BKDBSNTN.RVW 20000201 "Database Nation", Simson Garfinkel, 2000, 1-56592-653-6, U$24.95/C$36.95 %A Simson Garfinkel simsong@vineyard.net %C 103 Morris Street, Suite A, Sebastopol, CA 95472 %D 2000 %G 1-56592-653-6 %I O'Reilly & Associates, Inc. %O U$24.95/C$36.95 800-998-9938 fax: 707-829-0104 nuts@ora.com %P 312 p. %T "Database Nation: The Death of Privacy in the 21st Century" This is a very hard book to define. The title would indicate that it is a technical work, but databases do not figure either centrally or prominently in the work, and, while the technical material is not wrong, it is not always either significant or advanced. The subtitle, plus the dust jacket comments, plus the definition of privacy as "fundamentally about the power of the individual" (p. 5), would indicate that this is a political text. Indeed, the central recommendation of the book is that the US government should promulgate legislation regarding privacy. (This proposal, plus the very strong focus upon the situation and history of the United States will seriously limit the interest that the volume might have for those outside the US.) Chapter one starts out with a number of rather nasty scenarios, but the problems appear to refer more to bad design than they do to privacy as such. Indeed, this foreshadows the content of the book as a whole, since the technical material, when it does appear, points out shoddy engineering and insufficient planning rather than attacks on confidentiality. (On the other hand, as a harangue against poor preparation the work presents some excellent examples.) The statement that "unrestrained technology ends privacy" is made somewhat baldly. Since the political definition of privacy previously cited is the only one given in the book this is almost true by definition, but it is, as such, uninteresting. No support is made to give the assertion any other depth. The penultimate section of the opening chapter talks about opposing informational intrusions, but neither there nor at the few other points in the book that touch on the subject are we given a serious discussion of how this might be done. The last section is entitled "Why This Book" and makes reference to the wake up call that "Silent Spring" was for the environmental movement. However, the case being made against technology as necessarily the enemy of privacy would not seem to justify this position. Chapter two is a history of US record keeping and credit reporting, and the problems reported generally relate to authentication and integrity. One interesting point is that Garfinkel appears to be strongly in favour of a national combined database for the United States, a proposal that gives most other privacy analysts hives. Various problems with biometric systems are reviewed (quite well) in chapter three, but although the fact that UPS collects digitized signatures is mentioned, the point is weakened (as in a number of other areas of the book) by not including the proposed sale of this database. Automatic data collection is discussed, but the proposed alternatives are very weak, in chapter four. Chapter five looks at satellite, video, and other sensors. Medical records, and the special problems thereof, are covered in chapter six. The ideas of David Brin's "The Transparent Society" (cf. BKTRASOC.RVW) are opposed here (as in some other sections of the text), but the suggested alternative sounds very much like the "reciprocal openness" that Brin proposes. Chapter seven reviews direct marketing. Ownership of personal information is discussed in chapter eight, with a heavy emphasis on the debate over genetic data. A long overview of terrorism is followed by a brief, but very intense, examination of surveillance in chapter nine. (This includes a rather forced look at brain mapping as a forerunner of mind reading.) Chapter ten raises various points in respect of artificial intelligence and agent technology, but is confusing to follow. A call is made for more legislation in regard to privacy in chapter eleven. As well, Garfinkel tries to argue that technology is *not* privacy neutral, but the example used does not support the point: again we are looking at a clear case of poor design. Most of the writing is good, but there are numerous small and sloppy errors that are annoying. Sentences are misplaced, anecdotes are started but not finished, and arguments are not followed to completion. Garfinkel strives for balance in the material presented, but his own points seem weak. This debility is not a function of fairness, though. For instance, in chapter nine a table seems to clearly indicate that wiretaps play no role in counterterrorism, but this point is never pursued in the text. As far as making the case that privacy is under attack, other works seem to have done a better job. "The Electronic Privacy Papers" (cf. BKELPRPA.RVW), for example, presents far more evidence of US government action against privacy. "Privacy on the Line" (cf. BKPRIVLN.RVW) gives a better background, although it doesn't provide much in the way of direction. "Technology and Privacy" (cf. BKTCHPRV.RVW) is more advanced and has the benefit of an international overview. "The Transparent Society," previously mentioned, not only provides a good framework, but its counter- intuitive reversal of perspective ensures a thorough analysis. "Database Nation" is certainly readable and probably thought- provoking. It may not, however, be the book that the promotion is making it out to be. copyright Robert M. Slade, 2000 BKDBSNTN.RVW 20000201