Thursday, February 13, 2003

William Safire is ranting about the Pentagon's "Total information Awareness" (TIA) program again (as he's done before). Heather MacDonald does a good job of skewering his absurd alarmism; if her explanation of TIA is correct, then the Senate has actually forbidden law enforcement authorities to apply to their own databases approximately the same techniques used by credit card companies to sniff out potential cases of fraud.

Safire and his fellow TIA opponents speak out in defense of "privacy", a notoriously vague term whose de facto working definition is, "preventing information about me from getting into the hands of people whose motives I tend to suspect". But "privacy"-defenders often have a much more specific set of scenarios in mind, in which a large, powerful institution (usually a government or commercial enterprise) obtains information about an individual whose revelation shouldn't have adverse consequences (in the eyes of privacy advocates, at least), but nonetheless might. (Popular examples of such information typically involve evidence of drug use, sexual unconventionality or political heterodoxy, but may include more innocuous data such as consumer purchasing habits.) Such revelation can lead to "misuse" of private information--anything from public exposure to annoying direct marketing to merely profiting from knowledge of aggregate statistics. Discussion of the use of private information to achieve generally laudable goals--catching terrorists or violent criminals, for instance--is inconvenient for privacy advocates, and they therefore prefer to shift the debate back to "misuse" scenarios.

The problem with this "Big Brother" view of privacy, though, is that its adherents are probably "fighting the last war", instead of anticipating the next one. And the major next-generation threat to "privacy", I believe, can be summed up in one word: Google.

Google and its undoubtedly more powerful future information-gathering counterparts threaten the very core of the privacy advocacy community's "Big Brother" worldview, by undermining the power asymmetry lying at the heart of it. The Freedom of Information Act and the Privacy Act, for example, are both beloved of privacy advocates, though one explicitly mandates the public revelation of a great deal of private information (by a powerful entity--the government) and the other requires that private information not be disclosed (about a powerless entity--an individual citizen). What happens, though, when the information-gathering "power" of an individual becomes as great as that of an organizational behemoth like a government agency or large corporation?

Privacy advocacy first gained national prominence in the sixties, when large computer databases began giving their owners the power to do sophisticated sorting and searching of voluntarily-supplied personal information. Today, though, an individual armed with a PC and an Internet connection can gather and manipulate more information, about more individuals, and with greater sophistication, than any corporation could ever have thought possible forty years ago. And the technology is still in its infancy; true large-scale TIA-style data-mining of, for, and by the masses will likely be widely available in the not-too-distant future. We will then have created a huge "global village" of nosy neighbors, in which everyone can find out just about anything about anyone. What, then, will "privacy"--let alone "protecting privacy"--even mean anymore?

No comments: