INSIDE  
THE MAGAZINE      September 2002
The Magazine



Past Issues


Write for Us

Advertise

About the Magazine

Letter from Editor

Order Back Issues

Masthead

TECHNOLOGY IN PRACTICE

AS I WAS SAYING WITH WENDY R. LEIBOWITZ

Examining Our Online Selves

Who’s in charge of our personal data? And how do we regain control over it?

 

New skirmishes in the privacy wars are popping up on unexpected fronts. Until recently, the hot focus was on protecting the information that Web users disclose on countless sites. It seems the result of that debate has been a flurry of privacy notices. Most of those, of course, go unread by real-life Web users. I just assume that my personal information is circulating to anyone who will pay for it. (I know you want to sell me something, just don’t phone me at dinnertime.)

But maybe the information is being used differently now, by parties that want to do more than merely sell me clothing or magazines, or clothing to wear while I’m ordering more magazines. Maybe it’s being used by an employer who wants to know if I’m taking medication for depression, HIV or an expensive chronic disease that will increase the employer’s health insurance costs. Maybe it’s being used by a car insurance company wanting to place a Global Positioning System in my car to learn whether my route takes me through dangerous neighborhoods. Maybe it’s any one of many other disturbing possibilities.

The new battle for privacy goes beyond protecting your personal information—it’s about getting control over it. Knowing what it’s being used for, why, by whom and for how long. Face it. Your personal data is out there, and "opting out" is difficult if you still want to participate in society. But you might be able to control where the data flows.

As usual, lawyers are on the front lines, with technology simultaneously part and parcel of both the problem and the solution.

Your Privacy and Your Law Firm

Gradually, the ability to unearth information on people electronically is becoming mainstream. For example, a partner at a small firm was considering hiring a new lawyer, but was frustrated when he contacted former employers to check references. The employers would confirm only dates of employment. So the partner decided to become his own detective agency. "I googled the guy," he says.

Putting someone’s name in the Google search engine can return a bit of information. For example, I learned that John Tredennick, chair of the Law Practice Management Section, is a horse enthusiast. I learned that at least one article written by Merrilyn Astin Tarlton, editor of this magazine, has been translated into French. When you put my name into Google, my old posts on a defunct discussion group are among the top results. Unfortunately, Carl Roberts, the LPM Executive Committee liaison and LPM Section secretary, has a name that is much too common for ordinary Google searches—anything juicy that pops up belongs to another Carl Roberts.

Frankly, I was a bit disappointed with the results of my snooping, and not just because the leaders of this Section have led squeaky-clean lives, at least according to Google. No, I was disappointed because, on its own, the free information is not enough. For the real dirt, you have to pay. Should anyone choose to, here are a few databases that will aggregate the data on you—or on your neighbor, your ex-spouse, your baby-sitter or the guy your daughter wants to date:

Accurint, at www.accurint.com. This location service for people and their assets offers what it calls "the world’s largest set of location data." Users can conduct a search of the entire United States for as little as 25 cents.

Courtlink E-Access, at www.courtlink eaccess.com. This service searches state and federal court databases. Many bankruptcy, criminal and family court records may be found unexpurgated.

Choicepoint, at www.choicepoint .net. Its identification and credential verification services are aimed at employers. The site also claims to have assisted in recovering hundreds of missing children.

USSearch, at www.ussearch.com. Divided into "Business" and "Consumer" searches, this service has the standard people-locator features, as well as an employment screening service, or background check, for businesses.

Rapsheets, at www.rapsheets.com. This site searches a database of 50 million criminal case law records. You can instantly verify Social Security numbers for $5.95 a piece, or conduct an unlimited number of searches for $14.95 a month.

All Data, All Aggregated, All the Time

Once it became glaringly clear that all that data is out there, and that people are willing to pay for it, consumers insisted on privacy policies. But just as soon as companies established privacy policies, and safely stored your data heaven knows where, companies started changing their policies. The electronics and software retailer Best Buy, for one, announced it was altering its online privacy policy to combine customer data from its Web site with information it collects offline in physical stores. The company said it will also share with unspecified third parties the customer information it reaps from surveys and customer-written online product reviews. A spokesperson for Best Buy, Joy Harris, said the new policy "makes good business sense." It went into effect June 9.

Other companies, including Yahoo and the online auction site eBay, have announced unilateral changes to their privacy policies that allow them to share customer data with third parties, despite consumer outcry.

Privacy advocates are concerned about the aggregation of customer information. They are correspondingly concerned about consumers’ inability to opt out of inclusion in these databases, before their purchasing patterns and Web surfing habits are joined in other databases with their credit and travel habits, work and marital histories and use of the courts. "I would argue that my constellation of personal information is special and unique to me," says Karen Gottleib, an attorney and court consultant in Nederland, Colorado, who writes and speaks on database aggregation issues. "Why would my information be so valuable to marketers, but not to me?"

A small victory for privacy advocates occurred in May. The advertising company DoubleClick had moved to combine its online and offline data. But DoubleClick’s data was derived from numerous sites—not just its own databases—and the company had merged in 1999 with a company that performs data mining services for catalogue businesses. In the recently reached settlement resulting from a class-action lawsuit, DoubleClick agreed to purge much personally identifiable information from its database, including customers’ names, addresses, telephone numbers and e-mail addresses. The settlement also requires the company, inter alia, to obtain explicit "opt-in" permission from individuals before tying their personal data to their Web surfing histories ( In re DoubleClick, Inc., Privacy Litigation, S.D.N.Y. Master File No. 00-CIV-0641-NRB).

It will be lawyers who fight these fights—the consumer advocates, the contract gurus and the counsel to high-tech companies whose main revenue streams nowadays may be selling their customer information. As a profession, we must think of what our privacy practices will be, what "best practices" should be and what practices are realistically enforceable.

By mindlessly clicking on "I Agree" at whatever terms and conditions are listed on a site, do you consent to your information being consolidated with other information about you, your neighborhood, your offline purchases and your marital, medical and employment history? "We’ve consented to the extent that we’ve never said ‘no,’ but we’ve never been asked, so it’s hard to say ‘no,’" says Herbert Clark, a Tallahassee attorney who chairs the Privacy Law Subcommittee of the ABA Consumer and Personal Rights Litigation Committee.

To Whom Does the Data Belong? The Oversized Umbrella

Court consultant Gottleib is particularly concerned about data that is collected by public institutions, such as the courts—which people must use to record certain transactions or life changes, such as divorces or bankruptcies. "Does public access to information mean that marketers have presumptive access [to data] because citizens bring their disputes to court? Is that the kind of society we want?" she asks.

Herbert Clark sees the issue as one of the most important new legal questions facing our society. "The growth of super-intensive databases under one roof, and the ability of certain database aggregators to concentrate so many individual databases under one umbrella, is the single biggest thing that’s growing in front of us," he says, implicating both civil liberties and national security.

What really bothers Clark, Gottleib and other privacy advocates is that the implications of aggregating databases and selling access to them are not well thought through. "Consumers are not informed on what information about them is circulating, and for what purposes," says Clark.

At the same time, Clark is mindful that our society’s notions of privacy and government interests are different these days. "It’s likely that a lot of these otherwise intrusive efforts at mining information in databases may turn out to be very helpful in preventing future 9/11s." As Clark says, "It’s a very complex issue."

Wendy R. Leibowitz (wendytech@justice.com) is a lawyer and the Editor-in-Chief of E-Filing Report. Her Web site is www.wendytech.com.