Database Nation : The Death of Privacy in the 21st Century

There is no need to revisit at length the issues raised in an earlier review, which point out that there are no methods presented for individuals to check or correct erroneous information in their various errant files. It's as though the author is yelling "fire" and then not telling us how to get out of the building, forcing readers to find their way out through the smoke. And there is a lot of smoke indeed.

Though making many good and instructive points the author often contradicts himself. For example, the government goes through a mutually exclusive, full-cycle, role metamorphosis. In the beginning legislators could have protected us, but fell short through dropped or ignored legislation. For much of the remainder of the text the government is identified as the greatest threat to personal privacy. By the end, the author is back to a benign government that can protect and look out for what is best for us after all. Which is it?

The author, to lay some blame, claims that technology is not neutral, anthropomorphizing it with the apparent ability initiate evil, privacy threatening deeds. This is patent nonsense. Technology's use is certainly not neutral, but by itself it is beached, waiting for the next tide to either wash it further up on the sand or out to sea. His example of an inadequately designed high-tech phone system (pg. 258-260) appears to blame the phone system itself because it has the potential to be misused. Who buys that? Raise your hand.

The use of statistics throughout is both unscientific and unprofessional. The author strategically reports only the component of the statistic that supports his point, without ever allowing readers the opportunity to arrive at similar conclusions with all the facts at hand. A fair example is on page 134, "15% of those who had their medical confidentiality violated...said that it had been violated by insurance companies." Okay, but that's not enough. Where are the others whose medical confidentiality was violated? Is 15% the largest single component of the whole? Or is the 15% all he needed and we are left to wonder where the other 85% falls (not an insignificant portion of the population I might add). The book is redolent with this verbal slight of hand.

When he cannot make a point using facts or actual examples the author simply makes up a story. However, once the story is told, and he has admitted to its source, he often doubles back on himself to the belief that this is a real issue. It usually goes something like this: if you put your foot on the floor monsters under the bed will eat you, not really there are no monsters, but putting your foot on the floor is still bad because the monsters will get you when someone finally gets around to building them and figures a way to squeeze them under your bed, so be afraid. See: Simulated Humans Can't Be Trusted (pg. 241-242).

A section titled Brain Wiretapping (pg. 234-235) operates in a similar vein. In the opening paragraph he states, "Catching these [terrorists] will require an even more invasive monitoring technique: brain wiretapping." Invasive is the word. Without missing a beat he goes from mind reading, which he dismisses as not all that reliable, to the possibility of running these suspected terrorists through functional MRIs (which may include sawing the skull open to get at their works). All of this in an effort to find out what nefarious deeds these terrorists may be up to. Imagine the court order requesting this procedure.

As illustrated both above and below, unintentional humor abound. In another example described on page 225, an FBI initiated Internet wiretap led to a student in Argentina, "the investigation ended there, because Argentina would not extradite...his actions were not a crime in [Argentina]." In an aside immediately following, the author reveals the student "waived extradition and plead guilty; he was fined...and received three years probation." What? His footnote indicates if you want to know more, you can look it up yourself. Thanks, but no thanks.

Finally, his chapter on medical privacy, which has more to do with medical ethics than personal privacy, contains his most egregious and unforgivable error. He divulges, not once but several times, the names of individuals whose very personal medical conditions were released in flagrant and inexcusable violations of their privacy, often to unfortunate results. By giving up the names of the individuals involved isn't the author a virtual accessory after the fact to the initial privacy violation? Maybe these events and names are a matter of public record, but so what, why compound the wrong?

There are many factual anecdotal stories throughout the text; some include names some do not. Why, in a book whose intent is to highlight the increasing threats to personal privacy, did any real names get used at all? I could find no statement to the effect that identities were changed to protect individuals' privacy. One would think this would be the minimum ethical standard of a book on privacy, point that ironically seems to have escaped the author, editor, and publisher.

Rating:
Summary: Fairly good treatment of an important subject
Review: As a veteran of the technology industry, Simson Garfinkel brings an insider's understanding of how personal data is collected and managed to his book Database Nation. He seems to be genuinely concerned about where the unregulated use of information technology may be leading us as a society, and has chosen to write his book in an easily accessible style in order to present his views to as wide an audience as possible.

Database Nation succeeds overall. The author provides historical context and anecdotes for each topic within the book, helping bring the subject of privacy to life. Indeed, the book contains many interesting, useful and compelling passages. Among these are discussions of identity theft, credit reporting, and direct marketing.

Thematically, I tend to agree with the author that a core problem has been the failure of our government to properly regulate the collection and use of consumer data in the private sector. Citing many real-world examples, Garfinkel succeeds in proving that today we have far more to fear from private industry than from government (although significant problems remain with the way our government handles information, and the current war on terrorism could make things matters much worse).

In particular, the chapter on "Kooks and Terrorists", written prior to September 11, was remarkably prescient. Garfinkel suggests that we might be best served by tightly controlling and monitoring the instruments of destruction rather than tracking every citizen -- because even if such tracking was possible, Garfinkel points out that no such predictive system could ever be infallible. It would be interesting to learn more about his thoughts on this subject today.

However, I was disappointed with the book on several counts. First, despite the repeated use of the word 'privacy', Garfinkel never really develops a theory of privacy: what it is, why we should care about it, and how citizens might be able to simultaneously enjoy the benefits of an information-rich world while living in a society that values and protects its citizens' privacy.

Second, I was a bit surprised that the book barely addressed the issue of workplace privacy, which has been a highly contentious and important area for workers for a number of years. Third, while Garfinkel often proposes relatively simple but brilliantly conceived laws to secure our privacy rights, at other times he suggests the implementation of additional layers of technology in order to solve problems having to do with technology; this inconstancy left me puzzled. Fourth, as others have pointed out, there is little information provided about how individuals can take action to protect themselves.

Despite these minor flaws, I recommend Database Nation as a fairly good starting point for learning about the important subject of privacy.

Rating:
Summary: Fairly good treatment of an important subject
Review: As a veteran of the technology industry, Simson Garfinkel brings an insider's understanding of how personal data is collected and managed to his book Database Nation. He seems to be genuinely concerned about where the unregulated use of information technology may be leading us as a society, and has chosen to write his book in an easily accessible style in order to present his views to as wide an audience as possible.

Database Nation succeeds overall. The author provides historical context and anecdotes for each topic within the book, helping bring the subject of privacy to life. Indeed, the book contains many interesting, useful and compelling passages. Among these are discussions of identity theft, credit reporting, and direct marketing.

Thematically, I tend to agree with the author that a core problem has been the failure of our government to properly regulate the collection and use of consumer data in the private sector. Citing many real-world examples, Garfinkel succeeds in proving that today we have far more to fear from private industry than from government (although significant problems remain with the way our government handles information, and the current war on terrorism could make things matters much worse).

In particular, the chapter on "Kooks and Terrorists", written prior to September 11, was remarkably prescient. Garfinkel suggests that we might be best served by tightly controlling and monitoring the instruments of destruction rather than tracking every citizen -- because even if such tracking was possible, Garfinkel points out that no such predictive system could ever be infallible. It would be interesting to learn more about his thoughts on this subject today.

However, I was disappointed with the book on several counts. First, despite the repeated use of the word 'privacy', Garfinkel never really develops a theory of privacy: what it is, why we should care about it, and how citizens might be able to simultaneously enjoy the benefits of an information-rich world while living in a society that values and protects its citizens' privacy.

Second, I was a bit surprised that the book barely addressed the issue of workplace privacy, which has been a highly contentious and important area for workers for a number of years. Third, while Garfinkel often proposes relatively simple but brilliantly conceived laws to secure our privacy rights, at other times he suggests the implementation of additional layers of technology in order to solve problems having to do with technology; this inconstancy left me puzzled. Fourth, as others have pointed out, there is little information provided about how individuals can take action to protect themselves.

Despite these minor flaws, I recommend Database Nation as a fairly good starting point for learning about the important subject of privacy.

Rating:
Summary: Rapidly increasing technologies invade our rights to privacy
Review: As we embark on the 21st century, advances in technology endanger our privacy in ways never before imagined. Database Nation: The Death of Privacy in the 21st Century, by Simson Garfinkel is the compelling account of how invasive technologies will affect our lives in the coming years. It's a timely, far-reaching, entertaining, and thought-provoking look at the serious threats to privacy facing us today.

Garfinkel's book does cover a lot of familiar ground, making the issue of privacy more personal to the average person. For example, he describes how cell phone networks can be used to track preferences and physical movement. He also goes into significant detail about advanced identification technologies, including retina scans and DNA analysis, that can be used to identify and track individuals, but those technologies only serve as a lead-in to the issue Garfinkel seems to regard as the most serious: medical privacy.

Chapter 6 provides strong details of the Medical Information Bureau. The MIB collects medical information entered on insurance forms and into personal records and sells that information to companies that need to set insurance premiums for applicants. What gives the MIB the right to collect that information? Garfinkel reveals that patients give them that permission when they consent to receive treatment.

At the end of Database Nation, Garfinkel calls on our nation's leaders and government to establish an executive agency charged with enforcing existing privacy laws and acting as an ombudsman for individual privacy. The new medical privacy standards the White House offered in early 2000 go part of the way to solving some of the problems Garfinkel describes, but in all I believe his solution is far to weak to result in meaningful privacy reform, nor will it be able to keep up with the ever changing technology.

Database Nation continues the growing tradition of books that cast technology in its social context. And as a doctoral student in leadership and technology, I find it heartening to read a book that so thoroughly examines technology's role in society.


Rating:
Summary: Understanding one of the defining issues in computing
Review: First, of all, I should disclose what is probably a conflict of interest. Simson and I have been friends for years, and we have collaborated on a number of projects, including 3 books. As such, some people (who don't know me well) might suspect that I wouldn't provide an objective review. So, if you think that might be the case, then discount my recommendation by half -- and still buy and read this book. Simson has done an outstanding job documenting and describing a set of issues that a great many people -- myself included -- believe will influence computing, e-commerce, law and public policy in the next decade. They also impact every person in modern society.

This book describes -- well, and with numerous citations -- how our privacy as individuals and members of groups has been eroding. Unfortunately, that erosion is accelerating, and those of us involved with information technology are a significant factor in that trend. Credit bureaus accumulate information on our spending, governments record the minutiae of their citizens' lives, health insurance organizations record everything about us that might prove useful to deny our claims, and merchants suck up every bit of information they can find so as to target us for more marketing. In each case, there is a seemingly valid reason, but the accumulated weight of all this record-keeping -- especially when coupled with the sale and interchange of the data -- is frightening. Simson provides numerous examples and case studies showing how our privacy is incrementally disappearing as more data is captured in databases large and small.

The book includes chapters on a wide range of privacy-related issues, including medical information privacy, purchasing patterns and affinity programs, on-line monitoring, credit bureaus, genetic testing, government record-keeping and regulation, terrorism and law enforcement monitoring, biometrics and identification, ownership of personal information, and AI-based information modeling and collection. The 270 pages of text present a sweeping view of the various assaults on our privacy in day-to-day life. Each instance is documented as a case where someone has a reasonable cause to collect and use the information, whether for law enforcement, medical research, or government cost-saving. Unfortunately, the reality is that most of those scenarios are then extended to where the information is misused, misapplied, or combined with other information to create unexpected and unwanted intrusions.

Despite my overall enthusiasm, I was a little disappointed in a few minor respects with the book. Although Simson concludes the book with an interesting agenda of issues that should be pursued in the interests of privacy protection, he misses a number of opportunities to provide the reader with information on how to better his or her own control over personal information. For instance, he describes the opt-out program for direct marketing, but doesn't provide the details of how the reader can do this; Simson recounts that people are able to get their credit records or medical records from MIB, but then doesn't provide any information on how to get them or who to contact; and although he sets forth a legislative agenda for government, he fails to note realistic steps that the reader can take to help move that agenda forward. I suspect that many people will finish reading this book with a strong sense of wanting to *do* something, but they will not have any guidance as to where to go or who to talk with.

The book has over 20 pages of comprehensive endnotes and WWW references for the reader interested in further details. These URLs do include pointers to many important sources of information on privacy and law, but with a few puzzling omissions: I didn't see references to resources such as EPIC or Lauren Weinstein's Privacy digest outside of the fine print in the endnotes. I also didn't note references to ACM's Computers, Freedom and Privacy conferences, the USACM, or a number of other useful venues and supporters of privacy and advocacy. Robert Ellis Smith's "Privacy Journal" is mentioned in the text, but there is no information given as to how to subscribe it it. And so on.

I also noted that the book doesn't really discuss much of the international privacy scene, including issues of law and culture that complicate our domestic solutions. However, the book is intended for a U.S. audience, so this is somewhat understandable. A few other topics -- such as workplace monitoring -- are similarly given more abbreviated coverage than every reader might wish. Overall, I recognized few of those.

On the plus side, the book is very readable, with great examples and anecdotes, and a clear sense of urgency. Although it is obvious that Simson is not an impartial party on these topics, he does present many of the conflicting viewpoints to illustrate the complexity of the issues. For instance, he presents data on the need for wiretaps and criminal investigation, along with accounts and descriptions of bioterrorism, including interviews with FBI officials, to illustrate why there are people of good faith who want to be able to monitor telephone conversations and email. If anything, this increases the impact of the book -- it is not an account of bad people with evil intent, but a description of what happens when ideas reasonable to a small group have consequences beyond their imagining -- or immediate concern. The death of privacy is one of a thousand cuts, each one small and seemingly made for a good reason.

Simson has committed to adding important information to the WWW site for the book (<http://www.databasenation.com>). Many (or most) of the items I have noted above will likely be addressed at the WWW site before long. Simson also has informed me that the publisher will be making corrections and some additions to future editions of the book if he deems them important. This is great news for those of us who will use the book as an classroom text, or if we recommend the book to policy makers on an on-going basis. Those of us with older copies will need to keep the URL on our bookmark list.

Overall, I was very pleased with the book. I read it all in one sitting, on a flight cross-country, and found it an easy read. I have long been interested in (and involved in) activities in protection of privacy, so I have seen and read most of the sources Simson references. Still, I learned a number of things from reading the book that I didn't already know -- Simson has done a fine job of presenting historical and ancillary context to his narrative without appearing overly pedantic.

This is a book I intend to recommend to all of my graduate students and colleagues. I only wish there was some way to get all of our elected officials to read it, too. I believe that everyone who values some sense of private life should be aware of these issues, and this book is a great way to learn about them. I suggest you go out and buy a copy -- but pay in cash instead of with a credit card, take mass transit to the store instead of your personal auto, and don't look directly into the video cameras behind the checkout counter. Once you read the book, you'll be glad you did.

Rating:
Summary: A challenge to your complacency.
Review: Garfinkel cover a wide variety of territory here, and you may not feel that all areas are an issue for you. The territory includes significant breaches, credit reports, health records & insurance forms, as well as direct marketing lists and practices. Garfinkel stresses that the issues are not just privacy-related, but also data integrity - - bad enough that others have access to the truth about your history, but mistakes in the data quickly get replicated throughout the business world.

You may not have a problem, for instance, with insurance companies asking you to allow them to share information, if you feel it increases the efficiency of the market. You may not have a problem with targeted marketing, which is built on customer profiles. However, after reading this book you'll have a better sense of the issues.

One anecdote was very effective, I thought, in challenging complacency on these issues. I have heard a number of people say their privacy won't be violated because their lives are too boring. Garfinkel tells a story that demonstrates how people who have too little to do will glom on information just because the information is there, whether or not it has practical value. He has a story about an office web camera focusing on the coffee pot; the camera is there so those coming downstairs to get coffee can manage their expectations and will know in advance whether or not they will have to make a fresh pot. Yet this picture of this innocent coffee pot gets heavy web traffic every day, from people who have nothing better to do than look at a coffee pot. So, being boring is not sufficient protection against the idly curious; less so against those with malicious intent.

Rating:
Summary: Good, but lacks other side of the story...
Review: Good book, especially for someone living on the other side of the world... From European point of view, such privacy violations are something unbelievable. Garfinkel's book simply shows us the hazards of modern technology, and convinces us that our European privacy protecting laws are a good thing, despite sometimes being used to cover bribery or theft.
Sometimes `Database Nation' seemed so naïve, but to understand it, we must notice it was written few months before attack on WTC. Now we can see how governments are trying to know everything about everybody and the only reason for that is protecting us from terrorism. Nice idea, but Garfinkel has already predicted it - he wrote that a big terrorist attack would happen, even if we maximize security and privacy violations cannot stop really bad people.
As I wrote before - I have never been in the States, so sometimes I was reading this book as some kind of `weird guide to the USA'. Some of described pitfalls can be seen in Europe as well, but usually we do not expect our medical records to be seen by anybody... maybe because in most European countries medical insurance is run mainly by the government. And here is the point, where this book lacks some kind of perspective. What do you think is better: having your medical record sold, or die because funds of some emergency stations are so low, that only one ambulance in fifty-thousand-people-city is on duty? Is it better to protect privacy, or to highlight crooks? The highly illegal under Polish law so-called `Jachnicki list' was a list of people who cheated and deceived a lot of honest citizens. Giving detailed information including name, adress, birthdate and PESEL (unique number every Pole is assigned at birth) about those people, the creators have broken Personal Data Protection Act, and were forced by government officials to stop publishing that list. This is the other side of fighting for permanent privacy - and Garfinkel doesn't write anything about it...


Rating:
Summary: Excellent book, though prone to scare tactics at times
Review: I almost stopped reading this book after the first 15 pages as the author resorts to scare tactics to paint scenarios that I felt were almost wholly unrealistic. Fortunately I decided to keep reading. While I certainly do not agree with everything the author says, Database Nation brings up a broad range of privacy and security issues, and then discusses various problems and points of view associated with these issues. First and foremost, I think the author tries to make the reader step back and really think about the issues and the implications they may have for the reader and his or her loved ones.
Privacy today is no longer just about whether someone is peaking in your bedroom window. Privacy advocates are legitimately concerned about public surveillance, detailed yet error prone profiles of your credit history and purchasing habits, use of your medical records, and genetic discrimination. On the other side, there is increasing concern about the government's ability to effectively monitor criminals, evidence that public surveillance leads to dramatic reductions of casual street crime, arguments that it is perfectly legitimate to compile your purchasing habits, and various other valid cases to be made in favor of the reduction of some forms of privacy.
I read this book immediately after reading David Brin's The Transparent Society, which argues for an increase in openness and accountability in all directions. I tend to lean towards Brin's side of things, but the two books complement each other and there are issues brought up in Database Nation that are not discussed in Brin's book.
Again, this is an well written and thought provoking book. I am sure I will be referring to it for quotes for some time.

Rating:
Summary: A 'how-to' guide
Review: I am certain that wasn't Garfinkel's intent, however. I would suggest this book to anyone searching for a missing person! As a former private investigator, I can tell you that he describes many of the techniques I have used to locate people! You can run, but you cannot hide anymore.

Scarey? Oh, I don't know, what are we scared of?....

While he comes across as being an ACLU 'right to privacy' advocate, he has actually, and probably unknowingly, written a 'how to' guide to find people! And in more detail than I could have done!

Rating:
Summary: Interesting - depending on your expectations.
Review: I applaud the extensive research and documentation in this work.

However, such a broad subject is perhaps only sensationalized in a brief 312 pages. Describing all information gathering from fingerprinting to satellite imagery as an invasion of privacy is either the outcome of wanting to sell books by pandering to the fears of the public or the by product of covering too many individual topics without balanced depth.

As a practitioner in using these database sources of information on a daily basis as a Private Investigator, I found most topics lacking in an explanation as to how valuable and important information is, and not to discount it as only an invasion of privacy to be feared.

This book is an interesting overview of an important subject, but it's value to the reader will be dependant entirely on what the reader is expecting from it in the first place.