Simson Garfinkel: Chicken Little or Paul Revere?
Pages: 1, 2, 3
Pizzo: But do you think that relying on the government to fix this -- assuming they pass laws that fit the criteria that you set forth in your book -- that that's a false sense of security? And I'll point to, for example, the government sets laws all the time that it violates. Don't ask, don't tell. And yet it was the government that went after a sailor who was in a chat room on AOL, coerced AOL into revealing who that person was, and they discharged them from the government, violating a number of privacy and some of the government's own laws, particularly the "don't ask, don't tell."
Garfinkel: And that sailor sued and that's why we know about it, because there was a system of laws in place. What I have argued for in the book, first, is that you should have a combination of a regulatory process and technology. If you have the regulatory process without technology, you're going to have more privacy failures. But if you have the technology without the regulatory process, then there's this incentive for people to bypass the technology and to cheat the system because there's no penalties for doing so.
Now, if you're worried about privacy violations by the government, what you do is you create a balanced structure within the government to deal with that. That's our system of checks and balances. And the real problem in the Navy situation is that there is no balance, there's no check, for the government's privacy malfeasance. We don't have an organization within the federal government responsible for enforcing the privacy laws that we have. We don't have a watchdog agency that's looking out to make sure that the rest of the government isn't screwing up. Now back in 1997, the Social Security Administration launched a Web site that would allow people to see their Social Security earnings over time, and the problem with that Web site was that it didn't really verify the identity of people who were going to it. So you could, with a little bit of work, see the earnings histories of anybody in the United States. Now, I found out about this in February of 1997, and I started talking to people at the Social Security Administration, and they assured me that there was no problem whatsoever. My only choice was to argue with them or to write an article about it. I wrote an article about it, and it appeared on the front page of USA Today. Three days later, there were Congressional inquiries, there were letters from senators, and the Social Security Administration shut the Web site down.
Now, if there had been a privacy commission in place before that happened, they would have reviewed the whole process and that Web site probably never would have been put up in the first place.
 |
|
||||
|
|
 Database Nation |
|
|
|
|
|||||
| |||||
Pizzo: You outline in your book a number of good suggestions on how we can proceed on the federal level, and assuming that does not happen and that the problem doesn't resolve itself in the near future, you do end the book in a chilling way, suggesting that people might turn to information terrorism, privacy terrorism as ecological groups like Earth First and Act Up did in other issues.
Garfinkel: Yes, absolutely. I'm expecting that.
Pizzo: And what form do you think that would take?
Garfinkel: I outlined in "The Privacy-Now Manifesto," which is on my Web site, that we're going to see acts of data vandalism, where people inject false information into the data streams. We're going to see outings of people involved in these anti-privacy organizations, personal details about them published. And we're going to see data terrorism, where just large databases are liberated as a way of protesting. And, you know, already we're seeing this. Already we see a lot of people provide false information when they register a Web site. I actually get a lot of spam because people provide the name "homer@simson.net" and that ends up going into my mailbox, so I can see people engaging in acts of data diddling and data subversion right now.
Pizzo: Well, listen, "Database Nation" is a good read, and you state your case very well. Thanks for joining us today.
Garfinkel: Well, thank you very much.
Stephen Pizzo is an award-winning non-fiction author, and newsman for the O'Reilly Network.
Read more The Pizzo Files columns.
Discuss this article in the O'Reilly Network General Forum.
Return to the O'Reilly Network Hub.
