Database Nation : The Death of Privacy in the 21st Century

According to Garfinkel, "technology is not privacy neutral." It leaves us with only two choices: 1) allow our personal data to rest in the public domain or 2) become hermits (no credit cards, no midnight video jaunts--you get the point).

Garfinkel's thoroughly researched and example-rich text explores the history of identification procedures; the computerization of ID systems; how and where data is collected, tracked, and stored; and the laws that protect privacy. He also explains who owns, manipulates, ensures the safety of, and manages the vast amount of data that makes up our collective human infrastructure. The big surprise here? It's not the United States government who controls or manages the majority of this data but rather faceless corporations who trade your purchasing habits, social security numbers, and other personal information just like any other hot commodity.

There's a heck of a lot of data to digest about data here and only a smidgen of humor to counterbalance the weight of Garfinkel's projections. But then again, humor isn't really appropriate in connection with stolen identities; medical, bank, and insurance record exploitation; or the potential for a future that's a "video surveillance free-for-all."

In many information-horrific situations, Garfinkel explores the wide variety of data thievery and the future implications of larger, longer-lasting databases. "Citizens," Garfinkel theorizes, "don't know how to fight back even though we know our privacy is at risk." In a case study involving an insurance claim form, he explains how a short paragraph can grant "blanket authorization" to all personal (not just medical) records to an insurance company. Citizens who refuse to sign the consent paragraph typically must forfeit any reimbursement for medical services. Ultimately, "we do not have the choice [as consumers] either to negotiate or to strike our own deal."

The choice that we do have, however, is to build a world in which sensitive data is respected and kept private--and the book offers clever, "turn-the-tables" solutions, suggesting that citizens, government, and corporations cooperate to develop weaker ID systems and legislate heavier penalties for identification theft.

Garfinkel's argument does give one pause, but his paranoia-laden prose and Orwellian imagination tends to obscure the effectiveness of his argument. Strangely, for all his talk about protecting your privacy, he never mentions how to remove your personal information from direct mail and telemarketing groups. And while he would like for Database Nation to be as highly regarded (and timely) as Rachel Carson's Silent Spring, the fact remains that we're not going to perish from having our privacy violated. --E. Brooke Gilbert

Product Description
As the 21st century begins, advances in technology endanger our privacy in ways never before imagined. Marketers track our every purchase; surveillance cameras observe our movements; misused medical records turn our bodies and our histories against us. Privacy--our most basic civil right--is in grave peril. Simson Garfinkel--journalist, entrepreneur, and international authority on computer security--has devoted his career to testing new technologies and warning about their implications. This newly revised update of the popular hardcover edition of Database Nation is his compelling account of how invasive technologies will affect our lives in the coming years. It's a timely, far-reaching, entertaining, and thought-provoking look at the serious threats to privacy facing us today. Garfinkel's captivating blend of journalism, storytelling, and futurism is a call to arms. It will frighten, entertain, and ultimately convince us that we must take action now to protect our privacy and identity before it's too late

This book describes -- well, and with numerous citations -- how our privacy as individuals and members of groups has been eroding. Unfortunately, that erosion is accelerating, and those of us involved with information technology are a significant factor in that trend. Credit bureaus accumulate information on our spending, governments record the minutiae of their citizens' lives, health insurance organizations record everything about us that might prove useful to deny our claims, and merchants suck up every bit of information they can find so as to target us for more marketing. In each case, there is a seemingly valid reason, but the accumulated weight of all this record-keeping -- especially when coupled with the sale and interchange of the data -- is frightening. Simson provides numerous examples and case studies showing how our privacy is incrementally disappearing as more data is captured in databases large and small.

The book includes chapters on a wide range of privacy-related issues, including medical information privacy, purchasing patterns and affinity programs, on-line monitoring, credit bureaus, genetic testing, government record-keeping and regulation, terrorism and law enforcement monitoring, biometrics and identification, ownership of personal information, and AI-based information modeling and collection. The 270 pages of text present a sweeping view of the various assaults on our privacy in day-to-day life. Each instance is documented as a case where someone has a reasonable cause to collect and use the information, whether for law enforcement, medical research, or government cost-saving. Unfortunately, the reality is that most of those scenarios are then extended to where the information is misused, misapplied, or combined with other information to create unexpected and unwanted intrusions.

Despite my overall enthusiasm, I was a little disappointed in a few minor respects with the book. Although Simson concludes the book with an interesting agenda of issues that should be pursued in the interests of privacy protection, he misses a number of opportunities to provide the reader with information on how to better his or her own control over personal information. For instance, he describes the opt-out program for direct marketing, but doesn't provide the details of how the reader can do this; Simson recounts that people are able to get their credit records or medical records from MIB, but then doesn't provide any information on how to get them or who to contact; and although he sets forth a legislative agenda for government, he fails to note realistic steps that the reader can take to help move that agenda forward. I suspect that many people will finish reading this book with a strong sense of wanting to *do* something, but they will not have any guidance as to where to go or who to talk with.

The book has over 20 pages of comprehensive endnotes and WWW references for the reader interested in further details. These URLs do include pointers to many important sources of information on privacy and law, but with a few puzzling omissions: I didn't see references to resources such as EPIC or Lauren Weinstein's Privacy digest outside of the fine print in the endnotes. I also didn't note references to ACM's Computers, Freedom and Privacy conferences, the USACM, or a number of other useful venues and supporters of privacy and advocacy. Robert Ellis Smith's "Privacy Journal" is mentioned in the text, but there is no information given as to how to subscribe it it. And so on.

I also noted that the book doesn't really discuss much of the international privacy scene, including issues of law and culture that complicate our domestic solutions. However, the book is intended for a U.S. audience, so this is somewhat understandable. A few other topics -- such as workplace monitoring -- are similarly given more abbreviated coverage than every reader might wish. Overall, I recognized few of those.

On the plus side, the book is very readable, with great examples and anecdotes, and a clear sense of urgency. Although it is obvious that Simson is not an impartial party on these topics, he does present many of the conflicting viewpoints to illustrate the complexity of the issues. For instance, he presents data on the need for wiretaps and criminal investigation, along with accounts and descriptions of bioterrorism, including interviews with FBI officials, to illustrate why there are people of good faith who want to be able to monitor telephone conversations and email. If anything, this increases the impact of the book -- it is not an account of bad people with evil intent, but a description of what happens when ideas reasonable to a small group have consequences beyond their imagining -- or immediate concern. The death of privacy is one of a thousand cuts, each one small and seemingly made for a good reason.

Simson has committed to adding important information to the WWW site for the book (). Many (or most) of the items I have noted above will likely be addressed at the WWW site before long. Simson also has informed me that the publisher will be making corrections and some additions to future editions of the book if he deems them important. This is great news for those of us who will use the book as an classroom text, or if we recommend the book to policy makers on an on-going basis. Those of us with older copies will need to keep the URL on our bookmark list.

Overall, I was very pleased with the book. I read it all in one sitting, on a flight cross-country, and found it an easy read. I have long been interested in (and involved in) activities in protection of privacy, so I have seen and read most of the sources Simson references. Still, I learned a number of things from reading the book that I didn't already know -- Simson has done a fine job of presenting historical and ancillary context to his narrative without appearing overly pedantic.

This is a book I intend to recommend to all of my graduate students and colleagues. I only wish there was some way to get all of our elected officials to read it, too. I believe that everyone who values some sense of private life should be aware of these issues, and this book is a great way to learn about them. I suggest you go out and buy a copy -- but pay in cash instead of with a credit card, take mass transit to the store instead of your personal auto, and don't look directly into the video cameras behind the checkout counter. Once you read the book, you'll be glad you did.


Integrity   January 25, 2000
Larry Lessig (Stanford, CA USA)
30 out of 35 found this review helpful

What cyberspace requires is authors who are willing to interrogate "what we all know is true" to see, in fact, whether what we all know *is* true. This book has an extraordinary integrity to it, as it reopens a set of questions that most of us thought closed. You won't agree with everything, there are many questions left unresolved, but there is no doubt that in places this book will change you mind. It is the best book on privacy and the internet that I have seen.


A must read for every American   February 27, 2000
Glenn Fleishman (Seattle, WA USA)
13 out of 16 found this review helpful

Why every American? Because, as Garfinkel points, out Europeans are better protected than we are. In every way, on virtually every page of the book, Garfinkel shows not only how our private information is being used without our knowledge, consent, or ability to correct it, but how it is being associated. In fact, I would argue that his collection of details of how the smallest pieces of your personal, financial, medical, and employment history can be connected easily by businesses to deny you credit, a job, or insurance makes the strongest case for regulation.

The kind of regulation Garfinkel argues is necessary - and which mirrors existing laws in the EU that American companies flaunt over the Web in their dealings with EU citizens - would provide the right kinds of control and redress for citizens without requiring government involvement and ownership of data.

(One of the odd recurring points in the book is that Garfinkel views it as a missed opportunity that a monolithic data center wasn't built in the 60s to collate all individual information. I see his point, but imagine if Nixon had that resource at his disposal? Even without it, he had people's tax returns pulled. I may, perhaps, misunderstand Garfinkel's message there, as he felt a central storage point would have provided a nationwide opt-out control for individuals and the use of their data by any company.)

It's fascinating reading and a relatively quick read for a nonfiction title. As I read it, I had prickles at the back of my neck as I discovered how my own information is being used without my knowledge. (Ever heard of the MIB? Not Men In Black - read the book...it's almost as insidious.)

Database Nation paints a picture of the dangers of leaving our lives in data in the hands of business instead of our own hands. Hopefully, technology and policy will meet politics for a solution described in his book providing the kind of ownership and rights we need.


The best thing you can do   March 12, 2000
7 out of 9 found this review helpful

Read this and then click over to "Transfer-the end of the beginning" by Jerry Furland. This isn't the full monty. That final step that most authors seem reluctant to take can be found in "Transfer". You won't get that information anywhere else. I know. I've looked.


Awesome walk through privacy past and futures   March 3, 2000
englishpaulm (Arlington, MA USA)
3 out of 4 found this review helpful

This is a fantastic book; a fascinating read through the history of privacy, with many colorful stories. Do you know how the DEA does data shadowing to find pot growers? Do you know about CFIP from 1973 and why it is incredibly relevant 30 years later? Do you know what you can do to protect yourself? Buy this book to find out.