How much of you do you own? Individuals do not control the use of their name, address, phone number, or even DNA. As concerns about privacy spread, O'Reilly's primer on the subject, written by Simson Garfinkel, repays rereading.

by Alex Goldman ISP-Planet Managing Editor [May 6, 2004]

Simson Garfinkel is a blogger and much-published commentator on Internet technologies. But he's also the founder of an ISP, Vineyard.NET. He started the ISP in 1995, sold it to venture capital in 2000, and later negotiated its repurchase from bankruptcy court.

Garfinkel's book Database Nation: The Death of Privacy in the 21st Century was published in 2000, but the subject is still relevant today, especially where it concerns fraud, such as ID theft.

The book is a very even-handed account of technologies that are used to track people and verify their identity. It talks about the valid uses of the technologies as well as their consequences.

Elsewhere, concerns about privacy are generally described and even discussed in vague terms. The book makes the concerns tangible by injecting a large number of fascinating stories, such as the ATM machine that told a bank which of its customers were frequenting a red light district, or the political candidate whose medical record of a few day' stay in a hospital for treatment after a suicide attempt was released during her run for office.

On the other hand, there are good reasons to have personal data and to own it. When the CEO of Experian says that his company is simply a good address book, Garfinkel admits that he would not want anyone to be able to opt of his Rolodex, or to restrict the information he could keep there.

The key point for anyone running an ISP who is concerned about these issues is that any company that keeps a database containing personal information needs to think about who has access to it and about what information is kept in it.

This may seem to be a simple insight, but the book, with its numerous real-life stories, shows that these two simple questions can have very significant consequences, and need to be carefully considered on a case by case basis.

For example, a bank noticed a suspiciously large number of ATM withdrawals late at night at one particular machine. After an extensive investigation, the bank determined that the ATM was near a red light district. It had, in its ATM use database, the information that every ATM collects when it disburses cash: time, date of transaction, and a digital photograph of the customer.

At this point in time, few people are aware of the information that is collected about their preferences and habits. Few, for example, know that New York City metrocards and E-Pass cards issued by the Orlando-Orange County Expressway Authority collect data detailing where the customer has traveled.

As the public becomes more aware of these issues, ISPs that have always been honest will reap benefits. The sales page for SoFast Nitro dialup, for example, includes a quote from NetZero's privacy policy, telling users to beware of what they sign up for, and to trust the local company, not the national player.

Furthermore, ISP customers are doing more, spending more, and risking more online every day. As people spend more of their leisure and even work time online, the issues addressed in this book will become more significant.

The book is 336 pages long, including index, bibliography, and further reading (such as websites).

— End