No Place to Hide Your Digital Person
The first is "No Place to Hide" (Free Press, $26) by Washington Post reporter Robert O'Harrow, who has broken many headline-grabbing privacy stories in the past few years. His book's main focus is on the ever-increasing ability of private sector data companies to collect and compile consumer data from myriad sources.
For the average reader, these data collection activities will be news. For the DM industry reader, some of these activities will be old hat.
The book's second theme is the interplay between the government and the private sector. The events of 9/11 increased the government's interest in tracking and assessing individuals. Private data companies realized that the government would be a vast new market for personal information services and ran after it hard. O'Harrow documents the players, companies and events that increased government appetite for private sector databases.
Though not everyone will agree, I find that O'Harrow is maddeningly neutral. It seems clear from the title that O'Harrow worries about the developments he reports on, but he mostly describes. He does not demonize anyone or comment much on policy matters. He does, however, quote Louis Brandeis to the effect that the greatest dangers to liberty come from insidious encroachment by well-meaning men of zeal.
The book's neutrality lets each reader walk away with a different reaction, and I am sure that is what O'Harrow intended. Some will applaud the use of personal information in the fight against terrorism. Others will condemn the increasing power of federal agencies to watch individuals without cause.
My own reaction was that I wonder whether most of the information tools have much value for the purposes for which federal agencies are buying them. O'Harrow talked to insiders on both sides and described the "gee whiz" reactions of federal officials when the companies showed off their systems. The agencies fell all over themselves to buy.
But O'Harrow also quietly documents the limitations. A database scan brings up the names of some of the Sept. 11 hijackers, but the same search also found thousands of others. Biometrics, data mining and other techniques have major shortcomings. O'Harrow says correctly that the tools will improve over time, but whether they ever will be able to make the fine judgments needed to find terrorists remains to be seen.
The false positives that inevitably result from using gigantic databases to find a few individuals have side effects on innocent people. O'Harrow reports on those effects, too. Using data tools to find customers is very low risk compared with using the tools to decide who can get on an airplane.
The book discusses identity theft and its links to terrorism. Losses from identity theft exceed $50 billion annually, and there are millions of victims. If the data tools are so wonderful, why can't law enforcement use them to catch financial criminals, some of whom are terrorists? Identity thieves should be easier to find than terrorists.
Before committing more money and other resources, it would be nice if the government tested the tools in the real world to see whether they work. A test would allay the suspicion that the government is being sold an expensive toy unsuited to the purpose.
Daniel Solove's new book, "The Digital Person" (New York University Press, $29.95), is in many ways a perfect complement to "No Place to Hide." Solove provides the policy discussion that O'Harrow leaves to reader. Solove's book is highly readable, with none of the footnotes that most associate with writings by law professors.
Solove explores the right metaphor for evaluating and discussing privacy in the digital world. A traditional metaphor for the loss of privacy comes from George Orwell's "1984." Big Brother personifies a controlling government that incessantly and overtly spies on its citizens to further its power. But Solove offers a different metaphor. He argues that Franz Kafka's "The Trial" best captures the consequences of the digital database world. Kafka describes an indifferent bureaucracy that maintains dossiers on individuals and treats them as pawns. An individual is what is in his dossier, and the bureaucracy may act on that without reason or accountability.
Solove agrees with O'Harrow in observing that the organizations building dossiers do not have to be run by government. He writes that the government is shackled by the Constitution, legislation and sometimes its own incompetence in exploiting database and other technologies that impinge on privacy. However, the private sector is largely exempt from restriction in its database activities, and is happy to share its databases with the government for the right price.
Solove evaluates the shortcomings of current approaches to privacy as well as some useful and controversial ideas for striking a new balance. Anyone who deals with privacy matters will find a lot to consider.
There's an old lawyer's saying that if the facts are on your side, argue the facts. If the law is on your side, argue the law. If neither is on your side, talk loud. If you are interested in the facts, read O'Harrow. If you are interested in the law and the policy, read Solove. I am pleased to give both books a very loud endorsement.