firms that break their promises can pay a price.

Last year JetBlue secretly gave personal information on some 5 million passengers to a private contractor, Torch Concepts of Huntsville, Alabama, that is working on a data mining project for the Bush administration. A presentation prepared by Torch Concepts describes how it merged the JetBlue database with U.S. Social Security numbers, home addresses, income levels, and vehicle ownership information it purchased elsewhere. Now JetBlue is facing lawsuits over the apparent breach of its privacy policy, which assured its Web customers that "financial and personal information collected on this site is not shared with any third parties."

The U.S. Department of Commerce summed up the issue with unusual succinctness in a 2000 letter to the European Commission: "The right to recover damages for invasion of personal privacy is well established under U.S. common law." Courts have found privacy violations when an insurance company used information about an actual accident in an advertising campaign, when an employer tried to snoop through workers' credit card records to verify sick day absences, and when a college tested students for HIV without their knowledge. In 2001 Amazon.com's Alexa subsidiary agreed to pay up to $1.9 million to settle a class action lawsuit alleging that Alexa was giving information to Amazon without customers' permission.

Not content with existing rules, privacy activists have been pressing for more regulations targeting U.S. businesses. Their recent successes include the 1999 Financial Services Modernization Act, better known as Gramm-Leach-Bliley, which regulates the data collection practices of financial services firms. The law has resulted in millions of disclosure statements mailed to consumers, who routinely ignore them. Then there's the Health Insurance Portability and Accountability Act of 1996, which regulates medical care providers. Credit bureaus are covered by the Fair Credit Reporting Act.

More efficient and less burdensome are the state laws known as privacy torts. Those punish snoops who pry into someone else's private affairs, anyone who publicly discloses embarrassing private facts, and publicity that shows someone in a false light. Jim Harper, a former Capitol Hill staffer who runs the advocacy site Privacilla.org, says left-leaning privacy advocates have willfully ignored state privacy torts when arguing for more-intrusive regulations. "Privacy advocates and others have helped to foster the impression that there is no law protecting Americans," Harper says. "This is a violation of the trust that many have placed with them. Substantial criticisms of the privacy torts can be made, but they should be made directly, rather than by telling the press, the public, and public officials that no privacy-protecting law exists in the United States."

In addition to ignoring existing protections, privacy advocates usually do not acknowledge the downside to impeding the flow of information. As Klein, the Santa Clara economist, observes, "There is a collision between privacy and social accountability mechanisms generally. You see this real clearly in social accountability mechanisms like the press, courtroom, or gossip. There the violations of privacy are so much worse than in credit reporting. They're more invasive, less reliable, less discreet. The thing is, people don't appreciate the social accountability aspect of things like credit reporting."

The privacy torts usually are said to date back to an influential Harvard Law Review article written in 1890 by Samuel Warren and future Supreme Court Justice Louis Brandeis, titled "The Right to Privacy." They complained that journalists were being too aggressive and nosy: "Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life....For years there has been a feeling that the law must afford some remedy for the unauthorized circulation of portraits of private persons; and the evil of invasion of privacy by the newspapers, long keenly felt, has been but recently discussed by an able writer."

Permission to Speak Freely

What's shocking to modern eyes is the degree to which Warren and Brandeis wanted to muzzle the press, in a way that today would be viewed as an unacceptable violation of the First Amendment. Warren was miffed to find details of his personal life described in the society pages of the Boston newspapers -- the 19th-century equivalent of The National Enquirer or the New York Post's Page Six column. He and Brandeis complained: "The press is overstepping in every direction the obvious bounds of propriety and of decency. Gossip is no longer the resource of the idle and of the vicious, but has become a trade, which is pursued with industry as well as effrontery. To satisfy a prurient taste the details of sexual relations are spread broadcast in the columns of the daily papers."

Warren and Brandeis's article brings into sharp relief the tension between privacy and free speech. In the 114 years since the essay was published, privacy has become a remarkably wiggly and fluid notion, encompassing the right to an abortion or contraception, the right to be free of telemarketers and Internet cookies, and the right to keep government goons out of your home.

A cornerstone of the American approach to informa-tion flows in the private sector is that in general they strongly favor free speech over privacy. With a few exceptions, the default assumption for data exchanges is an "opt-out" standard, under which information you provide to a company is theirs to use unless you say otherwise. Under an "opt-in" standard, by contrast, the data are to be kept private unless you explicitly give your permission. Defaults are important: Research from the Columbia Business School suggests that people tend not to change the options they have been presented.

The European Union has adopted a general opt-in rule aimed at damming the flow of information. Known as the European Data Directive, the European rule says personal information generally may not be "processed" without the subject's unambiguous consent.

As you might expect, the European rule has run head on into the law of unintended consequences, and the results have hurt activists as well as consumers. Jacob Palme, a professor of computer science at Stockholm University, has documented how Sweden's implementation of the European directive has imperiled free speech. Swedish regulators prevented American Airlines from transferring customer information from Europe to its SABRE reservation system in the United States. Regulators prosecuted an animal rights activist who published a list of fur producers and a consumer activist who criticized a large bank on a Web page that named the bank's directors. "Looking at the way the law is used," Palme concludes, "one can see that unpopular or controversial opinions are suppressed."

Nevertheless, at the prodding of pro-regulation privacy activists, the U.S. has veered in the same direction in the last few years. "The question is, 'Is information being used in a way that has social utility?'" says Chris Hoofnagle, legislative counsel for the Electronic Privacy Information Center in Washington, D.C. "If it's simply done to profit-maximize, there are questions about whether consumers are really getting the benefit. We're searching for a framework of protections very similar to the E.U. privacy directive that regulates the collection and use of information across all contexts rather than the piecemeal approach we currently have."

By guaranteeing freedom of speech, the First Amendment to the U.S. Constitution poses an obstacle to laws that interfere with the free flow of information. The U.S. Supreme Court has struck down some ordinances that required opt-in consent, including a law enacted by the city of Struthers, Ohio, that banned uninvited door-to-door solicitations and a federal law that required affirmative consent from recipients of communist propaganda.

Optional Costs

Constitutional questions aside, how would an opt-in rule work? Consider how it would affect the MBNA Corporation, a financial services company that became a multibillion-dollar success story not long after it was incorporated in 1981. MBNA grew to more than 51 million customers through its aggressive "affinity" program, which let a number of groups -- NASCAR, universities, the Atlanta Braves, and so on -- market credit cards imprinted with their own logos. Not counting its existing customers, in 2000 MBNA had a database of 800 million names of prospective cardholders provided by affinity groups, but it could afford to send only 400 million solicitations.

Writing in the Duke Law Journal in February 2003, Indiana law professor Fred Cate and Georgetown business professor Michael Staten described how MBNA winnowed its list down to an affordable size through aggressive information sharing. MBNA first looked at public records and then, by exchanging information with its affiliates, tried to evaluate the creditworthiness of the remaining names on the list. The remaining 400 million people received solicitations with the endorsement of the affinity group to which they belonged.

Staten and Cate's conclusion: "Mandatory opt-in requirements on MBNA's operations would impair MBNA's affinity group business model, raise account acquisition costs and lower profits, reduce the supply of credit and raise credit card prices, generate more offers to uninterested or unqualified consumers and raise the number of missed opportunities for qualified consumers, and impair efforts to prevent fraud and identity theft." Under an opt-in rule, recipients of the offers would "be more risky and less profitable than MBNA's target group reached under the current rules. As a result, MBNA's delinquency and charge-off rates will rise, relative to its current experience, thereby imposing additional costs that will be passed along to all of MBNA's customers."

MBNA's experience highlights how data exchanges fuel the economic engine of an information society. Choking a society's data flow by setting the default rule to "no" restricts that fuel. An opt-in regime suffocates the economic activity that takes place when businesses use personal information to offer new products and tell customers about them without obtaining explicit permission in advance. Because it assumes customers who have expressed no preference would object to a solicitation, it is more expensive than an opt-out approach.

"Suppose you're a financial company and you have an idea," says Solveig Singleton, a lawyer at the pro-market Competitive Enterprise Institute in Washington, D.C. "Say you'd like to offer a mortgage for first-time home buyers. You design a flyer and look at your expenses and realize it would be pretty expensive to send it to everyone. Instead, you want to get some information to lower your costs and [target just a subset]. If you don't have that information, the costs of identifying your potential customer base are so high you don't offer the product at all."

In 1997 Qwest Communications performed a practical study of the opt-in rule. It asked its customers for permission to use general information about their calling habits to market new services to them. When customers were asked for this permission through postal mail, the positive response rate was between 5 percent and 11 percent. When Qwest representatives made phone calls instead, the response rate was up to six times higher -- an indication that many customers really didn't mind but also didn't want to go through the bother of sending a letter to opt in. Qwest eventually concluded that an opt-in approach was too expensive to be viable.

If we want the low prices and consumer choices of a database nation, we may have to tolerate unsolicited sales pitches (although there are ways to avoid them -- all legitimate marketers offer a way to delete your name from the list). Few of us are fans of direct marketing -- until we receive an advertisement for a product we want. The same information sharing that makes unwanted solicitations possible also can improve targeting so that consumers are more likely to receive offers that interest them. And many people clearly do: The Direct Marketing Association's 2002 annual report estimated that direct marketing efforts "are projected to generate nearly $2 trillion in sales" in 2003. Even if that number is inflated, information flows contribute to a huge chunk of the economy.

"Companies are increasingly finding that if consumer data is not readily available for business use, the negative impact on sales could severely stunt company growth," warns Jennifer Barrett, chief privacy officer at Acxiom, a database marketing firm in Little Rock, Arkansas. "Moreover, increased marketing costs could force retailers to substantially raise the price of their merchandise to maintain effective margins. The result would be higher prices, fewer customers, and fewer jobs."

Site Security

The cost of restricting information hasn't stopped regulatory enthusiasts from demanding an opt-in standard for Web sites. Federal law mandates that standard for medical information, and pro-regulation activists hope to broaden the concept to stretch as far as the European Data Directive does.

Congress has convened dozens of hearings on Internet privacy issues, and in April 2002 Sen. Ernest Hollings (D-S.C.) introduced his Online Personal Privacy Act. The now-defunct bill would have regulated how Internet service providers, commercial Web sites, and noncommercial sites supported by advertising or product sales collect information about customers. The legislation covered "personally identifiable information," including names, e-mail addresses, and numeric I.P. addresses.

"How can we trust companies with our personal information when their every economic incentive is to collect, compile, enhance, target, and disseminate it for profit?" Hollings said in support of the bill. "It is like letting the fox guard the henhouse. Our bill grants consumers, not companies, control over their personal information on the Internet. And our opt-in component is the only method for ensuring that Internet users have the ultimate control."

Hollings' proposal had a technophobic twist: It applied only to the customer records of Internet-related firms, not their brick-and-mortar competitors. During one Senate hearing, an Amazon.com lobbyist pointed out the discrepancy and unfair advantage. Hewlett-Packard predicted that the vague definitions in Hollings' bill would invite lawsuits.

Some politicians have gone even further than Hollings. The Consumer Internet Privacy Protection Act, proposed by the late Rep. Bruce Vento (D-Minn.) in 1997, would have barred Web sites from sharing "personally identifiable information" about their visitors without prior "written consent" -- a requirement far more onerous than the one that applies to offline firms. Other, more recent proposals include a plan being advanced in the Senate by Dianne Feinstein (D.-Calif.) to slap serious restrictions on all forms of database marketing.

Robert Hahn of the American Enterprise Institute estimates that complying with an opt-in requirement for Web sites would incur a one-time cost of between $9 billion and $36 billion. If Hahn's numbers are anywhere near correct, struggling companies could be required to lay off workers, and marginal ones could be driven to bankruptcy.

With the exception of sites targeted at young children, which are federally regulated, under current law Web sites choose their own privacy policies and are judged accordingly. Consumers can rely on nongovernmental rating and reputation systems to steer them toward desirable destinations. Just as The Michelin Guide reviews restaurants and kashrut organizations certify foods, these systems rate privacy. TRUSTe, BBBonline, and WebTrust offer "privacy seals" to Web sites so consumers can find companies worthy of their trust. To earn a TRUSTe seal, a firm signs a contract that requires its site to prominently disclose how it collects, uses, and distributes personally identifiable information about its users. The cost ranges between $300 and $7,000 a year, depending upon the company's size, and participating companies can display a bright green TRUSTe logo. TRUSTe claims 2,000 member companies, including many high-profile sites, and BBBonline has awarded its privacy seal to more than 500 sites.

In addition to these companies, nearly all large commercial Web sites take a full-disclosure approach to privacy, saying exactly what they'll do with personal data they collect. Although Europe has strict regulations in this area, America's free market approach seems more effective. A 2001 report from Consumers International, a global association of more than 260 pro-regulation groups, admits that "despite tight EU regulation, sites within the EU are no better at telling users how they use their data than sites based in the U.S. Indeed, some of the best privacy policies were found on U.S. sites."

Ways of Making Us Talk

An approach to data handling that works for businesses trying to woo customers, of course, may not be appropriate for governments trying to monitor their citizens. When dealing with private corporations, you generally can choose whether to give them your information. If you don't like Safeway's discount card, don't get it; or shop at Whole Foods, which doesn't offer one. If Amazon.com's recommendations are annoying, try barnesandnoble.com instead. You have a choice.

That choice disappears when the government demands data. Whether you're filing tax returns or filling out a form for a driver's license, governments have the unique -- and uniquely dangerous -- ability to compel you to divulge information whether you want to or not. Police also have the unique power to conduct wiretaps, set up roadblocks, and employ search warrants. The massive Total Information Awareness project that John Poindexter tried to piece together under the aegis of the Defense Department would have put private-sector databases to shame. The Treasury Department's FinCEN agency, available to local, state, and federal police, offers the ability to scroll through more than 120 million reports about banking transactions. The FBI, the Secret Service, and the U.S. Bureau of Customs and Border Protection regularly download the data and import it into their own databases. (See "Show Us Your Money," November 2003.) In addition to unique data collection abilities, the government has unique powers in using the information it gathers, including the ability to arrest, prosecute, fine, and imprison people.

To curb these awesome powers, the usual response has been to place specific limits on what government agencies can do. The Fourth Amendment to the U.S. Constitution and laws such as the Privacy Act of 1974 restrict searches and information collection by the government. State constitutions also have long restricted government data collection.

In today's world, halfway measures like the Privacy Act don't go far enough to restrict government abuses. Enacted largely as a result of a federal report on automated data systems, the Privacy Act covers any government-operated "system of records" with personal information on American citizens. It limits the use and disclosure of those records and requires that the databases be protected with "appropriate administrative, technical and physical safeguards" to preserve their security and confidentiality. But Congress could never have envisioned the tremendous outsourcing of databases that has taken place during the last three decades. More and more, the private sector stores information on the feds' behalf and the information in outsourced databases is not covered by the Privacy Act.

Other loopholes exist. Image Data signed a contract with the Secret Service in 1997 to create a national identity database for the federal government. Documents obtained through the Freedom of Information Act show that the Immigration and Naturalization Service, now part of the U.S. Department of Homeland Security, queried private-sector databases 20,000 times a month over the last few years. In fiscal year 2002, the U.S. Department of Justice inked an $11 million contract for access to databases held by ChoicePoint -- a self-described "leading provider of identification and credential verification services for business and government" -- including Americans' names, addresses, previous addresses, places of employment, spouses' names, and Social Security numbers. The FBI now insists, improbably, that the bureau's arrangement with ChoicePoint is so secret that even the contract number may not be disclosed.

Databasification, in other words, does have a dark side: increasing government access to private collections of information. Some privacy activists cite this cooperation as a reason to regulate private databases, which makes as much sense as preventing companies from manufacturing binoculars simply because police can use them for unlawful surveillance. The more sensible approach is to restrict the power of the police to snoop in the first place. That means taking steps such as updating the Privacy Act of 1974 to limit government access to outsourced databases; increasing the authority of inspectors general at federal agencies to monitor data abuses; boosting criminal penalties for lawbreaking cops; requiring police to meet higher standards of proof before perusing databases; and, most important, rethinking the drug laws that invite snooping into Americans' personal lives. (About 78 percent of domestic wiretaps conducted with court oversight in 2002 were for drug offenses. Investigations of violent crimes such as murder, kidnapping, and extortion accounted for just 6 percent.)

Focusing on government power would keep intact the undeniable advantages of databasification -- lower prices, cheaper mortgages, and more-efficient uses of information -- while limiting possible abuses by law enforcement. The aim should be to retain the tremendous benefits of living in a database nation while preventing it from devolving into a police state.

Something's in the Air

declan@well.com (Declan McCullagh) — Fri, 01 Aug 2003 00:00:00 EDT

Visiting Singapore is a little like flying into some twisted Father Knows Best time warp. Lining the streets next to such familiar stores as Reebok, Esprit, and Timberland are government ministries with names like "Board of Film Censors," along with buildings housing the "Social Development Unit" state-run dating service and the "Home Ownership for the People Scheme."

For a few weeks in April and May, such downtown streets were speckled with gauzy white squares: mask-wearing Singaporeans fearful of catching the deadly SARS pneumonia. They had reason to be concerned. According to the World Health Organization, Sudden Acute Respiratory Syndrome kills roughly 15 to 20 percent of the people who contract it, and it had been spreading through parts of Asia faster than pirated copies of the latest Microsoft beta release. What's more, the average death rate can be misleading. SARS is an age-sensitive disease: If you're over 65 years old and you have the misfortune of being infected, the WHO believes your death-rate odds are a dismaying 50 percent or higher.

Singapore's nanny-state meddling and unabashed authoritarianism may have spared it the worst. Even though it had the third-worst outbreak of SARS, behind China and Hong Kong, Singapore's death rate was 15 percent, lower than the less severe North America outbreak centered in Toronto. (Canada's death rate, as of press time, was 17.5 percent.)

The reasons for the difference are complex and unclear. SARS has been mutating into strains of varying lethality, and a lone "super spreader" infectee can lay waste to an entire hospital that isn't properly prepared. Another explanation for Singapore's comparative success in containing SARS is its single-minded determination to take whatever steps necessary, with scant regard for such individual liberties as the right to travel and associate freely. This is the city-state the cyberpunk writer William Gibson once described as "Disneyland with the death penalty": While free trade is largely embraced, chaos is verboten. Chewing gum sales are prohibited. Sell drugs, you face the gallows. Canings are routine. Playboy, Penthouse, and Cosmo are all banned.

When SARS hit, the authoritarian proclivities of Singapore's government were channeled into aggressive quarantines. After a few possible SARS cases were identified at the popular Pasir Panjang Wholesale Market, the state took no chances. Nearly 2,000 people who had worked at the market between April 5 and April 19 were placed under mandatory home quarantine for 10 days. Health Minister Lim Hng Kiang said a team of 50 to 60 nurses would make house calls on quarantined homes, and the government would offer a daily home quarantine allowance of $41. Web cams were installed in quarantined homes for surveillance, with residents asked to step in front of the camera on demand. Anyone nabbed for flouting the quarantine was outfitted with an electronic tracking bracelet.

Medical Powers

The good news -- for now -- is that SARS is less of a threat than it was a few months ago, though it could return with a vengeance when winter comes to the northern hemisphere and people spend more time inside in close quarters. As of this writing (late May) there have been no confirmed SARS deaths in the U.S., and an analysis prepared by The New England Journal of Medicine indicates that the worldwide SARS growth rate is more arithmetic than exponential.

But if the virus does return, other nations besides Singapore will have to balance suggestions such as broad quarantine orders with the preservation of civil liberties and the rights to privacy, property, and freedom of movement.

What does this mean for the U.S.? What might happen is anyone's guess, but imagine if there were a serious outbreak this fall that threatened to overwhelm the nation's health system. This is the kind of scenario the Centers for Disease Control and Prevention (CDC) dreads -- one in which hospitals are deluged with scores or hundreds of patients showing up at the same time. As physicians in Singapore and Hong Kong found out, emergency rooms and critical care wards can be lethally efficient in spreading SARS. Government officials at the state and federal level have been warning since 9/11 that the U.S. is not prepared for a biological attack. SARS appears to be natural in origin, but the effects could be the same.

So consider, as a thought experiment, what might happen in the U.S. after a major outbreak of SARS or a similar communicable disease.

We already know that President George W. Bush has signed an executive order triggering a World War I-era law that lets him add SARS to the ranks of such diseases as cholera, smallpox, and the plague. The current version of that law grew out of well-justified fears of the deadly flu epidemic of 1918, sometimes called Spanish influenza, which infected about 28 percent of all Americans and killed about 675,000 -- about 10 times the number of U.S. soldiers felled in battle during the war. Globally, over 30 million people died, and even President Woodrow Wilson was infected in early 1919 while negotiating the Treaty of Versailles.

Reactions to the 1918 epidemic provide a cautionary tale. State governments across the U.S. responded by levying quarantines and imposing mask laws. In San Francisco, the city sterilized public telephones and drinking fountains. It also required people to wear gauze masks in all public places, giving rise to the far-too-optimistic slogan: "Wear a Mask and Save Your Life! A Mask is 99% Proof Against Influenza." In November, city sirens wailed to signal that it was safe to remove the masks -- an announcement that was terribly premature, as thousands more people came down with influenza the following month.

In Philadelphia, city officials made the fatal mistake of sending mixed signals. While one agency was warning against public coughing, sneezing, and spitting, the Department of Health and Charities was informing the public that influenza would not spread outside the military. Then, over a matter of weeks, nearly 13,000 people died. Too late, the city government ordered schools, churches, theaters, and other public gathering places closed. Elsewhere, "open-faced sneezers" were fined and the District of Columbia imposed blanket quarantines that restricted residents to their homes.

The history of quarantine dates back at least to the Bible's Leviticus 13, which describes a seven-day period of isolation that priests must impose when an infection is apparent. Quarantine literally means a period of 40 days, which cities along the Mediterranean shipping routes imposed during the plague of the 15th century. English common law recognized that a government must take aggressive steps to limit the spread of plague, a concept that was adopted by the American colonies and the young Republic. In the 1849 case Smith v. Turner, the Supreme Court described early efforts at quarantine in New York: "Never did the pestilence rage more violently than in the summer of 1798. The State was in despair. The rising hopes of the metropolis began to fade. The opinion was gaining ground, that the cause of
this annual disease was indigenous, and that all precautions against its importation were useless....The whole country was roused. A cordon sanitaire was thrown around the city." At times, Bedloe's Island -- where the Statute of Liberty is today -- and Ellis Island have been used for quarantines.

And today? Under current federal law, 42 U.S.C. 264, the Surgeon General has broad power to "make and enforce" any rules that may be necessary to prevent the spread of communicable diseases. The law makes for fascinating -- if disquieting -- reading.

It gives federal officials the authority to appoint quarantine officers, establish quarantine stations, and detain Americans "reasonably believed to be infected" with a communicable disease. Anyone violating a quarantine order can be punished by a fine of up to $1,000 and a one-year prison term. The law applies only to a list of deadly and easily communicable diseases that the president may amend at will, which Bush did in his executive order that added SARS to the list.

The Tradeoff

Then there's MEHPA, the proposed Model Emergency Health Powers Act, which began appearing in state capitals soon after the anthrax scare of late 2001. It expands upon the emergency authority that many cities and states already have arrogated themselves for times of crisis, making explicit what powers public health officials will have.

Among them: seizing property and land as "necessary to respond to the public health emergency," forcibly vaccinating Americans against infectious diseases, and quarantining those who refuse. No court order is necessary to detain someone: "The public health authority may temporarily isolate or quarantine an individual or groups of individuals through a written directive." Backing the proposal are the CDC, the National Governors Association, the National Conference of State Legislatures, and the National Association of County and City Health Officials. So far about two dozen states have enacted MEHPA into law.

MEHPA highlights the difficult tradeoffs of balancing individual liberty with community security. While it is a serious step to limit a person's freedom of movement, there seems to be little alternative in the case of highly infectious communicable diseases. The question then becomes how the law should be worded and how it might work in practice. Critics warn that earlier versions of MEHPA would have handed governors the power to declare public health emergencies over tobacco smoke or obesity -- and seize an extremely dangerous amount of power in the process. The liberal American Civil Liberties Union and the conservative Free Congress Foundation and American Legislative Exchange Council joined to oppose it.

According to the ACLU, MEHPA permits a governor to "declare a state of emergency unilaterally and without judicial oversight, fails to provide modern due process procedures for quarantine and other emergency powers, it lacks adequate compensation for seizure of assets, and contains no checks on the power to order forced treatment and vaccination."

Such powers can be used carefully and can be wildly abused; it's far too early to make predictions. Yet it's worth remembering -- and the 1918 flu epidemic is a major reminder -- that government officials are as prone to mistakes as anyone else. Guénael Rodier, the World Health Organization's director of communicable disease and response, recently admitted that the organization could have done a much better job of responding to SARS early this year by making an earlier public warning. If that had happened, "Toronto would very likely have been spared a SARS outbreak on the scale it has worked so admirably to contain," Rodier wrote in a commentary for the Canadian Medical Association Journal. Richard Schabas, a former minister of health for Ontario, has accused provincial officials of not analyzing SARS data properly, and causing unnecessary panic by overreacting when the disease was confined to hospitals.

Panic, and Other Responses

That's hindsight, of course. But overreaction is a threat whenever governments face an apparent crisis. Officials may respond to pressure either because they believe the crisis is genuine or because they think the appearance of activity on their part is necessary to head off panic. Who wants to repeat what Toronto experienced, when the WHO drove a stiletto through the heart of tourist travel by effectively declaring it a SARS hot zone?

Take what happened in 1998 and 1999, during the so-called Y2K computer glitch. Canadian newspapers reported at the time that the government was considering martial law and the invocation of the Emergencies Act in response to Y2K disruptions. In the U.S., Sen. Robert Bennett (R-Utah) asked the Pentagon what plans it has "in the event of a Y2K-induced breakdown of community services that might call for martial law"; a House subcommittee recommended that then-President Clinton consider declaring a Y2K "national emergency."

One traditional way to manage public reaction is to manage tightly the flow of information, a task that technological advance has made more difficult. Reports of the spread of SARS, for instance, rocketed around the globe even faster than the virus itself. During the early days of the outbreak, an intensive-care specialist at a hospital in Hong Kong turned to e-mail lists to distribute his stark, first-hand reports. "This pneumonia is out there in the community," Tom Buckley told the Critical Care Medicine mailing list on March 24, in a widely forwarded message. "The numbers are increasing daily, and a third hospital is being prepared for the influx. How big this is going to get is anyone's guess." Buckley warned that the Hong Kong government "is downplaying the whole thing presumably because of the economic implications." Buckley's post was prescient. In the two months following his warning, cases of SARS in Hong Kong leapt sevenfold, from 260 to over 1,700 infections. (When contacted for a response, Hong Kong's Health, Welfare and Food bureau replied with a statement saying: "To reassure you that we are not trying to downplay any of the effects, we recognize that in fact the public health considerations must be first and foremost and all the other things are secondary to this.")

In China, the birthplace of SARS, the communist government lied for months. Beijing officially, and implausibly, denied the existence of hundreds of SARS patients in hospitals that had been visited by Western journalists. Then China Premier Wen Jiabao took the unusual step of saying that while progress had been made in limiting the spread of SARS, "the overall situation remains grave." This is the same government that last year, in just one day, upped its official estimate of HIV infections from 30,000 cases to 1 million. In a sign of China's growing desperation, the government said in May that those who break quarantine and spread SARS would be executed. If authoritarianism helped save lives in Singapore, in China it has been deadly.

In this climate of official deception, misinformation about SARS has been spreading so efficiently it would do the common cold proud. Some residents of China's Shanxi province reportedly place their faith in steamed vinegar. A Singapore department store advertises perfume atomizers as effective SARS countermeasures. A teenager's Web hoax claiming Hong Kong's borders would be closed prompted runs on canned foods and toilet paper. A supermarket owner in Sacramento spent two weeks arguing that, contrary to rumors, neither he nor his family is infected with SARS and his stores are entirely safe. A Sacramento city councilman tried to quell panic by bravely chewing a ceremonial Granny Smith apple from the store's produce section in front of reporters.

An in-depth New York Times analysis showed that America is not immune to this 21st-century information contagion. The Times reported that high levels of anxiety existed in states such as New York, California, and Washington that experienced the most SARS cases or had sizeable Asian-American communities. New York City Mayor Michael Bloomberg was worried enough about public panic to dine in a Chinatown restaurant and then hold a press conference about it. OnlineAllergyRelief.com, an Internet retailer in Metairie, Louisiana, that sells air filters and purification products, reports that business is booming. "We have gone through case after case of masks," a representative says. "They're just slow to come in now....A lot of things are back ordered. Our manufacturer doesn't have a really big supply."

Panic mongers inevitably arise to prey on public nervousness. Web sites of dubious provenance tout dietary supplements -- colloidal silver, oregano oil -- as effective anti-SARS measures. Spam touting SARS remedies is on the rise. Gary North, the Christian Reconstructionist who has made a living predicting that modern society will end in panic and ruin, has seized on SARS. In 1980, North forecast rationing of housing and a nuclear war with the Soviet Union, warning his followers to buy "gold, silver, a safe place outside the major cities." Later he found rich topics in AIDS and then Y2K, recommending to his newsletter subscribers that they head for the hills to avoid total social collapse. In an announcement in April, North seized on SARS. He wrote: "It's a race between medical science and the bugs. There is no scientific reason to believe that the scientists will always beat the bugs."

Perhaps not. While technology may aid panic-mongering, technological advance is also what makes the fight against SARS so different from previous epidemics. Technology lets researchers collaborate in ways simply not possible just a few years ago. Perhaps the most impressive way in which research has been accelerated is in the analysis of the virus' complete genetic code. More than a dozen sequences of the virus -- all demonstrating slight differences, which is typical for a coronavirus -- are up on the WHO's Website. As a result of this genetic sequencing and collaboration, companies like AVI BioPharma in Oregon think that the first drug to combat SARS could be available in months, not years.

Henry Niman, a Harvard instructor in surgery at Massachusetts General Hospital in Boston, has long studied retroviruses. He says the collaborative process normally would have taken researchers at least months. "The fact that the virus has been sequenced in two weeks by two groups, that's pretty quick," Niman says. "That's unprecedented speed. You would probably not have had two groups going simultaneously if you didn't have this information out there. The exchange of information has sped things up."

Niman cautions against SARS complacency. "It's not really clear that the epidemic is that much under control," Niman says. "This has the potential to spread very dramatically. It's something that many people are trying to slow down. How successful that's going to be is an open question."

Nearly 100 years ago, the Spanish Flu tested medical science's ability to respond to a deadly worldwide threat, with researchers in 1918 venturing beyond the germ theory of disease and postulating the then-novel existence of a virus as the cause of the infection. Their attempts to unravel the mystery of influenza soon led to the creation of a hybrid vaccine administered to the British military.

Today, researchers already have used the virus' genetic sequence to create tests that weed out people who may have breathing problems but are not infected with SARS. While the panic mongers have an undeniable head start, so far the ability of modern science to deal with such a novel and destructive threat seems up to the task. Let's only hope that governments' reactions to SARS are equally careful.

SARS: Panic or plague?

declan@well.com (Declan McCullagh) — Thu, 17 Apr 2003 00:00:00 EDT

Fear of an epidemic can travel and mutate even faster than the deadly disease itself.

During the early days of the SARS outbreak, an intensive-care specialist at a hospital in Hong Kong turned to mailing lists to distribute his stark, first-hand reports. "This pneumonia is out there in the community," Tom Buckley told the Critical Care Medicine mailing list in a widely-distributed message on Mar. 24. "The numbers are increasing daily, and a third hospital is being prepared for the influx. How big this is going to get is anyone's guess." Buckley warned: "HK Government is downplaying the whole thing presumably because of the economic implications."

Buckley was prescient. Since then, cases of SARS (Severe Acute Respiratory Syndrome) in Hong Kong have leapt fivefold, from 260 to a current total of 1,268 infections. Now the beleaguered community is shunned by travelers, its GDP projections are shrinking by the day, and surgical masks are as common as cancelled airline flights. Tuesday's death of nine SARS patients in Hong Kong, five of whom were younger than 45 years old, set a sad new single-day record.

SARS is the first epidemic of the Internet age, preying on the fact that as information becomes more communicable, rumors become more communicable too. A teenager's Web hoax claiming Hong Kong's borders would be closed prompted runs on canned foods and toilet paper. A supermarket owner in Sacramento spent two weeks arguing that, contrary to rumors, neither he nor his family is infected with SARS, and his stores are entirely safe. On Tuesday, a Sacramento city councilman tried to quell panic by bravely chewing a ceremonial Granny Smith apple from the produce section in front of reporters.

You can almost pity officials saddled with the competing incentives of distributing vital medical details while trying to stave off panic. So far the World Health Organization and the Centers for Disease Control have done a reasonable job, posting transcripts of briefings and daily casualty counts on their websites. This week the CDC placed online the entire nucleotide sequence of the virus suspected to be responsible for SARS. The WHO is coordinating the Global Outbreak Alert and Response Network, which links 11 research labs in what is probably the most aggressive international epidemiological effort since the response to AIDS.

A still-mysterious disease that spreads through unknown means may cause governments to overreact and unreasonably limit rights to privacy, property, and freedom of movement. President George W. Bush has signed an executive order triggering a 1917-era law that hands the Feds the power to appoint quarantine officers, create quarantine stations, and detain Americans "reasonably believed to be infected" with SARS. This power can be used carefully or wildly abused, and it's far too early to make predictions. The good news so far is that of about 200 cases of SARS in the U.S., there have been no deaths, and a chart prepared by the New England Journal of Medicine indicates that the worldwide SARS growth rate is closer to arithmetic than exponential.

Other perils exist. Politicians tend to view any crisis, real or illusory, as an opportunity for pork barrel spending and other dubious pet projects. It's no coincidence that a bill that Bush signed on Wednesday—ostensibly funding the war on Iraq—ballooned to $5 billion more than he had requested. Who would have guessed that "Assistance to Agricultural Producers Located in New Mexico for Tebuthiuron Application Losses" and handing the Federal Highway Administration an extra $3 million for administrative overhead helped to win the Battle for Baghdad?

State legislators are equally culpable. Take a proposal that goes by the unflattering name of MEHPA, the The Model Emergency Health Powers Act, which began appearing in state capitols soon after the anthrax scare of late 2001. It expands upon emergency authority that many cities and states already have arrogated themselves during times of crisis, making explicit what powers public health officials will have. Among them: Property and land can be seized as "necessary to respond to the public health emergency;" the state can also forcibly vaccinate Americans against suspected diseases, and quarantine those who refuse. No court order is necessary to detain someone; the language says: "The public health authority may temporarily isolate or quarantine an individual or groups of individuals through a written directive." Backing the proposal are the CDC, the National Governors Association, the National Conference of State Legislatures, and the National Association of County and City Health Officials.

Yet that's a positively Rothbardian approach compared to what some other nations may try if SARS continues to spread. Singapore's government has imposed strict rules on people quarantined on suspicion of having the disease. Among the measures is a requirement that surveilance cameras will be aimed at their doors, and after a first offense of breaking quarantine, the unlucky residents will be wired with electronic wrist tags. Toronto, the city outside of Asia that has been hardest hit by SARS, also is considering tracking bracelets for people who break quarantine rules.

In China, the communist government claimed for months that SARS was limited to a handful of cases. As recently as last week, Bejing officially, and implausibly, denied the existence of hundreds of SARS patients in hospitals already visited by Western journalists. Then on Monday, China Premier Wen Jiabao took the unusual step of saying that while progress had been made in limiting the spread of SARS, "the overall situation remains grave." (This is the same government that last year, in just one day, upped its official estimate of HIV infections from 30,000 cases to 1 million.)

In this climate of official deception, misinformation about SARS has been spreading so efficiently it would do the common cold proud. The Chinese seem unwilling to trust government proclamations, relying instead on rumors that have spurred demand for quack herbal remedies in Bejing. Residents of China's Shanxi province place their faith in steamed vinegar. And a New York Times article on Thursday showed that America is not immune from this 21st-century information contagion, saying that high levels of anxiety can be found in states like New York, California and Washington that have the most SARS cases or sizeable Asian-American communities. New York City Mayor Michael Bloomberg was worried enough about public panic to dine in a Chinatown restaurant on Wednesday, then hold a press conference about it.

Well, it might work. It might not. At a time when misinformation is catching, it may not be wise to bet against SARS.