Secrets for Sale

Do strangers with computers know too much about you?


In April 1990, Lotus Development Corp. proudly announced the release of Marketplace: Households, "a new desktop information product for Apple Macintosh personal computers that allows any business person to perform sophisticated sales prospecting and market analysis." Marketplace: Households combined information about 120 million U.S. consumers, stored on compact disks, with software that would have allowed users to select lists of names and addresses based on nine marketing criteria.

Priced at $695 (plus additional fees for lists), the data base would have provided small businesses and nonprofit organizations with information that had previously been available only to large companies. For example, the owner of a trendy new restaurant could get a list of young, affluent people living near his establishment. A local political organization could target older, married homeowners in a given neighborhood. Marketplace: Households was scheduled to hit computer stores in the fall.

It didn't. After unveiling the product, Lotus received some 30,000 letters of complaint, many of them by electronic mail. Privacy advocates, including the American Civil Liberties Union, condemned the data base. "It simply shouldn't be allowed on the market," said Marc Rotenberg, Washington director of Computer Professionals for Social Responsibility. In January 1991, Lotus announced that it was canceling the information package.

Meanwhile, Equifax Inc., which provided the data for Marketplace: Households, was doing some rethinking of its own. Last August, the credit-reporting giant announced that it was getting out of the marketing-data business, except for credit-related purposes. "Continuing the business just wouldn't be consistent with a socially responsible position," Equifax senior vice president John Baker told The Wall Street Journal. Equifax urged its competitors to follow suit. In fact, in October it urged Congress to force its competitors to follow suit.

Underlying these two dramatic reversals is the amorphous concept of informational privacy, variously described as a right, a concern, an interest, and a preference. In the broadest sense, your informational privacy has been violated when someone knows something about you that you don't want them to know. Traditionally, the "someone" has been the government, as represented in fiction by Big Brother and in real life by J. Edgar Hoover. But in recent years, the focus of public debate has shifted to the private sector, especially large businesses and organizations. Privacy advocates voice concern about a wide range of commercial activities, including credit reporting, job screening, direct marketing, insurance and medical record keeping, debit-card purchases, and electronic toll collection.

For the most part, these activists are not talking about clearly illegal invasions of privacy, such as wire tapping or unauthorized access to computer files. They are more alarmed by the standard operating procedures of credit bureaus, direct marketers, retailers, and others who deal in computerized information. They complain that you can hardly engage in a business transaction these days without leaving electronic footprints, often without realizing it.

Judging from press coverage, the commercial collection and dissemination of personal information, fueled by faster, cheaper computers and new software, have created a privacy crisis. "Personal privacy is currently endangered, not because the information is available, but because it can be accumulated, massaged, maybe even changed, with astonishing ease," an article in Student Lawyer reported in 1983. "If widely adopted, computer systems now in use experimentally could create electronic records for the food we eat, the brand of toothpaste we buy, the newspaper articles we read, and the routes we drive to work. Improperly used, these data banks could destroy the last vestiges of personal privacy in the United States.…Both the private sector and the government have shown themselves anxious to amass files that might allow them, ultimately, to know more about us than we know about ourselves."

Nearly a decade later, such warnings are still common: "Privacy in the United States is increasingly being invaded in today's world of computers and interconnected databanks" (The Christian Science Monitor); the nation is moving "closer to the day when all the information available on one person could be gathered in one place and then easily retrieved, sold or manipulated by anyone" (The Washington Post); direct marketing "has been instrumental in the erosion of personal privacy" (The Wall Street Journal); "the combination of invasive technologies and lax laws threatens to make the U.S. a nation of people who live in glass houses" (Time).

Even privacy advocates admit that much of the press coverage is speculative and overwrought. "It's disappointing to me that all the stories in the press on this issue are what I call 'view with alarm' stories," says Robert Ellis Smith, publisher of Privacy Journal. "A large part of the population probably thinks that there is a central data bank with all sorts of information about people in it. That's not the truth, but a lot of people think that. The rhetoric in the stories reinforces that."

But the issue of informational privacy is not entirely a media creation. The letters protesting Marketplace: Households indicate that many Americans are worried that strangers with computers know too much about them. One consumer, under the misimpression that the Lotus data base would include actual salaries, complained that "people's salaries are their own business.…I could be fired for telling the person I sit next to what I make, and yet these people plan to publish it." Writing in The New York Times shortly after Marketplace: Households was canceled, Mary J. Culnan, an associate professor of business administration at Georgetown University, compared discovering that a private data base has information about you to "learning that you are being filmed secretly in the shower."

According to Lou Harris polling data, the percentage of Americans who said they were "concerned" about privacy increased from 33 percent to 79 percent between 1970 and 1991; the percentage who were "very concerned" went from 25 percent to 48 percent. This dramatic rise probably has a lot to do with the advent of computer-driven direct marketing, which has brought a flood of junk mail and junk phone calls into American homes.

Frustration with annoying solicitations has prompted some paradoxical responses. In November, Congress approved legislation that requires the Federal Communications Commission to maintain a list of people who say they don't want to receive telemarketing calls. Marketers are forbidden to call anyone on the list. Thus, in the name of privacy, the government will keep a central record of people with certain attitudes. How long will it be before a bureaucrat decides that taxpayers who are especially concerned about privacy are also more likely to be hiding income from the IRS?

Still, the move to regulate telephone solicitations indicates growing hostility toward direct marketers. "It's the first thing that people think of when they think of privacy," says Smith. "It's the tip of the iceberg, the one time they can see the result of the pooling of computer data without their knowledge to create information about them.…It's symbolic, I guess, to a lot of people."

Just what it's symbolic of, though, is hard to get a handle on. When they discuss the perceived threat represented by the collection and dissemination of computerized information, consumers, business people, and privacy advocates are often talking about quite different things. Public concerns are vague, a mixture of annoyance at direct marketing, worries about data collection, and fear of computer technology. Business people tend to view these feelings as consumer preferences, something to take into account along with concerns about cholesterol, aging, body odor, and the environment.

But privacy advocates generally consider expectations about how information will be handled a matter of right that should be enforced by law. "Our current laws are inadequate," declares a 1991 report from Computer Professionals for Social Responsibility and the U.S. Privacy Council. "No citizen can be assured that information disclosed for one purpose will not be used for another purpose…or that private companies will not exploit collections of personal information for commercial gain." CPSR and the Privacy Council support legislation that would create a national Data Protection Board, restrict the flow of computerized information, and ban some transfers, such as the sale of marketing data by credit bureaus.

Janlori Goldman, director of the ACLU's Privacy and Technology Project, would like to see a separate statute for every business that deals with information about people. Congress has already passed a number of laws covering specific industries, including the Fair Credit Reporting Act (credit bureaus), the Cable Communications Policy Act (cable TV), the Right to Financial Privacy Act (banks), and the Family Educational Rights and Privacy Act (schools). Goldman says Congress should strengthen these laws and add more as needed.

Others are leery of such a top-down approach. "It's a very bad solution," says Alan F. Westin, a professor of public law and government at Columbia University who has studied privacy issues for more than 40 years. "It would be horrendous for the flow of goods and services in the American marketplace." Westin, who has done consulting work for Equifax, argues that a batch of complex legislation is unnecessary and undesirable, that concerns about informational privacy can be addressed through market mechanisms and established common-law principles.

When you consider the right to informational privacy in the abstract, the call for more laws and regulations may seem sensible. But once you try to define the right and apply it to real situations, the advantages of Westin's more flexible approach become apparent. Privacy expectations vary from person to person and depend heavily on the type of information involved. Rather than imposing a one-size-fits-all solution, the law should allow people to attach enforceable conditions to the disclosure of information about themselves. In the final analysis, the right to informational privacy is nothing more than a variation on the right of contract.

The contract model is a vital safeguard against the excesses of well-meaning but overzealous privacy advocates. The power to control information about you is the power to control the speech of others. Based on contract, such control is strictly limited. Based on nebulous concerns about privacy, it is open-ended. Thus, a concept intended to protect individual dignity and autonomy could become a new rationale for censorship.

The controversy over Marketplace: Households shows how informational privacy relies on the idea of implicit contracts. When pressed, privacy advocates say the crucial problem with the data base was that Equifax used information from its credit files to put it together. Equifax got names and addresses directly from its files, determined sex from first names, identified married people through joint credit-card accounts, and placed people into age ranges based on dates of birth. It used other information from its files, such as occupation, to help decide what sort of people (for example, "successful singles") lived in which neighborhoods (identified by nine-digit zip codes).

Equifax supplemented information from the credit files with data from public sources such as the U.S. Census, the Bureau of Labor Statistics, and the U.S. Postal Service. It also purchased data from R.L. Polk & Co., a Detroit firm that compiles lists based on publicly available information, such as wedding announcements and vehicle registration records. Using these data, information from its credit files, and results from consumer surveys, Equifax linked extended zip codes to shopping habits (for example, "plays tennis" or "buys do-it-yourself products"), enhancing its neighborhood profiles.

When all was said and done, though, Marketplace: Households offered very little specific information about individuals. Instead, it included them on lists of people sharing certain broad characteristics (including income ranges), mostly based on where they lived. Lotus and Equifax both emphasized that the data base was not designed to allow a user to get even this rough information by typing in a name. The data base included other safeguards as well: no phone numbers, no lists of single women, no lists of people over the age of 65.

Still, in the eyes of most privacy advocates, Equifax had broken a promise. "Credit information ought to be held in trust," Smith says. "It's the clear intention of the Fair Credit Reporting Act that credit information be used only for credit, insurance, or employment. It was never contemplated that the information would be used for marketing purposes." Credit bureaus note that the law also allows use of the information for any other "legitimate business need," and they have argued that this covers the sale of marketing data.

But Smith is making a broader point as well. When you apply for a credit card or a bank loan, you expect that the information you divulge will be passed on to a credit bureau, which will then keep track of your purchases and payments. You know that other providers of credit, insurers, prospective employers, and perhaps landlords will have access to your file. (Indeed, in many cases you explicitly authorize this access when you apply for a loan, insurance, a job, or an apartment.) But you probably don't expect that some of the information in your credit file will be sold to direct marketers. And you can't possibly consent to something you don't know about.

So by using information in its credit files for a purpose other than that intended by the original source, Equifax violated an implicit contract. More precisely, the banks, department stores, and other businesses that give Equifax information broke a tacit agreement with their customers by failing to stop the credit bureau from sharing the information with direct marketers. The violation could have occurred with written records as well as electronic information; computers just made it easier. Moreover, the violation did not hinge on how sensitive the information in Marketplace: Households was or how effective the "privacy safeguards" built into it were, although most of the complaints from consumers focused on these issues.

Critics of Marketplace: Households agree that Equifax's chief sin was breaking the first rule of informational privacy: Information disclosed for one purpose should not be used for another purpose without the subject's consent. First suggested in the early '70s, this principle is embodied in the European Community's proposed privacy regulations and endorsed by virtually every privacy advocate. But although the rule seems quite reasonable, nailing down its implications in the real world is tricky.

Much depends on how you define "consent" and what you think constitutes "another purpose." Under a loose interpretation, your information would be fair game once you revealed it to anyone, unless you explicitly indicated otherwise. Under a strict interpretation, you would have to specifically authorize every transfer of information. At one extreme, you might find total strangers privy to sensitive and perhaps embarrassing information about you—your salary, the movies you see, the self-help books you buy. At the other extreme, investigative reporters might have to give advance notice to the subjects of their exposés, and many common business practices—such as renting customer lists and soliciting orders by mail—could become prohibitively expensive.

Businesses with operations in Europe are worried that they will soon be at the mercy of E.C. bureaucrats charged with making such decisions. As proposed, the E.C. privacy regulations would require businesses to get explicit permission for secondary uses. For example, a magazine with European subscribers would have to obtain consent from each one before selling or renting their names and addresses to direct marketers. The standard practice now is to notify subscribers that they can ask to be removed from such lists. If they don't, it's assumed that they have consented. By reversing that assumption, the E.C. would effectively ban the rental of subscription lists by making them too costly to be worthwhile.

Another troubling aspect of the proposed regulations is a ban on the transfer of computerized information between the E.C. and any country without "adequate" privacy protection. This could stop international businesses from sending personnel files or customer records from the United States to Europe, and vice versa. Smith suggests that the E.C. may distinguish between information, such as that in credit files, that is regulated by U.S. law and information, such as that in personnel records, that is not. In the latter case, he says, the E.C. may be satisfied by a strict company policy, rather than insisting on a law. He acknowledges, though, that the bureacratic costs will be heavy.

The main problem with the European approach—which CPSR and the Privacy Council endorse—is its rigidity. As proposed, the rules do not recognize that different standards may be appropriate for different situations. For example, when you subscribe to a magazine, you probably expect that your name and address will end up on a mailing list that marketers will use to try to sell you other magazines, books, music, sweaters, and electronic gadgets. If this bothers you, you can readily have your name removed from the list. But most people, although they occasionally complain about junk mail, also occasionally respond to solicitations.

"Prior-consent legislation is not in the best interest of consumers," argues Lorna Christie, vice president for ethics and consumer affairs with the Direct Marketing Association. "If I had to authorize every transaction before it could happen, I probably would not get a great number of the catalogs and marketing promotions that I receive and that I use because I don't have time to go to the mall." In this context, it seems perfectly reasonable for magazines to assume consent unless they are notified otherwise.

When you rent movies, on the other hand, your expectations are quite different. You would be surprised, perhaps mortified, if the video store put you on a list of people who like pornographic films or Jean Claude Van Damme movies and rented the list to companies selling related products by mail. In 1987, when a City Paper reporter obtained information about Supreme Court nominee Robert Bork's movie rentals, members of Congress were so shocked that they passed a law, the Video Privacy Protection Act of 1988, specifically banning such disclosures. Yet the incident was striking precisely because it was so unusual. Even though there is definitely a market for the names and addresses of people who like certain types of movies, selling such lists would be very bad for the video-rental business. It would violate an implicit contract of confidentiality.

Problems arise, however, when the expectations of the person disclosing information differ from those of the person receiving it. This is the case with regard to the sale of marketing data by credit bureaus. Until recently, most people didn't even know that this was going on, primarily because consumers usually do not deal directly with credit bureaus. Hence it was the responsibility of the businesses that provide information to credit bureaus to notify their customers that some of the data might be sold to direct marketers. The credit bureaus, for their part, should have insisted on informed consent. They blew it.

"Too many businesses really don't give a damn about this issue," says Rotenberg. "They'd really rather not be bothered." But if people do care how information about them is handled, a business with that attitude will not survive long. To the extent that informational privacy matters, customers will insist upon assurances-assurances that the courts should enforce, if necessary. "What the consumer wants today is to redefine the information contract between the business wanting to use personal information and the individual," Westin says.

At the same time, consumers will have to pay attention to what they consent to. Rotenberg recently complained to Time about "warranty registration" cards that include marketing questionnaires. "People fill out product cards because they want the warranty," he said. "But they end up on the mailing lists of stereo and record companies. Was that part of the stated bargain when they filled out the card?" In a word, yes. The card that came with my new coffee maker, for example, says that the warranty applies whether or not you fill out the questionnaire, and it has a box you can check to keep your name and address off mailing lists.

Similarly, some privacy advocates have objected to frequent-shopper programs, which allow retail customers to get special discounts in exchange for using magnetized cards when they make their purchases. The cards enable the store to record what the customer buys; this information can later be used for marketing purposes. For example, someone who buys Minute Maid orange juice might get a coupon for Citrus Hill. But if this is an intrusion on privacy, it's one that the shopper has voluntarily agreed to. People who value informational privacy should learn to read the fine print.

Contracts only work if they bind both parties. Unfortunately, the ACLU, which is very concerned about informational privacy in the abstract, is chipping away at the most practical means for protecting it. The ACLU recognizes the right to withhold information or attach conditions to its disclosure, but it denies the reciprocal right to require information as a condition of participating in a transaction. For example, Goldman argues that employers should not be permitted to ask prospective employees for information that is irrelevant to job performance—except, perhaps, if they are prevented from making hiring decisions on that basis. Not only should things like religion or sexual preference be off limits, she says, so should personal habits such as smoking or hobbies such as skinny dipping. Otherwise employers might abuse their economic power.

"Applicants are routinely requested to sign waivers of confidentiality that permit the employer…to obtain information and records from virtually any source," says the ACLU handbook Your Right to Privacy. "Unless the applicant is in a strong bargaining position—which of course most applicants are not—he has no realistic choice but to sign the waiver." Hence the ACLU argues that the question of how much information to disclose should be resolved by legislation rather than negotiation.

Similarly, Goldman doesn't think banks should be allowed to require credit-card applicants to sign a waiver permitting the sale of their data to direct marketers. It's not enough that those who don't want to sign the waiver can take their business elsewhere. "Then what you're saying is that they have a right, but you're not going to enforce it," she says. "You're going to leave it to the marketplace."

Such reasoning undermines everyone's liberty to enter into voluntary business arrangements. Instead of getting the amount of privacy they want, people get the amount the government thinks they should have.

So long as the right to informational privacy remains vague, the mandate for this sort of state intervention is unbounded. Goldman resists attempts to define informational privacy. She acknowledges that information contracts can be helpful, but she says the right goes beyond such agreements. Asked repeatedly whether the mere collection of information by a private party could violate someone's right to privacy even without breaking an agreement, she equivocates. "We don't like hard-and-fast rules," she says.

A paper that Goldman co-authored in 1989 describes the task of protecting informational privacy this way: "Statutory standards should incorporate a balance between the sensitivity of the information at stake and the institutional justification or need for the information—the more sensitive the information, the more compelling the need must be for its collection, and the higher the standard must be for its disclosure to others."

Since different people will assign different weights to these conflicting interests, such balancing can easily become a shield for arbitrary restrictions. For example, some people object to "electronic blacklists." A 1990 article in The Christian Science Monitor, part of a series on "Privacy in the Computer Age," sounds the alarm over data bases that are used to screen tenants, employees, and policyholders. Landlords can consult a data base that lists tenants who have skipped out on their rent, been evicted, or damaged their apartments. The information is based on court records and landlords' reports. Other data bases list employees who have filed workers' compensation claims and people charged with violent crimes or drug offenses.

There are legitimate questions about the usefulness and reliability of these data bases, but the article focuses instead on the unfairness of maintaining them at all. Yet none of this information was collected in a way that violated an agreement of confidentiality. In the case of landlord-tenant disputes, for example, both parties are free to reveal the information to anyone they choose. Just as the tenant may complain to a friend, the landlord may complain to the company that compiles the data base. In the absence of an agreement to the contrary, neither party can reasonably assume that the other will keep the matter a secret—especially if the dispute ends up in court.

Although some privacy advocates tend to equate damaging information with confidential information, the issues are distinct. Even Goldman acknowledges that one of the most damaging kinds of information around—criminal records—ought to be publicly available. On the other hand, anyone who believes in keeping promises would agree that an utterly innocuous piece of information—say, your favorite color—should be treated confidentially if everyone you reveal it to agrees to do so.

The hazards of abandoning the contract approach to informational privacy are illustrated in Paul Sieghart's 1976 book, Privacy and Computers. Sieghart suggests that enforcing the right to privacy could mean preventing people from gathering published information. He offers the example of a John Smith who committed some petty crimes as a teenager that were reported in the local newspaper. As an adult, Smith moved to a new town where no one knew about his youthful indiscretions. In this context, Sieghart writes, to publicize Smith's crimes might very well violate his right to privacy.

The impulse behind Sieghart's desire to shield Smith is readily understandable. All of us value the freedom to move where we choose and make a fresh start, creating a new identity in a new locale. It seems unfair for someone to interfere with that freedom by bringing up unsavory facts. Yet we also value freedom of speech, which includes the freedom to research information in publicly available records and communicate it to whomever we like. Computers—more specifically, the ability to collect and process information readily and quickly—have brought these two values into conflict.

Nevertheless, the underlying rights remain intact. The right to construct your own identity is based on more fundamental rights, such as freedom of conscience, freedom of travel, freedom of association, and freedom of contract. It has never included the right to control the speech or thoughts of others—to dictate to them how they should perceive you. Yet that is the implication of extending privacy rights in the way that Sieghart suggests.

There remains a special class of cases where the contract approach will not work—cases in which one party can use force to get its way. If you want to drive a car legally, for example, you have to register it with the Department of Motor Vehicles. In many states, the DMV then sells information gleaned from registration forms to direct marketers; names and addresses for owners of new luxury cars are especially valuable. At least 26 states sell information from driver's licenses, including height, weight, and use of corrective lenses, to list merchants such as TRW, Donnelly Marketing, and I Rent America. (The main buyers of such lists are clothing merchants, particularly those who specialize in unusual sizes.)

Similarly, you are legally obligated to respond to the U.S. Census, which collects information that goes far beyond its original mandate of counting citizens for purposes of electoral apportionment. The U.S. Census Bureau then turns that information, much of which would be very costly for a private party to obtain, into statistical reports that are a gold mine for direct marketers.

Such government collection of information, backed by the threat of fines and imprisonment for failure to comply, is qualitatively different from private efforts. Direct marketers do not hold a gun to your head when they ask about your tastes in clothing or entertainment. But they do benefit from data that is collected coercively. Conversely, information collected by businesses may be used by the government: The Wall Street Journal reports that Farrell's, an ice-cream parlor chain, once sold a list of 18-year-olds, gleaned from its birthday club records, to the Selective Service System.

"It may well be the sharing of information between government and business…that is the megathreat," Westin says. "If…there are no boundaries between private and public, then it seems to me you're getting into deep yogurt."

A related issue arises from government-supported monopolies. If the federal government allowed a competitive market in mail delivery, for example, some companies might offer no-junk-mail service. For an extra fee, all solicitations and advertisements would be filtered out of your mail. If antipathy toward junk mail were great enough, some delivery companies might not accept it at all. By contrast, the U.S. Postal Service has no incentive to tailor deliveries.

The local telephone monopoly also complicates privacy issues. Consider caller ID, a new service that allows subscribers to see the telephone numbers of callers. Caller ID is a powerful tool for businesses that want the home addresses of people who call to ask questions, place orders, or make reservations. Privacy advocates acknowledge that caller ID, especially linked to a reverse-directory data base, can also help people protect their privacy by screening out unwanted calls. But they object that it invades the privacy of callers who want to keep their numbers concealed. In response to this concern, the FCC last September proposed rules that would require local telephone companies to allow subscribers to block caller ID on a call-by-call basis.

In a competitive market, such decisions would not be made by bureaucratic fiat. Some companies might provide caller-ID blocking, perhaps for a fee. Others might find they could make more money by offering unimpeded caller ID. Still others might not offer caller ID at all, or might offer name ID—with the communications company matching numbers to names—instead. Consumers would have a choice, which is what the privacy advocates say they want.

Businesses, acting in response to consumer demands, are much more likely than the government to come up with creative, effective ways of addressing privacy concerns. For example, Buyer's Market, a new Equifax program, surveys consumers about their tastes and preferences, asking them what kind of direct-mail information, if any, they are interested in receiving. Equifax then sells lists of people interested in particular kinds of goods or services to direct marketers. Approved material bears a special seal so consumers know it has been sent as part of the program.

Equifax also distributes, free of charge, lists of people who aren't interested in certain types of material, or who don't want any solicitations at all. "It's a waste of time and money for a direct marketer to send somebody a copy of something they've said they don't want," notes David Mooney, public relations manager for Equifax. On the other hand, "junk mail is junk only if you don't want it."

In an attempt to cut down on junk mail, properly understood, the Direct Marketing Association and most major marketers keep records of people who want to opt out of mailing lists. The DMA's ethical guidelines urge businesses to give prior notice that information will be used for marketing purposes, and they forbid the use of information "that may be considered personal or intimate in nature…when there is a reasonable expectation by the consumer that the information will be kept confidential."

None of this has the force of law, of course, but the DMA argues that it's simply good business. "Privacy is a customer-service issue," says Christie, the DMA vice president. "If marketers don't allow consumers a sense of control over the dissemination of data, they've not fulfilled their customer contract, and the customer's going to go somewhere else."

Westin goes a step further. Once privacy standards are well established in an industry, he says, they should be legally enforceable. For example, marketers should be held liable if they ignore the DMA's opt-out list. "Historically, the common law has been at its best when it deals with what the merchants are doing and why they're doing it," he says.

One conclusion that Westin draws from what the merchants are doing is that information is a valuable commodity, one that is owned by the person who dispenses it. "If my information is so valuable that it can be sold," Westin argues, "then it's akin to appropriation to take that valuable profile from me without my having any control over how it's used and without my getting any compensation. In a market economy, compensation has to flow to the ownership interests of the consumer."

In a recent issue of Release 1.0, a newsletter that covers computer-related issues, Editor Esther Dyson elaborates on the idea of data property rights. She imagines a world in which individuals sell limited use of their information through data brokers, who negotiate with direct marketers and other interested parties. "We believe the market could easily take care of the intricacies," she writes, "if the government would simply establish the principle: People own information about themselves."

But do they? Is it possible to own information? Since information is stored in brains as well as in computers, the implications are ominous. Strictly speaking, the right to own information implies a right to control the minds of others. Unlike physical or intellectual property, information per se is not a product of labor or creative effort. Moreover, information about you may equally be information about someone else with whom you interact: a retailer, an employer, a neighbor, a landlord, an insurer, a banker, a relative, a friend. When joint activities—a transaction, a dismissal or promotion, an eviction—give rise to "personal information," it's difficult to say a priori who "owns" that information and who, therefore, should control it.

The right to control the information can be established, however, by attaching conditions to the interaction. Sometimes the conditions are implicit. You shouldn't have to tell your bank, your doctor, the phone company, or the local library that records of your credit-card purchases, your medical treatment, your telephone calls, or the books you read are to be treated confidentially. In other cases, though, you may need to make your wishes clear. You can say, "I am buying this car from you on the condition that you not tell anyone about the purchase," or "I am telling you my age on the condition that you keep it secret," or even, "You may give my name and address to one other person, but only if you pay me." But the right to attach such conditions is not the right to own information; it's the right to make contracts.

Although Westin may be hasty in suggesting that the law should recognize property rights in information, his general approach makes sense. As long as individuals are free to make and enforce information contracts, they can act to protect their privacy. Indeed, Westin predicts that "by the end of the '90s, every data base will be a consensual data base"—containing only information about people who want to be included.

"It should come about through market forces; I don't see how we can legislate it," he says. "I'm looking for ways to accommodate diversity, not for an all-or-nothing solution.…The beautiful aspect of the technology we have is that, if we're thoughtful, it should allow us to accommodate all interests, rather than forcing a majoritarian solution on everybody."

Jacob Sullum is associate editor of REASON.