Personal tools
BoutOfTheCenturyFormal.htm
By Marsha Woodbury, Ph. D.
Paper "The Institute for Legal and Ethical Issues in the New Information Era:
Challenges for Libraries, Museums, and Archives."
On Ethics and Identity
CYBER IMPOSTORS STEAL DIAMONDS, ROLEXES: Two Memphis men used the Internet to engineer an identity-theft scam that allowed them to use the credit cards of half a dozen top business executives and order more than $700,000 worth of expensive watches and jewelry. The two men, James R. Jackson and Derek Cunningham, face millions of dollars in fines and several decades worth of prison time if convicted on conspiracy and fraud charges. The case is being held in New York. Manhattan U.S. Attorney Mary Jo White says communications tools offered by the Internet are allowing criminals to engage in new schemes and strategies. Experts say identity theft can be carried out easily over the Internet. All scam artists need to do is pay a fee to an information broker to get an individual's Social Security number. Online databases also contain address information, while an individual's mother's maiden name can be found in obituaries or other public documents. (USA Today, 8 May 2000)[1]
The
title refers to the 1971 Frazier-Ali boxing match that some writers called
the best bout of the last century. As I see it, information ethics is taking
a hammering from e-commerce, and unless we all become involved, the fight
is a first round knockout, over before it begins. Before tacking the coming
century, we will focus on a few aspects of the past in order to highlight
some of the current issues.
In
the 19th and 20th centuries, lynchings occurred so
commonly in the United States that people bought and sent lynching post
cards. Today, we are offended that people mailed post cards showing a
dead person hanging from a tree with a message saying, I was here. Nevertheless,
people did. They mailed the cards until 1908, when the U.S. Postal Service
decided that such material ought not be carried in the mail. After embarrassing
racial incidents, several states were shamed into outlawing the sale of
these postcards.[2]
Note how these battles rage today, with discussions of community standards,
online censorship, and cultural pollution.
Who
could have foretold in 1900 that would unleash the atomic bomb, put a man
on the moon, or own a PalmPilot? Women in the United States could vote
at the start of the century; by the end of the 1900s only a small fraction
of the people vote at all. We cannot predict what is going to happen. However,
some trends leap out at us, and we would have to be blind to miss them.
We can foretell in 2000 that what happens with privacy and data mining
and national ID cards and biometrics will change our sense of who we are
as people. The big players in this revolution are the same people forming
start-ups and dealing in e-commerce all over the globe. Our future is in
their hands.
The Main Areas
of Concern about Information
The
following example contains critical information issues: privacy, accuracy,
security/access, and ownership[3]
If I speed
down the highway, and the police stop me, the resulting traffic ticket
contains true but potentially harmful information about me, for my driver's
insurance policy premium may increase, and other friends and relatives
may lose confidence in my driving judgment.
What
would happen if I was also behind on child support payments, and the computer
puts my name together with this infraction? Government officials might
track me down and make me start paying my monthly contribution. If I were
drinking alcohol, matters get worse, for I might not be hired for certain
jobs due to this evidence of drunk driving.
Now,
what if I were not going too fast and did not get a ticket, but someone
mistyped the information, and my name is in the records for speeding or
driving under the influence of alcohol? Moreover, what if a prospective
employer uses computers to learn everything it can about me and finds out
about the phantom ticket? Although I did not do anything wrong, I could
forfeit a prospective job.
This
scenario brings up key questions: What aspects of traffic tickets or any
other piece of information should be private? How can we ensure the accuracy
of information stored about us? Who can and should have access to that
information? Who owns information about us?
Ethics
We
are, in essence, our moral and ethical selves. My ethical self should not
vary from one situation to another. When I change my surroundings, I always
bring me with me. Thus, if I am not consistent--if I behave one
way at work and a different way elsewhere--then I am in danger of losing
me. My values are the integral part of me, and through my values I know
myself.
This
thought brings us to ethics. Ethics is moral decision making. When a mother
grabs her child and flees a burning building, she does not have a spare
second to contemplate her choice; she acts on instinct. That is not an
ethical choice; it is a reaction.
Given
time to think about what we are doing (provided that we do not have a gun
pointing at our head), we usually try to select the most moral option among
many. We may choose to ignore the niggling voices of our conscience, and
perhaps do something we are not proud of. When I see what is happening
online, I worry that some programmers and businesspeople appear to have
no niggling voice in their ear, that their choices are not based on any
ethical standard that I can recognize.
If
ethics is about moral decision-making, then what ethical guidelines do
people have? Where did they learn them and how widespread are they? What
laws are best to deal with information? Will we obey these laws? Who can
enforce the laws? If an offshore gambling site breaks the mores of Minnesota,
how does Minnesota preserve its mores?
A
young Amherst graduate now living in New York spoke to me about his new
job. He works in Silicon Alley, creating the banner ads that rake in personal
information about web surfers. I asked him if he worried about ethics,
and he said No. He added, We need that advertising money to finance
the Internet. In this fellows mind, his work supported my use of the
Internet, as though the Internet never existed until the browser came along.
History began in 1995.
Shared
values are the mortar of a society. Society has to have its mores and trust
among its members. Part of our current problem is that traditional ethical
values are situated in the physical world, where the ultimate measure of
an action is how that action affects the people we live with. One constraint
on physical behavior is that others can observe what we do, and the results
of our moral decisions are out there for all to judge.
In
the online world, we sit in front of a computer, away from the public eye,
and we write flaming email messages, creep into other peoples servers,
and do all sorts of things we would not do in a face-to-face situation.
My specialization
is computer and information ethics, a field that deals with a more difficult
ethical concept to grasp, that is, the sacredness of information itself.
In the Information Age, one of our duties ought to be preserving the privacy,
security, and integrity of information. We have to ensure access to it
and maintain ownership of it, and the battle is constant and unrelenting.
Check
the course offerings in computer science departments around the country.
Is ethics mentioned anywhere? Is it required as a single course? Is it
supposedly integrated into all courses? Both the Association of Computing
Machinerys Curriculum 91 and the Computer Science Accreditation Board's
Standards recommend the inclusion of ethical issues in the computer science
curriculum. Why? If they did not demand that ethics is taught, it might
not be.
The
other day as I searched the web for materials on programming, I clicked
a link and suddenly a pornographic page popped up. I immediately hit the
close button, only to have a new pornography site appear. Every time I
clicked the window shut, another page popped up. I felt like Mickey Mouse
in Fantasia, with the broomsticks proliferating. The entrepreneurs
who ran the porn sites had literally hijacked me. What if I had been using
a browser at work, and my boss monitored my web usage? I could be fired
for accessing pornography on the job. Hijacking destroys that most important
element in information ethics, trust in the reliability and accuracy of
information. If you want to learn more about this practice, read the FTC
complaint at http://techlawjournal.com/courts/ftcvpereira/19990914com.htm.
Pornography
and gambling are leading the way in online commerce, and I cannot tell
how soon others will follow. Do not imagine that page hijacking is something
that only pornographers do. One example of hijacking involves trademarks.
Trademarks such as Pepsi and Playboy are very highly valued by their owners.
Companies spend years developing brand recognition and the good faith of
the customer. A questionable practice of some companies is to embed in
their web pages, invisible to the visitor, the names of very popular products
and sites. Calvin Designer Label Company incorporated the words "Playboy"
and "Playmate" into the invisible coding on its adult-oriented websites.
Likewise, National Envirotech Group, a pipeline-reconstruction company,
embedded the names of a larger competitor, Insituform Technologies Inc.
This
trick diverted traffic from Playboy and Insituform to their competitors.
Such practices also diminish the value of search engines as a way for people
to find accurate information about companies. Diverting people on the Internet
is like slapping a sign on a freeway that says Shell, and when you pull
up in front, you are at Exxon.
To
maintain trust and a common morality, we protect information, as we would
guard jewels. The danger with counterfeit money is a devaluing of all currency;
the same concept applies to the integrity of information.
E-Commerce
Silicon
Valleys exist across our country, from New York to Austin to Palo Alto.
What is happening? Who are these business people? What are their values?
Do they use moral reasoning to arrive at decisions? What are their priorities?
Recently,
an author said that he was struck, while doing a recent series of interviews
with e-commerce CEOs, on the "low quality of the Dot Com CEOs when compared
with the traditionalists." He characterized the Dot Com CEOs as lacking
in depth, experience and common business sense, driven primarily by jealously
and greed in a race to go public as quickly as possible and rake in those
stock options. Hey, why get rich slowly with a lot of work when I can
get rich quickly with not much work? is the general thinking.[4]
That
author predicted a stock market shake out, one that we are witnessing
today. He wrote that the Dot.Coms will fail, and take with them a sinful
amount of venture and day trader capital. The toll on human capital will
be even worse: An entire generation of business leaders will be corrupted.
They will have great skills in designing obtuse ad campaigns, doing barter
deals, negotiating with investment banks and venture capitalists, and doing
secondary road shows. But this generation will have no skills in marshaling
sales forces, hiring executive teams, working out fair business contracts
with customers, and building employee morale and culture that is sustainable
beyond a two-year period.[5]
Not
long ago, a company called RealNetworks released software called RealJukebox
that let people listen to CDs and digital music while working on a computer.
People simply downloaded the software from the Internet and installed it
on their hard drives. RealJukebox sent back the unique ID number generated
by each installation of the RealNetworks software on each PC, together
with the names of all the CDs played, the number of songs recorded on the
hard disk, the brand of MP3 player owned, and the music genre listened
to most. The unique ID number could be mapped to a persons e-mail address
via the registration database.[6]
Information
stored on my hard disk in cookies is hard to control as well. Either I
go to the inconvenience of approving all cookies, install cookie cutter
software, or live with ongoing monitoring. In sum, I am a deer in the woods,
trying to hide from hunters, yet wearing a GPS chip clipped onto my ear.
The
Internet is making identity theft one of the signature crimes of the digital
era. Identity theft is the pilfering of people's personal information for
use in obtaining credit cards, loans and other goods. Any visitor to cyberspace
can find websites selling all kinds of personal information and, with that
information in hand, thieves can acquire credit, make purchases, and even
secure residences in someone else's name.
The
Social Security Administration reported that it received more than 30,000
complaints about the misuse of Social Security numbers in 1999, most of
which had to do with identity theft. That was up from about 11,000 complaints
in 1998 and 7,868 complaints in 1997.[7]
How
is identity theft tied to the Internet? The evidence is clear. For example,
GeoCities, a Web portal that claims nearly 20 million visitors a month,
sold information solicited during its registration process, despite an
explicit online assurance it would not do so. The data included income,
education, marital status, occupation, and personal interests. In January,
2000, the Federal Trade Commission charged eight California businesses
with billing consumers for unordered and fictitious Internet services,
using their credit-card account numbers.[8]
Identity
theft, as any victim can attest, can destroy a personal credit rating and
potentially lead to very expensive litigation that may take years or perhaps
decades to fully correct. The victim cannot rent an apartment, obtain credit,
or even hook up to phone service. Identity theft and related computer crimes
supported over to the Internet may become an unparalleled destabilizing
force for 21st century.[9]
Practices of
E-Commerce Companies
I
can buy Viagra online because regulators cannot keep up with the proliferating
websites. As soon as one site closes down, another takes its place. Who
are the doctors prescribing drugs online? Who facilitates their work?
Recently,
Amazon.com entered the spotlight for featuring books posing as editorial
picks. In fact, publishers paid for books to be featured on Amazon.com's
home page. While product placements are commonplace, the issue is one of
ethics. The readers thought that Amazon selected the books on merit.
The
Better Business Bureau is a useful source of information about e-commerce
practices, http://www.bbb.org/.
People
need to be aware of exactly what they are revealing and to whom when giving
out information, however inadvertently. Online services know not only their
members' social security and credit card numbers, but may also hold entire
profiles on people, including what bulletin boards they join--discussion
groups for cancer survivors, for instance, a potential danger for a job
applicant. On that thought, here is an email message that I recently received:
Date:
Sat, 29 Jan 2000 23:30:00 PDT
From:
"Customer Service at itn.net" <amex-efares@itn.net>
Subject:
An important announcement from Internet Travel Network
Sender:
"Customer Service at itn.net" <amex-efares@itn.net>
To:
Internet.Travel.Network.Subscribers@ml-sc-0.itn.net
Reply-To:
"Customer Service at itn.net" <amex-efares-reply@itn.net>
This
is a special post only email. Please do not reply.
Dear
Internet Travel Network subscriber:
We
are pleased to announce that ITN.net has combined forces with American
ExpressÆ Travel and Entertainment to bring you a new and enhanced
online travel site. The creation of this powerful site provides new capabilities
and benefits for all of your travel needs. By typing in the URL, www.itn.net,
you'll be able to continue to make all of your travel plans online.
What
you gain with our new relationship with American Express is continued access
to ITN's airline booking system which provides competitive airfares and
schedule information
To
make this transition as easy as possible, your profile and password information
will be transferred to the new reservation system. Past booking information
will continue to be available. Now you'll get to explore these travel services
from one of the world's largest travel agencies, American Express.
We
look forward to welcoming you to the new American Express Travel Home Page.
Sincerely,
Gadi
Maier President & CEO, GetThere.com
The
email message above told of a recent merger of two travel firms, ITN and
American Express. My files automatically went to American Express, and
I had no power to stop it. ITN evidently owned my information and used
it as an asset in the business merger.
A
few years ago, such an occurrence would seem less threatening. After all,
banks and stockbrokerages merge all the time and transfer personal records.
However, today, with massive and easily searchable databases, the transfer
of data about us without our consent is frightening. Yet that was the company's
main asset, its customer database, with my name and travel preferences.
Some
companies also gather data merely for the purpose of selling it. Few protections
against these practices have been established, though some have been proposed
in Congress. I attended a
Washington hearing between the top administrators and business representatives,
and the overwhelming message from the capitol is that self-regulation is
going to be the only choice we have of the ethical handling of our information
by e-commerce businesses.
Privacy of Information
Scott
McNealy, chairman and chief executive of Sun Microsystems[11]
One
of the worst aspects of credit cards and computers and digital information
is that I cannot even hide from myself, let alone from the rest of the
world. The Visa card readout tells me more than I want to know. Formerly,
when we dealt in cash and checks, we had little idea how we spent our money.
With credit cards and electronic money, the bank not so kindly itemizes
my expenses for me so I can see where I spend ithotels, travel, meals,
and entertainmentnot a pretty sight.
Privacy
is not mentioned in the United States Constitution. Justice Louis Brandeis
argued in a1890 Harvard law review article that people have the right to
keep parts of themselves private. Later, in a famous dissent to privacy
case, he wrote, "Subtler and more far-reaching means of invading privacy
have become available . . . Ways may some day be developed by which Government,
without removing papers from secret drawers, can reproduce them in court,
and by which it will be enabled to expose to a jury the most intimate occurrences
of the home.[12]
In
Europe, privacy protection laws are much stricter than in the United States.
It is illegal to combine the health care database with the tax database,
for example. In the United States, such strictures do not apply as firmly.
In
my textbook on computer and information ethics, I use the following scenario
to make students think about privacy:
Today
there are websites that provide roadmaps of most cities. These sites assist
in finding particular addresses and provide zooming capabilities for viewing
the layout of small neighborhoods. Starting with this reality, consider
the following fictitious sequence. Suppose these map sites were enhanced
with satellite photographs with similar zooming capabilities. Suppose these
zooming capabilities were increased to give a more detailed image of individual
buildings and surrounding landscape. Suppose these images were enhanced
to include real-time video. Suppose these video images were enhanced with
infrared technology. At your own home 24-hours-a-day. At what point in
this progression were your privacy rights first violated?[13]
Marketers
say that consumers give out their information "willingly" in exchange for
services, but cookies from banner ads are invasive. A
friend of mine wrote this email message:
I
was looking at www.cnn.com this morning when I got a cookie alert. It said
something like, "To increase your viewing experience we would like to install
a small file 'cookie' on your system."
Upon
clicking on "more info," the cookie was from a banner ad, for Nicorette[a
product to help you stop smoking]. Seems like the phrase should have said,
"To provide info to the advertiser..."[14]
Likewise,
when we open up email containing a web page, another cookie could be left
on our drive, and this time, because it arrived through email, our exact
email address can be linked to data about sites that we previously visited.
Prominent
companies are associated with privacy invasion. After a lawsuit, the Chase
Manhattan Bank and the Internet company InfoBeat will no longer be sharing
customer data with telemarketers. Chase had violated its own privacy policy
when it divulged personal and financial information about as many as 18
million credit card and mortgage holders across the country, while InfoBeat
inadvertently provided customer email addresses to advertisers because
of a software problem that has since been corrected.[15]
For
years, people in many countries have worried about national databases and
national identity (ID) cards. In one very public case, a New Hampshire
company began planning to create a national identity database for the United
State federal government. The company would have begun by putting driver's
license and other personal data into one giant database.[16]
The company officials believed their system could be used to combat terrorism,
immigration abuses, and other identity crimes, and the company received
$1.5 million in federal funding and technical assistance from the Secret
Service. This piqued the interest of foreign governments who inquired about
whether technology could be used to verify the identities of voters.[17]
Privacy
advocates complained loudly about the plans to scan in license photos,
and states stopped their plans to sell the information. However, the company
intends to offer a revamped version of its system that will gather photos
and personal information from one customer at a time at retailers, banks,
and other participating companies. By collecting photographs individually,
the company hopes to head off complaints that it is violating drivers'
privacy by gathering the images without their consent.[18]
Just as supermarkets gather data about our shopping habits, slowly this
company will compile data linked to a picture, eventually building a huge
database capable of identifying all of us.
As
for government information, recall that government agencies are publicly
owned, and they are required by law to give open access to the information
they hold. The government cannot copyright information. With the data produced
by global positioning systems, GIS, businesses can create entirely new
data out of old information, and that may then indirectly reveal information
that is supposed to be private.
The Future
In this age of information, we, the professionals who are entrusted with this data, are increasingly being looked at as people who are no better than a drug dealer who stalks out an elementary school looking for future clients. We possess something much more powerful than drugs, though, we have at our control the information stores that control the world and most of the people who inhabit it.[19]
Recently,
I discovered classmates.com. This website allows me to locate old friends
from the Ukiah High School class of 1964. If I want to email them, I pay
$25 for that privilege for the coming two years. I did not hesitate to
join, to give them my email address, Visa card number, and all the information
that anyone needs to track me down. The site owners will be instantly rich,
even though the site could disappear in three months. I have no guarantee,
no assurance whatsoever. What they sold me was irresistible, the chance
to find old friends. Compare $25 with the effort it would take to locate
these peopleit is a bargain. Or is it?
After
several million of us have suffered identity theft, people will call for
a technological fix. We can imagine being forced to accept national IDs,
implanted chips, and retinal scans. How else can we trust that people are
who they say they are? Yet, does a match on a retinal scan really tell
us anything? Someone could switch the master database, so the scan is linked
to another identity. Information is only as good as the integrity of the
database underneath it.
As
far as the national identity card issue goes, the government will not lead
the way, but business will. The brave new world envisioned by the Hewlett-Packard
Company gives me pause. They predicted that in the future, a doctor will
pick up a context-aware badge when entering a hospital. The badge will
recognize the doctor through biometrics (fingerprint, iris, face or voice
recognition). A global positioning system device in the badge will physically
locate the doctor. The badge will know what is going on around the physician
because of the servers embedded throughout the facility, and everyone else
will be wearing context-aware badges.
When
the doctor enters a room, the system will recognize the doctor, confirm
that he or she is seeing the right patient and the relevant charts will
automatically come up on a computer screen. If an unauthorized person approaches
the screen, the screen will go blank.
Is
that so far away from where we are now? The technology is in the hands
of people acquiring instant wealth, and whose children expect to be rich
by the age of 25. Reports from Silicon Valley are worrisome.
Is
privacy going to be lost to technology? What can we do about it? Here are
some self-help suggestions:
oBe
informed. Push hard for open access to information that is stored about
you.
oUse
encryption.
oSupport
legislation to protect privacy. Right now, the money in government is bolstering
up enforcement of copyright and patent protections while leaving e-commerce
privacy abuse to "self-regulation."
oUse
an anonymous server to send email or access Internet sites when you want
privacy.
oPrevent
widespread distribution of Usenet, private listserv postings, and chat
group discussions by using passwords, domain name filtering, Internet address
filtering, or a firewall to prevent access by unauthorized users.[20]
oUse
cookie cutter software to select the cookies you want stored on your hard
drive.
The
activists today work for a better future, one in which information is treated
with respect. A century ago, we had radicals fighting for equal rights
for women. After public protest, the government stepped in and stopped
the mailing of lynching post cards. Today we have organizations like CPSR
(Computer Professionals for Social Responsibility) and EPIC (Electronic
Privacy Information Center) and the ALA (American Library Association)
espousing information ethics.
Most
Internet activists realize that key technologies and policies affecting
our future will come from the field of telecommunications. Nevertheless,
this sensitivity is relatively recent. When Congress passed the Telecommunications
Act of 1996, few computer and information professional knew about little
more than the Communications Decency Act. However, after realizing the
key decisions that will determine the future of the Internet, e-commerce,
and information ethics, these same programmers and librarians are arguing
Section 251(b) with telecommunication carriers and discussing what is intrastate
versus what is interstate with the FCC.
The
Internet is both dependent on traditional telecommunications and in some
ways a competitor to them. Those interested in Internet policy can follow
telecommunications debates, both national and international. We can keep
an eye on who has the right to regulate e-commerce and telecommunications
issues, and we can make our voices heard.[21]
Until
that time comes, fasten your seatbelts. We are in for quite a ride.
Created before October 2004