Customer Reviews

Database Nation: The Death of Privacy in the 21st Century

5 star:		(11)
4 star:		(11)
3 star:		(7)
2 star:		(3)
1 star:		(4)

 

 

First, of all, I should disclose what is probably a conflict of interest. Simson and I have been friends for years, and we have collaborated on a number of projects, including 3 books. As such, some people (who don't know me well) might suspect that I wouldn't provide an objective review. So, if you think that might be the case, then discount my recommendation by half -- and still buy and read this book. Simson has done an outstanding job documenting and describing a set of issues that a great many people -- myself included -- believe will influence computing, e-commerce, law and public policy in the next decade. They also impact every person in modern society.

This book describes -- well, and with numerous citations -- how our privacy as individuals and members of groups has been eroding. Unfortunately, that erosion is accelerating, and those of us involved with information technology are a significant factor in that trend. Credit bureaus accumulate information on our spending, governments record the minutiae of their citizens' lives, health insurance organizations record everything about us that might prove useful to deny our claims, and merchants suck up every bit of information they can find so as to target us for more marketing. In each case, there is a seemingly valid reason, but the accumulated weight of all this record-keeping -- especially when coupled with the sale and interchange of the data -- is frightening. Simson provides numerous examples and case studies showing how our privacy is incrementally disappearing as more data is captured in databases large and small.

The book includes chapters on a wide range of privacy-related issues, including medical information privacy, purchasing patterns and affinity programs, on-line monitoring, credit bureaus, genetic testing, government record-keeping and regulation, terrorism and law enforcement monitoring, biometrics and identification, ownership of personal information, and AI-based information modeling and collection. The 270 pages of text present a sweeping view of the various assaults on our privacy in day-to-day life. Each instance is documented as a case where someone has a reasonable cause to collect and use the information, whether for law enforcement, medical research, or government cost-saving. Unfortunately, the reality is that most of those scenarios are then extended to where the information is misused, misapplied, or combined with other information to create unexpected and unwanted intrusions.

Despite my overall enthusiasm, I was a little disappointed in a few minor respects with the book. Although Simson concludes the book with an interesting agenda of issues that should be pursued in the interests of privacy protection, he misses a number of opportunities to provide the reader with information on how to better his or her own control over personal information. For instance, he describes the opt-out program for direct marketing, but doesn't provide the details of how the reader can do this; Simson recounts that people are able to get their credit records or medical records from MIB, but then doesn't provide any information on how to get them or who to contact; and although he sets forth a legislative agenda for government, he fails to note realistic steps that the reader can take to help move that agenda forward. I suspect that many people will finish reading this book with a strong sense of wanting to *do* something, but they will not have any guidance as to where to go or who to talk with.

The book has over 20 pages of comprehensive endnotes and WWW references for the reader interested in further details. These URLs do include pointers to many important sources of information on privacy and law, but with a few puzzling omissions: I didn't see references to resources such as EPIC or Lauren Weinstein's Privacy digest outside of the fine print in the endnotes. I also didn't note references to ACM's Computers, Freedom and Privacy conferences, the USACM, or a number of other useful venues and supporters of privacy and advocacy. Robert Ellis Smith's "Privacy Journal" is mentioned in the text, but there is no information given as to how to subscribe it it. And so on.

I also noted that the book doesn't really discuss much of the international privacy scene, including issues of law and culture that complicate our domestic solutions. However, the book is intended for a U.S. audience, so this is somewhat understandable. A few other topics -- such as workplace monitoring -- are similarly given more abbreviated coverage than every reader might wish. Overall, I recognized few of those.

On the plus side, the book is very readable, with great examples and anecdotes, and a clear sense of urgency. Although it is obvious that Simson is not an impartial party on these topics, he does present many of the conflicting viewpoints to illustrate the complexity of the issues. For instance, he presents data on the need for wiretaps and criminal investigation, along with accounts and descriptions of bioterrorism, including interviews with FBI officials, to illustrate why there are people of good faith who want to be able to monitor telephone conversations and email. If anything, this increases the impact of the book -- it is not an account of bad people with evil intent, but a description of what happens when ideas reasonable to a small group have consequences beyond their imagining -- or immediate concern. The death of privacy is one of a thousand cuts, each one small and seemingly made for a good reason.

Simson has committed to adding important information to the WWW site for the book (<http://www.databasenation.com>). Many (or most) of the items I have noted above will likely be addressed at the WWW site before long. Simson also has informed me that the publisher will be making corrections and some additions to future editions of the book if he deems them important. This is great news for those of us who will use the book as an classroom text, or if we recommend the book to policy makers on an on-going basis. Those of us with older copies will need to keep the URL on our bookmark list.

Overall, I was very pleased with the book. I read it all in one sitting, on a flight cross-country, and found it an easy read. I have long been interested in (and involved in) activities in protection of privacy, so I have seen and read most of the sources Simson references. Still, I learned a number of things from reading the book that I didn't already know -- Simson has done a fine job of presenting historical and ancillary context to his narrative without appearing overly pedantic.

This is a book I intend to recommend to all of my graduate students and colleagues. I only wish there was some way to get all of our elected officials to read it, too. I believe that everyone who values some sense of private life should be aware of these issues, and this book is a great way to learn about them. I suggest you go out and buy a copy -- but pay in cash instead of with a credit card, take mass transit to the store instead of your personal auto, and don't look directly into the video cameras behind the checkout counter. Once you read the book, you'll be glad you did.

What cyberspace requires is authors who are willing to interrogate "what we all know is true" to see, in fact, whether what we all know *is* true. This book has an extraordinary integrity to it, as it reopens a set of questions that most of us thought closed. You won't agree with everything, there are many questions left unresolved, but there is no doubt that in places this book will change you mind. It is the best book on privacy and the internet that I have seen.

Privacy has become an apple pie issue. These days everyone is for it, and most people assume that there is a "right to privacy" articulated somewhere in the US Constitution, but there is actually little consensus in our society about what "privacy" really means, let alone "right to privacy." Alas, Garfinkel never quite puts forward a satisfying definition of privacy in Database Nation. He predicts (correctly) that the "right to privacy" will be one of the most important civil rights in the 21st Century, and (incorrectly) that "the federal government may be our best hope for privacy protection as we move into the new millennium." When examined more closely, most of the invasions of privacy he cites are actually violations of due process, negligence, inaccurate data, abuses of the nanny state, or outright fraud.

The book suffers from so many errors that space does not allow me to identify them all.

Garfinkel misstates the federal law regarding social security numbers and driver licenses. He also seems unclear on the Fair Credit Reporting Act (FCRA). According to Garfinkel, the FCRA "forbids the release of the information for noncredit or insurance purposes, such as direct marketing or 'people-finding' services." The truth is more complicated, but you wont find it in Database Nation.

Garfinkel's discussion of identity fraud is misinformed, and he passes along uncritically too much received wisdom about the issue. He seems to think that consumer credit reports contain the mother's maiden name of the consumer and that "lookup services make this information available, at minimal cost, over the Internet." Wrong on both counts. Forgive me, but at this point in the book I started wondering whether Garfinkel had ever even seen a credit report. As a licensed private investigator and professional debt collector, I deal with credit reports, look-up services, data protection laws and privacy issues every day, and am able to compare Garfinkel's claims with my own first-hand knowledge. Garfinkel has too much of a graduate-seminar approach to these issues. He needs to get out more.

I admit I have philosophical differences with Garfinkel's framework of reference. The greatest threats to privacy come from government, not business, as government has unique powers to coerce information from its citizens which no private entity has. Garfinkel sees government regulation of the private sector as the solution to privacy concerns. I see it as the problem.

The basic premise of this book is that today's database-centric technology threatens our privacy. A good topic and the book is written in a "joe public" style so you don't need to be a computer geek to follow the stories. However, many of his "solutions" to database induced problems call for more databases; usually government owned and operated - George Orwell would be proud.

For example, one case presented has to do with a couple who sold their home and moved elsewhere. The IRS's database "goofed" and started sending notices to the couple at their old address. Because the IRS mailings are stamped "Do not forward" the couple never received them and the IRS eventually put a lien on their house. The couple only found out about this after being rejected for a credit card renewal. The author writes, "A national database [containing data on every individual in the country] could have headed off the excesses of the credit reporting industry."

Isn't this what the author is arguing against?

Why every American? Because, as Garfinkel points, out Europeans are better protected than we are. In every way, on virtually every page of the book, Garfinkel shows not only how our private information is being used without our knowledge, consent, or ability to correct it, but how it is being associated. In fact, I would argue that his collection of details of how the smallest pieces of your personal, financial, medical, and employment history can be connected easily by businesses to deny you credit, a job, or insurance makes the strongest case for regulation.

The kind of regulation Garfinkel argues is necessary - and which mirrors existing laws in the EU that American companies flaunt over the Web in their dealings with EU citizens - would provide the right kinds of control and redress for citizens without requiring government involvement and ownership of data.

(One of the odd recurring points in the book is that Garfinkel views it as a missed opportunity that a monolithic data center wasn't built in the 60s to collate all individual information. I see his point, but imagine if Nixon had that resource at his disposal? Even without it, he had people's tax returns pulled. I may, perhaps, misunderstand Garfinkel's message there, as he felt a central storage point would have provided a nationwide opt-out control for individuals and the use of their data by any company.)

It's fascinating reading and a relatively quick read for a nonfiction title. As I read it, I had prickles at the back of my neck as I discovered how my own information is being used without my knowledge. (Ever heard of the MIB? Not Men In Black - read the book...it's almost as insidious.)

Database Nation paints a picture of the dangers of leaving our lives in data in the hands of business instead of our own hands. Hopefully, technology and policy will meet politics for a solution described in his book providing the kind of ownership and rights we need.

I applaud the extensive research and documentation in this work.

However, such a broad subject is perhaps only sensationalized in a brief 312 pages. Describing all information gathering from fingerprinting to satellite imagery as an invasion of privacy is either the outcome of wanting to sell books by pandering to the fears of the public or the by product of covering too many individual topics without balanced depth.

As a practitioner in using these database sources of information on a daily basis as a Private Investigator, I found most topics lacking in an explanation as to how valuable and important information is, and not to discount it as only an invasion of privacy to be feared.

This book is an interesting overview of an important subject, but it's value to the reader will be dependant entirely on what the reader is expecting from it in the first place.

"Database Nation: The Death of Privacy in the 21st Century" does not live up to either its promise or potential. I was gravely disappointed.

There is no need to revisit at length the issues raised in an earlier review, which point out that there are no methods presented for individuals to check or correct erroneous information in their various errant files. It's as though the author is yelling "fire" and then not telling us how to get out of the building, forcing readers to find their way out through the smoke. And there is a lot of smoke indeed.

Though making many good and instructive points the author often contradicts himself. For example, the government goes through a mutually exclusive, full-cycle, role metamorphosis. In the beginning legislators could have protected us, but fell short through dropped or ignored legislation. For much of the remainder of the text the government is identified as the greatest threat to personal privacy. By the end, the author is back to a benign government that can protect and look out for what is best for us after all. Which is it?

The author, to lay some blame, claims that technology is not neutral, anthropomorphizing it with the apparent ability initiate evil, privacy threatening deeds. This is patent nonsense. Technology's use is certainly not neutral, but by itself it is beached, waiting for the next tide to either wash it further up on the sand or out to sea. His example of an inadequately designed high-tech phone system (pg. 258-260) appears to blame the phone system itself because it has the potential to be misused. Who buys that? Raise your hand.

The use of statistics throughout is both unscientific and unprofessional. The author strategically reports only the component of the statistic that supports his point, without ever allowing readers the opportunity to arrive at similar conclusions with all the facts at hand. A fair example is on page 134, "15% of those who had their medical confidentiality violated...said that it had been violated by insurance companies." Okay, but that's not enough. Where are the others whose medical confidentiality was violated? Is 15% the largest single component of the whole? Or is the 15% all he needed and we are left to wonder where the other 85% falls (not an insignificant portion of the population I might add). The book is redolent with this verbal slight of hand.

When he cannot make a point using facts or actual examples the author simply makes up a story. However, once the story is told, and he has admitted to its source, he often doubles back on himself to the belief that this is a real issue. It usually goes something like this: if you put your foot on the floor monsters under the bed will eat you, not really there are no monsters, but putting your foot on the floor is still bad because the monsters will get you when someone finally gets around to building them and figures a way to squeeze them under your bed, so be afraid. See: Simulated Humans Can't Be Trusted (pg. 241-242).

A section titled Brain Wiretapping (pg. 234-235) operates in a similar vein. In the opening paragraph he states, "Catching these [terrorists] will require an even more invasive monitoring technique: brain wiretapping." Invasive is the word. Without missing a beat he goes from mind reading, which he dismisses as not all that reliable, to the possibility of running these suspected terrorists through functional MRIs (which may include sawing the skull open to get at their works). All of this in an effort to find out what nefarious deeds these terrorists may be up to. Imagine the court order requesting this procedure.

As illustrated both above and below, unintentional humor abound. In another example described on page 225, an FBI initiated Internet wiretap led to a student in Argentina, "the investigation ended there, because Argentina would not extradite...his actions were not a crime in [Argentina]." In an aside immediately following, the author reveals the student "waived extradition and plead guilty; he was fined...and received three years probation." What? His footnote indicates if you want to know more, you can look it up yourself. Thanks, but no thanks.

Finally, his chapter on medical privacy, which has more to do with medical ethics than personal privacy, contains his most egregious and unforgivable error. He divulges, not once but several times, the names of individuals whose very personal medical conditions were released in flagrant and inexcusable violations of their privacy, often to unfortunate results. By giving up the names of the individuals involved isn't the author a virtual accessory after the fact to the initial privacy violation? Maybe these events and names are a matter of public record, but so what, why compound the wrong?

There are many factual anecdotal stories throughout the text; some include names some do not. Why, in a book whose intent is to highlight the increasing threats to personal privacy, did any real names get used at all? I could find no statement to the effect that identities were changed to protect individuals' privacy. One would think this would be the minimum ethical standard of a book on privacy, point that ironically seems to have escaped the author, editor, and publisher.

Read this and then click over to "Transfer-the end of the beginning" by Jerry Furland. This isn't the full monty. That final step that most authors seem reluctant to take can be found in "Transfer". You won't get that information anywhere else. I know. I've looked.

This book is important, and it deserves to be big. Simson Garfinkel has nailed the history, the present circumstances, and the nightmare future scenarios as the remaining shreds of privacy in American life circle the drain at the new century's dawn.

Garfinkel shows the future we're heading toward in pictures no-one can mistake. The book is aimed at a general reader -- the author doesn't dwell on the technical details, and Database Nation should be a non-threatening read for anyone who is literate.

Like good dystopian science fiction, Database Nation bids not to predict a future but to prevent one. Garfinkel is longer on description than on prescription for the problem of privacy under attack. Many of the remedies he sketches suggest government intervention to wrest back some control of private information for the individual. This emphasis on government action will be the most controversial aspect of Database Nation, spurring automatic resistence in overlapping circles of Net culture from the libertarian to the privacy-aware. But the fact is that in the privacy arena, Big Brother may not be the biggest threat -- it's thousands of Little Brothers, private actors in a capitalist free-for-all.

Database Nation's dust jacket sports a killer array of blurbs from a who's-who of privacy advocates: Ralph Nader, Marc Rotenberg, Peter Neumann, Sen. Edward Markey. I hope they convince the people who need to read this book to buy it -- that majority of the population in this consumer society who see nothing wrong with selling their most private data for a $5 coupon.

If you're a regular reader of Tasty Bits from the Technology Front, RISKS, the PRIVACY Forum, or the newsletters of EPIC or the EFF, you probably don't need to read Database Nation. But I hope you will; you'll learn more than you might imagine, I guarantee it. When you're done, loan the book to a friend who needs to get a clue about privacy. When it comes back, loan it again.

One thing I seriously do not understand at all:

You're writing a book about privacy. You criticize people exposing their private lives, criticize everything under the sun for intrusion of personal privacy. And you give very intimate moments of your life as examples. "Once I wrote my wife a letter and I said in that letter...." the author continues. Who cares about how you two met or decided to marry??

I believe it's a little bit too personal and completely irrelevant. The examples of his personal life don't even support any point he is trying to make. If you're bragging about privacy rights and can not conceal "yourself" behind the curtain no one will take what you're saying seriously. Write a memoir instead.

I think the author is confused about many many more points like this one. His examples are weak, inconsistent, or irrelevant. Here's another one: He is talking about his United Airlines mileage credit card and how he's used it many times to win 50000 extra miles by which he got domestic flight tickets for himself and his always-within-the-context wife. So he goes to a coffee shop and uses this card and thinks to himself "Hey someone somewhere is making money keeping track of my purchasing habits." And far, a few more pages later he criticizes Americans for "giving up their privacy willingly for the sake of small benefits". Excuse me??!? Your latte bringing extra miles probably tastes better than your privacy?

His technical knowledge is too shallow. His points are inaccurate perhaps because this book is outdated but he claims things that do not exist; such as how "impossible" it is to correct false information on your credit report. Or how banks make customers pay for fraud transactions.

Another really confusing point is that he is giving examples from the bible!! I find it very offensive to people who do not share his religious views. And beyond that, call me crazy but isn't he supposed to be talking with facts?

What bothers me most is the author's way of twisting the truth! He is either blind or ignorant. He spoke vaguely about all(!!!) the points that would have possibly brought about any criticism to the government. It's almost like he is playing dumb. I wonder who sponsored his book?!? It seems to me that he is worshiping some particular political parties?!?

He is talking about Philip Zimmerman's case, one of the most important cases in the history of privacy, in one sentence without giving any names or details.

I bought this book because it was listed as a textbook and I had to. Other than that it's just crap. Don't waste your time reading this.