IP: Review of a book IP'ers might find of interest

[Dave Farber <farber@cis.upenn.edu>]

>
>Date: Sat, 12 Feb 2000 19:01:54 -0500
>To: farber@cis.upenn.edu
>From: Gene Spafford <spaf@cerias.purdue.edu>
>
>"Database Nation: The Death of Privacy in the 21st Century"
>by Simson Garfinkel
>O'Reilly & Associates, 2000
>ISBN 1-56592-653-6
><http://www.databasenation.com>
>
>First, of all, I should disclose what is probably a conflict of 
>interest.   Simson and I have been friends for years, and we have 
>collaborated on a number of projects, including 3 books.  As such, some 
>people (who don't know me well) might suspect that I wouldn't provide an 
>objective review.  So, if you think that might be the case, then discount 
>my recommendation by half -- and still buy and read this book.   Simson 
>has done an outstanding job documenting and describing a set of issues 
>that a great many people -- myself included -- believe will influence 
>computing, e-commerce, law and public policy in the next decade.  They 
>also impact every person in modern society.
>
>This book describes -- well, and with numerous citations -- how our 
>privacy as individuals and members of groups has been eroding. 
>Unfortunately, that erosion is accelerating, and those of us involved with 
>information technology are a significant factor in that trend. Credit 
>bureaus accumulate information on our spending, governments record the 
>minutiae of their citizens' lives, health insurance organizations record 
>everything about us that might prove useful to deny our claims, and 
>merchants suck up every bit of information they can find so as to target 
>us for more marketing.   In each case, there is a seemingly valid reason, 
>but the accumulated weight of all this record-keeping -- especially when 
>coupled with the sale and interchange of the data -- is 
>frightening.  Simson provides numerous examples and case studies showing 
>how our privacy is incrementally disappearing as more data is captured in 
>databases large and small.
>
>The book includes chapters on  a wide range of privacy-related issues, 
>including medical information privacy, purchasing patterns and affinity 
>programs, on-line monitoring, credit bureaus, genetic testing, government 
>record-keeping and regulation, terrorism and law enforcement monitoring, 
>biometrics and identification, ownership of personal information, and 
>AI-based information modeling and collection.   The 270 pages of text 
>present a sweeping view of the various assaults on our privacy in 
>day-to-day life.   Each instance is documented as a case where someone has 
>a reasonable cause to collect and use the information, whether for law 
>enforcement, medical research, or government cost-saving.   Unfortunately, 
>the reality is that most of those scenarios are then extended to where the 
>information is misused, misapplied, or combined with other information to 
>create unexpected and unwanted intrusions.
>
>Despite my overall enthusiasm, I was a little disappointed in a few minor 
>respects with the book.  Although Simson concludes the book with an 
>interesting agenda of issues that should be pursued in the interests of 
>privacy protection, he misses a number of opportunities to provide the 
>reader with information on how to better his or her own control over 
>personal information.   For instance, he describes the opt-out program for 
>direct marketing, but doesn't provide the details of how the reader can do 
>this; Simson recounts that people are able to get their credit records or 
>medical records from MIB, but then doesn't provide any information on how 
>to get them or who to contact; and although he sets forth a legislative 
>agenda for government, he fails to note realistic steps that the reader 
>can take to help move that agenda forward.   I suspect that many people 
>will finish reading this book with a strong sense of wanting to *do* 
>something, but they will not have any guidance as to where to go or who to 
>talk with.
>
>The book has over 20 pages of comprehensive endnotes and WWW references 
>for the reader interested in further details.  These URLs do include 
>pointers to many important sources of information on privacy and law, but 
>with a few puzzling omissions: I didn't see references to resources such 
>as EPIC or Lauren Weinstein's Privacy digest outside of the fine print in 
>the endnotes.  I also didn't note references to ACM's Computers, Freedom 
>and Privacy conferences, the USACM, or a number of other useful venues and 
>supporters of privacy and advocacy.  Robert Ellis Smith's "Privacy 
>Journal" is mentioned in the text, but there is no information given as to 
>how to subscribe to it.  And so on.
>
>I also noted that the book doesn't really discuss much of the 
>international privacy scene, including issues of law and culture that 
>complicate our domestic solutions.   However, the book is intended for a 
>U.S.  audience, so this is somewhat understandable.       A few other 
>topics -- such as workplace monitoring -- are similarly given more 
>abbreviated coverage than every reader might wish.  Overall, I recognized 
>few of those.
>
>On the plus side, the book is very readable, with great examples and 
>anecdotes, and a clear sense of urgency.  Although it is obvious that 
>Simson is not an impartial party on these topics, he does present many of 
>the conflicting viewpoints to illustrate the complexity of the 
>issues.  For instance, he presents data on the need for wiretaps and 
>criminal investigation, along with accounts and descriptions of 
>bioterrorism, including interviews with FBI officials, to illustrate why 
>there are people of good faith who want to be able to monitor telephone 
>conversations and email.  If anything, this increases the impact of the 
>book -- it is not an account of bad people with evil intent, but a 
>description of what happens when ideas reasonable to a small group have 
>consequences beyond their imagining -- or immediate concern.  The death of 
>privacy is one of a thousand cuts, each one small and seemingly made for a 
>good reason.
>
>Simson has committed to adding important information to the WWW site for 
>the book.   Many (or most) of the items I have noted above will likely be 
>addressed at the WWW site before long.   Simson also has informed me that 
>the publisher will be making corrections and some additions to future 
>editions of the book if he deems them important. This is great news for 
>those of us who will use the book as an classroom text, or if we recommend 
>the book to policy makers on an on-going basis.   Those of us with older 
>copies will need to keep the URL on our bookmark list.
>
>Overall, I was very pleased with the book.  I read it all in one sitting, 
>on a flight cross-country, and found it an easy read.   I have long been 
>interested in (and involved in)  activities in protection of privacy, so I 
>have seen and read most of the sources Simson references.  Still, I 
>learned a number of things from reading the book that I didn't already 
>know -- Simson has done a fine job of presenting historical and ancillary 
>context to his narrative without appearing overly pedantic.
>
>This is a book I intend to recommend to all of my graduate students and 
>colleagues.  I only wish there was some way to get all of our elected 
>officials to read it, too.   I believe that everyone who values some sense 
>of private life should be aware of these issues, and this book is a great 
>way to learn about them.   I suggest you go out and buy a copy -- but pay 
>in cash instead of with  a credit card, take mass transit to the store 
>instead of your personal auto, and don't look directly into the video 
>cameras behind the checkout counter.  Once you read the book, you'll be 
>glad you did.