Slide toward surveillance society

In Arizona, some supermarkets now require a fingerprint before they will cash a customer's check. In Japan, companies use eye scans to ensure security. New York State keeps the genetic records of all convicts on file to aid crime detection.

Around the world, new technology is allowing corporations and governments unprecedented ability to fight fraud, detect scams, and enhance security.

But the technology that tracks suspected terrorists and tells marketers that people who drive old Volvos are more likely to eat fat-free yogurt may also be creating a new "surveillance society."

As public and private agencies collect motor-vehicle data, medical records, even the fingerprints of millions of people - and sift it with microsecond efficiency - such data could eventually be pieced together to determine who gets a job, a loan, or a health-insurance policy.

Unless societies are vigilant, experts warn, the notion of living a private life, where some things are nobody's business but your own, will not survive the next century.

"1984 may have simply been too early a date," says Barry Steinhardt, associate director of the American Civil Liberties Union in New York, referring to George Orwell's seminal work. "We are now approaching a time when we will live in a surveillance society where all our movements and actions will be monitored."

To be sure, a few policymakers and technologists are fighting to reverse these trends. But some high-tech fraud-fighters say the battle is already lost. "The days of privacy are over," says John Valentine, president of Infoglide Corp. in Austin, Texas. "You can't even change your name without being found."

Technology is allowing Big Brother to thrive in his new digital incarnation. In the past five years, computers have gotten powerful and cheap enough - and the software sophisticated enough - to collect and sift through millions of pieces of data to uncover subtle patterns of behavior. Because such data live on networks, thousands of pieces of such data can be cobbled together to create a highly accurate and intrusive view of just about anyone, even if they avoid the limelight.

That may be good. Governments and corporations are sharing data to track criminals internationally and uncover insurance scams. But privacy experts worry the technology is so powerful and the information-sharing so endemic that governments and companies won't be able to resist broader spying.

"Twenty-five years ago, the fear was the big dossier, the big file, the big database," says James Dempsey, senior staff counsel with the Center for Democracy and Technology, a privacy advocacy group in Washington. Now, "all these computers are linked together.... Big Brother and his twin, Big Corporation, have joined forces."

Smile and look at the camera

Consider the current flap over Image Data, a small Nashua, N.H., company that plans to build a national database of identification photos. Its goal is simple: Crooks can't use fake or stolen IDs if store clerks can call up photos in a data bank. But the company has touched off a storm of criticism after buying more than 22 million drivers' license photos from three states.

Worse, according to a Washington Post report last week, the company also got $1.5 million in federal funds and technical assistance from the Secret Service. The federal government hopes to use the technology for much broader purposes than advertised, including fighting terrorism and checking up on illegal immigrants. The flap has caused Florida and Colorado to halt their sales of license photos to the company. South Carolina is suing to get its images back, although a state court has ruled against it.

The case is hardly unique. Private companies routinely buy government data on everything from federal court decisions to state motor-vehicle information.

By linking government information to their own sales data, companies look for patterns to help market their products. (Mr. Valentine's Infoglide company, for example, is the one that found the link between Volvo owners and yogurt.)

Sometimes the government forces companies to collect data it wants. Currently, federal bank regulators are proposing a "Know Your Customer" program, which would require banks to routinely review their clients' transactions and notify the IRS and federal law-enforcement agencies when there's unusual behavior.

The program, scheduled to take effect in April 2000, aims to fight laundering of drug money. But regulators have gotten so much criticism they appear to be backing away from the idea.

Companies are also beginning to collect physical data about people once reserved for police departments. For instance: Ever since 1995, when the Bank of America in Las Vegas cut fraudulent check-cashing in half with a fingerprinting system, other banks have started requiring the practice when customers without accounts want to cash a check. At least one day-care center in Arizona uses fingerprinting for identification.

Even more chilling for privacy advocates is genetic fingerprinting. Already, police keep genetic records of sex offenders in the US and, in New York State, all convicts. The idea is to simplify crime detection, but it raises grave social questions.

"This is a serious kind of threat," says Reg Whitaker, a Canadian political scientist and author of a new book, "The End of Privacy: How Total Surveillance is Becoming a Reality." "One could imagine ... not that far in the future, people would be typecast in terms of their genetic makeup."

A supposed genetic predilection to alcohol could make it harder for an individual to get auto insurance, for example.

New regulations

The European Union is moving ahead with regulations intended to limit what data can be collected and how they can be used, but the Internet is challenging its ability to keep a lid on information, expects say. The US stands at the other extreme, maintaining the barest patchwork of privacy laws but generating several alternatives to regulation.

Several Internet businesses are pushing self-regulating schemes. In the past year, a Palo Alto, Calif., group called TRUSTe is offering a seal of approval to companies that agree to put their privacy policies online. If the company wants to use its customer data for some other purpose, it has to alert individuals and give them a chance to opt out.

Meanwhile, the World Wide Web Consortium, which sets technical standards for the Internet, is working to create the technology that would allow users to control what information they gave out. That way, users would set their preferences once in their browsing software and Internet businesses would automatically accept those preferences when the customer visits.

Few privacy experts believe such self-policing will solve inappropriate electronic snooping by companies and government. But it's a step, they say, to putting Big Brother back in the box.