Politics

Database Nation

The upside of "zero privacy"

|

If you haven't noticed it already, flip back a few pages and take a good look at the front cover. Unless you picked this magazine up on a newsstand, you should see your neighborhood's grinning mug shot, exposed in all its glory from above. Depending on where you live, you may be able to glimpse your neighbors' homes, a gas station or two, and perhaps the local elementary school.

Welcome to the database nation, where the tiny chunk of data that represents your physical address can pull up an overhead view and driving directions to your front door. And that's not all. When your address is linked to databases like those used by Yahoo! People Search, your phone number may be readily accessible. Your county government's Web site probably displays your home's floor plan and assessed value, letting nosy neighbors chuckle over Alice's quaint split-level or Bob's lack of elbow room when the in-laws visit. Pay-as-you-go databases like Lexis-Nexis' P-TRAK, P-FIND, and P-SEEK tie together mortgage records, vehicle registrations, court judgments, bankruptcy histories, and any other public information they can gather. Google and Yahoo! can record every search you've ever made and link it to whatever computer you used at the time. Credit card companies know what you buy, frequent shopper programs know what you eat, and your insurance company knows what medical procedures you've undergone.

Is it any wonder that public concern about privacy has risen dramatically during the last decade? Self-help and advocacy books abound, with titles like I Love the Internet But I Want My Privacy Too! and Privacy for Sale: How Big Brother and Others Are Selling Your Private Secrets for Profit. Hundreds of privacy-related bills have been proposed in the U.S. Congress and state legislatures. In a February 2003 Harris poll, 69 percent of those surveyed agreed that "consumers have lost all control over how personal information is collected and used by companies." That view was summed up with cynical certitude by Sun Microsystems CEO Scott McNealy. "You have zero privacy anyway," he said a few years ago. "Get over it."

What McNealy didn't mention, and polls and politicians don't recognize, is the unsung benefits that have accompanied the databasification of American society. More precisely, they're unacknowledged or invisible benefits. It's easy to complain about a subjective loss of privacy. It's more difficult to appreciate how information swapping accelerates economic activity. Like many other aspects of modern society, benefits are dispersed, amounting to a penny saved here or a dollar discounted there. But those sums add up quickly.

Markets function more efficiently when it costs little to identify and deliver the right product to the right consumer at the right time. Data collection and information sharing emerged not through chance but because they bring lower prices and more choices for consumers. The ability to identify customers who are not likely to pay their bills lets stores offer better deals to those people who will. In films like The Net and Changing Lanes, Hollywood tells us that databases can be very dangerous. The truth is more complex. Being a citizen of a database nation, it turns out, can be very good for you.

Mistreat Me, Please

When Safeway or Giant offers you a supermarket discount card, it's not because their executives are making value judgments about whether it's appropriate for you to nosh on mocha fudge ice cream instead of wheatgerm?infused organic macrobiotica. They don't care. Instead, supermarket managers use the cards to evaluate the effects of promotional campaigns, understand the impact of price on consumer demand, and make better predictions about what you might be looking for on your next shopping trip. IBM even sells grocers software to "quickly roll out a loyalty program designed to reward and retain your best customers and track shopping patterns." Technological innovations are crucial in the cutthroat supermarket business, where profit margins hover around 2 percent and sales at rival superstores like Wal-Mart and BJ's Wholesale Club have been increasing by 19 percent a year. Far from a means to snoop on customers, discount cards are more like a way for supermarket chains simply to survive.

Some vocal activists don't see it that way. A group called Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN) has sprung up for the sole purpose of condemning supermarket discount cards. "We've got to stop supermarkets from manipulating us into surrendering one of our most intimate possessions—the ability to make reasoned, non-coercive decisions about how and to whom to disclose intimate information about ourselves," CASPIAN warns. "How can supermarkets justify this vicious mistreatment of the very patrons who keep them in business?" Simple: Nobody is forcing shoppers to sign up for discount cards; they do it because the benefits outweigh the costs.

The implications of living in a database-driven society go far beyond supermarket cards. Consider Gateway, which in 1997 was looking for a way to boost Internet purchases of its computers. It decided to offer would-be purchasers a way to obtain instant credit through its Web site. By filling out an online form, customers could apply for immediate financing and, in nearly all cases, receive an answer in just 15 seconds.

The idea proved to be a terrific success. By providing instant credit, Gateway was able to attract customers who didn't have credit cards or didn't want to use them. Its previous, manual method of approving loans took an average of five hours and resulted in $377 million a year in consumer financing. After Gateway offered instant credit, sales picked up and financing ballooned to more than $2 billion by 1999.

Gateway was able to do that by taking advantage of one of the marvels of modern American society: the credit reporting system. Every day this system churns through millions of transactions relating to approximately 1.5 billion credit accounts held by 190 million people, each with his or her own FICO (Fair Isaac Corporation) score, a rough estimate of how credit-worthy that person is. This constant flow of information lets businesses and lenders make more accurate—that is, less risky—decisions about whether to grant or withhold credit. Thanks to this system, you can log on to Gateway.com and have a custom-built computer immediately shipped to you; you can apply for a mortgage at ditech.com, Moneywarehouse.com, or LendingTree.com and receive an instant answer. Go to a shopping mall, and you'll find that nearly every store seems to be pitching its own brand of credit card. You can visit a car dealer you've never been to before, obtain a five-figure loan, and drive your new purchase home the same day. In 1999 credit cards were used in the U.S. for 14 billion transactions totaling about $1.1 trillion, with an average purchase of $76, according to the U.S. Department of Commerce.

This incredible convenience is something our grandparents never enjoyed. Just a few decades ago, applying for credit meant an in-person visit to a loan officer. If the loan officer didn't know you personally, he or she would contact your references and other creditors and eventually make a decision a few weeks later. If you had just moved to the community, you might be turned down or be approved for only a small loan. It was a slow, painful process that was hardly consumer-friendly.

Today, not only can you get a loan nearly instantly; you'll pay less for it than in countries that prevent the free flow of information. Some nations permit only negative information in credit reports, instead of the mix of positive and negative details that form the backbone of the U.S. system. Walter Kitchenman, an economist at Purchase Street Research, estimates that because of information sharing among financial firms "mortgage rates in the United States are as much as two full percentage points lower" than they would be otherwise. In the words of Fred Cate, a law professor at Indiana University, "with outstanding mortgage rates approaching $4 trillion, American consumers save as much as $80 billion a year because of the efficiency and liquidity that information makes possible. The cost of credit in the United States is also lower [than in most places in the world] because the information that credit decisions depend on is assembled routinely and efficiently, rather than at the time the consumer desires credit." That's a few hundred dollars per American every year.

Most of us know people who misuse their credit cards through holiday spending sprees or random acts of profligacy. But millions of us do not; we use credit cards because they're safer and more convenient than carrying thick wads of dollar bills. Cash is dirty and carries germs. It can be ripped or torn accidentally. Unlike a credit card, if you lose it, you're out of luck.

Also, few of us can buy our homes outright. By giving us a schedule of regular payments, a bank loan to buy our home lets us plan for the future.

Building on Reputation

All this was made possible by the convergence of several trends half a century ago. After the Depression, the pent-up demand for consumer goods exploded and the desire for an entirely cash-based society evaporated. The end of World War II brought a population boom and greater mobility. The most crucial change was the invention of the computer, which permitted more-efficient information storage and retrieval. The invention of high-capacity hard drives, fatter memory chips, and ever-speedier integrated circuits completed the databasification of American life.

While computers were essential to this latest phase of data gathering, the need to compile and exchange financial information is hardly new. Stanford economist Avner Greif's history of trade between 11th-century Mediterranean cities, published in the Journal of Economic History in 1989, showed how merchants used overseas agents, backed up by a web of information flows, to save money. For merchants, hiring agents to receive shipments when they arrived at the destination port was cheaper than traveling with the goods. To prevent agents from absconding with the merchandise, Maghrebi traders relied on a social network that provided agents and kept track of those who cheated. "Information was crucial to business decision-making," Greif noted. To keep agents honest, "coalition members blocked a cheater's access to the coalition's internal information flows." The traders' rudimentary paper ledgers served the same purpose as today's electronic credit reports: helping to distinguish honorable traders from frauds and deadbeats.

Adam Smith came to a similar conclusion in a 1766 paper titled "Lecture on the Influence of Commerce on Manners." He stressed the importance of a positive reputation, which necessarily means that others have access to information about your past actions and therefore feel they can predict your future behavior. "A dealer is afraid of losing his character, and is scrupulous in observing every engagement," Smith wrote. "When a person makes perhaps 20 contracts in a day, he cannot gain so much by endeavoring to impose on his neighbors, as the very appearance of a cheat would make him lose."

Modern databases trace the reputations not just of individuals but of corporations as well. Probably the most famous example is the credit reporting firm Dun & Bradstreet, which provides one of the most important tributaries to the pool of information about corporations and government agencies. It was founded as two different firms—New York's Mercantile Agency in 1841 and Cincinnati's Bradstreet Company in 1849—that merged in 1933. Both were created in response to a 19th-century problem: false letters of credit.

As American pioneers headed westward, scoundrels occasionally would present forged letters of credit to wholesale merchants in larger towns. After obtaining merchandise on credit, the person responsible for the scam would silently vanish with the goods. Dun & Bradstreet's crucial innovation was to make the system more efficient by compiling credit information on traders and retailers into voluminous leather-bound tomes. Those were available for perusal at branch offices that moved west along with new cities as they became populated. Dun & Bradstreet even employed traveling "reporters" who would investigate both new and established businesses and make recommendations about their creditworthiness. (Ulysses S. Grant and William McKinley were once Dun & Bradstreet correspondents.)

Daniel Klein, an economist at Santa Clara University who studies reputation, says such systems arise because "trust has an important role in just about all dealings. Trust depends on confidence which depends on assurance. Information is one form of that."

Secret Weapon

Having a portion of your existence chronicled in a web of interlinked databases does raise some legitimate privacy concerns. Who has access? How long will your credit card purchases remain on file? Getting cheap mortgage quotes is fine, but what is in place to protect against misuse of the information?

In the U.S., there is no catch-all law that dictates who may access which information under what circumstances. Instead, a mesh of state, federal, and common law applies to different parts of the economy. Most important, information exchange in the private sector is regulated by contract law, and firms that break their promises can pay a price.

Last year JetBlue secretly gave personal information on some 5 million passengers to a private contractor, Torch Concepts of Huntsville, Alabama, that is working on a data mining project for the Bush administration. A presentation prepared by Torch Concepts describes how it merged the JetBlue database with U.S. Social Security numbers, home addresses, income levels, and vehicle ownership information it purchased elsewhere. Now JetBlue is facing lawsuits over the apparent breach of its privacy policy, which assured its Web customers that "financial and personal information collected on this site is not shared with any third parties."

The U.S. Department of Commerce summed up the issue with unusual succinctness in a 2000 letter to the European Commission: "The right to recover damages for invasion of personal privacy is well established under U.S. common law." Courts have found privacy violations when an insurance company used information about an actual accident in an advertising campaign, when an employer tried to snoop through workers' credit card records to verify sick day absences, and when a college tested students for HIV without their knowledge. In 2001 Amazon.com's Alexa subsidiary agreed to pay up to $1.9 million to settle a class action lawsuit alleging that Alexa was giving information to Amazon without customers' permission.

Not content with existing rules, privacy activists have been pressing for more regulations targeting U.S. businesses. Their recent successes include the 1999 Financial Services Modernization Act, better known as Gramm-Leach-Bliley, which regulates the data collection practices of financial services firms. The law has resulted in millions of disclosure statements mailed to consumers, who routinely ignore them. Then there's the Health Insurance Portability and Accountability Act of 1996, which regulates medical care providers. Credit bureaus are covered by the Fair Credit Reporting Act.

More efficient and less burdensome are the state laws known as privacy torts. Those punish snoops who pry into someone else's private affairs, anyone who publicly discloses embarrassing private facts, and publicity that shows someone in a false light. Jim Harper, a former Capitol Hill staffer who runs the advocacy site Privacilla.org, says left-leaning privacy advocates have willfully ignored state privacy torts when arguing for more-intrusive regulations. "Privacy advocates and others have helped to foster the impression that there is no law protecting Americans," Harper says. "This is a violation of the trust that many have placed with them. Substantial criticisms of the privacy torts can be made, but they should be made directly, rather than by telling the press, the public, and public officials that no privacy-protecting law exists in the United States."

In addition to ignoring existing protections, privacy advocates usually do not acknowledge the downside to impeding the flow of information. As Klein, the Santa Clara economist, observes, "There is a collision between privacy and social accountability mechanisms generally. You see this real clearly in social accountability mechanisms like the press, courtroom, or gossip. There the violations of privacy are so much worse than in credit reporting. They're more invasive, less reliable, less discreet. The thing is, people don't appreciate the social accountability aspect of things like credit reporting."

The privacy torts usually are said to date back to an influential Harvard Law Review article written in 1890 by Samuel Warren and future Supreme Court Justice Louis Brandeis, titled "The Right to Privacy." They complained that journalists were being too aggressive and nosy: "Instantaneous photographs and newspaper enterprise have invaded the sacred precincts of private and domestic life….For years there has been a feeling that the law must afford some remedy for the unauthorized circulation of portraits of private persons; and the evil of invasion of privacy by the newspapers, long keenly felt, has been but recently discussed by an able writer."

Permission to Speak Freely

What's shocking to modern eyes is the degree to which Warren and Brandeis wanted to muzzle the press, in a way that today would be viewed as an unacceptable violation of the First Amendment. Warren was miffed to find details of his personal life described in the society pages of the Boston newspapers—the 19th-century equivalent of The National Enquirer or the New York Post's Page Six column. He and Brandeis complained: "The press is overstepping in every direction the obvious bounds of propriety and of decency. Gossip is no longer the resource of the idle and of the vicious, but has become a trade, which is pursued with industry as well as effrontery. To satisfy a prurient taste the details of sexual relations are spread broadcast in the columns of the daily papers."

Warren and Brandeis's article brings into sharp relief the tension between privacy and free speech. In the 114 years since the essay was published, privacy has become a remarkably wiggly and fluid notion, encompassing the right to an abortion or contraception, the right to be free of telemarketers and Internet cookies, and the right to keep government goons out of your home.

A cornerstone of the American approach to informa-tion flows in the private sector is that in general they strongly favor free speech over privacy. With a few exceptions, the default assumption for data exchanges is an "opt-out" standard, under which information you provide to a company is theirs to use unless you say otherwise. Under an "opt-in" standard, by contrast, the data are to be kept private unless you explicitly give your permission. Defaults are important: Research from the Columbia Business School suggests that people tend not to change the options they have been presented.

The European Union has adopted a general opt-in rule aimed at damming the flow of information. Known as the European Data Directive, the European rule says personal information generally may not be "processed" without the subject's unambiguous consent.

As you might expect, the European rule has run head on into the law of unintended consequences, and the results have hurt activists as well as consumers. Jacob Palme, a professor of computer science at Stockholm University, has documented how Sweden's implementation of the European directive has imperiled free speech. Swedish regulators prevented American Airlines from transferring customer information from Europe to its SABRE reservation system in the United States. Regulators prosecuted an animal rights activist who published a list of fur producers and a consumer activist who criticized a large bank on a Web page that named the bank's directors. "Looking at the way the law is used," Palme concludes, "one can see that unpopular or controversial opinions are suppressed."

Nevertheless, at the prodding of pro-regulation privacy activists, the U.S. has veered in the same direction in the last few years. "The question is, 'Is information being used in a way that has social utility?'" says Chris Hoofnagle, legislative counsel for the Electronic Privacy Information Center in Washington, D.C. "If it's simply done to profit-maximize, there are questions about whether consumers are really getting the benefit. We're searching for a framework of protections very similar to the E.U. privacy directive that regulates the collection and use of information across all contexts rather than the piecemeal approach we currently have."

By guaranteeing freedom of speech, the First Amendment to the U.S. Constitution poses an obstacle to laws that interfere with the free flow of information. The U.S. Supreme Court has struck down some ordinances that required opt-in consent, including a law enacted by the city of Struthers, Ohio, that banned uninvited door-to-door solicitations and a federal law that required affirmative consent from recipients of communist propaganda.

Optional Costs

Constitutional questions aside, how would an opt-in rule work? Consider how it would affect the MBNA Corporation, a financial services company that became a multibillion-dollar success story not long after it was incorporated in 1981. MBNA grew to more than 51 million customers through its aggressive "affinity" program, which let a number of groups—NASCAR, universities, the Atlanta Braves, and so on—market credit cards imprinted with their own logos. Not counting its existing customers, in 2000 MBNA had a database of 800 million names of prospective cardholders provided by affinity groups, but it could afford to send only 400 million solicitations.

Writing in the Duke Law Journal in February 2003, Indiana law professor Fred Cate and Georgetown business professor Michael Staten described how MBNA winnowed its list down to an affordable size through aggressive information sharing. MBNA first looked at public records and then, by exchanging information with its affiliates, tried to evaluate the creditworthiness of the remaining names on the list. The remaining 400 million people received solicitations with the endorsement of the affinity group to which they belonged.

Staten and Cate's conclusion: "Mandatory opt-in requirements on MBNA's operations would impair MBNA's affinity group business model, raise account acquisition costs and lower profits, reduce the supply of credit and raise credit card prices, generate more offers to uninterested or unqualified consumers and raise the number of missed opportunities for qualified consumers, and impair efforts to prevent fraud and identity theft." Under an opt-in rule, recipients of the offers would "be more risky and less profitable than MBNA's target group reached under the current rules. As a result, MBNA's delinquency and charge-off rates will rise, relative to its current experience, thereby imposing additional costs that will be passed along to all of MBNA's customers."

MBNA's experience highlights how data exchanges fuel the economic engine of an information society. Choking a society's data flow by setting the default rule to "no" restricts that fuel. An opt-in regime suffocates the economic activity that takes place when businesses use personal information to offer new products and tell customers about them without obtaining explicit permission in advance. Because it assumes customers who have expressed no preference would object to a solicitation, it is more expensive than an opt-out approach.

"Suppose you're a financial company and you have an idea," says Solveig Singleton, a lawyer at the pro-market Competitive Enterprise Institute in Washington, D.C. "Say you'd like to offer a mortgage for first-time home buyers. You design a flyer and look at your expenses and realize it would be pretty expensive to send it to everyone. Instead, you want to get some information to lower your costs and [target just a subset]. If you don't have that information, the costs of identifying your potential customer base are so high you don't offer the product at all."

In 1997 Qwest Communications performed a practical study of the opt-in rule. It asked its customers for permission to use general information about their calling habits to market new services to them. When customers were asked for this permission through postal mail, the positive response rate was between 5 percent and 11 percent. When Qwest representatives made phone calls instead, the response rate was up to six times higher—an indication that many customers really didn't mind but also didn't want to go through the bother of sending a letter to opt in. Qwest eventually concluded that an opt-in approach was too expensive to be viable.

If we want the low prices and consumer choices of a database nation, we may have to tolerate unsolicited sales pitches (although there are ways to avoid them—all legitimate marketers offer a way to delete your name from the list). Few of us are fans of direct marketing—until we receive an advertisement for a product we want. The same information sharing that makes unwanted solicitations possible also can improve targeting so that consumers are more likely to receive offers that interest them. And many people clearly do: The Direct Marketing Association's 2002 annual report estimated that direct marketing efforts "are projected to generate nearly $2 trillion in sales" in 2003. Even if that number is inflated, information flows contribute to a huge chunk of the economy.

"Companies are increasingly finding that if consumer data is not readily available for business use, the negative impact on sales could severely stunt company growth," warns Jennifer Barrett, chief privacy officer at Acxiom, a database marketing firm in Little Rock, Arkansas. "Moreover, increased marketing costs could force retailers to substantially raise the price of their merchandise to maintain effective margins. The result would be higher prices, fewer customers, and fewer jobs."

Site Security

The cost of restricting information hasn't stopped regulatory enthusiasts from demanding an opt-in standard for Web sites. Federal law mandates that standard for medical information, and pro-regulation activists hope to broaden the concept to stretch as far as the European Data Directive does.

Congress has convened dozens of hearings on Internet privacy issues, and in April 2002 Sen. Ernest Hollings (D-S.C.) introduced his Online Personal Privacy Act. The now-defunct bill would have regulated how Internet service providers, commercial Web sites, and noncommercial sites supported by advertising or product sales collect information about customers. The legislation covered "personally identifiable information," including names, e-mail addresses, and numeric I.P. addresses.

"How can we trust companies with our personal information when their every economic incentive is to collect, compile, enhance, target, and disseminate it for profit?" Hollings said in support of the bill. "It is like letting the fox guard the henhouse. Our bill grants consumers, not companies, control over their personal information on the Internet. And our opt-in component is the only method for ensuring that Internet users have the ultimate control."

Hollings' proposal had a technophobic twist: It applied only to the customer records of Internet-related firms, not their brick-and-mortar competitors. During one Senate hearing, an Amazon.com lobbyist pointed out the discrepancy and unfair advantage. Hewlett-Packard predicted that the vague definitions in Hollings' bill would invite lawsuits.

Some politicians have gone even further than Hollings. The Consumer Internet Privacy Protection Act, proposed by the late Rep. Bruce Vento (D-Minn.) in 1997, would have barred Web sites from sharing "personally identifiable information" about their visitors without prior "written consent"—a requirement far more onerous than the one that applies to offline firms. Other, more recent proposals include a plan being advanced in the Senate by Dianne Feinstein (D.-Calif.) to slap serious restrictions on all forms of database marketing.

Robert Hahn of the American Enterprise Institute estimates that complying with an opt-in requirement for Web sites would incur a one-time cost of between $9 billion and $36 billion. If Hahn's numbers are anywhere near correct, struggling companies could be required to lay off workers, and marginal ones could be driven to bankruptcy.

With the exception of sites targeted at young children, which are federally regulated, under current law Web sites choose their own privacy policies and are judged accordingly. Consumers can rely on nongovernmental rating and reputation systems to steer them toward desirable destinations. Just as The Michelin Guide reviews restaurants and kashrut organizations certify foods, these systems rate privacy. TRUSTe, BBBonline, and WebTrust offer "privacy seals" to Web sites so consumers can find companies worthy of their trust. To earn a TRUSTe seal, a firm signs a contract that requires its site to prominently disclose how it collects, uses, and distributes personally identifiable information about its users. The cost ranges between $300 and $7,000 a year, depending upon the company's size, and participating companies can display a bright green TRUSTe logo. TRUSTe claims 2,000 member companies, including many high-profile sites, and BBBonline has awarded its privacy seal to more than 500 sites.

In addition to these companies, nearly all large commercial Web sites take a full-disclosure approach to privacy, saying exactly what they'll do with personal data they collect. Although Europe has strict regulations in this area, America's free market approach seems more effective. A 2001 report from Consumers International, a global association of more than 260 pro-regulation groups, admits that "despite tight EU regulation, sites within the EU are no better at telling users how they use their data than sites based in the U.S. Indeed, some of the best privacy policies were found on U.S. sites."

Ways of Making Us Talk

An approach to data handling that works for businesses trying to woo customers, of course, may not be appropriate for governments trying to monitor their citizens. When dealing with private corporations, you generally can choose whether to give them your information. If you don't like Safeway's discount card, don't get it; or shop at Whole Foods, which doesn't offer one. If Amazon.com's recommendations are annoying, try barnesandnoble.com instead. You have a choice.

That choice disappears when the government demands data. Whether you're filing tax returns or filling out a form for a driver's license, governments have the unique—and uniquely dangerous—ability to compel you to divulge information whether you want to or not. Police also have the unique power to conduct wiretaps, set up roadblocks, and employ search warrants. The massive Total Information Awareness project that John Poindexter tried to piece together under the aegis of the Defense Department would have put private-sector databases to shame. The Treasury Department's FinCEN agency, available to local, state, and federal police, offers the ability to scroll through more than 120 million reports about banking transactions. The FBI, the Secret Service, and the U.S. Bureau of Customs and Border Protection regularly download the data and import it into their own databases. (See "Show Us Your Money," November 2003.) In addition to unique data collection abilities, the government has unique powers in using the information it gathers, including the ability to arrest, prosecute, fine, and imprison people.

To curb these awesome powers, the usual response has been to place specific limits on what government agencies can do. The Fourth Amendment to the U.S. Constitution and laws such as the Privacy Act of 1974 restrict searches and information collection by the government. State constitutions also have long restricted government data collection.

In today's world, halfway measures like the Privacy Act don't go far enough to restrict government abuses. Enacted largely as a result of a federal report on automated data systems, the Privacy Act covers any government-operated "system of records" with personal information on American citizens. It limits the use and disclosure of those records and requires that the databases be protected with "appropriate administrative, technical and physical safeguards" to preserve their security and confidentiality. But Congress could never have envisioned the tremendous outsourcing of databases that has taken place during the last three decades. More and more, the private sector stores information on the feds' behalf and the information in outsourced databases is not covered by the Privacy Act.

Other loopholes exist. Image Data signed a contract with the Secret Service in 1997 to create a national identity database for the federal government. Documents obtained through the Freedom of Information Act show that the Immigration and Naturalization Service, now part of the U.S. Department of Homeland Security, queried private-sector databases 20,000 times a month over the last few years. In fiscal year 2002, the U.S. Department of Justice inked an $11 million contract for access to databases held by ChoicePoint—a self-described "leading provider of identification and credential verification services for business and government"—including Americans' names, addresses, previous addresses, places of employment, spouses' names, and Social Security numbers. The FBI now insists, improbably, that the bureau's arrangement with ChoicePoint is so secret that even the contract number may not be disclosed.

Databasification, in other words, does have a dark side: increasing government access to private collections of information. Some privacy activists cite this cooperation as a reason to regulate private databases, which makes as much sense as preventing companies from manufacturing binoculars simply because police can use them for unlawful surveillance. The more sensible approach is to restrict the power of the police to snoop in the first place. That means taking steps such as updating the Privacy Act of 1974 to limit government access to outsourced databases; increasing the authority of inspectors general at federal agencies to monitor data abuses; boosting criminal penalties for lawbreaking cops; requiring police to meet higher standards of proof before perusing databases; and, most important, rethinking the drug laws that invite snooping into Americans' personal lives. (About 78 percent of domestic wiretaps conducted with court oversight in 2002 were for drug offenses. Investigations of violent crimes such as murder, kidnapping, and extortion accounted for just 6 percent.)

Focusing on government power would keep intact the undeniable advantages of databasification—lower prices, cheaper mortgages, and more-efficient uses of information—while limiting possible abuses by law enforcement. The aim should be to retain the tremendous benefits of living in a database nation while preventing it from devolving into a police state.