ARTS & FARCES internet

Too Much Information

How much access is too much? Author Michael Fraase worries that corporations—not the individuals concerned—can collect and use private information.

St. Paul author Michael Fraase worries about information.

He frets that public access to important information is gradually being eroded. And, conversely, he fears that private information is being made public without its owners’ consent.

Fraase, in a new book called Information Eclipse, fingers multinational corporations as key culprits.

He believes that vast media conglomerates, for instance, have disrupted the global flow of information by gobbling up publishing houses, newspapers, magazines and TV and radio stations.

Government agencies and private employers also have been known to diminish individual information rights, he adds.

In an electronic exchange with reporter Julio Ojeda-Zapata, Fraase expanded on his concerns. The full text of the published interview is available here.

Q: Briefly explain what you mean by “information eclipse” and what it implies.

“Eclipse” is a very interesting word with multiple definitions. It’s from the latin word “eclipsis” which means a leaving out or a suppressing of sounds or words. The word also refers to a failing and a shadowing. Most commonly it’s used to describe a cutting off of light. “Information Eclipse” then is the shadowing and suppressing of information.

A solar eclipse occurs when the moon passes between the earth and the sun. Similarly, a lunar eclipse occurs when the moon passes behind the earth and is obscured by the earth’s shadow.

There are two eclipses with regard to our information rights: one when government occludes our rights and another when corporations take it upon themselves to suppress the rights of individuals.

Q: Some might conclude that information is easier to come by in the 1990s, what with tools such as the Internet. Are there critical instances, though, where important information is becoming inaccessible? Should we be concerned about this?

Information is much easier to access now than ever before in our history. Just now, for instance, we’re witnessing an American military action against a foreign country, live, in real-time. Problems occur when the information to which we should have access is either suppressed or distorted (or both).

Four quick examples:

One of the great selling points for the funding of the Thomas Web site was that the American citizenry would be able to access how members of the House of Representatives voted on any issue in close to real-time. Years after Thomas went online, we still don’t have access to that information. Why? It’s certainly not a technological problem—Independent Counsel Ken Starr’s report to the House was published on Thomas within minutes of its release.

For more than 20 years Project Censored has published an annual listing of “the news that didn’t make the news.” Each year Project Censored would like to report that its services were no longer needed. But in fact they’re finding that media is more than ever filling time and space with trivial entertainment, dodging important stories. 1998’s most censored stories included America’s arms trade, corporate control and influence in U.S. universities, a multinational surveillance system, lost plutonium, and the hazards associated with incineration of chemical weapons by the U.S. military.

In mid-September 1998, the venerable New York Times on the Web was hacked with the familiar paper’s content replaced with the digital equivalent of graffiti. For more than nine hours, the newspaper of record’s Web site was shut down as its system administrators struggled to regain control of the system. The situation at the New York Times could have been much worse. What if, instead of replacing the site’s content on a wholesale basis, the group of hackers made subtle but serious changes to the content. Changing the tense of a few verbs or replacing certain baggage-laden adjectives with their antonyms, for instance. Or maybe the insertion of an entire story.

Bertelsmann AG is an enormous German media conglomerate with annual revenues of US$14 billion. As the world’s third largest media concern, it owns newspapers, magazines, publishers, television and radio companies, and record companies in more than 50 countries. In America, Bertelsmann owns the RCA record label, the Random House and Bantam Doubleday Dell publishing companies, and has major stakes in America Online and Barnes & Noble Online. For more than 50 years, the company had insisted that it was shut down by the Nazis for refusing to “toe the party line.” This month it was disclosed that Bertelsmann had not only cooperated with the Nazis and was responsible for publishing huge quantities of Nazi propaganda but Heinrich Mohn, Bertelsmann’s chief executive during the era, was a member of the SS. This myth had been propagated by this conglomerate for 50 years without question.

So yes, I think we should be very concerned about the inaccessibility of information as well as the quality of the information to which we have access.

Q: You seem worried about multinational corporations and the power you see them wielding over average American citizens. How do you see such companies affecting personal privacy and access to information?

Let’s continue to take a look at Bertelsmann’s activities in book publishing, as a case in point since that’s an area in which I’ve been spending a good deal of my time lately. Bertelsmann recently purchased Random House which was the largest American book publisher. The German multinational already owned Doubleday Dell. Many people don’t realize that Random House Doubleday Dell is composed of a large number of formerly independent publishing houses: Ballantine, Del Rey, Fawcett, Bantam, Broadway, Crown, Dell, Doubleday, Knopf, Pantheon, Vintage, Times, Sierra Club, and Villard are all imprints owned by the German conglomerate. Random House imprint authors include Anne Rice, Arthur C. Clarke, James Michner, John Updike, Amy Tan, Anne Tyler, Maya Angelou, Pat Conroy, Louis L’Amour, Dominick Dunne, Martha Stewart, Douglas Adams, John Grishman, Elmore Leonard, Toni Morrison, John Cheever, John Updike, and Michael Crichton among many others. That’s a huge chunk of our culture in the hands of Nazi propagandists.

Closer to home there’s the sale of West Publishing to International Thomson, a Canadian multinational. West is the premiere publisher of American case law. Rumors are rampant that Thomson’s biggest competitor—Reed Elsevier, a Dutch conglomerate—is about to be purchased by Microsoft.

ABC is now owned by Walt Disney Company and according to reports in the New York Times and elsewhere, ABC News has a “hands-off” policy on covering its corporate parent.

Does all of this affect our access to information? When so much information—so much of our culture—is in the hands of an elite few I think the obvious answer is a resounding yes.

Let’s take a look at personal privacy with regard to corporate consolidation.

Companies with whom you transact personal or professional business have the right to collect personal information about you. But the information that is collected about you doesn’t belong to you; it generally belongs to whomever collected it. The important question becomes: To what purposes may the collected information be put. In most cases, the collected information is available for any use by anyone who is willing to pay for it. This has resulted in a relatively new industry called datawarehousing.

Conway, Arkansas-based Axciom Corporation is one of the country’s largest datawarehousing businesses but almost no one has ever heard of it. Axciom gathers, sorts, and warehouses all sorts of bits of information: credit card transactions, telephone numbers, real estate records, automobile registrations, fishing licenses, change-of-address forms, magazine subscription information, and other scraps of more than 195 million American daily lives. Think of the paper trail of information you leave in the wake of your daily life. Then imagine that companies like Axciom actively collect and refine it. Finally, imagine how accurate and complete a profile can be constructed from these infobits. “One man gathers what another man spills” takes on an entirely new meaning.

Unlike credit reporting bureaus, datawarehouses are under no legal obligation to reveal the personal information their databases hold about us or the purposes to which that information is being put.

Q: On balance, is electronic commerce a good or bad thing? the Internet certainly gives consumers better access to goods and services. But it also allows companies to amass vast amounts of information about individuals, often without their knowledge. How do you weigh these issues in your mind?

Better access to goods and services is certainly a good thing but access rights have to be balanced with privacy rights. If I purchase something from an ecommerce vendor, how much of my personal information is the vendor entitled to? More or less than a physical world vendor? These are issues that are going to have to be resolved, and the sooner the better.

I find it apalling that children’s sites like Disney entice kids with offers of free toys but then require them to divulge personal information to receive it.

I don’t know how this should be resolved, but we need to start asking the right questions. Why do vendors require personal information, to what uses do they put the information they receive, do they monitor Web site activities (“clickstream”), is the information gathered shared with third parties, and the like.

My company, ARTS & FARCES, uses non-persistent cookies to track the contents of a “shopping basket” for a limited amount of time. This allows people to browse our offerings, leave the site, and return within a few hours without having to “reload” the basket. The information we collect is limited to what we need to complete the transaction. We also monitor the referer logs on the Web server so we can tell how people are finding out about us.

The Clinton administration continues to champion a laissez-faire policy with regard to consumer protection and privacy, stressing industry self-regulation. The optimist in me wants to believe this will work; the skeptic doubts it; and the cynic finds it laughable. So far self-regulation clearly hasn’t worked.

The United States is going to have to take a more proactive privacy stand or risk a trade war with the European Union. EU members have found industry self-regulation to be incompatible with their laws providing strong privacy protection for consumers. The new European law took effect in October and prohibits anyone doing business in the EU from transmitting personal data to any country that does not specifically guarantee strong privacy protection. Our politicians who risk playing virtual chicken with the EU privacy policy need to understand that the Europeans are very serious about this matter.

Q: Should employers filter access to the Internet much as parents censor what their children see on the Net? What about e-mail? The law seems to regard employees’ electronic correspondence as, essentially, the property of employers. Do you agree with such an interpretation?

The Electronic Communications Privacy Act (ECPA) protects electronic data transmission, requiring the government to obtain a court order to intercept electronic communications. The ECPA also makes it a crime for anyone to intercept certain electronic communications but makes a distinction between public and private communications systems. Email transmitted within private systems used solely for interoffice communications are exempt from the ECPA. This allows corporations to monitor internal email without invading the privacy of employees. Email that is transmitted on private email systems that allow outside access can be monitored by the owner of the system without violating the ECPA. Email on public systems like America Online or the Internet, on the other hand, is subject to ECPA provisions making interception by anyone other than the sender and recipient a felony.

Corporate email systems that are connected to the public Internet are a gray area, but most legal experts agree that they are property of the corporation and exempt from the ECPA. So, it’s probably legal for employers to monitor employee email and other Net activity. Whether or not it’s a good policy, though, is another question.

If we assume that most employers want to retain quality employees, it can also be assumed that most employees want to be treated as responsible adults, not children. While email systems and Web access are corporate resources, enlightened businesses will treat the technologies as the productivity tools they are and take a relaxed position on personal use by employees, much as telephones, fax machines, and copiers are made available for limited personal use.

Problems result when there are not corporate policies in place to define personal use of corporate Internet resources. And sometimes even when they are. Dr. Kenneth Goodpaster, Koch endowed chair at the University of St. Thomas Graduate School of Business, and graduate student Haasan Balji conducted a fascinating study of these issues. They studied a corporation that allowed reasonable personal use of the Internet. Within this corporation one computer was almost continually logged into a pornography site on the Web during the business day. Some employees complained to management that such behavior constituted sexual harassment.

So, even when an organization takes an enlightened approach and institutes a reasonable personal use policy, there are unseen landmines that must be navigated.

Q: Medical information raises privacy concerns in the electronic age. Do you welcome or fear a future in which individuals’ medical files exist largely in digital form? Does this increase the risk of medical information falling into the wrong hands?

Consider this scenario: You’re enjoying a fine day in Hanalei Bay on the Hawaiian island of Kauai. Suddenly you keel over with excruciating pain in your stomach. The paramedics come and use the wireless connectivity in their ambulance to access your medical history over the Net and determine that it’s most likely your appendix acting up. Your primary care physician had made a note during your most recent visit. They determine that adequate treatment is available at a clinic in nearby Princeville rather than the longer haul to the hospital in Lihue (or the big hospital two islands away), saving you and your insurer thousands in unnecessary medical fees. Even though no one asked your permission to access your medical records, you thank goodness for digitized medical histories.

Now consider this scenario: You’ve been negotiating a promotion and significant raise with your employer for several months. You get the feeling that your supervisor is putting off dealing with your request, and you can’t figure out why. You learn that she has accessed your medical records via a network interconnect with your health insurance company and has discovered what she considers an alarming entry in your records. It seems that John Q. Citizen was hospitalized for severe depression for two weeks a few months ago. Your name is John Q. Citizen and the entry is clearly an inaccuracy—you were on vacation during that period. You demand the insurance company correct its inaccurate records, but they refuse to acknowledge their mistake (liability concerns trump ethics every time). They quietly correct the record, but it’s too late. Not only do you lose the promotion, but your co-workers have started treating you somehow differently.

The solution to me seems to be quite clear. Non-criminal personal information should be owned by the person to whom the information pertains, not who collected it. Sole control over non-criminal personal information that doesn’t impact public safety should lie with the individual.

Q: Some technology experts favor all-purpose “smart cards” that people can use as money, identification, even as repositories for their medical information. Would you carry such a card if it were ever invented?

In Europe the Global Systems for Mobile (GSM) cellular telephone standard already uses a technology called SIM cards to identify network subscribers. The chips on the SIM cards can also be used as smartcards that can contain digital cash in addition to most any other kind of digital information. They’re already accepted as a way of life in Europe, but not here. There were smartcard trials in Atlanta during the Olympics, but I’m not aware of much having been done since then with regard to getting them into mainstream culture in this country.

Would I carry one? Only if it was coupled with a strong, public-key, non-escrowed encryption system. Otherwise it might as well be a green card in the 1970s Johannesburg.

Q: Few Americans are acquainted with cryptography, which allows e-mail to be digitally encrypted to protect it from prying eyes. Do they need a crash course? Should this be a priority for average Internet users?

Intent on protecting us from ourselves, our government has consistently bemoaned the use of strong cryptography, going so far as to classify it as a weapon. The law enforcement and intelligence communities resolutely insist that terrorists, pedophiles, and organized criminals will use strong cryptography to subvert legal investigation. Cryptography advocates spend a lot of time arguing that the citizenry has an inalienable right to keep their communications private, if they wish.

Three things tend to escape the government’s core arguments:

1. The pandora that is unbreakable cryptography is already out of the box. And there’s no way anyone’s going to get her back in that box.
2. Strong public key cryptography can actually help prevent crime. If everyone’s financial transactions and sensitive communications are encrypted, certain classes of crime can be avoided. If criminals can’t find easy targets, they’ll usually move on.
3. Digital signatures, a component of strong public key cryptography is necessary for secure business-to-business ecommerce to flourish. Electronic communications are orders of magnitude more efficient than couriers. In order for me to be able to enter into a contract with another business, each party has to have an agreement that can’t be refuted. Digital signatures provide just that capability—we can all assure each other that we are who we say we are.

As to whether Americans need a crash course, I’m not sure. Advocates of strong cryptography say so. Average Americans definitely need to educate themselves about the issues and make their own decisions. If we don’t make those decisions for ourselves, there are simply too many who would happily make them for us.

Q: President Bill Clinton used the word “private” repeatedly in his now-infamous Monica Lewinsky speech. He believes presidents should be afforded a degree of privacy. Do you agree?

Of course the president should be afforded privacy, as should the Chairman of the Judiciary Committee, as should the Speaker-elect, as should we all. We also all have the responsibility to tell the truth when we swear to do so. The salacious inquiry of some having degraded into who touched whom where and with what notwithstanding.

I strongly agree with Supreme Court Justice Louis Brandeis that our rights have gradually “broadened; and now the right to life has come to mean the right to enjoy life,—the right to be let alone….” And that broadening of rights was taking place in 1890, more than 100 years ago. While privacy isn’t specifically mentioned in the Constitution, most scholars agree that several of the Amendments and our rich history of case law provides that right to all citizens.