In an age when Google, Apple, Facebook, Foursquare, and their ilk have made manifest the statement "privacy is dead: get over it," some of us still find ourselves annoyed by a growing culture of intrusion.
A couple of weeks ago, for example, I walked out of the Brannan Street branch of a national bike shop chain sans merchandise after a clerk, and then his manager, insisted they'd rather not sell to me until I'd provided my name for their customer database. Matt Magnani, director of retail marketing for the Performance bike chain, later said that customer information is collected "to communicate deals, sales, and events to guests," but I bristled at the gratuitous requirement that I provide my name for a database for the privilege of buying bike parts.
A friend of mine recently found himself arguing with a San Francisco Toyota dealer where he planned to pay cash for a used Prius. A salesman told him he would first need to complete paperwork for a credit check. My friend responded that he was paying in cash. The salesman insisted that he had to fill in the credit check forms anyway. No, my friend said: I'm paying cash.
We aren't Luddites or conspiracy theorists. Once upon a time those terms might have been appropriate for people who fear their movements and thoughts are being monitored. But that was before everyone seemed to be in on the personal-information database game, before mining cellphones' GPS and WiFi location data became America's hottest business frontier, and before the Department of Homeland Security (DHS) had spent half a decade compiling a database of detailed profiles of every person who'd crossed a U.S. border.
That last example "is a guilt-by-association machine," according to Edward Hasbrouck, a San Francisco travel writer who for several years has investigated the Automated Targeting System operated by DHS' division of Customs and Border Protection.
Like me, Hasbrouck is increasingly disturbed by the idea we're supposed to be an on-demand personal-information source for an ever-larger and intrusive collection of people and organizations. Hasbrouck is no privacy freak — he's a journalist who is regularly quoted by the likes of USA Today and The Washington Post when a travel story becomes national news.
Notwithstanding, on Aug. 25 he sued the Department of Homeland Security over what he says is its refusal to give a complete accounting of secret government files detailing his own global travels.
The Federal Privacy Act and Freedom of Information Act say individuals have the right to view information the government is collecting on them. But Hasbrouck claims that his multiple requests were partially denied, with officials citing concerns about the privacy of others who might be mentioned in those files.
So Hasbrouck has demanded in federal court to see his entire dossier. If he prevails, he, his attorneys, and allies say, the government will have to release full dossiers to anyone who asks. People may become alarmed that the government collects information so detailed that federal employees may know with whom they shared a hotel room. And an outraged public just might compel this personal-information snowball to slow down.
"This is not something I'm doing lightly, or that I'm doing every day, or that I like doing," Hasbrouck says. But "I think it's important for people to know about this surveillance program, and to understand what kind of dossiers are being kept, and how that information is being used."
In response to an inquiry, U.S. Customs and Border Protection spokesman Jaime Ruiz said that the agency refrains from commenting on matters in litigation.
Full disclosure: The most hay I ever made as a journalist was in late 2002, when I monkey-wrenched a now-defunct Defense Department–funded program called Total Information Awareness. Like the Automated Targeting System, it made a science of collecting and cross-referencing personal data. In my column I printed the home phone number of program director John Poindexter — yes, the same guy who assisted in the siphoning of illegal funds to the Nicaraguan Contras.
I urged readers to call and ask him "why he needs our toll-booth records," and what videos he was watching. After a deluge of calls, Poindexter disconnected his phone. But an army of online sleuths posted pre–Google Earth photos of his house and details about his neighborhood. I appeared on Fox News (where, an Australian viewer e-mailed me to say, I looked like a limp rag) and about two dozen talk radio shows around the country.
Two months after my story went viral, Congress passed legislation to suspend and investigate the program because, critics said, people's personal information might be misused. The program changed its name to Terrorism Information Awareness. So it took another act of Congress in 2004 to finally shut it down.
Yet Total Information Awareness was an idea that wouldn't die: At around the time of its death, a different government agency was incubating a program with similar goals and similar techniques. In 2006, the U.S. Federal Register announced a system by which the government ordered airlines to collect up to 50 types of data, including billing information, telephone numbers, e-mail addresses, and seat numbers, to be compiled in an information "environment" designed to screen, target, and share information.
Congress was right to shut down TIA. And it would be right for the Department of Homeland Security to come clean about information collected in the Automated Targeting System.
In the year prior to the passage of the Privacy Act of 1974, a U.S. Department of Health, Education, and Welfare report predicted a new era of computer databases housing personal information. It warned that, in the name of civil liberty, computerized snoops must be restrained.
The report eerily presaged the current zero-privacy era when — to name one recent advance — Apple reports that it can track iPhone locations in real time, and that it shares such information with other companies. And the 1973 report was actually meant to encompass government programs such as Homeland Security's Automated Targeting System.
The report advised there should be no personal data record-keeping system whose very existence is secret. There must be a way for people to find out what information is being kept on them and how it is being used. Individuals should be able to prevent information from being collected for one purpose, and then used for another without their consent. And they should be able to correct information that's being compiled about them.
In the Internet era, these ideas may seem quaint. But when it comes to data collected by government programs, they happen to be incorporated into law.
When the Automated Targeting System was announced in 2006, Hasbrouck, along with privacy activists such as Electronic Frontier Foundation cofounder John Gilmore, expressed alarm about its scope, saying it violated the Privacy Act by collecting information secretly and for uses that were unclear. Subsequent news coverage inspired some people to request their own profiles, which they shared with Hasbrouck. The level of detail was discomfiting, he says.
"I've seen in one person's file that showed not merely who they were traveling with, but ... whether they asked for one bed or two in a hotel room, because their hotel was booked through the same reservation as their flight," Hasbrouck says. "I don't think it's appropriate for anyone to be looking behind your hotel room and seeing who's sleeping with whom."
Hasbrouck asked for his own data profile in 2007. The response given by Customs and Border Enforcement was "manifestly incomplete," according to his federal lawsuit. He tried again in Oct. 2009, filing a new request for his own travel-related records, a list of when and to whom they had been disclosed, and an accounting of how that information was indexed, searched, and retrieved.
"They didn't want people to know they had this information, and they didn't want to give it out, because people might be alarmed at how extensive it is," says David Greene, executive director of the First Amendment Project, an Oakland legal aid nonprofit whose attorneys are representing Hasbrouck in his federal lawsuit. "Any time the government has that kind of detailed information, it has the potential to misuse it. That's the reason we have a Privacy Act, in recognition of the fact we have a right to know what information the government has about us."
I hope Hasbrouck and Greene prevail. For those of us frequently irked by private encroachments of the "privacy's dead: get over it," ethos, I'm less optimistic.