IP: Review of a book IP'ers might find of interest

[Dave Farber <farber () cis upenn edu>]

> Date: Sat, 12 Feb 2000 19:01:54 -0500
> To: farber () cis upenn edu
> From: Gene Spafford <spaf () cerias purdue edu>
>
> "Database Nation: The Death of Privacy in the 21st Century"
> by Simson Garfinkel
> O'Reilly & Associates, 2000
> ISBN 1-56592-653-6
> <http://www.databasenation.com>
>
> First, of all, I should disclose what is probably a conflict of 
> interest.   Simson and I have been friends for years, and we have 
> collaborated on a number of projects, including 3 books.  As such, some 
> people (who don't know me well) might suspect that I wouldn't provide an 
> objective review.  So, if you think that might be the case, then discount 
> my recommendation by half -- and still buy and read this book.   Simson 
> has done an outstanding job documenting and describing a set of issues 
> that a great many people -- myself included -- believe will influence 
> computing, e-commerce, law and public policy in the next decade.  They 
> also impact every person in modern society.
>
> This book describes -- well, and with numerous citations -- how our 
> privacy as individuals and members of groups has been eroding. 
> Unfortunately, that erosion is accelerating, and those of us involved with 
> information technology are a significant factor in that trend. Credit 
> bureaus accumulate information on our spending, governments record the 
> minutiae of their citizens' lives, health insurance organizations record 
> everything about us that might prove useful to deny our claims, and 
> merchants suck up every bit of information they can find so as to target 
> us for more marketing.   In each case, there is a seemingly valid reason, 
> but the accumulated weight of all this record-keeping -- especially when 
> coupled with the sale and interchange of the data -- is 
> frightening.  Simson provides numerous examples and case studies showing 
> how our privacy is incrementally disappearing as more data is captured in 
> databases large and small.
>
> The book includes chapters on  a wide range of privacy-related issues, 
> including medical information privacy, purchasing patterns and affinity 
> programs, on-line monitoring, credit bureaus, genetic testing, government 
> record-keeping and regulation, terrorism and law enforcement monitoring, 
> biometrics and identification, ownership of personal information, and 
> AI-based information modeling and collection.   The 270 pages of text 
> present a sweeping view of the various assaults on our privacy in 
> day-to-day life.   Each instance is documented as a case where someone has 
> a reasonable cause to collect and use the information, whether for law 
> enforcement, medical research, or government cost-saving.   Unfortunately, 
> the reality is that most of those scenarios are then extended to where the 
> information is misused, misapplied, or combined with other information to 
> create unexpected and unwanted intrusions.
>
> Despite my overall enthusiasm, I was a little disappointed in a few minor 
> respects with the book.  Although Simson concludes the book with an 
> interesting agenda of issues that should be pursued in the interests of 
> privacy protection, he misses a number of opportunities to provide the 
> reader with information on how to better his or her own control over 
> personal information.   For instance, he describes the opt-out program for 
> direct marketing, but doesn't provide the details of how the reader can do 
> this; Simson recounts that people are able to get their credit records or 
> medical records from MIB, but then doesn't provide any information on how 
> to get them or who to contact; and although he sets forth a legislative 
> agenda for government, he fails to note realistic steps that the reader 
> can take to help move that agenda forward.   I suspect that many people 
> will finish reading this book with a strong sense of wanting to *do* 
> something, but they will not have any guidance as to where to go or who to 
> talk with.
>
> The book has over 20 pages of comprehensive endnotes and WWW references 
> for the reader interested in further details.  These URLs do include 
> pointers to many important sources of information on privacy and law, but 
> with a few puzzling omissions: I didn't see references to resources such 
> as EPIC or Lauren Weinstein's Privacy digest outside of the fine print in 
> the endnotes.  I also didn't note references to ACM's Computers, Freedom 
> and Privacy conferences, the USACM, or a number of other useful venues and 
> supporters of privacy and advocacy.  Robert Ellis Smith's "Privacy 
> Journal" is mentioned in the text, but there is no information given as to 
> how to subscribe to it.  And so on.
>
> I also noted that the book doesn't really discuss much of the 
> international privacy scene, including issues of law and culture that 
> complicate our domestic solutions.   However, the book is intended for a 
> U.S.  audience, so this is somewhat understandable.       A few other 
> topics -- such as workplace monitoring -- are similarly given more 
> abbreviated coverage than every reader might wish.  Overall, I recognized 
> few of those.
>
> On the plus side, the book is very readable, with great examples and 
> anecdotes, and a clear sense of urgency.  Although it is obvious that 
> Simson is not an impartial party on these topics, he does present many of 
> the conflicting viewpoints to illustrate the complexity of the 
> issues.  For instance, he presents data on the need for wiretaps and 
> criminal investigation, along with accounts and descriptions of 
> bioterrorism, including interviews with FBI officials, to illustrate why 
> there are people of good faith who want to be able to monitor telephone 
> conversations and email.  If anything, this increases the impact of the 
> book -- it is not an account of bad people with evil intent, but a 
> description of what happens when ideas reasonable to a small group have 
> consequences beyond their imagining -- or immediate concern.  The death of 
> privacy is one of a thousand cuts, each one small and seemingly made for a 
> good reason.
>
> Simson has committed to adding important information to the WWW site for 
> the book.   Many (or most) of the items I have noted above will likely be 
> addressed at the WWW site before long.   Simson also has informed me that 
> the publisher will be making corrections and some additions to future 
> editions of the book if he deems them important. This is great news for 
> those of us who will use the book as an classroom text, or if we recommend 
> the book to policy makers on an on-going basis.   Those of us with older 
> copies will need to keep the URL on our bookmark list.
>
> Overall, I was very pleased with the book.  I read it all in one sitting, 
> on a flight cross-country, and found it an easy read.   I have long been 
> interested in (and involved in)  activities in protection of privacy, so I 
> have seen and read most of the sources Simson references.  Still, I 
> learned a number of things from reading the book that I didn't already 
> know -- Simson has done a fine job of presenting historical and ancillary 
> context to his narrative without appearing overly pedantic.
>
> This is a book I intend to recommend to all of my graduate students and 
> colleagues.  I only wish there was some way to get all of our elected 
> officials to read it, too.   I believe that everyone who values some sense 
> of private life should be aware of these issues, and this book is a great 
> way to learn about them.   I suggest you go out and buy a copy -- but pay 
> in cash instead of with  a credit card, take mass transit to the store 
> instead of your personal auto, and don't look directly into the video 
> cameras behind the checkout counter.  Once you read the book, you'll be 
> glad you did.