The flip side of database snooping

CNET News.com's Declan McCullagh explains why the same features that make databases useful to businesses make them even more attractive to law enforcement.

Declan McCullagh Former Senior Writer

Declan McCullagh is the chief political correspondent for CNET. You can e-mail him or follow him on Twitter as declanm. Declan previously was a reporter for Time and the Washington bureau chief for Wired and wrote the Taking Liberties section and Other People's Money column for CBS News' Web site.

See full bio

Declan McCullagh

Feb. 7, 2005 4:44 a.m. PT

4 min read

Adm. John Poindexter, the Bush administration official responsible for the Total Information Awareness project, is not exactly chastened by Congress's pulling the plug on his idea.

"One of the remarkable things about ideas is that once you surface an idea, and it is a good idea, in the long term there is very little that can be done to stop it," Poindexter says of his proposals for aggressive data mining. "So I am convinced that research and development will continue, one way or another." Poindexter even hints that money for similar efforts remains buried deep within the Pentagon's budget.

Those candid remarks appear in Robert O'Harrow's "No Place to Hide," a new book that probes beneath the surface of the growing "databasification" of modern life.

O'Harrow, a reporter for The Washington Post, landed a series of interviews that capture how the federal government and its contractors have labored to compile digital dossiers on Americans in the years after the Sept. 11, 2001, attacks. "Law enforcement and intelligence services don't need to design their own surveillance systems from scratch," O'Harrow writes. "They only have to reach out to the companies that already track us so well."

The book's tone isn't shrill. Instead, it offers a reasoned and unparalleled glimpse into the minds of the bureaucrats and CEOs who are bent on creating a surveillance-industrial complex--not to monitor Americans for spying's sake, but to ward off future terrorist attacks. The problem, as O'Harrow notes as he profiles companies like Acxiom and ChoicePoint, is that a system created for one purpose can readily be turned into another.

Data collection and information sharing emerged not through chance but because they result in lower prices and more choices for consumers.

That ominous warning also appears in a new book by Dan Solove, a law professor at George Washington University, called "The Digital Person."

Where O'Harrow is descriptive, Solove is prescriptive. He includes a nearly encyclopedic analysis of the current state of privacy law relating to "digital dossiers" and argues that it falls short. For proper legal protections in modern society, Solove argues, "our understandings of privacy must be significantly rethought."

One suggestion he offers--to amend the Privacy Act of 1974 to curb unchecked police use of outsourced databases--I also made in a September 2003 column. Others are more sweeping, such as increasing the legal protection for personal information that's in the hands of a third party such as a bank, bookseller or Internet service provider. A new federal law could go a long way toward repairing the damage to "third-party privacy" inflicted by a pair of Supreme Court decisions in the 1970s, Solove says.

Both O'Harrow and Solove do their topics justice when warning of police perusal of databases, the perils that secret "Do Not Fly" lists can hold for innocent travelers with unlucky names, and the shadowy surveillance-industrial complex. O'Harrow's book reveals the growing role of private-sector databases in government surveillance plans better than any other treatment so far.

If the books have any fault, it would be overlooking the unsung benefits that have accompanied the databasification of American society. While unchecked police snooping through databases is worrisome, lawful information-sharing in the private sector accelerates economic activity and helps consumers.

Data collection and information sharing emerged not through chance but because they result in lower prices and more choices for consumers. The ability to identify customers who are not likely to pay their bills, for instance, lets stores offer better deals to those who will.

These consumer benefits are given short shrift in privacy debates, which tend to be driven by anecdote and emotion and not by an appreciation of how businesses work in the real world.

Whatever its flaws, the credit-reporting system is a marvel of efficiency; just a few decades ago, if you wanted a loan, you'd have to visit a bank's loan officer in person and wait weeks while he or she checked your references before finally reaching a decision. Thanks to massive databases that sweep in credit histories, addresses, phone numbers, and public records such as bankruptcies and lawsuits by creditors, credit can be obtained in seconds today and at far cheaper prices.

Walter Kitchenman, an economist at Purchase Street Research, estimates that because of information sharing among financial companies, "mortgage rates in the United States are as much as two full percentage points lower" than they would be otherwise. That saves Americans at least $80 billion a year.

Unfortunately, the very features that make credit reports and other databases useful to businesses make them even more attractive to law enforcement. A more interesting question to answer could be: How can government access to these data stores be better controlled without curbing beneficial uses as well?