Last fall the British company that sells Burberry coats purchased credit reports on 190 million Americans from TRW Credit Data Inc. Chances are your credit history was one of those sold; I know mine was.
Curious why a foreign clothier now owns the financial profiles of 708 million people in 40 countries? Would you be interested in details about the reach of US consumer protections for credit reports? Want to know how the British company might use this credit information?
You'll have to search high and low to find the answers, because ever since the sale took place last November, no US newspaper, magazine, TV station, or radio station has pursued the story. News of the transaction appeared in the business pages of a few papers, but only because some Boston speculators made a killing by purchasing TRW's credit bureau earlier in the year and reselling it to Great Universal Stores of England - which owns Burberry's of London - two months later.
That's the way it goes with many important stories related to personal information and privacy - the press just doesn't cover them. Instead, reporters love to write ad nauseam on the Orwellian trend - saying things like, "Computer data banks threaten to invade the privacy of every man, woman, and child." Typically these tiresome trend pieces include a quote from an information manager who says, "You have to live in a cave if you want privacy today." And they'll always get comments from "privacy advocates" who plead, "It's like 1984. They know everything about you. There's nothing we can do about it."
The dateline on these "view-with-alarm" articles could be 1977, 1987, 1997, or, I'm sure, 2007. The Orwellian trend story is easy to write, but it doesn't advance our knowledge of real threats to our privacy.
Some other examples of missed stories? In September, Equifax - one of the three major national credit bureaus - acquired an "information broker" named CDB Infotek, which sells credit reports as well as Social Security numbers, driving records, unlisted phone numbers, US Postal Service change-of-addresses, and demographic profiles of up to 30 of your neighbors. CDB Infotek is one of 16 information brokers - in a field of less than three dozen - that have been cited by state or federal authorities for violations of consumer laws.
The press missed this story entirely. Nor have you read about the Federal Trade Commission's lawsuit against Trans Union credit bureau to block the company's practice of renting information from your credit report to telemarketers and direct mailers.
Did you know that TRW changed its name to Experian last summer, to shake its negative image among consumers? That Congress now requires each state not only to demand your Social Security number when you renew your driver's license but to display it on the face of the license? That Citibank allowed the Secret Service to use the credit card accounts of real customers - without telling them - as bait in a sting operation? That beginning in 1998, thanks to Congress, you will need a universal patient ID number before you can get medical treatment anywhere, coast to coast?
One problem may be that journalists are trying too hard - they want to find the "privacy angle" but can't put their finger on it. So here's a suggestion: start looking for stories that shed light on emerging patterns in privacy issues. Let us know about the increasing foreign ownership of our personal data; the European advances in privacy protection that leave the US two decades behind; the covert and monopolistic attributes of companies that deal in personal information; the indifference that Congress and the Clinton administration display toward privacy issues; the possibilities for tracking Internet usage that are unfamiliar even to sophisticated Net users; the latest changes in telephone technology that make surveillance more likely and render the whole idea of "unlisted numbers" obsolete.
I was once asked by a newspaper editor to submit a story on what's hot in privacy - yet another Orwellian trend story. In the piece, I reported on "companies that compile inves-tigative reports on insurance applicants by interviewing their neighbors and coworkers."
The editor pounced. "You can't just write this!" he complained. "You need proof. I've never heard of companies doing that." Of course, all he had to do was check his local Yellow Pages, or contact the Federal Trade Commission, or simply call Equifax, which controls 75 percent of the market for "consumer investigative reports."
A month later, one of his reporters called. "I'm writing a story about computers and invasion of privacy ..."
Not a Solution
Hewlett-Packard is doing its part to lend credibility to the Clinton administration's key escrow encryption proposals. In mid-November, HP unveiled its International Cryptography Framework - a system that will allow computer users "to select encryption algorithms and levels of security according to personal needs and government regulations." Of course, if your "personal needs" conflict with "government regulations," you can guess which comes out the loser. The proposal attracted support from the British and French governments, but in cyberspace news of the framework prompted calls for a boycott of HP products.
Sign, or We'll Sue
The Software Publishers Association wants your local ISP to work as a copyright enforcer. The SPA is asking ISPs to sign a code of conduct that includes naming a "copyright compliance officer" to peruse customers' Web pages looking for pirated material and links to sites that contain pirated software. The SPA claims the code is voluntary, but when one California ISP refused to sign, the SPA sued for copyright infringement liability. The suit was later dropped, but the SPA campaign continues. The Association of Online Professionals argues the code imposes "burdens and obligations that are not required under any existing copyright law."
Ratings Down Under
As part of a proposed code of practice for the Australian online industry, the Internet Industry Association of Australia (INTIAA) is recommending that online content providers voluntarily rate material according to the country's existing National Classification Code. Content rated R or X would be accompanied by "suitable onscreen warnings" and would be "managed by subscription enrollments" to exclude Internet users under age 18. American ISPs have long argued that no viable system exists to verify the age of Internet users, but the INTIAA seems unfazed. And its code of practice still offers no suggestions on how to implement an age-based ratings scheme.
