NO PLACE TO HIDE
By Robert O'Harrow Jr.
Free Press; 348pp; $26
The Good Fascinating detail on government and private-sector intrusions into Americans' privacy.
The Bad You aren't paranoid: You ARE being watched.
The Bottom Line A finely balanced look at the contemporary see-saw struggle between security and privacy.
We appear to be on the brink of a post-September 11 surveillance society. In one optimistic scenario, the U.S. is employing its full range of technical ingenuity to ferret out terrorists, using all the resources of the Digital Age and its quirky software geniuses. Meanwhile, dazzling new biometric identifiers -- iris scans, voiceprints, DNA registries, and facial recognition software -- are about to reduce identity theft to a quaint memory even while they shorten airport security lines and speed up credit approvals.
But in a less appealing second scenario, we could be on the verge of surrendering every detail about our private lives to an all-knowing Big Brother alliance of cops and mysterious private security corporations. They'll promise to protect us from terrorists. But along with that safety, we'll face arbitrary and unappealable decisions on who can fly in a commercial airliner, rent a truck, borrow money, or even stay out of jail.
That's the conundrum at the center of No Place to Hide, a finely balanced look at the see-saw struggle between security and privacy. Author Robert O'Harrow Jr., a Washington Post reporter, deftly shows how the government and its contractors have been lurching between these two goals ever since the September 11 terrorist attacks raised homeland security to the public's top priority.
The biggest threat and the biggest promise seem to lie not with official government databases but with the private companies that sell their information to all levels of government and to banks, airlines, credit-card companies, mortgage holders, car-rental agencies, and the like. You may not know much about ChoicePoint (CPS), Acxiom (ACXM), Equifax (EFX), HNC Software, LexisNexus, or Seisint, but they have heard of you in more detail than you can imagine. Many of these companies, such as info giants Acxiom Corp. and Equifax, began by keeping track of such things as bankruptcies for credit-card vendors. But many of them are now able to provide lists of people who take Prozac for depression, believe in the Bible, gamble online, or buy sex toys. Another outfit maintains a 700,000-name list called "the Gay America Megafile." And ChoicePoint, has more than 250 terabytes of data on 220 million people. If printed out, those records could extend to the moon and back 77 times.
After September 11, it was only natural that these companies would volunteer their services in tracking terrorists. They had a head start in a critical technology: data mining. In practical terms, that involves cross-indexing every conceivable source of information -- unlisted telephone numbers, credit-card records, appliance warranty cards, insurance claims, arrest warrants, Social Security numbers, child custody orders, book purchases, E-ZPass records -- to compile a list of suspects or even possible terrorists that need to be placed on the Homeland Security Dept.'s "no fly" list. The government has funded many of the efforts, among them something called Non-Obvious Relationship Awareness (NORA), which can sift through billions of records and match people with their home addresses, phone numbers, jobs, friends, and other connections.
Few public objections have been mounted to this commercial sales activity. But when the Defense Dept. booted up a similar program in January, 2002, it conjured visions of George Orwell's 1984 and attracted the attention of privacy-conscious members of Congress. Named Total Information Awareness, the $200 million Pentagon project proposed constant scanning of all public and private databases -- including financial, telephone, and medical records -- for signs of suspicious activity. The system would even be linked to television cameras and low-power radar to keep tabs on individuals. It didn't help that the head of the program, Admiral John M. Poindexter, had been indicted in 1988 for lying to Congress about the Iran-Contra affair. Once the press got wind of the program, the Pentagon bowed out.
Scary, of course. But the private sector has managed to put this snooping to good use as well. ChoicePoint solved a series of rapes in Philadelphia and Fort Collins, Colo., by mining data to get six likely suspects. Using a DNA database it owns, ChoicePoint helped identify bone fragments at the World Trade Center ruins. Seisint Inc., using a data-mining program called Matrix, assisted the investigation into Washington's 2002 Beltway Sniper shootings. The company directed police to a house in Tacoma, Wash. There, in a tree in the backyard, they found bullets matching those that had been used to shoot 16 people in and around the nation's capital. The two snipers are now in prison. Also, soon after September 11, Seisint compiled a list of the 1,200 people it deemed the biggest threats to the U.S. Five of the original hijackers turned up on the list.
The successes of these private efforts help compensate for government's too frequent ineptitude. But there are checks and balances in government that simply don't exist in the private sector. Private companies are keeping an electronic diary of our lives, "only we have no control over the diaries and we can't even know what they say about us," concludes O'Harrow. "And there's no place to hide."
By Paul Magnusson