Top of This issue Current issue
by Bruce A. Clark
Every day we read about one or another of the big online businesses — Google, Facebook, Twitter, Apple, etc. — is making another foray into invading our privacy. Recently, it was Twitter, after being exposed to be surreptitiously uploading the contents of users’ cell phone address books so that it can make use of the information. It’s response, upon being caught, was not “Ok, we’ll destroy the information.” Instead it was “Ok, we’ll now tell users that that’s what we are doing.” And all of this is in addition to what other businesses have been doing for years — mail order companies dealing in our addresses, super markets and their courtesy cards gathering and sharing marketing information, mail order companies doing the same, etc., etc., not to mention government! There have been pro-consumer responses, notable from the Electronic Frontier Foundation and related outfits, trying to protect our privacy. Further, the Europeans, who seem at present to have a better grip on the need for such privacy that the U.S. government, have been taking actions against some of the actors to protect at least Europeans’ privacy.
Unfortunately, none of the pro-privacy organizations seems to have a good handle upon how to approach the problem in the overall. They all take the fire-fighting approach: when there is a blaze, they try to put it out, but never seem to take a broad enough preventive approach.
According to a 2007 Op-Ed opinion in the Los Angeles Times, Google wants to know us better than we know ourselves. The article seems very prescient as to what has happened since in Google’s (and its competitors’) attitudes toward capturing personal information about us. Reading that Op-Ed reminded me of something I’d been wanting to write about for a long time. (This article is a modernization of one that appeared on my web site in 2007.) Consumers must put up with a lot of unnecessary annoyance, expense and invasions of privacy from the various businesses they deal with, even from “free” services like Google.
Does every person working for Google, to use that company for an example, know all of the information that the company holds about us? Do they, the way dogs do, individually sniff our behinds and know all about us? No, obviously not. But that means nothing; it’s not an individual problem, it’s a corporate problem. Like in the movies, when some mafioso moves to snuff someone and says “it’s nothing personal, it’s just business,” that’s the problem!! The business of these companies is to corporately know about us so that they can manipulate us and make money without compensating us.
The advertising industry has, over the years, employed lots of psychologists to investigate what makes us tick so that they can use those techniques to manipulate us and our tastes. Add to that all of our personal information and we will be like clay in their hands. Your friends are buying this; why aren’t you? This is the latest trend; why aren’t you a part of it? And, eventually, the other folks in your economic slice of society are voting Republican; why aren’t you???
No one, to my knowledge, has ever approached the most obvious and clean-cut way to attack all of this stockpiling of data about people and the use of it (legally and illegally) by business in ways that we wouldn’t approve of. Hence, I propose a single law to solve at least most of the problems. Congress needs to pass legislation that recognizes that
All information about a person is owned by that person.
Anyone who maintains information about a person without permission or anyone who uses permitted information in a way that is not permitted is guilty of a crime (not a tort!) and will be prosecuted in the courts. Pretty simple and straightforward, right? Yes! It is so logical and so simple that I’m surprised that I’ve never seen it raised before. It would be easy to implement, with no intricate complexities that only a lawyer can understand.
Of course, businesses will scream bloody murder, say it’s unconstitutional to take away “their” information, and raise the specter of clogged jails and courtrooms, but that is nonsense. Clogged courts are caused by law breakers, not innocent individuals. If they then abide by the law, there will be no problems.
Nothing Really New Here
This law wouldn’t be breaking any new legal ground. There are plenty of privacy protection laws already in place; they just do a lousy job of it because they don’t get down to the essence of the matter, and, in general, they don’t define violations as criminal. That means that individuals must sue to get some semblance of justice, and the courts have thus become the the protectors of the rich. This legislation would leave the decisions up to a jury of twelve of our peers.
Opponents would also say that the Constitution doesn’t give us the right to privacy. They would be right, but the Constitution doesn’t give us any of our rights. The Bill of Rights is there to keep government from infringing on rights we already have. That’s what “government with the consent of the governed” really means. The fact that that the Bill of Rights doesn’t specifically mention privacy does not mean that it is not our right: remember the ninth and tenth amendments!
Of course, there would need to be certain limited types of exceptions (i.e., use without explicit permission — you would still have ownership of your information): police maintaining criminal records for example. Public entities might be permitted by law to maintain certain records necessary to carrying out the duties of government, such as tax records, but they must be limited to what is actually necessary, and non-permitted disclosure or maintaining inaccurate information would still be a crime.
I’m sure that the government (read: IRS) would insist on being able to store information about you without your permission. But there is no reason at all why it should be exempted from the criminal penalties for misusing your data, for maintaining erroneous data or, especially, for trying to collect taxes that you don’t owe!
I would suggest not making an exception for government gathering or maintaining information about you that is not related to an ongoing criminal investigation. Moreover, that information gathering process would have to be renewed by a judge, say, every 90 days.
One way businesses have thwarted the intent of existing privacy laws is to claim that you have business relationships with them and that they have certain implicit permissions to hold and use information about you. For example, if you call a catalog company and place an order, you become a customer, and it wouldn’t be a violation (they say) for the company later to send you a catalog. The better firms provide a way for you to instruct them not to, but that’s backwards! It’s still your data and they should be asking you to use it, not you asking them not to.
Any business, including the telemarketers who call you at your home, will have to be able to demonstrate that your address or phone number was obtained legally, with your advance consent. If your address or phone number is listed in the phone directory, that’s public and some company can look you up and call you or send you something. However, after this law, it can’t store the information about you without permission and every time it wants to contact you it would have to look you up in the phone book again. Communications companies could not charge you for not being listed, either, because the phone company can only list you with your approval!
No more junk mailing lists!! Any organization with a mailing list would have to send you a letter to get your permission to continue to maintain, use and share your address, and if you didn’t respond with permission within, say 30 days, the list owner would have to purge all information about you. Or, you could say “sure, you can keep my information, but every time you give out my address, I get $1, take it or leave it.” Let you make the money for a change.
Well, little but important. How do we keep businesses from frustrating the intent of privacy laws by subtly coercing people to permit businesses to exploit their personal data in exchange for “free” services? It’s easy: by requiring that any request to use someone’s information be separate from any other agreement. For example, a grocery store can give you a discount card or not, as it chooses, but any request to share your shopping data must be separate, and can’t be tied simply to the use of the card.
Once such a law is on the books, corporate America will adjust, for the better of all of us. Credit reporting firms will be much more careful. Direct marketers will have to focus their mailing lists more carefully because of the increased cost of the lists — getting folks’ permission to maintain the information databases and having to share the profits with the owners of the data will add up. The volume (and cost) of junk mail will drop drastically. You might actually wish to read what you get!
Such a law would be a solid foundation on which people could maintain the degree of information privacy they desire. It can be as flexible or as limiting as individuals want it to be. BUT … it will never happen until people start DEMANDING it boisterously from their Senators and Representatives. Most of those slippery characters are for sale to the highest bidder and the only thing they will understand is “do what the voters want or we’ll recall you from office and elect someone else.” Cynics will say that it’s impossible. Baloney! It will take work and persistence from lots of folks, but it’s possible.