HP and The Privacy Erosion
It's hard not to be mesmerized by the bubbling scandal at Hewlett-Packard.
Former chair of the board Patricia Dunn had the company hire private detectives to track down who on the company's board was leaking information. Those detectives used "pretexting" -- employing a false identity -- to obtain board member phone records, as well as those of journalists covering the company. They also sifted through garbage and considered sending undercover agents into newsrooms. In the wake of the scandal, Dunn and other executives have resigned, and criminal investigations are underway.
While the Senate was busy yesterday shredding the Constitution, a subcommittee of the House of Representatives focused its attention on HP. Dunn faced a withering examination. Ten witnesses asserted their Fifth Amendment right to refuse to answer questions.
It would be wrong to say this was a waste of the committee's time. The HP tactics were outrageous, and high-profile cases can properly focus Congressional minds on important issues.
In the wake of the HP scandal, Congress may well pass legislation outlawing pretexting. This is not a trivial issue. The Electronic Privacy Information Center (EPIC) has earlier petitioned the Federal Trade Commission and Federal Communications Commission to take remedial action to stop pretexting. EPIC said in an FTC filing that it had identified 40 websites offering to sell phone records to anyone.
However, in a world where privacy rights are fast slipping away, there's a lot more that lawmakers should be looking at than pretexting. Digitalization, corporate consolidation, corporate marketers' effort to microtarget potential customers and the expanding demands of the national security state are combining to enable the creation of a Big Brother corporate-state nexus.
A few examples:
* Phone companies handed over millions of customers' records to the National Security Agency, without being presented with a warrant. "The actions of Hewlett Packard executives, although egregious, pale in comparison to the violation of the privacy rights of tens of millions of American consumers that should be safeguarded by federal law," noted 40 organizations including the ACLU, the American Library Association, the Arab American Institute, EPIC, Greenpeace and the Republican Liberty Caucus, in a letter sent yesterday to the House Commerce Committee. "The history of covert government surveillance of citizens," the groups noted, "has included unjustified spying on civil rights, civil liberty, and peace organizations engaged in First Amendment protected activity."
* Thanks to the financial services deregulation bill, giant financial conglomerates are now able to share consumer information between affiliates, and they can even share the information with non-affiliated corporations (unless a consumer affirmatively opts out of such arrangements).
* Corporate (and governmental) database managers don't provide adequate security for their own databases. Stolen computers, misplaced disks and lost files make vast troves of personal data potential available to identity thieves -- and those at risk may not even be notified that the data theft has occurred, nor given rights to block access to their consumer credit files. According to the Privacy Rights Clearinghouse, just since February 2005, more than 93 million data records in the United States have been compromised due to security breaches.
* The first corporations are now requiring employees to have RFID chips -- mini radio transmitter chips -- embedded in their bodies. The theory is they work as a perfect identity card in high-security situations. The worry is that they may give employers the ability to track employees wherever they go, at any time.
Finally, there is the phenomenon that Robert Harrow chronicles in his chilling book, No Place to Hide: While there are restrictions on the kinds of information U.S. government agencies may collect on citizens, they are increasingly circumventing these restrictions simply by purchasing data collected by corporations such as ChoicePoint, and many others.
"More than ever before," Harrow concludes, "The details about our lives are no longer our own. They belong to the companies that collect them, and the government agencies that buy or demand them in the name of keeping us safe."
It's like our lives are being recorded, one activist told Harrow, with an array of corporations maintaining electronic diaries relating to virtually everything we do.
"Only we have no control over the diaries," Harrow writes, "and we can't even know what they say about us. And there's no place to hide."
It doesn't have to be this way. But it will be, unless people demand restraints on how corporations manage the bits and bytes that record who we are and what we do.