Curious about a neighbor's mortgage? Wondering about a co-worker's marital history? Eager to inspect somebody's bank statements? In the computer age, all such information, and much more, is for sale. Tapping a vast trove of government, legal, and medical databases, dozens of companies are into a booming business peddling personal details on anyone -- to anyone willing to pay the price.
San Diego-based Spy Express Inc. runs TV ads boasting that, given only an individual's name and state of residence, it can provide that person's address, criminal, civil, and professional history and a list of assets -- all in minutes and for a minimum fee of $35. Sacramento's Cyberdix Investigative Services runs a more basic search which, for $12.50, will pull up a person's Social Security number, last six addresses, and current phone number, as well as the names and phone numbers of their neighbors. More expensive searches yield more intimate details: finding someone's bank account number, says senior partner Russ Koogler, costs at least $150.
All of the information is legally obtained, much of it from public records. But while compiling a personal dossier once required days of searching through records scattered in scores of institutions, it can now take only a few clicks of a mouse. Jack Reed, president of the National Council of Investigative and Security Services, based in Des Moines, Iowa, estimates that at least 200 information vendors can be found on the Internet, ranging from giant companies such as Lexis-Nexis and West Publishing Co. to smaller outfits like Cyberdix.
The ease with which personal information can be collected is good news for people who want to track down deadbeat dads or long-lost relatives, but a nightmare for people who guard their privacy. In response last week in Washington, the regulatory U.S. Federal Trade Commission launched workshops aimed at generating solutions to the problem -- under the threat of cracking down on the information-service industry unless companies act soon to protect consumer privacy. Eight of the biggest information vendors announced a set of voluntary guidelines that include limiting the sale of private information such as Social Security numbers to subscribers with "legitimate" needs and banning distribution of private data about children.
A prototype project devised by the World Wide Web Consortium, a group that co-ordinates Internet standards, aims to balance the interests of both the providers and the users of Web information. Unveiling the program in Washington, consortium director Tim Berners-Lee said the project promotes negotiated compromises between privacy limits set by providers and needs outlined by users. The program, he said, "should encourage global Web commerce and promote the Web as a place where users feel confident that their privacy expectations are being met."
Only a handful of Canadian companies have established their own privacy guidelines to govern how they handle personal information from their Web sites, says David Jones, a computer science professor at Hamilton's McMaster University and president of Electronic Frontier Canada, a non-profit group that lobbies for the right to privacy on the Internet. Corporations in Quebec are subject to a provincial privacy law, but no other province has introduced privacy legislation covering businesses.
In the United States, one concern is that personal-data services could enable stalkers or spouse-abusers to find their victims. Sacramento-based Deep Data Investigative Sources, for example, operates a Web site claiming that "nearly 81 per cent of all missing persons can be located -- whether they want to be or not." Another concern is that personal information will be used for "identity theft" -- an exploding category of crime in which a crook masquerades as someone else. "With your name and Social Security number, anyone can apply for credit cards, loans, insurance, even commit crimes and leave you to pay the bills", says Shreveport, La.-based lawyer David Szwak, who handles dozens of such cases every year.
Often, victims are not even aware of what is being done in their names. California resident Bronti Kelly could not understand why he was repeatedly turned down for retail jobs -- until he learned last May that a shoplifter had passed himself off as Kelly when he was caught. The shoplifting charge appeared on a database every time an employer ran a background check on Kelly.
Although privacy advocates welcomed last week's industry initiatives, they insisted that tougher measures are required. For example, said Marc Rotenberg, director of the Electronic Privacy Information Center, the Web consortium's proposal "will be complicated and cumbersome" and appears to be designed "to make it easy to do direct marketing on the Internet". What is needed instead of voluntary guidelines, he said, are laws "so that everybody in the industry plays by the same rules". In fact, there are now more than a dozen bills pending in various state legislatures that would restrict the availability of personal information. Earlier this month, identical bills were introduced in the House of Representatives and the Senate to ban the unauthorized commercial use of Social Security numbers and place other restrictions on the sale of personal information.
Jim Carroll, co-author of the Canadian Internet Handbook, says he would rather see companies adopt a uniform privacy code than have governments impose a solution. At the same time, consumers must also be careful about giving out information. "A lot of people are giving away personal information on the Internet without thinking about what they're doing", says Carroll. "I don't think people are privacy conscious." Still, in a high-tech world in which billions of daily transactions -- from credit-card purchases to e-mail messages to video-rental preferences -- are logged in computer databases, confidentiality seems like an increasingly quaint concept.