Search This Blog

Tuesday, October 25, 2005

Did George Orwell's 1984 Predict Today's Personal Data Breaches?

1984 is about a totalitarian state where every aspect of public and private behavior is regulated. We certainly aren’t at that point, but the control over our names and personal data by business and government has set the stage for the next step. As Erich Fromm wrote in the book’s “Afterword,” Orwell warns us that, unless drastic changes are made, people will become “soulless automatons.”

Back in 2001, David Goodman did a “Special Report” in Insight on the News, “Orwell’s 1984: The Future Is Here.” It is an excellent article if you are an Orwell fan but is also far-reaching in the analysis of the writer’s meanings in 1984.

First, he makes a comparison between the book’s totalitarian state and the implementation of the USA Patriot Act of 2001. Next, he wonders about the title…why 1984? There are three theories that make interesting reading.

But my favorite is his focus on the fact that, although the liberals embrace Orwell’s resistance to the loss of civil liberties, they can’t admit their leaning toward the principles of totalitarianism. You have to assume that Goodman is referring to the “more government” belief of some Democrats.

If you look closely at Orwell’s “Party” in 1984, as the representation of the all-powerful force that controls every aspect of the people of the fictional country of Oceania, it is easy to draw a comparison with the situation today, where our private information is under the exclusive control of government agencies and business.

In Chapter four of Part one, Orwell writes of the ease with which real people can be made “unpersons,” which closely parallels the idea that credit bureaus can place incorrect and damaging data in your records and damage your credit, and life, forever.

Rick Perera, writing in a 2000, Computerworld article, was concerned even then over privacy issues and the Internet. In his article, “Security and privacy issues loom large for Internet’s future,” he combines the “explosive” development of the Internet, with the warning of privacy legislation if it doesn’t police itself. He remarks, “Citizens around the world are scared about this. A scenario out of George Orwell’s novel 1984, in which companies could know more and more about users of their Web sites, would be a dangerous world.”

Orwell did envision the Internet in the second draft of the book, but in later editing, for some reason, deleted it. His concept of the telescreen even rivals that technology. 1984’s protagonist, Winston Smith, couldn’t speak above a whisper for fear of being heard by the police on this TV-like, customary fixture in most party-members’ homes. Within its field of vision, which was most of his modest living quarters, his every move could be monitored. The author turned the infancy of television, 1948, into a full-scale, scientific phenomenon.

On her BLOG, Your Right To Know, Heather Brooke gives the American consumer credit for rising up against the Patriot Act in her article, “Let Them Read Heat.” (Scroll up to top.) The act was “pushed” through by Bush, but when the American public figured out what was going on, “their protests grew loud and angry,” she reports. A comparison is drawn between this and the British public’s “…lamb-like disposition toward its leaders.”

In all fairness, Heather, the Brits are far ahead of the U.S. in their protection of the consumers’ name and personal data, as evidenced by the United Kingdom’s Data Protection Act of 1998. It at least provides that anyone processing personal information must notify the Information Commissioner’s Office (ICO) that they are doing so, which just falls short of my concept that consumers should have control over their names and personal data. Both articles are available on The Dunning Letter.

Although there were no legislative matters to deal with in 1984—Big Brother did all the legislating—the U.S. Congress had better take note of Orwell’s intentions to warn an apathetic public. Unless, of course, this is all a huge conspiracy between business and Congressional leaders.

Friday, October 07, 2005

Short Hiatus

Well, folks, we’ve been plodding away at this for almost six months (10/19/05). I hope we’ve accomplished some level of awareness on the jeopardy of your name and personal data during this period. There’s lots more to come but we have to take a short break to complete a book project on my concept of giving you control over your name and private information. The hiatus will only be for a couple of weeks.

During this period, any COMMENTS you might have on the material you’ve read so far would be appreciated. See you in two.

Wednesday, October 05, 2005

Drugs, Data and Money

By now, if you have been following my blog, you know that data, particularly personal data, is the Fort Knox of the technological age. If I were a greedy entrepreneur, I would much rather have a database containing several million names with private information, than a row of hotels on Boardwalk. CNN confirms this in their recent article, “Your identity…for sale,” by Jeanne Sahadi.

She covers the regular data breaches by the big companies, banks and data brokers, but her heading, Retailers and manufacturers, is what caught my attention. Under this she says: “From Mom-and-Pop shops to nationwide drug stores and supermarkets to the manufacturer of your coffeemaker, there’s information companies collect on you and may sell to information brokers.” Forget “may.” I can confirm that they do.

Rumors of the sale of consumers’ medical info have been floated for the last few years but Privacy Rights Clearinghouse made it official in 2004, by filing a lawsuit against Albertsons supermarket chain and their drug subsidiaries, OSCO and SAV-ON. PRC makes the claim that, “Albertsons secretly enters into commercial arrangements with pharmaceutical companies willing to pay to participate in Albertsons’ Drug Marketing Program, which is based on the information taken from customer prescriptions.”

And, get this folks, according to PRC: “Albertsons is paid at least $3.00 - $4.50 per letter it sends and between $12-15 for each phone inquiry.” At its best, this is thirty times better than the average 15 cents per name made by the junk mail industry.

According to Food Marketing Institute, the average supermarket has approximately 14,000 customers each week, 700,000 a year. If only one-third of them buy their medication there, that’s a potential annual sale of medical data, per store, of $699,300. Albertsons has 2,300 stores, but let’s say only half have drug departments. The grand total each mailing is over $800 million. And this doesn’t even include the payments for those phone inquiries.

I did a BLOG Bulletin recently on why Albertsons/OSCO wants your personal data. In this particular instance, their check-out clerks were asking for personal information to cash checks and actually in-putting it to their database from the cash register. I raised hell—as probably did many other customers—and they stopped it soon after that incident. Who knows how many driver’s license numbers and telephone numbers—all that’s necessary, along with name and address, to initiate ID theft—they collected before they canceled the policy.

The reason all this is so hush-hush is due to the enormous lobbying efforts of the pharmaceutical industry. The Center for Public Integrity published an article on their Web site recently, “Drug Lobby Second to None,” by Asif Ismail. He starts by revealing that, according to the Center, drug lobbyists spent over “…$800 million in federal lobbying and campaign donations at the federal and state levels in the past seven years…” He goes on to point out how even the direction of the FDA has become more “industry-friendly.”

Although somewhat dated (2001), Andrew Brandt’s Privacy Watch article, “A handful of insurance and medical industry companies want to sell your personal data, but you can stop them,” in PC World, was a forecast of things to come. He singles out insurance companies and the medical industry, both of which, he states, want to get in the business of selling your name and personal data. At the time, the Bush administration was trying to delay the stringent new privacy rules in the Health Insurance Portability and Accountability Act (HIPAA).

If you’ve been to the doctor’s office recently, you know that at least we have the HIPAA on our side now. More on this whole issue in a future post.

Sunday, October 02, 2005

National ID Card...Without the Risk

Yes, it can be done, but, before I get to that, there’s an article from the St. Louis Post Dispatch that brings up two very interesting points. “Can you prove who you are? Maybe we need new ID system,” by Pat Gauen, takes up the subject of identity theft again from a personal slant. Both victims were close—one a colleague, the other his daughter—and each ended up losing that most precious part of their individuality…their identity.

The daughter’s situation was most unique in that it also involved ineptness in her state’s bureaucracy. She had two forms of identification—birth certificate and college picture ID—but she had a “devil of a time” replacing her driver’s license. Bureaucratic snafus are another topic, and, grist for another post, but suffice it to say, they figure significantly in the ID theft problem.

Gauen’s first point of interest to me is his reference to George Orwell’s “Big Brother” government, that, he says “…will hound us cradle to grave.” An interesting observation, because I have a post planned that draws certain similarities between Orwell’s 1984 and the current trend which seems to be leading toward our complete loss of identity.

The second point, with which I highly agree, is his statement that “…we continue to manage the most basic component of our being, our names, with inferior tools.” This comes from his earlier comment about questionable people in charge of our personal data and the enormous collection of private information by business and government. I could not have said it better myself, even though this is the crux of my concept: that consumers should have control over their names and personal data.

I did a post on this subject on May 17, 2005, titled, “BLOG Bulletin: National ID Card Promises to Expose Largest Amount of Personal Data, Ever, In One Location.” The title’s premise is still valid, based on the content of that blog, which explores the fact that government, and business, want to build these massive databases in order to recklessly access our personal data for any reason they desire, and ultimately offer it for sale at a premium.

The Real ID Card is like most issues with Congressional leaders. Rush to propose legislation that will draw attention and then let it languish in committee until, once again, it is politically correct to revive. This time, Congress tacked the Real ID Act on to the $82 billion Military Spending Bill, apparently for convenience. Several Internet articles have covered the subject. One, “National ID cards on the way,?” by Declan McCullagh on News.com, is a good overview from some early maneuvering in Congress to several opinions on how the “card” would function.

eWeek.com’s article by Lisa Vaas, “Analysts: ‘Real ID’ Act Could Help ID Thieves” quotes security experts’ concern over the “card” because of, “…a lack of confidence in the government’s ability to employ the technology in such a way as to prevent citizens from being preyed upon by identity thieves.” Declan McCullagh, in another article, “FAQ: How Real ID will affect you,” will answer most of your questions about the “card,” starting with the fact that it will be required by 2008.

And now, with all these facts before you, let me lay out a plan that is much simpler in construction and execution and far more competent in protecting your name and personal data. I call it the Name and Personal Data ID (NPD-ID) and, as I have written before, it replaces the Social Security card in all transactions relating to your name and private information. I covered this earlier in my blog, “Re-Clarification Of the Basic Issues In the Control Of Your Name and Personal Data,” but the process is expanded here for additional refinement.

The essentials remain: complete control over your name; assignment of the NPD-ID; opting-in to the use of your name and personal data; eliminating ID theft by acting as a watch-dog in fraud incidents; and, sharing in the proceeds of the sale of your name and private information. “But what’s the difference between your NPD-ID and the Real ID?” you ask.

All personal data pertaining to the 295.8 million U.S. consumers would be replaced by two exclusive NPD-ID databases: one, the name and address/identifying characteristics; two, all personal data. The connection between the two is encrypted and only the individual has the code that will connect the two. Only the individual may allow any outside source to access their private information. Simple, but doable. If you’re a “techie” you might want to check Wikipedia’s “Data Encryption Standard” definition.

The technology is already there. Data encryption could have saved thousands of identity thefts from happening, but database companies refuse to invest the extra dollars to install this process. A European company is already selling this procedure, and an American corporation is on the verge of similar technology.

I haven’t worked out the specifics of how to handle emergencies such as terrorist attacks or natural disasters, but the Data Encryption Standard does provide methods that will provide a solution that will satisfy both government and business.

The consumer’s part in acting as watch-dog to their data and providing authorization for its use would not replace the laws already in place that protect against ID theft. It would just put some of the responsibility on the individual to be concerned over what is one of their most valued possessions. Not too much to ask if you’re also going to be paid when your name and the personal data is sold, right?