Priority Interrupt by Steve Ciarcia Cyber Dossiers

Privacy laws in the U.S. border on being a joke. They are a piecemeal collection of individual laws that generally cover only things like credit reports and some medical and financial records. The joke is that the lack of comprehensive national laws results in situations that keep your video rentals secret but make every roadway toll you go through, every meal you charge, and every cell tower you pass available in some unprotected database for the entire world to view. Life in the U.S. is virtually an open book, and most of it is online.

Recently, I was at a party and this subject came up. I related the story about how I had just bought a car and how an insurance quote was conducted. Interestingly, the insurance agent (whom I had never met before) had asked me absolutely no questions while determining my insurance qualifications. Within the few seconds it took to call up a data-mining information service, she had a complete cyber dossier on me. The speeding ticket I got three years ago (and what guy who owns a Porsche and a BMW doesn’t have one?) didn’t result in any points, so it wouldn’t hurt me. My credit rating is so good that they would give me a 20% discount. I own my home and have no children under 25, so that was good. I have three other cars (with a different insurance carrier), and she said I was eligible for a multi-car discount if I transferred the other three to them. And, because they determined I was still eligible for life insurance, and that my medical insurance premium payments weren’t out of whack with the norm, I was not considered an "inordinate risk" customer. They found all this in just a couple minutes. Well, at least they didn’t know I had just rented Pirates of the Caribbean. That would remain a secret.

My experience wasn’t convincing enough for one rather loud individual at the party, so I decided to demonstrate a more personal example for him. Without using any of the paid data-mining services, I simply signed on to a web site where I knew his hometown tax department posts their property grand list. I entered his residential address and up popped a picture of his house, all the financial details of what he paid for it, and the current assessment and taxes, along with a complete list of all the building permits, violations, and property changes for the life of his house. He turned absolutely white when the next page showed a floor plan of his 3,700-square-foot Dutch colonial with a notation that he still had an outstanding overdue tax bill. I smiled and said, "Hey, George, I thought you always told us your house was over 4,000 square feet?"

It’s been suggested that every American is in at least 50 databases and that together they describe an entire lifetime of activity. Worse yet, if documented past deeds don’t indicate enough despotic jeopardy for you, then consider what happens in the future when all your real-time activities are logged into more databases. Presently, there are no laws that cover the plethora of location-tracking devices like cell phones, RFID tags, traffic cams, etc. The old joke about your life being an open book has suddenly taken on new meaning.

If I have a fear, it isn’t that we are in a database, it’s that the information it contains isn’t accurate. Present databases are primarily records of past financial and transactional activities. People generally have paper records of these events, and, if disputed, the database can be corrected by showing alternate evidence. Today’s massive computer systems make collecting the GPS location for every person with a cell phone, every car with an EZ Pass, and every sweater with an RFID tag a potential reality. When you check in at the airport and they run your ID, they can easily see that you haven’t been to any embargoed locations or bought any suspect items. But, what if one of those records has a few bad bits? Or what if your stolen cell phone went someplace you didn’t? Do you get put on a transport to Guantanamo Bay?

Let’s face it, the technology is slick and its applications are intriguing. The ability to monitor if your son is actually following house rules when he borrows the family car seems to easily justify GPS tracking. However, do you really want to have high-priced clothing ads blasted in your face when you walk into a department store that has just scanned your clothing RFID tags to determine your spending profile? Or, do you want to be completely ignored by a car dealer who can see you’ve been to six other dealerships and are obviously "just looking around"?

Regardless of how slick the applications, people openly admit that they are concerned about privacy. Product design engineers should be aware that revelations like the hidden "spyware" that doomed many software products can happen to hardware products as well. For example, the sudden publicity that the one million RFID tags just shipped to Wal-Mart also login at every ATM and gas pump in the country despite claims they were erased at the checkout register would be a product kiss of death. The potential applications and associated glitches could be infinite. Until there are rules on how this information is collected, verified, and used, I think engineers have an obligation to design location and ID-tracking technology to include a genuine off switch.