Internet Privacy Review > Privacy News >

DATA PROFILING

Description of issue. As we make our way through everyday life, data is collected from each of us, frequently without our consent and often without our realization.

• We pay our bills with credit cards and leave a data trail consisting of purchase amount, purchase type, date, and time.
• Data is collected when we pay by check.
• Our use of supermarket discount cards creates a comprehensive database of everything we buy.
• When our car, equipped with a radio transponder, passes through an electronic toll booth, our account is debited and a record is created of the location, date, time, and account identification.
• We leave a significant data trail when we surf the Internet and visit websites.
• When we subscribe to a magazine, sign up for a book or music club, join a professional association, fill out a warranty card, give money to charities, donate to a political candidate, tithe to our church or synagogue, invest in mutual funds, when we make a telephone call, when we interact with a government agency . with all of these transactions we leave a data trail that is stored in a computer.

We are not yet to the point where the contents all of these many databases are combined, but we are rapidly heading that direction. In the aftermath of the 9-11 terrorist attacks, government and law enforcement authorities are working with the data profiling industry to develop an airline traveler screening program that draws data from many consumer data files. That system is CAPPS, Computer-Aided Passenger Pre-Screening. Its developers are attempting to create a profiling system that detects traveler anomalies in order to prevent terrorists from boarding.

Privacy and civil liberties advocates are often asked, "what are you afraid of; what do you have to hide; if you haven't done anything wrong, what's there to worry about?." The sentiment behind these questions is that the data being compiled is benign and is not going to harm us. But as law professor Jeffrey Rosen points out in his 2000 book The Unwanted Gaze, you are not your profile. Databases can contain errors. And data compiled from disparate sources and from differing contexts can lead the user to arrive at the wrong conclusions. (The Unwanted Gaze: The Destruction of Privacy in America, by Jeffrey Rosen, Random House, 2000)

.[W]hen intimate information is removed from its original context and revealed to strangers, we are vulnerable to being misjudged on the basis of our most embarrassing, and therefore most memorable, tastes and preferences. (p.9)

He used the 1998 subpoena by prosecutor Kenneth Starr of Monica Lewinski's book purchases from a Washington, D.C., bookstore as an example of how profiling can harm individuals. This occurred during the Clinton administration sex scandal. Rosen states:

Privacy protects us from being misdefined and judged out of context in a world of short attention spans, a world in which information can easily be confused with knowledge. (p.8)

Here is another story to illustrate the potential harm of untrammeled data collection and profiling.

In 1998 the Salt Lake Tribune reported that the supermarket chain Smith's Foods was subpoenaed by the U.S. Drug Enforcement Agency (DEA) for its discount card data on several named suspects. Was the DEA looking for high-volume purchases of non-prescription medicines that make up the chemical formula for "speed," like Sudafed? No. They were interested in finding out if these individuals had purchased a lot of plastic "baggies," the presumption being that if you're manufacturing and selling "meth," you will need plastic bags to package it in.

This story should alarm each of us. How many situations can we think of where someone might buy many "baggies" - the parent who wraps school lunches for a large family, the Girl Scout troop leader who makes sandwiches for the girls' outings, the jewelry maker who sells her creations at weekend arts fairs. Yet, if law enforcement were to request supermarket discount card data for "fishing trips," without court-ordered warrants -- something far more likely in the post-9-11 era of weakened checks and balances -- many individuals would be on the suspects list, most if not all of whom would not be drug dealers.

Looking ahead. The supermarket club card story illustrates the fair information principle of secondary usage: Information that has been gathered for one purpose should not be used for other purposes without the consent of the individual (paraphrased from the "use limitation principle," Organization of Economic Cooperation and Development, 1980).

The unfettered collection of data from numerous sources, in an environment where there are few legal restrictions on how the data can be used and merged, will inevitably lead to secondary uses that will violate privacy and trample on civil liberties. The legal protections for privacy in the U.S. are weak. They have been further weakened by the hasty passage of the USA PATRIOT Act, following the 9-11 terrorist attacks. There are few restrictions in the U.S. on how data can be collected and merged, in contrast to European Union countries, Canada, New Zealand, and Australia.

When I first wrote this report in March 2001, I said the following:

It is not farfetched to envision a future when such data will be used for a variety of secondary uses. If we were to enter a time of social unrest and political turmoil, our government might seek to use such information to investigate dissidents. We do not have to look very far to see such an investigation in our own time - Kenneth Starr's 1998 subpoena of Monica Lewinski's bookstore purchases during the Clinton impeachment proceedings.

The future is here. The terrorist attacks of 9-11 have launched us into just such an era of turmoil and uncertainty. The checks and balances that had previously been counted on to place limits on government access to consumer data have been largely lifted by the USA PATRIOT Act. Some - but not all -- of the provisions of this law come with a sunset provision, so they can be evaluated and even reversed.

This situation is fortified by the strength of the information industries in the legislative arena. When there have been legislative attempts to regulate the collection and use of consumer data by private sector entities, industry associations have responded with a call for self-regulation. To date, this argument has been successful. The direct marketing and information broker industries are virtually unregulated, and their members collect a massive amount of data from consumers. Will such data be used for secondary purposes? We can count on it, especially in this post-9-11 era.

Need Internet Privacy Protection?

Read the review of our #1 recomendadion for Online Privacy Software

View our Comparision Chart of all reviewed Online Privacy Software

Internet Privacy Protection is very important if you want to stay safe while online.