Sunday Book Review > Goodbye to Privacy

[R.A. Hettinga]

<http://www.nytimes.com/2005/04/10/books/review/10COVERSAFIRE.html?8bu=&emc=bu&pagewanted=print&position=>

The New York Times

April 10, 2005

Goodbye to Privacy
 By WILLIAM SAFIRE


 NO PLACE TO HIDE
By Robert O'Harrow Jr.
 348 pp. The Free Press. $26.

 CHATTER
Dispatches From the Secret World of Global Eavesdropping.
By Patrick Radden Keefe.
 300 pp. Random House. $24.95.

YOUR mother's maiden name is not the secret you think it is. That sort of
''personal identifier'' being used by banks, credit agencies, doctors,
insurers and retailers -- supposedly to protect you against the theft of
your identity -- can be found out in a flash from a member of the new
security-industrial complex. There goes the ''personal identifier'' that
you presume a stranger would not know, along with your Social Security
number and soon your face and DNA.

 In the past five years, what most of us only recently thought of as
''nobody's business'' has become the big business of everybody's business.
Perhaps you are one of the 30 million Americans who pay for what you think
is an unlisted telephone number to protect your privacy. But when you order
an item using an 800 number, your own number may become fair game for any
retailer who subscribes to one of the booming corporate data-collection
services. In turn, those services may be -- and some have been --
penetrated by identity thieves.

 The computer's ability to collect an infinity of data about individuals --
tracking every movement and purchase, assembling facts and traits in a
personal dossier, forgetting nothing -- was in place before 9/11. But among
the unremarked casualties of that day was a value that Americans once
treasured: personal privacy.

 The first civil-liberty fire wall to fall was the one within government
that separated the domestic security powers of the F.B.I. from the more
intrusive foreign surveillance powers of the C.I.A. The 9/11 commission
successfully mobilized public opinion to put dot-connection first and
privacy protection last. But the second fire wall crumbled with far less
public notice or approval: that was the separation between law enforcement
recordkeeping and commercial market research. Almost overnight, the law's
suspect list married the corporations' prospect list.

 The hasty, troubling merger of these two increasingly powerful forces
capable of encroaching on the personal freedom of American citizens is the
subject of two new books.

 Robert O'Harrow Jr.'s ''No Place to Hide'' might just do for privacy
protection what Rachel Carson's ''Silent Spring'' did for environmental
protection nearly a half-century ago. The author, a reporter for The
Washington Post, does not write in anger. Sputtering outrage, which
characterizes the writing of many of us in the anti-snooping minority, is
not O'Harrow's style. His is the work of a careful, thorough, enterprising
reporter, possibly the only one assigned to the privacy beat by a major
American newspaper. He has interviewed many of the major, and largely
unknown, players in the world of surveillance and dossier assembly, and
provides extensive source notes in the back of his book. He not only
reports their professions of patriotism and plausible arguments about the
necessity of screening to security, but explains the profitability to
modern business of ''consumer relationship management.''

 ''No Place to Hide'' -- its title taken from George W. Bush's post-9/11
warning to terrorists -- is all the more damning because of its
fair-mindedness. O'Harrow notes that many consumers find it convenient to
be in a marketing dossier that knows their personal preferences, habits,
income, professional and sexual activity, entertainment and travel
interests and foibles. These intimately profiled people are untroubled by
the device placed in the car they rent that records their speed and
location, the keystroke logger that reads the characters they type, the
plastic hotel key that transmits the frequency and time of entries and
exits or the hidden camera that takes their picture at a Super Bowl or
tourist attraction. They fill out cards revealing personal data to get a
warranty, unaware that the warranties are already provided by law. ''Even
as people fret about corporate intrusiveness,'' O'Harrow writes about a
searching survey of subscribers taken by Conde Nast Publications, ''they
often willingly, even eagerly, part with intimate details about their
lives.''

 Such acquiescence ends -- for a while -- when snoopers get caught spilling
their data to thieves or exposing the extent of their operations. The
industry took some heat when a young New Hampshire woman was murdered by a
stalker who bought her Social Security number and address from an online
information service. But its lobbyists managed to extract the teeth from
Senator Judd Gregg's proposed legislation, and the intercorporate trading
of supposedly confidential Social Security numbers has mushroomed. When an
article in The New York Times by John Markoff, followed by another in The
Washington Post by O'Harrow, revealed the Pentagon's intensely invasive
Total Information Awareness program headed by Vice Admiral John Poindexter
of Iran-Contra infamy, a conservative scandalmonger took umbrage.
(''Safire's column was like a blowtorch on dry tinder,'' O'Harrow writes in
the book's only colorful simile.) The Poindexter program's slogan,
''Knowledge Is Power,'' struck many as Orwellian. Senators Ron Wyden and
Russell D. Feingold were able to limit funding for the government-sponsored
data mining, and Poindexter soon resigned. A Pentagon group later found
that ''T.I.A. was a flawed effort to achieve worthwhile ends'' and called
for ''clear rules and policy guidance, adopted through an open and credible
political process.'' But O'Harrow reports in ''No Place to Hide'' that a
former Poindexter colleague at T.I.A. ''said government interest in the
program's research actually broadened after it was apparently killed by
Congress.''

 The author devotes chapters to the techniques of commercial data gatherers
and sellers like Acxiom, Seisint and the British-owned LexisNexis, not
household names themselves, but boasting computers stuffed with the names
and pictures of each member of the nation's households as well as hundreds
of millions of their credit cards. He quotes Ole Poulsen, chief technology
officer of Seisint, on its digital identity system: ''We have created a
unique identifier on everybody in the United States. Data that belongs
together is already linked together.'' Soon after 9/11, having seen the
system that was to become the public-private surveillance engine called
Matrix (in computer naming, life follows film art), Michael Mullaney, a
counterterrorism official at the Justice Department, told O'Harrow: ''I sat
down and said, 'These guys have the computer that every American is afraid
of.' ''

 Of all the companies in the security-industrial complex, none is more
dominant or acquisitive than ChoicePoint of Alpharetta, Ga. This data giant
collects, stores, analyzes and sells literally billions of demographic,
marketing and criminal records to police departments and government
agencies that might otherwise be criticized (or de-funded) for building a
national identity base to make American citizens prove they are who they
say they are. With its employee-screening, shoplifter-blacklisting and
credit-reporting arms, ChoicePoint is also, in the author's words, ''a
National Nanny that for a fee could watch or assess the background of
virtually anybody.''

 From sales brochures that ChoicePoint distributed to its corporate and
government customers -- as well as from interviews with its C.E.O., Derek
V. Smith, the doyen of dossiers, who claims ''this incredible passion to
make a safer world'' -- The Post's privacy reporter has assembled a
coherent narrative that provides a profile of a profiler. As if to lend a
news peg to the book, ChoicePoint has just thrust itself into the nation's
consciousness as a conglomerate hoist by its own petard. The outfit that
sells the ability to anticipate suspicious activity; that provides security
to the nation's security services; that claims it protects people from
identity theft -- has been easily penetrated by a gang that stole its
dossiers on at least 145,000 people across the country.

ON top of that revelation, the company had to admit it first became
suspicious last September that phony companies were downloading its
supposedly confidential electronic records on individual citizens. Not only
is the Federal Trade Commission inquiring into the company's compliance
with consumer-information security laws, but the Securities and Exchange
Commission is investigating prearranged sales of ChoicePoint stock by Smith
and another top official that netted a profit of $17 million before the
penetration was publicly disclosed and the stock price plunged.

 ''ChoicePoint Data Cache Became a Powder Keg'' was The Washington Post
headline, with the subhead ''Identity Thief's Ability to Get Information
Puts Heat on Firm.'' This was followed by the account a week later of
another breach of faith at a competing data mine: ''ID Thieves Breach
LexisNexis, Obtain Information on 32,000.'' Now that a flat rock has been
flipped over, much more scurrying about will be observed. This will cause
embarrassment to lobbyists for, and advisers to, the major players in the
security-industrial complex. ''No Place to Hide'' names famous names,
revealing associations with Howard Safir, former New York City police
commissioner; Gen. Wesley Clark, former NATO commander; and former Senator
Dale Bumpers of Arkansas. (If you hear, ''This is not about the money'' --
it's about the money.)

 More of the press has been showing interest, especially since
Congressional hearings have begun and data is being disseminated about the
data collectors. A second book -- not as eye-opening as O'Harrow's original
reporting but a short course in what little we know of international
government surveillance -- is ''Chatter: Dispatches from the Secret World
of Global Eavesdropping,'' by Patrick Radden Keefe. This third-year student
at Yale Law School dares to make his first book an examination of what he
calls the liberty-security matrix.

 Chatter, he notes, is a once innocuous word meaning ''gossip . . . the
babble of a child'' that in the world of electronic intelligence has gained
the sinister sense of ''telltale metabolic rhythm: chatter; silence;
attack.'' The flurry of ''sigint'' -- signals intelligence, picked up by
the secret listening devices of our National Security Agency -- sometimes
precedes a terrorist attack, and almost always precedes an elevation of our
color-coded security alerts.

 Keefe does what a brilliant, persevering law student with no inside
sources or a prestigious press pass should do: he surveys much of what has
been written about sigint and pores over the public hearing transcripts. He
visits worried scientists and some former spooks who have written critical
books, and poses questions to which he would like to get answers. He
doesn't get them, but his account of unclimbable walls and unanswered calls
invites further attempts from media bigfeet to do better. Keefe is a
researcher adept at compiling intriguing bits and pieces dug out or leaked
in the past; the most useful part of the book is the notes at the end about
written, public sources that point to some breaks in the fog.

 ''Chatter'' focuses on government, not commercial, surveillance, and
thereby misses the danger inherent in the sinister synergism of the two.
Moreover, the book lacks a point of view: at 28, Keefe has formulated
neither a feel for individual privacy nor a zeal for government security.
It may be, as Roman solons said, Inter arma silent leges -- in wartime, the
laws fall silent -- but the privacy-security debate needs to be both
informed and joined. This is no time for agnostics.

 For example, what to do about Echelon? That is supposedly an ultrasecret
surveillance network, conducted by the United States and four other
English-speaking nations, to overhear and oversee signals. ''We don't know
whether Echelon exists,'' Keefe writes, ''and, if it does exist, how the
shadowy network operates. It all remains an enigma.'' Though he cannot
light a candle, he at least calls attention to, without cursing, the
darkness.

 Keefe's useful research primer on today's surveillance society, and
especially O'Harrow's breakthrough reporting on the noxious nexus of
government and commercial snooping, open the way for the creation of
privacy beats for journalism's coming generation of search engineers. A
small furor is growing about the abuse of security that leads to identity
theft. We'll see how long the furor lasts before the commercial-public
security combine again slams privacy against the wall of secrecy, but at
least Poindexter's slogan is being made clear: knowledge is indeed power,
and more than a little power in unknowable hands is a dangerous thing.


 William Safire writes the On Language column for The Times Magazine.

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com