In the online resource Databases and Crime Fighting, we explored law enforcement's use of national databases. You don't have to be a lawbreaker, though, to be included in a nationally accessible database. Information on almost every person in the developed world is computerized in hundreds of databases collected, stored, and analyzed by governments and corporations. High-speed global networks increasingly link these databases. Armed with a single identification number, such as a Social Security Number, a user with proper access can produce comprehensive reports on millions of people without their knowledge or permission.
The computerization of medical records, travel records, phone records, and financial transfers has dramatically increased the quantity of data available about us all. Pressures to increase the availability of information about individuals come from a variety of sources. Government agencies perceive computerization as a way of increasing efficiency in a political climate of shrinking bureaucracy budgets. Law enforcement sees many advantages in improved identification and monitoring of individuals. Corporations use database technologies to target consumers, analyze markets, and even to choose and monitor their employees.
With many databases being linked by networks, the prospect of
consolidating information about individuals becomes attainable. A unique
identifier would enhance retrieval and consolidation of data from a number of
distinct databases, created at different times and for different purposes. As a
result, it is easy to see why the pressure for a single identifier to facilitate
information sharing for administrative purposes is increasing.
The Social
Security Number (SSN) was developed in 1938 to identify those eligible for
government retirement benefits. In 1961, the IRS began using the SSN as a
taxpayer identification number; since that time many other organizations and
government agencies have followed suit. You have no doubt been asked for your
SSN on numerous occasions when you applied for college admission, for a checking
account, for credit cards, and so on. Congress has debated bills to create new
national databases keyed to the SSN for all workers and for welfare and
immigration purposes.
In the near future we will likely see a system of universal identification established, with associated ID cards that include photographs, fingerprints, and microchips containing medical history and special conditions, address, next of kin, date of birth, place of birth, and so on. Such cards, called smart cards, are already widely used in Europe and are gaining acceptance in the United States. Columbia/HCA Healthcare Corporation recently announced that it was providing 50,000 Florida residents with cards that would hold medical records, including X-rays. Reading devices can gather data about an individual from such cards in short order. In a process that privacy advocates refer to as function creep, cards designed for a specific singular use are already being expanded to provide access to multiple databases.
A number of companies define their business as providing information about individuals. The list includes (but is not restricted to) ChoicePoint, Database Technologies, Experian, First Data, InfoSource/Donnelly Marketing, IRSC Inc., Lexis-Nexis, Metromail, and Information America. These companies point out that many benefits can be derived from their services, such as locating trial witnesses, tracking down so-called "dead-beat dads," and finding pension fund beneficiaries.
But many believe that the increasing use of databases with information about specific individuals is eroding personal privacy. As we consider this issue, let's first investigate how information about individuals is collected. Almost every business transaction in which you engage results in data. In addition to business transactions, each interaction with a government agency generates data about you. The data associated with some of these transactions is very important by itself-the amount of your automatic deposit on payday, the diagnosis you get from a visit to the doctor, the grades you received this semester, and so on. But many transactions seem rather insignificant by themselves-which brand of toothpaste you purchased at the grocery store, the amount you spent on produce, the total amount of your grocery bill, how often you visit the grocery store, the days and times you do your shopping. When a mass of seemingly insignificant data such as this is considered together, however, each element contributes to the sum of your personal affairs.
Suppose that the details of all your transactions enter some computer database. It may well be that an analysis conducted on data accumulated and collected from many different source points can produce information about you that you consider an invasion of your privacy. Where and when you shop, how much you spend on various items, which brand names you prefer, what sizes you buy (and presumably wear), how much gasoline you consume, how many miles you drive, how much you spend on long-distance calls, the amount of your heating bill, and on and on, may all be tallied. Such analyses produce what are called personal profiles, summary conclusions about your habits, means, movements, and so on.
Merchandisers value these personal profiles because they can use them to target marketing specifically tailored to your lifestyle, spending habits, and so on. When you purchase catalog items using the very convenient 800 number, the catalog company gains information as well as cash-item, sizes, amount, name, address, telephone number, and credit card number. If you purchase a gift to be sent to a third party, information about that individual is also collected. Your credit card company receives information from the merchants about all your credit card purchases. It is relatively easy for the company to produce a purchase profile, as well as information about your payment habits and preferences. Some of this data is likely to end up at one or more credit service bureaus, such as Experian (formerly TRW), Equifax, or Trans Union. These bureaus gather data from credit card companies and other sources to provide financial profiles of individuals. Such information might be accessed not only by potential creditors, but by prospective employers, landlords, and others.
To summarize, information about your habits, preferences, interests, health, financial situation, and other characteristics can be assembled from a wide array of sources. Some of the information is no doubt in the public domain (such as your name, address, and employer); some you may have given permission to be used for a specific purpose; still other information is collected without your knowledge or permission.
Regardless of the sources and types of information, a great many of us would still consider the aggregation and dissemination of profile data a matter of personal privacy. What redress do we have? The Constitution does not actually address the "right to privacy" directly. Most privacy-related legislation is based on the Fourth Amendment to the Constitution:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or Affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
How is the Fourth Amendment to be interpreted concerning an individual's
right to privacy and the use of today's database and networking technology?
The answer is largely unknown. Technology changes so rapidly that it often outpaces
our legal system's proper regulation of its use. No doubt the issue of personal
privacy and the collection of personal information in computer databases will
receive considerable attention in the courts and legislatures over the next
decade .