issue 162 - August 1986
The data dealers
John Murphy explains how spare computer capacity spawned
a huge new database industry - and highlights the risks entailed in
holding uncontrollable quantities of personal information.
IN most advanced countries computer users are obliged to disclose the personal information they are holding on their databanks. All citizens have the right to inspect those files and correct them if they are wrong. But somewhere along the lines the politicians have forgotten one vital safeguard: the right to challenge the data-bank's having any information on you at all - a flaw in the data protection system we will one day live to regret.
Information does not have to be abused to be a frightening threat. A political furore was caused in Sweden earlier this year when it was revealed that an academic had accumulated, as part of a social science research project, detailed information on 15,000 people from the day they were born. This came from public sources as well as medical records and was supplemented by, and cross-checked with, thousands of other databanks, including those run by the Government.
In the end the researcher knew more about those 15,000 than their mothers and fathers did. He did not abuse the information in any obvious way but it sent shivers down the spines of the Swedish people when they realized the ease with which it had been done. The Director-general of the Swedish Data Inspectorate and five of the 11 Inspectorate members resigned over the issue.
Even public access to the information can cause problems. Swedes, for example, have the right to inspect any personal details held on public databases. And not just on themselves. To make things easier to administer, all but the most personal details are open to inspection by anyone. Police suspect that Olaf Palme's assassin probably found his home address from a public database in a Stockholm library.
Database technology emerged partly through the marketing pressures from the computer industry. Once every company had a machine which could do the payroll, a new purpose for such powerful 'mainframes' had to be developed, otherwise people would simply stop buying them.
So in 1978 IBM created the idea of the 'Information Centre'. All available information on a company would be collected into a large central machine which would run sophisticated searching programs. But with the advent of the personal computer even this use for the mainframe grew less important; executives were keeping their own files and no longer needed the large central machine. The enormous over capacity again had to be turned to good use. This time the suggestion was the publicly accessible database. Personal computer users could now have access to enormous centralized machines from their own micros.
Police forces were not slow to see the opportunity. The US Federal Bureau of Investigation has developed its National Crime Information Centre and the British police have a Police National Computer, based in Hendon on the outskirts of London. These systems generally hold criminal records, information on unsolved crimes and routine information such as the registration numbers of stolen cars.
But there are ample opportunities for more informal use. Last year it was discovered that British officers were using the Police National Computers to identify the winners of a competition run by Shell. The competition depended on car licence plates and a list of the winning numbers was displayed in Shell service stations for the owners to recognize and claim their prize. Enterprising police officers were noting the numbers, finding the owners through the computer, and telephoning them to tip them off - in return for a fee of course.
Other allegations abound that the police have used access to the computer to do almost anything from checking up on cars they were about to buy to looking into the backgrounds of their girlfriends and boyfriends.
Another common abuse is that criminal records are available for a price. I was once offered the chance to check on a criminal record by an employee of a credit-checking agency. He did not say how this was to be done but said it would cost £30 ($50). Such ease of access is all the more worrying because the police admit that some of the information held on the system is not fact, but rumour and gossip collected by officers in the course of investigations.
And you can never be totally sure where the information will finish up. Last year Hans Joachim Tieg, a fairly lowly worker in West Germany's Verfassungsschutz (office for the Protection of the Constitution), defected to East Germany. He had access to the Security Services database with information on the location of West German agents in the East - and a rundown on all the suspected Eastern spies in West Germany. All of which could now be passed over to the East Germans.
The inherent holes in the safeguards on databanks have been glossed over because the ability to use large amounts of information quickly and conveniently is just too useful to a variety of interests. So the public relations men have gone to work to tell the world that we are in a new age when databases will help us do anything from save the whale to keeping track of the ill-effects of drugs.
In truth there are many ways in which the centralization of information can do some good. Databases of child sex offenders are being prepared to weed out potentially dangerous applicants for jobs which involve supervising children. And records of violence against children are also being computerized to help identify children at risk.
But the number of databases geared to 'socially useful' applications is far outweighed by those designed to help large corporations, financial institutions and 'enforcement agencies' such as tax collectors and the police.
The technology of collecting information is no more natural than the technology of the atom bomb.
John Murphy is News Editor of Computing.