First, of all, I should disclose what is probably a conflict of interest.
Simson and I have been friends for years, and we have collaborated on a
number of projects, including 3 books. As such, some people (who don't know
me well) might suspect that I wouldn't provide an objective review. So, if
you think that might be the case, then discount my recommendation by half --
and still buy and read this book. Simson has done an outstanding job
documenting and describing a set of issues that a great many people --
myself included -- believe will influence computing, e-commerce, law and
public policy in the next decade. They also impact every person in modern
society.
This book describes -- well, and with numerous citations -- how our privacy
as individuals and members of groups has been eroding. Unfortunately, that
erosion is accelerating, and those of us involved with information
technology are a significant factor in that trend. Credit bureaus
accumulate information on our spending, governments record the minutiae of
their citizens' lives, health insurance organizations record everything
about us that might prove useful to deny our claims, and merchants suck up
every bit of information they can find so as to target us for more
marketing. In each case, there is a seemingly valid reason, but the
accumulated weight of all this record-keeping -- especially when coupled
with the sale and interchange of the data -- is frightening. Simson
provides numerous examples and case studies showing how our privacy is
incrementally disappearing as more data is captured in databases large and
small.
The book includes chapters on a wide range of privacy-related issues,
including medical information privacy, purchasing patterns and affinity
programs, on-line monitoring, credit bureaus, genetic testing, government
record-keeping and regulation, terrorism and law enforcement monitoring,
biometrics and identification, ownership of personal information, and
AI-based information modeling and collection. The 270 pages of text present
a sweeping view of the various assaults on our privacy in day-to-day life.
Each instance is documented as a case where someone has a reasonable cause
to collect and use the information, whether for law enforcement, medical
research, or government cost-saving. Unfortunately, the reality is that
most of those scenarios are then extended to where the information is
misused, misapplied, or combined with other information to create unexpected
and unwanted intrusions.
Despite my overall enthusiasm, I was a little disappointed in a few minor
respects with the book. Although Simson concludes the book with an
interesting agenda of issues that should be pursued in the interests of
privacy protection, he misses a number of opportunities to provide the
reader with information on how to better his or her own control over
personal information. For instance, he describes the opt-out program for
direct marketing, but doesn't provide the details of how the reader can do
this; Simson recounts that people are able to get their credit records or
medical records from MIB, but then doesn't provide any information on how to
get them or who to contact; and although he sets forth a legislative agenda
for government, he fails to note realistic steps that the reader can take to
help move that agenda forward. I suspect that many people will finish
reading this book with a strong sense of wanting to *do* something, but they
will not have any guidance as to where to go or who to talk with.
The book has over 20 pages of comprehensive endnotes and WWW references for
the reader interested in further details. These URLs do include pointers to
many important sources of information on privacy and law, but with a few
puzzling omissions: I didn't see references to resources such as EPIC or
Lauren Weinstein's Privacy Digest outside of the fine print in the endnotes.
I also didn't note references to ACM's Computers, Freedom and Privacy
conferences, the USACM, or a number of other useful venues and supporters of
privacy and advocacy. Robert Ellis Smith's "Privacy Journal" is mentioned
in the text, but there is no information given as to how to subscribe it it.
And so on.
I also noted that the book doesn't really discuss much of the international
privacy scene, including issues of law and culture that complicate our
domestic solutions. However, the book is intended for a U.S. audience, so
this is somewhat understandable. A few other topics -- such as workplace
monitoring -- are similarly given more abbreviated coverage than every
reader might wish. Overall, I recognized few of those.
On the plus side, the book is very readable, with great examples and
anecdotes, and a clear sense of urgency. Although it is obvious that Simson
is not an impartial party on these topics, he does present many of the
conflicting viewpoints to illustrate the complexity of the issues. For
instance, he presents data on the need for wiretaps and criminal
investigation, along with accounts and descriptions of bioterrorism,
including interviews with FBI officials, to illustrate why there are people
of good faith who want to be able to monitor telephone conversations and
e-mail. If anything, this increases the impact of the book -- it is not an
account of bad people with evil intent, but a description of what happens
when ideas reasonable to a small group have consequences beyond their
imagining -- or immediate concern. The death of privacy is one of a
thousand cuts, each one small and seemingly made for a good reason.
Simson has committed to adding important information to the WWW site for the
book. Many (or most) of the items I have noted above will likely be
addressed at the WWW site before long. Simson also has informed me that the
publisher will be making corrections and some additions to future editions
of the book if he deems them important. This is great news for those of us
who will use the book as an classroom text, or if we recommend the book to
policy makers on an on-going basis. Those of us with older copies will need
to keep the URL on our bookmark list.
Overall, I was very pleased with the book. I read it all in one sitting, on
a flight cross-country, and found it an easy read. I have long been
interested in (and involved in) activities in protection of privacy, so I
have seen and read most of the sources Simson references. Still, I learned
a number of things from reading the book that I didn't already know --
Simson has done a fine job of presenting historical and ancillary context to
his narrative without appearing overly pedantic.
This is a book I intend to recommend to all of my graduate students and
colleagues. I wish only there was some way to get all of our elected
officials to read it, too. I believe that everyone who values some sense of
private life should be aware of these issues, and this book is a great way
to learn about them. I suggest you go out and buy a copy -- but pay in cash
instead of with a credit card, take mass transit to the store instead of
your personal auto, and don't look directly into the video cameras behind
the checkout counter. Once you read the book, you'll be glad you did. [Gene Spafford ]
0:00
#
G!
