Week 13: Database and Web Privacy

Database privacy. William Dwyer found out the hard way how unprivate databases can be. Someone at a Florida Honda dealership downloaded his credit report and, using his Social Security number and other data, applied for credit cards in his name. It took him a year to clear his name, and, along the way, his bank turned down an application for a loan to pay his son's college tuition. Last year, an Ohio nurse named Maureen Mitchell testified before a U.S. Senate committee on how her identity was stolen in late 1999.

Credit bureaus maintain information on practically every American adult. It is fairly easy for anyone with access to that information to assume the identity of another individual. Of course, more safeguards could be put into effect to make it harder for people to access credit records ... but they might also make it more difficult for other people to get credit when they need it. It is a delicate balancing act to reconcile the need of citizens to keep their records private with the need of others to access credit information.

Let's take a particular example of information that is widely used but important to keep private: your Social Security number. A Social Security number is widely used as a means of identification, especially for financial transactions over the phone. Thus, anyone who finds out your Social Security number has the ability to impersonate you The problem is that it is used as a key in so many databases that by giving it out, you provide access not only to the information that is requested, but also to a lot of other information as well. This means that you should be careful about giving out your SSN, but it also means that if you are designing a database, you should look for other ways to assign unique keys. Fortunately, there are a number of good alternatives. NC State is now limiting the use of SSNs as student IDs, substituting realm IDs on grade rolls, for example.

Social Security numbers aside, a lot of personal information about all of us is available on the Web. This makes it easy for anyone with a Web browser to find out a large amount of personal information on an individual. This information can be put to ill use. Indeed, there is a directory of such information, called "The Stalker's Home Page." Even before the Web, misuse led to tragedy. In most states, it used to be possible to find out the home address of the owner of a car, given a license-plate number. About 10 years ago, actress Rebecca Schaefer was murdered by someone who found out her home address from California Department of Motor Vehicles records. Congress subsequently banned routine disclosure of this information.

In 1996, Lexis-Nexis announced the P-TRAK Person Locator File, "a quick, convenient search [that] provides up to three addresses, as well as aliases, maiden names, and Social Security numbers." After a barrage of complaints, it dropped plans to offer it. This episode mirrored a similar controversy six years earlier over the abortive plans of Lotus Development to offer a database called Marketplace: Households, detailing consumer buying habits for the benefit of prospective marketers.

From an ethical perspective, there are good and bad reasons for desiring privacy. If you are concerned about people finding out what you are doing, ask yourself if that is because you are doing something unethical. Clearly, it is not ethical to use privacy as a shield to allow you to "get away with" unethical activity. But privacy is also a shield against the unethical actions of others. You have a right to keep information private that could be used to bother you, inconvenience you, waste your time, or threaten your safety. This is why more and more experts are coming to the conclusion that you should have the right to control how information about you is used.

Web privacy. The World-Wide Web has brought a greater sense of urgency to these concerns. Not only is the Web being used as a vehicle to disseminate information in preexisting databases; it is also being used to gather new information on individuals and their habits. If you've ever authored a Web page, sent e-mail to a Usenet list, or anonymously ftp'd a file from a server, a record of that is available in a log file or a search engine somewhere. Would you want a prospective employer to see what you do in your private life? That information may be only a few mouse clicks away.

Another concern is the theft of credit-card numbers on the Web. In 2000, a television network found that security flaws at e-commerce sites made it easy to view thousands of credit-card numbers on the Web. In January 1999, nearly a half-million credit-card numbers were stolen from the CD Universe Website.

Since about 1996, one of the highest-profile Web privacy issues has been the use and misuse of cookies. A cookie is a small file stored on a user's filesystem that records certain information about the user. For example, it may hold a user ID and password to enable subsequent logins to a Website to proceed immediately, without asking for authentication. However, they were soon used to target ads at users based upon the topics they had browsed for. And information gleaned from cookies can be recorded in Webserver log files, raising the possibility that the user may lose control over the dissemination of this information. It is even technically possible to use a single cookie to record users' visits to many different Websites, opening up vast new opportunities for targeted advertising. An example is the list of book suggestions conveyed by Internet booksellers: "readers who bought this book also bought ..."

Early in 2000, those concerns suddenly became more real when DoubleClick purchased the direct-marketing company Abacus Direct. Abacus owns a database of the purchasing habits of 90% of American households. Clearly DoubleClick was interested in correlating this information with consumers' on-line behavior, allowing advertising to be targeted even better.

Whether there's any problem with this is controversial. If advertising can be better tuned to consumers' interests, it could become less intrusive, not more. No longer would individuals be bothered by mounds of junk mail for products they are not remotely interested in. But worries remain. Once all that information is available in one place, the temptation to misuse it might become overwhelming. Might potential employers, for example, purchase access to the information and jump to conclusions about what kind of person you are based on the sites you visit? And if they did, would that be any worse than having them jump to conclusions based on, let's say, how you make eye contact?

Users can opt out, either by setting their Web browser not to accept cookies, or to warn them before accepting cookies. But this also turns off the helpful uses of cookies. Also, it doesn't help Web "newbies," who will not even be aware that they are being tracked.

Based on these concerns, some privacy advocates believe the government should step in and stop companies from tracking users' on-line visits. Predictably, Web marketers are not enmaored with this prospect. They say that the industry itself will take steps to protect privacy. They have an incentive to do so, since privacy worries are already making consumers wary of buying on-line.

As long as thirty years ago, researchers foresaw increasing intrusions into privacy by computer technology that was then in its infancy. Today many of these concerns have become reality. Not only do we have to be careful to behave ethically ourselves, but also remain vigilant to guard against abuses by others.