| Scared? In the next few years privacy advocates foresee far more Orwellian scenarios. For several years, thanks to Global Positioning Systems (GPS), someone could track your location anywhere on the globe, cheaply and relatively easily. Now surveillance is being supersized; the authorities may soon have the ability to track everyone, everywhere. They may even be able to track the vehicles you drive and the products you buy. In fact, you probably already have a tracking device in your pocket. By law, new "E911 capable" cell phones must have tracking technology built-in so emergency services can locate you when you call 911 on your mobile phone. (Whether this service actually works depends on where you live; it has yet to be implemented nationwide, due to problems upgrading antiquated emergency dispatch systems.) But the same technology that brings the paramedics to your rescue may also let the police locate you at other times, or request a record of your 'sightings' from your wireless company. A divorce or civil attorney could subpoena your location records for use in a trial. Don't forget the capitalist angle. Depending on the agreement you sign, your wireless company could sell your location information to advertisers so when you're driving by McDonald's, your cell phone might receive a coupon for a free Healthee Burger. Revenues for location-based services are expected to reach anywhere from $15 billion to $40 billion by 2007. The National Transportation Safety Board has called for all cars to be outfitted with event data recorders a "black box" that records how far and fast you've driven, and whether you slammed on the brakes or were wearing your seatbelt. Ostensibly designed to help investigators determine the cause of accidents and improve safety, EDRs could also be used to monitor your driving, issue tickets, assess mileage taxes, or boost your insurance rates. Progressive Insurance of Minneapolis has started a pilot program offering discounts to drivers who agree to upload their EDR data. Approximately two-thirds of 2004 model cars have some kind of EDR installed, according to the U.S. National Highway Traffic Safety Administration. "Telematics" systems from companies such as OnStar or ATX Technologies provide instant-on cellular connections when your car has been in an accident, and a GPS transponder to help emergency workers locate you. But these same systems could be used to spy on you. Rental car agencies have already used vehicle GPS systems to fine customers who exceeded speed limits or crossed state lines in violation of their rental agreements (although public outcry has made them largely back down). Courts have ruled that police may attach a GPS device to a car without a warrant. FBI agents have used telematics systems to eavesdrop on suspects traveling in a car a practice the courts ruled illegal because the tap interfered with the car owner's ability to use the system to call for help, not because of privacy concerns. Electronic passes that let you avoid long toll booth lines have been used in hundreds of criminal and civil lawsuits to document people's comings and goings. These passes come with Radio Frequency Identification chips inside that broadcast a unique number when scanned. Any time you pass within range of an RFID scanner which can be hidden inside a doorway or a wall the tag transmits your information. RFID tags are being built into all kinds of products, from car tires and hand guns to the packaging of consumer goods. (See "All RFID, All the Time" in Chapter 5.) The little snooping chips may find their way into passports and driver's licenses, and some people are (voluntarily, so far) inserting them under their own skin. In the future, when you walk into a room, it could know who you are and where you've been. MIT's Auto-ID Center predicts that some 500 billion RFID tags may be in use by 2010. THERE'S GOLD IN THEM THAR DATA MINES The billions of records maintained by data mining companies aren't just attractive to Corporate America and Uncle Sam they're also a tempting prize for hackers. For example, Acxiom was hacked multiple times over the past four years and the company never knew it. Between April 2002 and August 2003, Acxiom's file servers were compromised 137 times by hackers, who made off with 8.2 gigabytes of customer data. Scott Levine, an alleged spammer based in Florida, has been charged with what the U.S. Department of Justice termed the "largest illegal invasion and theft of personal data to date." Authorities discovered the data loss while investigating a completely unrelated incident in which Acxiom was hacked. In December 2003, 25-year-old hacker Daniel Baas pleaded guilty to a single count of "exceeding authorized access" to the company's file servers. Baas, who was working for one of Acxiom's subcontractors at the time, accessed millions of customer records the company maintains for its corporate clientele including major U.S. banks, insurance, and phone companies. Baas's crime was also discovered accidentally when investigators in Hamilton County, Ohio, impounded another hacker's computer and discovered a chat session between the two in which Baas admitted to having some of the Acxiom data. As far as investigators can determine, Baas copied the data to CDs but didn't do anything else with it. Acxiom wasn't the only data mining giant to have its records pilfered. Over the course of 2004, ChoicePoint was victimized by a ring of identity thieves who posed as legitimate businesses to set up fraudulent accounts. After they signed on with ChoicePoint, they trolled the company's databases and scooped up names, addresses, Social Security Numbers, and other personal information. Credit card accounts for approximately 750 people were used to purchase jewelry, electronics, and other consumer goods, according to a statement by the company. At press time, ChoicePoint plans to notify up to 145,000 people that their personal data may have been stolen. Since the break-ins became public, both companies say they've tightened up their security procedures. One can only hope. |
Is personal privacy a dead duck? Only if you believe Scott "Get over it" McNealy. Technologies like GPS and RFID are not inherently bad, but history shows time and again that data collected for a helpful purpose invariably ends up being used for another, less benign one. History also shows that when citizens raise hell and actively oppose privacy intrusions, the intruders back down or are forced to implement safeguards to keep data from being misused or abused. Not always, but often enough to make it a fight worth waging. The first step is securing your personal privacy at home. The next chapter shows you how. PRIVACY AND THE LAW In most of the industrialized world, your personal information is largely in your control, at least when it comes to its commercial use. Not in the USA. Instead, we have a patchwork quilt of Federal and state laws addressing various aspects of privacy. Most are essentially "buyer beware" laws they tell you how your privacy is being violated, but it's up to you to make it stop. Here are some of the important Federal privacy protections for consumers. Privacy Act of 1974. This seminal piece of legislation prohibits the Federal government from creating secret databases on individuals and limits how agencies can share information. It also gives you the right to request your information and to sue the government for failing to follow the Act. For more details (and limitations), see EPIC's summary at http://www.epic.org/privacy/1974act/. Fair Credit Reporting Act. The FCRA lets you access your credit bureau records and correct inaccuracies. The more recent Fair and Accurate Credit Transaction Act (FACTA) allows you to obtain a free credit report every year. Telephone Consumer Protection Act of 1991. Though it provides little actual protection against telemarketing calls, the TCPA made it illegal to send unsolicited fax advertisements, allowing citizens to sue junk faxers for $500 per violation. Family Educational Rights and Privacy Act. FERPA limits sharing of student data to "directory information" (name, address, and so on) and lets you opt out of directories, too. Gramm-Leach-Bliley Act. The GLBA's main purpose was to allow banks, insurance companies, and brokerages to merge, but it also lets you tell your bank to stop sharing your information with third parties. (See Chapter 5, "Financial Privacy? Don't Bank on It..") Health Insurance Portability and Privacy Act. Passed in 1996 and still being implemented, HIPPA gives you access to your medical records and limits the disclosure of medical information by health care providers. (See Chapter 5, "Getting Hip to HIPAA.")
|
Table 1-3. Answers to the quiz on page 5.True or False? | Correct Response |
|---|
1. My boss can require me to take a lie detector test. | False. A federal law prohibits using polygraphs in hiring, though certain professions (e.g., security guard) are exempt. Employees accused of a crime can also be asked to take the test. | 2. My boss can search my office, desk, or bag. | True. Private employers can search your office or desk with relative impunity; they may also be able to search your bag, if such searches are standard procedure in your workplace or you're suspected of theft. | 3. My boss can ask me to submit to genetic testing to determine if I'm an insurance risk. | Unclear. In February 2005 the Senate unanimously passed the Genetic Information Nondiscrimination Act (S. 306), which would prohibit employers from using genetic test results to deny insurance or employment. At press time, the bill was being considered in the House. | 4. My boss can fire me because of something he found during a background check. | True. Your boss can fire you for virtually any reason, as long as it's not violating your civil rights or related to criminal activity. | 5. My boss can ask about my criminal history during my job interview. | True. In most states your criminal history, if you have one, is public information that's accessible to employers. Any arrests without convictions in the past seven years are also fair game. | 6. My boss can ask about my mental health history during my job interview. | False. Under the Americans with Disabilities Act, employers are forbidden to ask questions that might reveal a physical or mental handicap. |
|
