Database Nation : The Death of Privacy in the 21st Century (Paperback)

~ Simson Garfinkel (Author)
Key Phrases: electronic toll collection, kooks and terrorists, retina prints, United States, Social Security, World Report (more...)

Editorial Reviews

Amazon.com Review

Forget the common cold for a moment. Instead, consider the rise of "false data syndrome," a deceptive method of identification derived from numbers rather than more recognizable human traits. Simson Garfinkel couples this idea with concepts like "data shadow" and "datasphere" in Database Nation, offering a decidedly unappealing scenario of how we have overlooked privacy with the advent of advanced technology.

According to Garfinkel, "technology is not privacy neutral." It leaves us with only two choices: 1) allow our personal data to rest in the public domain or 2) become hermits (no credit cards, no midnight video jaunts--you get the point).

Garfinkel's thoroughly researched and example-rich text explores the history of identification procedures; the computerization of ID systems; how and where data is collected, tracked, and stored; and the laws that protect privacy. He also explains who owns, manipulates, ensures the safety of, and manages the vast amount of data that makes up our collective human infrastructure. The big surprise here? It's not the United States government who controls or manages the majority of this data but rather faceless corporations who trade your purchasing habits, social security numbers, and other personal information just like any other hot commodity.

There's a heck of a lot of data to digest about data here and only a smidgen of humor to counterbalance the weight of Garfinkel's projections. But then again, humor isn't really appropriate in connection with stolen identities; medical, bank, and insurance record exploitation; or the potential for a future that's a "video surveillance free-for-all."

In many information-horrific situations, Garfinkel explores the wide variety of data thievery and the future implications of larger, longer-lasting databases. "Citizens," Garfinkel theorizes, "don't know how to fight back even though we know our privacy is at risk." In a case study involving an insurance claim form, he explains how a short paragraph can grant "blanket authorization" to all personal (not just medical) records to an insurance company. Citizens who refuse to sign the consent paragraph typically must forfeit any reimbursement for medical services. Ultimately, "we do not have the choice [as consumers] either to negotiate or to strike our own deal."

The choice that we do have, however, is to build a world in which sensitive data is respected and kept private--and the book offers clever, "turn-the-tables" solutions, suggesting that citizens, government, and corporations cooperate to develop weaker ID systems and legislate heavier penalties for identification theft.

Garfinkel's argument does give one pause, but his paranoia-laden prose and Orwellian imagination tends to obscure the effectiveness of his argument. Strangely, for all his talk about protecting your privacy, he never mentions how to remove your personal information from direct mail and telemarketing groups. And while he would like for Database Nation to be as highly regarded (and timely) as Rachel Carson's Silent Spring, the fact remains that we're not going to perish from having our privacy violated. --E. Brooke Gilbert --This text refers to an out of print or unavailable edition of this title.

From Library Journal

If you have a computer with Intel's "processor serial number," own a pet with an embedded "radio frequency identification device," use ATMs and credit cards, and shop on the Internet, privacy is almost a nonexistent concept, because your every move is being tracked and stored somewhere for future use. Garfinkel, who has reported on computer privacy issues for Wired and other publications, is an exceptional writer who clearly understands his topic; here he explores today's threats to privacy and how they might be stopped. This is for all libraries.
Copyright 2000 Reed Business Information, Inc. --This text refers to an out of print or unavailable edition of this title.

See all Editorial Reviews

Product Details

• Paperback: 336 pages
• Publisher: O'Reilly Media (January 2001)
• Language: English
• ISBN-10: 0596001053
• ISBN-13: 978-0596001056
• Product Dimensions: 8.9 x 6 x 0.8 inches
• Shipping Weight: 14.4 ounces (View shipping rates and policies)
• Average Customer Review: 3.7 out of 5 stars  See all reviews (35 customer reviews)
• Amazon.com Sales Rank: #615,143 in Books (See Bestsellers in Books)

  Popular in this category: (What's this?)

  #60 in

  Books > Nonfiction > Social Sciences > Communication > Technology & Society

Customer Reviews

Most Helpful Customer Reviews

32 of 34 people found the following review helpful:

5.0 out of 5 stars Understanding one of the defining issues in computing, February 12, 2000

By	"spaf" (West Lafayette, IN) - See all my reviews

This review is from: Database Nation: The Death of Privacy in the 21st Century (Hardcover)

First, of all, I should disclose what is probably a conflict of interest. Simson and I have been friends for years, and we have collaborated on a number of projects, including 3 books. As such, some people (who don't know me well) might suspect that I wouldn't provide an objective review. So, if you think that might be the case, then discount my recommendation by half -- and still buy and read this book. Simson has done an outstanding job documenting and describing a set of issues that a great many people -- myself included -- believe will influence computing, e-commerce, law and public policy in the next decade. They also impact every person in modern society.

This book describes -- well, and with numerous citations -- how our privacy as individuals and members of groups has been eroding. Unfortunately, that erosion is accelerating, and those of us involved with information technology are a significant factor in that trend. Credit bureaus accumulate information on our spending, governments record the minutiae of their citizens' lives, health insurance organizations record everything about us that might prove useful to deny our claims, and merchants suck up every bit of information they can find so as to target us for more marketing. In each case, there is a seemingly valid reason, but the accumulated weight of all this record-keeping -- especially when coupled with the sale and interchange of the data -- is frightening. Simson provides numerous examples and case studies showing how our privacy is incrementally disappearing as more data is captured in databases large and small.

The book includes chapters on a wide range of privacy-related issues, including medical information privacy, purchasing patterns and affinity programs, on-line monitoring, credit bureaus, genetic testing, government record-keeping and regulation, terrorism and law enforcement monitoring, biometrics and identification, ownership of personal information, and AI-based information modeling and collection. The 270 pages of text present a sweeping view of the various assaults on our privacy in day-to-day life. Each instance is documented as a case where someone has a reasonable cause to collect and use the information, whether for law enforcement, medical research, or government cost-saving. Unfortunately, the reality is that most of those scenarios are then extended to where the information is misused, misapplied, or combined with other information to create unexpected and unwanted intrusions.

Despite my overall enthusiasm, I was a little disappointed in a few minor respects with the book. Although Simson concludes the book with an interesting agenda of issues that should be pursued in the interests of privacy protection, he misses a number of opportunities to provide the reader with information on how to better his or her own control over personal information. For instance, he describes the opt-out program for direct marketing, but doesn't provide the details of how the reader can do this; Simson recounts that people are able to get their credit records or medical records from MIB, but then doesn't provide any information on how to get them or who to contact; and although he sets forth a legislative agenda for government, he fails to note realistic steps that the reader can take to help move that agenda forward. I suspect that many people will finish reading this book with a strong sense of wanting to *do* something, but they will not have any guidance as to where to go or who to talk with.

The book has over 20 pages of comprehensive endnotes and WWW references for the reader interested in further details. These URLs do include pointers to many important sources of information on privacy and law, but with a few puzzling omissions: I didn't see references to resources such as EPIC or Lauren Weinstein's Privacy digest outside of the fine print in the endnotes. I also didn't note references to ACM's Computers, Freedom and Privacy conferences, the USACM, or a number of other useful venues and supporters of privacy and advocacy. Robert Ellis Smith's "Privacy Journal" is mentioned in the text, but there is no information given as to how to subscribe it it. And so on.

I also noted that the book doesn't really discuss much of the international privacy scene, including issues of law and culture that complicate our domestic solutions. However, the book is intended for a U.S. audience, so this is somewhat understandable. A few other topics -- such as workplace monitoring -- are similarly given more abbreviated coverage than every reader might wish. Overall, I recognized few of those.

On the plus side, the book is very readable, with great examples and anecdotes, and a clear sense of urgency. Although it is obvious that Simson is not an impartial party on these topics, he does present many of the conflicting viewpoints to illustrate the complexity of the issues. For instance, he presents data on the need for wiretaps and criminal investigation, along with accounts and descriptions of bioterrorism, including interviews with FBI officials, to illustrate why there are people of good faith who want to be able to monitor telephone conversations and email. If anything, this increases the impact of the book -- it is not an account of bad people with evil intent, but a description of what happens when ideas reasonable to a small group have consequences beyond their imagining -- or immediate concern. The death of privacy is one of a thousand cuts, each one small and seemingly made for a good reason.

Simson has committed to adding important information to the WWW site for the book (<http://www.databasenation.com>). Many (or most) of the items I have noted above will likely be addressed at the WWW site before long. Simson also has informed me that the publisher will be making corrections and some additions to future editions of the book if he deems them important. This is great news for those of us who will use the book as an classroom text, or if we recommend the book to policy makers on an on-going basis. Those of us with older copies will need to keep the URL on our bookmark list.

Overall, I was very pleased with the book. I read it all in one sitting, on a flight cross-country, and found it an easy read. I have long been interested in (and involved in) activities in protection of privacy, so I have seen and read most of the sources Simson references. Still, I learned a number of things from reading the book that I didn't already know -- Simson has done a fine job of presenting historical and ancillary context to his narrative without appearing overly pedantic.

This is a book I intend to recommend to all of my graduate students and colleagues. I only wish there was some way to get all of our elected officials to read it, too. I believe that everyone who values some sense of private life should be aware of these issues, and this book is a great way to learn about them. I suggest you go out and buy a copy -- but pay in cash instead of with a credit card, take mass transit to the store instead of your personal auto, and don't look directly into the video cameras behind the checkout counter. Once you read the book, you'll be glad you did.

30 of 34 people found the following review helpful:

5.0 out of 5 stars Integrity, January 25, 2000

By	Larry Lessig (Stanford, CA USA) - See all my reviews

This review is from: Database Nation: The Death of Privacy in the 21st Century (Hardcover)

What cyberspace requires is authors who are willing to interrogate "what we all know is true" to see, in fact, whether what we all know *is* true. This book has an extraordinary integrity to it, as it reopens a set of questions that most of us thought closed. You won't agree with everything, there are many questions left unresolved, but there is no doubt that in places this book will change you mind. It is the best book on privacy and the internet that I have seen.

26 of 31 people found the following review helpful:

2.0 out of 5 stars Factual errors undercut Garfinkel's arguments, February 18, 2001

By	William E. Fason (Houston) - See all my reviews

Privacy has become an apple pie issue. These days everyone is for it, and most people assume that there is a "right to privacy" articulated somewhere in the US Constitution, but there is actually little consensus in our society about what "privacy" really means, let alone "right to privacy." Alas, Garfinkel never quite puts forward a satisfying definition of privacy in Database Nation. He predicts (correctly) that the "right to privacy" will be one of the most important civil rights in the 21st Century, and (incorrectly) that "the federal government may be our best hope for privacy protection as we move into the new millennium." When examined more closely, most of the invasions of privacy he cites are actually violations of due process, negligence, inaccurate data, abuses of the nanny state, or outright fraud.

The book suffers from so many errors that space does not allow me to identify them all.

Garfinkel misstates the federal law regarding social security numbers and driver licenses. He also seems unclear on the Fair Credit Reporting Act (FCRA). According to Garfinkel, the FCRA "forbids the release of the information for noncredit or insurance purposes, such as direct marketing or 'people-finding' services." The truth is more complicated, but you wont find it in Database Nation.

Garfinkel's discussion of identity fraud is misinformed, and he passes along uncritically too much received wisdom about the issue. He seems to think that consumer credit reports contain the mother's maiden name of the consumer and that "lookup services make this information available, at minimal cost, over the Internet." Wrong on both counts. Forgive me, but at this point in the book I started wondering whether Garfinkel had ever even seen a credit report. As a licensed private investigator and professional debt collector, I deal with credit reports, look-up services, data protection laws and privacy issues every day, and am able to compare Garfinkel's claims with my own first-hand knowledge. Garfinkel has too much of a graduate-seminar approach to these issues. He needs to get out more.

I admit I have philosophical differences with Garfinkel's framework of reference. The greatest threats to privacy come from government, not business, as government has unique powers to coerce information from its citizens which no private entity has. Garfinkel sees government regulation of the private sector as the solution to privacy concerns. I see it as the problem.