Wednesday, December 15, 2004

Schneier on Kafka and the Digital Person

Bruce Schneier has a lovely essay on the collection of personal information in the latest version of his excellent Crypto-gram newsletter, Kafka and the Digital Person. A sample:

"In the United States, information about a
person is owned by the person collects it, not by the person it is
about. There are specific exceptions in the law, but they're few and
far between. There are no broad data protection laws...

As a result, enormous databases exist that are filled with personal
information. These databases are owned by marketing firms, credit
bureaus, and the government. Amazon knows what books we buy. Our
supermarket knows what foods we eat. Credit card companies know quite
a lot about our purchasing habits...

All of this data is being combined, indexed, and correlated. And it's
being used for all sorts of things. Targeted marketing campaigns are
just the tip of the iceberg. This information is used by potential
employers to judge our suitability as employees, by potential landlords
to determine our suitability as renters, and by the government to
determine our likelihood of being a terrorist...

And with alarming frequency, our data is being abused by identity
thieves. The businesses that gather our data don't care much about
keeping it secure. So identity theft is a problem where those that
suffer from it - the individuals - are not in a position to improve
security, and those who are in a position to improve security don't
suffer from the problem.

The issue here is not about secrecy, it's about control. The issue is
that both government and commercial organizations are building "digital
dossiers" about us, and that these dossiers are being used to judge and
categorize us through some secret process."

No comments: