WHY PERSONAL SECRETS ARE NO MORE

Why personal secrets are no more
In digital age, information can be a matter of life and death

Back to the Privacy Links to the Truth Page

Tuesday, June 12, 2001

INVASION OF PRIVACY – Part 1

© 2001 Regnery Publishing

Editor's note: This is the first of a four-part serialization of Michael S. Hyatt's blockbuster new exposé, "Invasion of Privacy: How to Protect Yourself in the Digital Age." Look for part 2 tomorrow.

Amy Boyer was being tracked. The beautiful young girl was soon to graduate from college. Not yet 21, Amy was still living at home with her family, whom she loved greatly. She and her boyfriend were planning to purchase a home and begin the next stage of their life together. A hard worker, she held two part-time jobs while she attended school. With many friends and a loving family, she had no reason to think she had any enemies.

Liam Youens was a young man who had gone to school with Amy. From at least the 10th grade, he had been obsessed with her. Eventually, he began a Web page to chronicle the ways in which he watched her. He discussed how he planned to kill her, her family and then himself. But he had difficulty keeping tabs on Amy. He had dropped out of college after a year and was living at home, which afforded him limited use of a car. Amy often wasn't home when he was driving by to spy on her – she was probably working – and Youens needed to find out where she was if he was going to carry out his plan.

He was able to find Amy because she was being tracked – just as we all are. Youens simply needed to know who could pull together the information available in public documents and elsewhere. Using the Internet, he paid for several public-record searches for personal information about Amy. He then obtained her Social Security number from Docusearch.com, a private investigation agency in Boca Raton, Fla. Finally, he paid $109 to get the address of Amy's workplace.

At 4:30 p.m. Oct. 15, 1999, Amy left her job at a dental office. As she was getting into her car, Youens pulled up, jumped from his vehicle and fired 15 shots into her. Her injuries included a fatal head wound. Youens used the 16th bullet to shoot himself in the head.

Amy Boyer was unique in many ways, but her vulnerability was anything but atypical. There was nothing about her that made her especially easy to track. She had a Social Security number, just like you do. She lived in a society in which private investigation firms advertise over the Internet and perform investigations for customers they never meet, just like you do. Her place of employment and other details of her life were available to anyone who wanted to spend a few dollars, and the same is undoubtedly true of you. Amy was a victim precisely because it has become relatively cheap and easy for anyone to get the information necessary to track a person down. Her stalker found out everything he needed to know without her ever knowing she was the object of his study.

Amy's tragic death has spurred some late, but important, discussion of the need for privacy in modern life. There has even been a bill proposed that would forbid companies from refusing services to someone who will not reveal his Social Security number. Another proposed bill would, as New York Times columnist William Safire points out, "[prohibit] individuals from 'displaying to the public' anybody's Social Security number without consent." But even that legislation would exempt the "information brokers" that gave Liam Youens the information he needed to find and kill Amy Boyer.

Although such efforts to protect privacy are a start, in truth they do not take into account the deep-rooted nature of the problem. For instance, even while the use of Social Security numbers has proved so dangerous, many states still prominently display them on their drivers licenses. We are coming closer and closer to living in the "panopticon" – a world of total surveillance.

In 1787, Jeremy Bentham, a British philosopher, made a proposal for prison architecture called a panopticon – (literally, "the all-seeing thing"). The idea behind the panopticon was that a prison would be most secure when the jailors watched the prisoners at all times. Since that was not possible, the next best solution was a structure where the guards could watch the prisoners at all times and where the prisoners never knew if they were being watched. That way, the prisoners would always behave appropriately.

Bentham never sold the British government on his plan, but he has proven to be something of a visionary nonetheless. Our society has become a sort of panopticon. It is all too easy to monitor someone without his knowing about it. We never know when the civil government, corporations or predators are watching us.

Unlike Bentham's prison, which had only one set of watchers, we are now in a situation in which any number of people might be watching us in different ways and at different times. We are being tracked, or at least we can never know for sure that we're not being tracked.

As tragic as Amy Boyer's death is, it probably won't be enough to galvanize the public. Why? Because even though stalking is a growing problem in our society, being killed by a troubled youth – certainly a terrifying possibility – is still not all that likely. The fact is, however, that there are many other ways in which we can be victims of the panopticon. Indeed, even after her death, Amy was a victim of yet another invasion of privacy. The August before she died, Amy's pocketbook had been stolen, so she canceled her credit cards and checks, thinking that was the end of it. But two days after her death made the news in New England, the thieves, who had gotten her Social Security number, were able to assume her identity. They managed to spend $5,000 by using checks in her name.

Whether you realize it or not, you are being tracked, just as Amy Boyer was, and it can cost you time, money, freedom – even your life.

Tomorrow: Who's tracking you?

Purchase Hyatt's book, "Invasion of Privacy: How to Protect Yourself in the Digital Age."

Who's tracking you?
Government, businesses, just about everyone

Wednesday, June 13, 2001

© 2001 Regnery Publishing

You are being tracked by just about anyone who thinks he can sell to you, steal from you or control you. This includes government agencies and big businesses; banks, credit reporting agencies and other financial information resellers; insurance companies, pharmacies and other health-related organizations; political and extremist groups; local retail outlets and marketers; employers and fellow employees; spouses, ex-spouses and potential spouses; lawyers and private investigators; and even common criminals, hackers and practical jokers.

This is not merely an Internet problem. It is true that technological progress in data storage and data transfer has made it possible for others to monitor you more easily and to gather your personal information more speedily. It is also true that communication over the Internet has brought about new ways in which you can be scrutinized. These problems are real.

Nevertheless, the issue is not the Internet per se. Even if you don't use a computer, your activity is still being tracked, and your identity is vulnerable to those who wish to learn about you for whatever reason. In 1989, long before the Internet was a reality, a stalker was able to find and kill "My Sister Sam" sitcom star Rebecca Schaeffer by using motor-vehicle registration records in California.

Advances in technology are only making the problem worse. We are being tracked with increasing efficiency. We are being tracked more affordably. And we are being tracked more uniformly as various institutions share information with one another.

Many different groups offer rationales for why we need to expect all our personal information to be available to whoever wants it. The two main legitimate proponents of the panopticon are business interests and various government agencies. But professional criminals also benefit from this situation.

Here's an overview:

Within the law: The corporate perspective

Businesses obviously want to gain new customers and keep the customers they have. To do this, they need information. It is the fuel that drives modern industry. The more information a business has about a prospect or a customer, the more likely it can meet that customer's needs or shape its promotions to appeal to those needs.

The information about a customer is called a "profile." It contains both demographic and psychographic data – not only who the person is but also what he does and why he does it. As a business collects more and more data about its customers, it soon discovers that such data are an asset that can be sold on the open market. Businesses now routinely sell customer profiles to anyone who will pay for them. This has become a big problem in some industries, such as financial services. As a result of deregulation, one company can offer a full range of financial services: banking, insurance, investment brokerage and direct marketing. Thus, the lure of "one-stop shopping" allows a single company to know a customer 's entire financial situation.

This information can be, and sometimes is, used to exploit the customer. For example, U.S. Bancorp in Minnesota sold the personal account information of its customers to a telemarketing company for over $4 million plus a 22 percent commission on whatever sales were generated from the database. As the Minnesota attorney general's office reported:

"[U.S.Bancorp] provided MemberWorks Inc. with the following information for its customers: name, address, telephone numbers of the primary and secondary customer, gender, marital status, homeownership status, occupation, checking account number, credit card number, Social Security number, birth date, account open date, average account balance, account frequency information, credit limit, credit insurance status, year-to-date finance charges, automated transactions authorized, credit card type and brand, number of credit cards, cash advance amount, behavior score, bankruptcy score, date of last payment, amount of last payment, date of last statement, and statement balance."

Above the law: The government's perspective

In our society, government is responsible for punishing criminals, protecting citizens and preventing crimes – and for any number of other services. The government has used this as a rationale for all sorts of information gathering and surveillance. We are constantly being tracked by Big Brother through a variety of means – birth certificates, tax forms, motor vehicle registration, marriage certificates, voter registration, property records, court records, arrest records, divorce records, death certificates and on and on.

Even where the government is entrusted to protect privacy, it does not reliably do so. Laws protecting privacy are helpful only if they are obeyed and enforced. For instance, an Ohio public school sold information to a bank about some of its students, enabling the bank to solicit business from the parents – despite the fact that it is illegal for public schools to provide such information to anyone without the parents' consent.

Casual record keeping and failure to comply with the law are just part of the problem. Various government projects systematically invade our privacy. The National Security Agency (NSA), for example, has developed Echelon, a comprehensive spy network that monitors communication around the world. The Treasury Department has formed FinCEN, a network for retrieving personal financial information in real time. The FBI is now deploying Carnivore, a program that intercepts and reads e-mail on a mass scale.

Of course, many would not argue with the government's desire to protect us by stopping violent crime before it happens or to prevent money laundering, drug trafficking, tax evasion and so on. But what happens when government agencies invade our individual rights? We are losing our privacy to the government, and in the process, we are falling under its control.

More and more we find that we must simply depend on unaccountable government agencies not to violate our rights.

Outside the law: The criminal perspective

The government and even some private industries consider access to our personal information an important way to prevent, detect and solve crimes. But even if that were true, a concern is that the information superhighway is not restricted to authorized drivers. Criminals can, and do, use the panopticon to gain the information and control necessary to exploit others. In other words, the very means that the government and businesses employ for security purposes can actually lead to crime.

Perhaps the most egregious example of this sort of "safety equals vulnerability" equation is the ubiquitous Social Security number and its use in stalking and identity theft. As we saw with Amy Boyer, the Social Security number is a magic key that gives stalkers access to almost any other information they wish to have. (The other key is the target's name plus date of birth.) The Social Security number – which predators can get through theft, fraud or hacking – also allows identity thieves to impersonate their victims, putting them into debt and committing other crimes under their names. The information superhighway, so efficient at spreading information, ruins the reputation of victims of identity theft; reports are spread to credit and law enforcement agencies of debts the victims never incurred and crimes they never committed.

Victims report that both police and credit officials often treat them as perpetrators. One victim wrote: "I sent them a signed statement. Then they wanted a notarized statement so I sent them that. Then they wanted copies of my driver's license and my passport or Social Security card. After I would send each item, they would demand more and more. I didn't want them to have copies of my driver's license or passport. I felt they were careless in letting anyone open an account in my name, and I didn't feel safe giving my personal information to them. It took three years before they finally removed the negative rating they had placed on my credit. I couldn't buy a car or get a student loan, and I was in school. I was considered guilty until proven innocent. Finally they removed it, but only because I called them for the thousandth time and lost it over the phone."

When 19-year-old Sarah learned that she was being accused of trying to cash stolen checks, she did not understand how it could have happened. Her purse had been stolen 10 days earlier, but everything had been returned to her. Later, it occurred to her family that their car had been stolen the previous year, and Sarah's license had been inside the car. However it had happened, Sarah's identity had been stolen. Using false identification based on Sarah's Social Security number and possibly other information from stolen credit cards or checks, someone was now able to pass herself off as Sarah and use her identity to commit other crimes.

Even though Sarah had testimony corroborating her whereabouts, and even though she did not look like the woman posing as her, the police put more trust in the identification than in eyewitness testimony or any other evidence and insisted on pressing charges. For over six months, Sarah's family had to endure these criminal accusations. A judge finally dropped the charges, but not before the family had had to incur the expense of an attorney, and not before her mother was forced to see a specialist to treat a painful case of lockjaw that resulted from the stress of watching her daughter's name dragged through the mud.

Lest you think that Sarah's is an isolated case, be aware that identity theft is an increasingly common crime, one that feeds off the environment of surveillance in which we live.

Tomorrow: Is technology the problem?

Is technology the problem?
Personal awareness, responsibility is first step back

Thursday, June 14, 2001

© 2001 Regnery Publishing

Editor's note: This is the final installment of a three-part serialization of Michael S. Hyatt's blockbuster new expose, "Invasion of Privacy: How to Protect Yourself in the Digital Age," which is available at WorldNetDaily's online store. At the end of this article, there is a link to Hyatt's privacy self-assessment test.

Technology inevitably becomes the focus of most discussions about privacy because it is the means by which individuals and institutions find out what they want about us. We must keep in mind that technology is just that: a means, and not the basic impulse for the invasions on our privacy. Still, technological innovations have undeniably made privacy invasions possible in ways never before envisioned. The problem is particularly acute because we often embrace new technologies with naive optimism before they are really understood. Privacy is being eroded because of cheap information, ignorance about new technology, technological glitches and more intrusive surveillance.

Once businesses and governments had to keep all records on paper. But the bureaucratic days of filling out forms in triplicate and dusty rooms filled with filing cabinets are long over. Information is much less expensively and far more efficiently stored, and it is much more accessible. Not long ago, someone seeking information about an individual had to phone the proper institution and cajole or bribe an employee to dig up a physical record. Now databases can be accessed without any need to interact with other people, and duplicate information can be stored in a laptop computer. In addition, different pieces of data about a person can be merged together almost effortlessly to form a single, exhaustive profile.

A widespread lack of understanding of new technology is another cause of the problem. The way we use e-mail is a good example of this. When you send mail through the post office, you put it in an opaque envelope and seal it shut. Why? Because you want the contents to remain private – you don 't want someone other than the intended recipient reading your mail. But with e-mail, most people are doing exactly what they would never do with regular mail. Few realize how easily a third party can read their e-mail.

This widespread naiveté often prevents possible technological solutions to these problems from working effectively. Consider this statement from Kevin Railsback, the West Coast technical director of the InfoWorld Test Center:

"For some time now, I've been using [e-mail] security products such as PGP (Pretty Good Privacy) and its open-source version, GPGP (Gnome PGP). I have a public key, and I have the public keys of a few friends, but the technology isn't too useful for everyday use. The basic problem is that until a critical mass understands how public its information really is on the Internet and decides that privacy is important enough to protect, then the majority won 't use the technology. Public key encryption, the building block that PGP and such products are built on, has been around for years. It works great, makes your e-mail virtually impossible to break in to, and isn't that tough to set up."

With all of the technological advances in data storage and transmission, glitches can now mistakenly make public all sorts of personal data. On Sept. 15, 2000, for example, First Virginia Bank's online service allowed customers to view other people's account information, including deposits, balances and cleared checks. In this case, the glitch did not affect actual balances or reveal personal identities. But earlier in the year, NetBank had sent a slip to one customer containing another customer's personal information, including his Social Security number. And as CNET News.com reported, H&R Block "shut down its online tax filing service after the company accidentally exposed some customers' sensitive financial records to other customers."

A New Zealand man confessed in court to nine counts of using his "shoe-cam" to take video footage up the skirts of thousands of unsuspecting women and girls at public events. The device was unnoticeable on his shoe, linked by a wire running up the leg of his pants. The man then loaded these images on his computer and posted them on the Internet. This is but one example of the avalanche of new technologies: video cameras that fit on a shirt button; audio receivers that can be inserted seamlessly into a telephone, a fountain pen or a potted plant; scanners that can pluck telephone conversations out of the air and effortlessly trace them to their source; and much more.

Not only can criminals use these technological innovations, but governments and businesses can use them as well.

Just a month after Amy Boyer's death, Forbes magazine ran a cover story on the lack of privacy in our society. Although the story was unrelated to the Boyer case, it featured Docusearch.com – the company that enabled Liam Youens to track down his victim. Forbes writer Adam L.Penenberg dared Dan Cohn, the head of Docusearch.com, to dig up all the information the investigator could find about him, starting with nothing but his name. Two days later Cohn had discovered Penenberg's birth date, his mother's maiden name, his address and his Social Security number. (Cohn said it took him only five minutes of actual investigation.) Penenberg was even more shocked at what Cohn was able to dig up in less than a week. He wrote: "In all of six days Dan Cohn and his Web detective agency, Docusearch.com, shattered every notion I had about privacy in this country (or whatever remains of it). Using only a keyboard and the phone, he was able to uncover the innermost details of my life – whom I call late at night; how much money I have in the bank; my salary and rent. He even got my unlisted phone numbers, both of them."

People are justifiably outraged at Docusearch's role in Youens' murderous actions. But while Docusearch and other investigative services profit from the destruction of our privacy, they are not the ones primarily responsible for it. Indeed, it is all too easy simply to blame such companies – or government, or big business – for our present situation. But the fact is that we have enjoyed many of the benefits of the information revolution without really counting the cost. As cartoonist Walt Kelly wrote in Pogo, "We have met the enemy and he is us."

Until we acknowledge that we are responsible for our present situation and have willingly exchanged our privacy for convenience or comfort, we will not take the steps necessary to regain control of our privacy – or our lives.

We have lost power over our lives because we want to enjoy the convenience offered us, because we try to exercise control over our lives. We are open to dealing with anyone who has a way of bringing us something quickly, conveniently, or cheaply – but in exchange for a little information.

Because of the convenience we gain, we tend to celebrate uncritically every technological innovation, be it e-mail, the Web, or whatever. As technology critic Neil Postman points out: "It is a mistake to suppose that any technological innovation has a one-sided effect. Every technology is both a burden and a blessing; not either-or, but both-and. Nothing could be more obvious, of course, especially to those who have given more than two minutes of thought to the matter. Nonetheless, we are currently surrounded by throngs of one-eyed prophets who see only what new technologies can do and are incapable of imagining what they will undo. They gaze on technology as a lover does on his beloved, seeing it as without blemish and entertaining no apprehension for the future."

We are so content with the blessings we receive from the new technologies that we fail to realize just how much of our privacy we are giving away.

We are being tracked. Vast amounts of personal information are being collected and stored. The question is: Can we do anything about it?

We can – if we take the initiative. In fact, until more people are willing to show by their actions – by the way they live, communicate and budget their money – that they value their privacy, no reforms in government, or in business, or in law enforcement, are likely to do much good. We can and must protect our privacy, and this book is written to show you how to do it.

Take Hyatt's privacy self-assessment test.

Purchase Hyatt's book, "Invasion of Privacy: How to Protect Yourself in the Digital Age."