The Digital Person

Last week, I stayed at the St. Regis hotel in Washington, DC. It was my first visit, and the management gave me a questionnaire, asking me things like my birthday, my spouse's name and birthday, my anniversary, and my favorite fruits, drinks, and sweets. The purpose was clear; the hotel wanted to be able to offer me a more personalized service the next time I visited. And it was a purpose I agreed with; I wanted more personalized service. But I was very uneasy about filling out the form.

It wasn't that the information was particularly private. I make no secret of my birthday, or anniversary, or food preferences. Much of that information is even floating around the Web somewhere. Secrecy wasn't the issue.

The issue was control. In the United States, information about a person is owned by the person who collects it, not by the person it is about. There are specific exceptions in the law, but they're few and far between. There are no broad data protection laws, as you find in the European Union. There are no Privacy Commissioners, as you find in Canada. Privacy law in the United States is largely about secrecy: if the information is not secret, there's little you can do to control its dissemination.

As a result, enormous databases exist that are filled with personal information. These databases are owned by marketing firms, credit bureaus, and the government. Amazon knows what books we buy. Our supermarket knows what foods we eat. Credit card companies know quite a lot about our purchasing habits. Credit bureaus know about our financial history, and what they don't know is contained in bank records. Health insurance records contain details about our health and well-being. Government records contain our Social Security numbers, birthdates, addresses, mother's maiden names, and a host of other things. Many driver's license records contain digital pictures.

All of this data is being combined, indexed, and correlated. And it's being used for all sorts of things. Targeted marketing campaigns are just the tip of the iceberg. This information is used by potential employers to judge our suitability as employees, by potential landlords to determine our suitability as renters, and by the government to determine our likelihood of being a terrorist.

Some stores are beginning to use our data to determine whether we are desirable customers or not. If customers take advantage of too many discount offers or make too many returns, they may be profiled as "bad" customers and be treated differently from the "good" customers.

And with alarming frequency, our data is being abused by identity thieves. The businesses that gather our data don’t care much about keeping it secure. So identity theft is a problem where those who suffer from it -- the individuals -- are not in a position to improve security, and those who are in a position to improve security don’t suffer from the problem.

The issue here is not about secrecy, it's about control. The issue is that both government and commercial organizations are building "digital dossiers" about us, and that these dossiers are being used to judge and categorize us through some secret process.

A new book by George Washington University Law Professor Daniel Solove examines the problem of the growing accumulation of personal information in enormous databases. The book is called The Digital Person: Technology and Privacy in the Information Age, and it is a fascinating read.

Solove’s book explores this problem from a legal perspective, explaining what the problem is, how current U.S. law fails to deal with it, and what we should do to protect privacy today. It's an unusually perceptive discussion of one of the most
vexing problems of the digital age -- our loss of control over our personal information. It's a fascinating journey into the almost surreal ways personal information is hoarded, used, and abused in the digital age.

Solove argues that our common conceptualization of the privacy problem as Big Brother -- some faceless organization knowing our most intimate secrets -- is only one facet of the issue. A better metaphor can be found in Franz Kafka's The Trial. In the book, a vast faceless bureaucracy constructs a huge dossier about a person, who can’t find out what information exists about him in the dossier, why the information has been gathered, or what it will be used for. Privacy is not about intimate secrets; it's about who has control of the millions of pieces of personal data that we leave like droppings as we go through our daily life. And until the U.S. legal system recognizes this fact, Americans will continue to live in an world where they have little control over their digital person.

In the end, I didn't complete the questionnaire from the St. Regis Hotel. While I was fine with the St. Regis in Washington, DC, having that information to make my subsequent stays a little more personal, and was probably fine with that information being shared among other St. Regis hotels, I wasn't comfortable with the St. Regis doing whatever they wanted with that information. I wasn't comfortable with them selling the information to a marketing database. I wasn't comfortable with anyone being able to buy that information. I wasn't comfortable with that information ending up in a database of my habits, my preferences, my proclivities. It wasn't the primary use of that information that bothered me, it was the secondary uses.

Solove has done much more thinking about this issue than I have. His book provides a clear account of the social problems involving information privacy, and haunting predictions of current U.S. legal policies. Even more importantly, the legal solutions he provides are compelling and worth serious consideration. I recommend his book highly.

The book's website

Order the book on Amazon

Posted on December 9, 2004 at 9:18 AM • 12 Comments

Comments

Pepper ParrDecember 9, 2004 10:26 AM

In one of your columns you advise people to delete command.com and cmd.exe files.

Why would I do that when Msft put them in there in the first place.

I am no fan of Msft - they coulda been contenders and a great corp - but that's another story. If I delete those files - what happens to my operating system ?

Thanks.

Pepper Parr

picks@on.aibn.com

Davi OttenheimerDecember 11, 2004 12:39 AM

I share your concerns, but I am curious what your opinion is of California Senate Bill 1386 (SB1386) and Assembly Bill 1950 (AB1950). These laws at least attempt to give us control of our personal identity information.

At Blackhat this past year there was an interesting presentation on how to completely erase your own personal identity information from corporate and government records. This seemed like an ineffective form of identity control. Even though it regains an impressive level of secrecy it completely limits one's ability to function in American culture.

In other words, I'm starting to think that American citizens need to actively defend our "public" persona, and we need government backing to take on the big offenders. Similar to how celebs fight for control over their image, we need a mechanism to ensure that we can wrestle control away from the powerful, yet negligent or abusive information stewards.

So, I'm curious if you think SB1386 (notification of disclosure) and AB1950 (reasonable protection) are steps in the right direction? Would laws like these have saved Joseph K?

And if legislation is not the answer, then what about the new commerce regulations being introduced by credit card companies (Visa Cardholder Information Security Program, MasterCard Site Data Protection, etc.)?


RobDecember 11, 2004 10:01 PM

I skimmed your article on giving personal details at the hotel, so I probably missed you acknowledging a possible reason for asking the questions is for hotel workers to be able to identify you when you lock your key and wallet in your room or maybe when taking room service orders.

On two occassions, others have asked the hotel's front desk for, and received, keys to my room, once because of practical jokes and once because the drunk forgot his room number. Clearly, an effort on the part of the hotel could have been made to identify the people and asking personal information is one way.

A bit of a dilemma, I suppose.

Rob

Bruce SchneierDecember 11, 2004 10:28 PM

I've been locked of my hotel room on occasion, and the front desk generally just asks for ID. Once, when said ID was locked in the room, they sent a bellman up with the key who gave it to me when I showed him my ID.

The reason they wanted to know my food preferances was so they could leave better treats for me, not as some backup "password."

ArikDecember 12, 2004 6:18 AM

Hey, you got trackback spam!

First time I've seen it happen. Guess it was ineviable.

Bruce (and other readers), can you recommend more books about the secondary use of private information?

-- Arik

pigletDecember 12, 2004 12:52 PM


I don't know why a hotel needs to know my birthday or food preferences in order to offer me good service. I don't want a birthday card from them, and I don't want them to choose my food. Moreover, I regard discretion as an important aspect of good service. On the other hand, businesses wouldn't ask those questions if
customers weren't willing to give up all kind of personal information in exchange for some very vague promise of "personalized service". This willingnes is worrying, not least because those who still refuse become suspect and have to justify why they prefer to keep their privacy. I'm glad that Bruce is discussing the issue of control over your own data in this blog. The absence of meaningful privacy law in the US is as an anomaly which needs to be overcome.
Check out the Privacy and Human Rights report at
http://www.privacyinternational.org/

BenDecember 12, 2004 11:04 PM

My gut feeling is to agree with the article, and the demands for more control over one's own personal information. However, this article presents an interesting alternative view:

Basically it says that technology advances will make it so you won't have to fill out the preference form; they'll just get the information without asking. It argues that this is inevitable, and the thing to do is not to demand greater privacy and control, but simply to make sure we the people have the same surveillance capabilities as anyone else. Unfortunately, it mostly addresses the "big brother" issue, and mostly ignores the corporate/marketing side.

BenDecember 12, 2004 11:51 PM

Whoops, just read the selected quotes and saw that he at least claims to address that. I'll see about reading the book.

DylanDecember 13, 2004 10:00 PM

Interesting. As an Australian living under the shadow of the impending FTA with the USA, I was wondering how much of this affects me.

I suspect that despite the illegality of it here, US based companies have probably already fed a fair amount of information about me into marketing databases based on my travel and purchases overseas. I suspect that under the FTA, this sort of thing will only become more widespread.

Keep up the good work.

LiamDecember 15, 2004 2:50 AM

As someone living the EU, where my personal data is safeguarded by law, I'm always intrigued that in the "Land of the Free" there is such little lack of privacy. The Kafka analogy was both amusing and depressing. It would appear that in the USA "freedom" means doing what the government wants you to do. Otherwise your dossier on "anti-patriotic" sentiments will grow and grow - how Kafkaesque is that?

Clive RobinsonDecember 15, 2004 9:28 AM

One of the simplest things that most people can do to protect their privacy is to use cash not debit / credit / switch cards or cheques (bills).

The second is not to fill in any questionairs or answer questions on the phone.

These two measures alone if practiced by everybody would stop most of these companies dead in their tracks.

The reason we hand over this information is some percieved gain, such as airmiles or a free gift voucher or some such.

I asked myself a question over a quater of a century ago which was "what's in it for them" when they give me a gift that costs them money, the answers I did not like and have since had a life long aversion to answering any of the questions or any kind of traceable payment.

Yes it does sometimes cause me problems but I invariably find a quick explanation of Identity theft works, if not I go somewhere else. On the very very few occasions I have had to get
tough I ask for their legal representatives number so I can make an appointment to get legal imdemnity forms signed by a director of their organisation.

Oh one other thing, you can do is to find yourself a legal representitive "through whom you may be contacted" and a psitive proof of idetity which did not carry your address (ie a Passport), untill recently this was all you where required to hand over to the police in a large number of countries (unfortunatly this is now changing).

As an aside, for UK Passport holders , read the inside front cover, the bit that says "Her Britanic Majesty's Secretary of state Requests and Requires..." if you get stopped by the police in the UK hand your passport over straight away as it removes their ability to detain you pending identification.

If you find their attitude unacceptable ask them politly but firmly to read out aloud the message and then point out it's a message from their boss informing them of the acceptable behaviour required of them to you as an Identified citizen of the UK. It serves three purposes, the first is it is a reasonable request with which they should comply the second is they get the message that you have a knowledge of your rights and third it also gives them and you a moment or two two calm down and think more rationaly (Remember they are like you human beings with all the same failings).

On the one occasion I have had to use it (I was mistaken for a snatch and grab criminal simply based on the coat I was wearing), the police officer stopped half way through, laughed and then listened to what I had to say, the result was that the situation was defused and we parted amacably from what might otherwise have been a more serious situation.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..