Simson Garfinkel: Chicken Little or Paul Revere?by Stephen Pizzo
Listen to this interview
In 1997 technology journalist Simson Garfinkel wrote a piece for Hot Wired provocatively titled "50 Ways to Crash the Net." While his 50th crash prediction, "Wait until January 1, 2000," was a no-show, his #2 prediction -- massive denial of service attacks -- came frighteningly close to validating Garfinkel's headline.
Garfinkel's latest book is "Database Nation: The Death of Privacy in the 21st Century," in which Garfinkel takes one perceived privacy threat after another and extrapolates it out to a bone-chilling worst-case scenario; corporations that pass personal customer information around like joints, insurance companies that mine medical databases in order to deny coverage to anyone who might even remotely need medical insurance, massive databanks of individual genetic information collected and used for -- who knows what, but it's going to be bad whatever the reason.
Author of Database Nation
Co-founder of Vineyard.net
Now, having taken those cheap shots, I have to add something quickly -- this is an important book. While I found myself guffawing at some of Garfinkel's predictions (like the section entitled "Brain Wiretapping"), I was reminded that I had the same reaction back in the 1960s when I first read Rachel Carson's groundbreaking book, "Silent Spring." Carson too seemed to extrapolate apparently benign current trends into very hard-to-imagine outcomes. Yet, virtually all Carson's predictions of ecological degradation later materialized, in one form or another.
Authors like Carson and Garfinkel perform an important service. They turn a cold hose on those of us in heat over the wonders of modern life. And, once they have our attention, they force us to consider the larger implications. They make us consider the possibility that, though all may seem rosy today, there might be a price to pay further down the road, a price higher than we had bargained for.
Simson Garfinkel's comments at a glance
Garfinkel on the need for government privacy regulation
There are a lot of arguments for not using the marketplace to regulate privacy, for the same reason that we don't use the marketplace to regulate the chemical industry or the food industry. We tried using the marketplace to regulate the chemical industry in the 1950s, and the result was that we killed a lot of species, we polluted rivers, and the air was unbreathable in many cities. The marketplace doesn't regulate issues when there are externalities. You need to have regulation so that companies are forced to bear the brunt of what they throw onto society. And privacy is very much like that. If you have a marketplace, as we do today, in which some people -- some companies -- can be privacy winners and some companies can be privacy mavens or not very good privacy people, what happens is that the poor players benefit from the good publicity created by the market leaders. It actually puts companies that have strong privacy policies at a disadvantage to those who claim that they have policies but violate those policies or those whose policies have tricky wordings and mislead consumers.
What I have argued for in the book, first, is that you should have a combination of a regulatory process and technology. ... If you're worried about privacy violations by the government, what you do is you create a balanced structure within the government to deal with that. That's our system of checks and balances. ... If there had been a privacy commission in place before that happened, they would have reviewed the whole process and that Web site probably never would have been put up in the first place.
Garfinkle says "Opt In/Opt Out" policies are not a solution
The idea of using opt-in opt-out to resolve privacy issues -- it really minimizes the scope of privacy issues that we're facing. I'll give you two other examples. One of the large privacy issues is the role of government in preventing terrorism. Well, I can't envision a system where you could use opt-in opt-out to decide who the FBI is allowed to go after or who they're not allowed to go after. We establish standards for police investigations, and those standards have nothing to do with opt-in opt-out.
Garfinkel warns of privacy terrorism
I outlined in "The Privacy-Now Manifesto," which is on my Web site, that we're going to see acts of data vandalism, where people inject false information into the data streams. We're going to see outings of people involved in these anti-privacy organizations, personal details about them published. And we're going to see data terrorism, where large databases are liberated as a way of protesting. I can see people engaging in acts of data diddling and data subversion right now.
Continue to next page for full interview transcript