Saturday, December 18, 2004

Kafka and the Digital Person

Kafka and the Digital Person :
“In the United States, information about a person is owned by the person collects it, not by the person it is about. There are specific exceptions in the law, but they're few and far between. There are no broad data protection laws, as you find in the European Union. There are no Privacy Commissioners, as you find in Canada. Privacy law in the United States is largely about secrecy: if the information is not secret, then there's little you can do to control its dissemination.

As a result, enormous databases exist that are filled with personal information. These databases are owned by marketing firms, credit bureaus, and the government. Amazon knows what books we buy. Our supermarket knows what foods we eat. Credit card companies know quite a lot about our purchasing habits. Credit bureaus know about our financial history, and what they don't know is contained in bank records. Health insurance records contain details about our health and well-being. Government records contain our Social Security numbers, birthdates, addresses, mother's maiden names, and a host of other things. Many drivers license records contain digital pictures.

All of this data is being combined, indexed, and correlated. And it's being used for all sorts of things. Targeted marketing campaigns are just the tip of the iceberg. This information is used by potential employers to judge our suitability as employees, by potential landlords to determine our suitability as renters, and by the government to determine our likelihood of being a terrorist.

Some stores are beginning to use our data to determine whether we are desirable customers or not. If customers take advantage of too many discount offers or make too many returns, they may be profiled as "bad" customers and be treated differently from the "good" customers.

And with alarming frequency, our data is being abused by identity thieves. The businesses that gather our data don't care much about keeping it secure. So identity theft is a problem where those that suffer from it - the individuals - are not in a position to improve security, and those who are in a position to improve security don't suffer from the problem

The issue here is not about secrecy, it's about control.…”


A new book by George Washington University Law Professor Daniel Solove examines the problem of the growing accumulation of personal information in enormous databases. The book is called "The Digital Person: Technology and Privacy in the Information Age," and it is a fascinating read.

Solove's book explores this problem from a legal perspective, explaining what the problem is, how current U.S. law fails to deal with it, and what we should do to protect privacy today. It's an unusually perceptive discussion of one of the most vexing problems of the digital age -- our loss of control over our personal information. It's a fascinating journey into the almost surreal ways personal information is hoarded, used, and abused in the digital age.

Solove argues that our common conceptualization of the privacy problem is Big Brother -- some faceless organization knowing our most intimate secrets -- is only one facet of the issue. A better metaphor can be found in Franz Kafka's "The Trial." In the book, a vast faceless bureaucracy constructs a vast dossier about a person, who can't find out what information exists about him in the dossier, why the information has been gathered, or what it will be used for. Privacy is not about intimate secrets; it's about who has control of the millions of pieces of personal data that we leave like droppings as we go through our daily life. And until the U.S. legal system recognizes this fact, Americans will continue to live in an world where they have little control over their digital person.

http://www.schneier.com/crypto-gram-0412.html#8
con·cept: Kafka and the Digital Person