Personal Information as a Valuable Commodity

That people in all the countries addressed in this study are concerned about DPSIP issues is one illustration that personal information is a valuable commodity, and the research confirms this fact. This section summarizes relevant research and findings on the issue.

Richard Mason⁴³argued that the increased interests in DPSIP were related to new technology that allowed increased information storage and retrieval. A second factor was increased information value.

Of the nations studied, the US was one of the leaders in information technology. In 1951, the US Census Bureau purchased the first commercial electronic computer – UNIVAC – to collect and process massive data.⁴⁴ Starting in the 1950s and 1960s, marketing firms and government bureaucracies started programs that involved massive amounts of data collection, storage, and selling. Robert Smith explained that data collection was related to other cultural experiences including countries becoming credentialed societies based on personal data.⁴⁵

Alan Westin showed that in 1966, the Federal government owned 2,600 computers – more than any other organization. As a little boy with a new hammer who finds all kinds of things to pound, the government started to collect more data. “Once an organization purchases a giant computer, it inevitably

43 Richard O. Mason, Four Ethical Issues for the Information Age, 7 MIS Quarterly 2, 4 (1986).

44 Charles T. Meadow, Online Database Industry Timeline, 11 Database Magazine 5, 23 (1988).

45 Robert Ellis Smith, Ben Franklin's Web Site: Privacy and Curiosity from Plymouth Rock to the Internet, at 314 (Privacy Journal 2004).

begins to collect more information."⁴⁶ In 1981, with the massive introduction of personal computers, the demand to access personal information increased.

George Duncan, Thomas Jabine, and Virgina deWolf published a report of the Panel on Confidentiality and Data Access. The report found that computer and communication advances allowed data users to demand more individual or micro-data. The development of large databases was the result of lower storage costs, improved transmission, computerized data entry, and software developments.

Confidentiality became more important, but businesses and governments ignored the threats to it.⁴⁷

Pricilla Regan found that both businesses and governments had an insatiable hunger for more individual information. As information became an increasingly valuable commodity, DPSIP concerns were ignored or circumvented.⁴⁸

David Burnham warned of the loss of personal information privacy and showed the danger of the power differential between individuals’ ability to protect their privacy and the combined ability of businesses and governments to violate it.⁴⁹ Pricilla Regan⁵⁰ agreed with Westin and Baker that the catalyst for the change was the computer, but the computer was not the source of the problems. Businesses and governments joined forces to destroy information privacy and eliminate individual control over the collection, use, and transfer of personal information.⁵¹

Although businesses and government ignored the concerns expressed by individuals, people recognized that their personal information was valuable

46 Alan Westin, Privacy and Freedom, at 160 (Atheneum 1967).

47 George T. Duncan, et al., Private Lives and Public Policies: Confidentiality and Accessibility of Government Statistics, at 52 (National Academy Press 1993).

48 Pricilla M. Regan, Legislating Privacy: Technology, Social Values, and Public Policy, at 69 (University of North Carolina Press 1995).

49 David Burnham, The Rise of the Computer State, at 9 (Weidenfeld & Nicolson 1983).

50 Pricilla M. Regan, (1995).

51 Allen F. Westin & Michael A. Baker. Databanks in a Free Society: Computers, Record-Keeping & Privacy. National Academy of Sciences. Washington. D.C. Project on Computer Databanks, at 75 (Quadrangle Books 1972).

from the earliest use of computers to collect and store such data. In 1965, the US Federal government proposed a comprehensive governmental database.

The public reaction was so negative that the proposal was limited and essentially went underground. A similar pattern was revealed when Lotus developed and tried to market a program called Marketplace that included massive personal information.⁵² Private businesses obtained government technology. The businesses were encouraged to create massive databases and thus, the data aggregator industry was privately born. The government then accessed the data that it could not collect by itself.

Simson Garfinkel argued that the rejection of a governmental database was a mistake. Stronger controls, checks and balances, and a process for redress could have prevented business and governmental abuses, errors, and kept the practices debatable in public.⁵³ The flaw in his thinking was that private businesses and the government got access anyway. Even when controls, checks, and balances were established, businesses and governments still failed to protect the data

Governments compelled people to surrender personal information and then sold it to private companies. The companies added additional information.

The government often purchased the new records, thus by-passing the citizen’s rejection of a central database. The symbiotic government - private business relationship was more than political. Governments made fortunes selling their information on individuals to marketing and other business firms.⁵⁴

52 LauraJ.Gurak, Persuasion and Privacy in Cyberspace: The Online Protests over Lotus Marketplace and the Clipper Chip (Yale University Press 1997). Also see Laura J.

Gurak, Logging in with Laura J. Gurak: Minnesota Professor Takes a Critical Look at Online-Privacy Issues, The Chronicle of Higher Education (19 February 2002), http://chronicle.com/free/2002/02/2002021901t.htm (last visited on 4 May 2012).

53 Simson Garfinkel, Database Nation: The Death of Privacy in the 21st Century, at 35 (O'Reilly 2000).

54 Charles J. Sykes, The End of Privacy: Personal Rights in the Surveillance Society, at 29 (St. Martin's Press 1999).

Technological progress reached the point where knowledge discovery in databases (KDD) was a reality. Such private information was a commodity.

The technology involved data mining and dataveillance. Several large data aggregator companies established data dossiers on billions of people.

Acxiom, ChoicePoint, Experian, Equifax, LexisNexis, and Trans Union purchased data and data companies to expand data resources.⁵⁵In the US, since September 11, 2001, the government had gained increased access to the data aggregator’s records. The data had been collected by the government and repurchased for a fee, to protect against terrorists and maintain social control.

Knowledge based databases used subject-oriented link analysis to collect data behavior, intentions, lifestyles, and relationships. Correlation pattern analysis revealed new patterns. Pattern matching subject classes used algorithms in large databases to identify individuals and patterns.

James Dempsey and Laura Flint argued that pattern analysis was the most significant threat to civil liberties and privacy in decades. Daily lawful behaviors were examined using a massive surveillance monitoring strategy.

The approach ignored the legal principles that prior to a search, individual suspicion must be established. Fundamental legal constructs including a presumption of innocence were ignored.⁵⁶

Private information in digital dossiers became “commodities, bought and sold like bags of potato chips and six packs of beer.”⁵⁷ Cees Hamelink⁵⁸ argued that advanced data-mining technology became a tradable commodity, especially in capitalistic countries.

55 Robert O'Harrow, No Place to Hide (Free Press 2006).

56 James X. Dempsey & Lara M. Flint, Commercial Data and National Security, 72 George Washington Law Review 6, 1459, 1476 (2004), at 1466–1467.

57 Andrew J. Mcclurg, A Thousand Words are Worth a Picture: A Privacy Tort Response to Consumer Data Profiling, 98 Northwestern University Law Review 1, 63 (2003), at 142.

58 Cees J. Hamelink, The Ethics Of Cyberspace (Sage 2000).

The real owners of the data, the data subjects, were compelled to release the data, fraudulently induced to share it, not compensated for its collection or use, and all without informed consent. The process created data shadows which were free of controls all over the world. The shadows did not even have to be correct or accurate. People and even institutions became vulnerable subjects that could be punished or retaliated against even for behavior that was never committed.⁵⁹

Anita Allen⁶⁰explained that information privacy referred to the right to control the use of personal data or information, and that privacy law should empower an individual’s control over such information. The principle also applies to access to public records data.

Daniel Solove declared that the mutual collection and sale of private data between governments and businesses violated basic DPSIP legal principles and demonstrated that marketers and businesses collect sell, and use massive amounts of public data unlawfully.⁶¹

Another factor in the massive collection, sale, and use of data was the speed of data transfer. As memory became less expensive, larger databases could be maintained. Steven Miller demonstrated the impact of the increased speed of transfer when he described that transmitting the Encyclopedia Britannica took more than eighty-four hours, in the 1980’s; by 1994 it took less than five seconds.⁶² Personal data was at higher risk as database size, digitization, manipulation, replication ability, and speed of transfer increased. A couple of seemingly insignificant pieces of personal data could quickly lead to a massive dossier. Similarly, Andre Bacard showed the need for strong information

59 Garfinkel, 2000, at 70.

60 Anita L Allen, Privacy as Data Control: Conceptual, Practical, and Moral Limits of the Paradigm, 32 Connecticut Law Review 9, 861 (2000), at 863. See also Anita L. Allen, Privacy in American Law, in Privacies: Philosophical Evaluations (Beate Rossler ed., Stanford University Press2004).

61 Daniel J. Solove, Access and Aggregation: Public Records, Privacy, and the Constitution, 86 Minnesota Law Review 6, 1137 (2002), at 1194-1195.

62 Steven E. Miller, Civilizing Cyberspace: Policy, Power, and the Information Superhighway, at 36 (ACM Press 1995).

privacy legal intervention because of technology changes including (1) vast memory capacity; (2) permanent, de-contextualized data; (3) sophisticated search and matching capabilities; and (4) ease of transferability.⁶³

In addition to the lack of control over the collection, sale, and use of their personal data, people had little to no ability to correct data errors because they had no access to information in the massive databases that were aggregated and because the law did not establish their right to such access for all databases and transfers. Richard Spinello proclaimed many data files were incomplete and even outdated. Larger data bases compound the problems exponentially. As data is shared, corrections become almost impossible.⁶⁴

Richard Miller described the issue of data aggregation, mining, and profiling from a historical perspective. Data bits were scattered and transient. Any attempt to collect the data was arduous, complicated, labor intensive, and slow. When the data was electronically stored, data from a range of sources were combined and cross tabulated. No checks and balances were in place to ensure accuracy.⁶⁵

Such practices had the effect of making people objects and assaulted human autonomy and dignity. Error correction and data context were an essential part of the management of databases that contained information privacy data, and DPSIP law must address these issues. The opportunity that the advent of computers presented to make personal data a commodity was similar to the tort law principle of an attractive nuisance.⁶⁶

63 Andre Bacard, The Computer Privacy Handbook, at 36 (Peachpit Press 1995).

64 Richard A. Spinello, Ethical Aspects of Information Technology, at 119 (Prentice Hall 1995).

65 Miller, 1995, at 264.

66 Creating an attractive situation that could lure a person into a situation that could be harmful.

2.4 Governments and Businesses failed to Adequately Address DPSIP