4.5 The Accuracy and Security of Information

The universal accessibility of information is not without potential problems. As individuals, corporations, and governments make growing use of data repositories, a series of difficulties arise. These problems have already been widely reported on in the popular media, but as more people use stored information, the number of those who could be adversely affected also increases. It should be noted that information accuracy is a genuine issue only if truth in information is a broadly held value; otherwise this discussion is irrelevant.

Information Accuracy

As things now stand, it is not always possible for individuals to know whether information about themselves exists, or where it is stored, much less what such a file might actually contain. There are a number of ways in which errors can creep into files, there to remain for years unchallenged, all the while affecting the lives of people. Credit rating, job prospects, accessibility to government services, and travel opportunities can all be influenced by incorrect information on file. Such errors come to be in several ways, the most common being through malice, typographical error, guilt by association, or because of an incomplete system.


A neighbour or worker who has been offended in some way might deliberately place false information into another's file--either by entering it directly, say, as a credit bureau employee, or by complaining to authorities and having an investigation undertaken. For instance, an anonymous tip that an individual has been molesting neighbourhood children could get a name onto a list of potential suspects regardless of whether any evidence was offered. One could also get into such police molester files through evidence in a divorce case, where the temptation to offer false evidence in custody hearings is very great. In some countries, government security agencies compile lists of people considered to be risks because of their political views or their membership in organizations deemed to be subversive. Unions and corporations have also been known to have such "blacklists." Unless denied a visa or a job, the person might never suspect that the list exists. Some promote hate against individuals or groups, and others make lists of those they claim to be promoting hatred and in turn vilify them.

Typographical Error

A clerk who types a slightly misspelled name in an arrest record or adds an extra zero to a balance owed can set off a chain of embarrassing events for the person affected. Police data bases are not generally public, and correcting their mistakes may be very difficult. Changing faulty financial records, especially such government ones as taxation files, can be a formidable and costly task, consuming much time and large legal fees.

Guilt by Association

An innocent party who happens to share an aeroplane seat with a known terrorist could be entered into an international police file and be classified as a security risk, denied government jobs, or forbidden to travel to other countries--all without knowing why. Because such files are kept secret by the authorities who maintain them, it can be extremely difficult to find out what is going on and to correct the problem.

Incomplete Systems

There are numerous examples of large systems in which information once entered is never updated, verified, or removed when it becomes out of date. For instance, police departments routinely record arrests, but may not follow up with the courts' disposition of cases. Likewise, reported thefts are recorded, but recovery of goods may not be. A person could report a car as stolen one day, have it recovered the next by the police, and be arrested on the third for driving a stolen car. With that cleared up, a promised job could suddenly be denied on the fourth day because of a check of arrest records indicates a positive match. The individual may never realize what has happened.

Some jurisdictions have already recognized these problems and passed laws to deal with them, but protection from incomplete information is still very poor in most parts of the world. Such cases illustrate the adage; "A little knowledge may be worse than none."

One of the more spectacular illustrations of incomplete systems is the so-called "year 2000 problem" (Y2K) or "millennium bug." Caused in large part because many software and hardware systems recorded only two digits (not the century) for the date, such systems had the potential to cause disruptions in all industries dependent on personal data that includes dates, such as banking and government record systems. When the clocks on many systems rolled over to January 1, 2000, they used the date as if it were 1900, throwing off calculations of interest, pensions, and rendering inoperative many real-time devices (bank machines, equipment controllers) that depended on using the time and date for their correct operation. Much work went into repairing this problem beforehand, however, and actual effects turned out to be minimal, though several other problematic dates are yet to arrive.

Solving Information Accuracy Problems

The Y2K problem had to be solved, and was, but cost vast sums of money and drove up programmers' salaries and lawyers' fees for a few years while the work was done. It also had potential (or, so it was thought) to cause disruptions in government, banking, general commerce, and the operation of much automated or robotic equipment.

As for some of the others, up to a point, all these types of problems are likely to become worse. However, with the advent of universal information accessibility, everyone could be given access to all files relating to them, regardless of who has created the file. Provided a person checks periodically to see what has been filed--particularly before applying for a job--the problems of inaccurate information could (in theory) be nearly eliminated. Ideally, all personal information would be stored in a single place, with access to individual items available only to qualified authorities or by permission of the person named in the file. Even better, the system could contain a program that electronically mailed peoples' files to them whenever the contents were changed.

However, this is an ideal. In an actual society, it is impossible to control all abuses. It is too much to hope that reorganizing the form of and the access to information would be sufficient to prevent the kinds of problems described here (and new ones) from recurring. Only a conscious effort to build carefully designed system safeguards would offer individuals security from bad personal information. After all, the mere computerization of a careless and flawed data system makes its problems worse, not better, as many a university and business can testify.

Moreover, the centralization of personal information even for the purpose of making it accessible and changeable for the person it names is itself dangerous, for it gives the controllers of the system containing that information the potential for great power over everyone.

Profile On . . . Issues

The Correctness of Information

When a search for information returns results that are incorrect, or a data security flaw allows a crime to be committed there can be serious consequences for reputations, loss of income, or even physical danger.

Who owns data?

o Does personal information belong to the individual or organization that entered it, the data bank that stores it, the person it is about, or to no one at all?

o Is government-gathered statistical information the domain of the state, or does it belong to each person in the state?

o Is corporate data the private property of the company in question, or are the shareholders entitled to it? the customers? the state?

Examples: ought the magnetic coding system for bank machine cards be public information? What about prison records? medical records? school records? tax information? marriage, divorce, birth and death records?

o Is it the ownership or the possession of data (or is it neither) that carries with it the responsibility to ensure its correctness?

o Does "news" information belong to the people in the story, the reporter who gathers it, the wire service that assembles it, the state in which it is disseminated, or to no one?

o Suppose a gene that confirms immunity to a serious disease (such as AIDS) is discovered in a person's DNA. Who owns this information--the person in whose body it resides, or the one who discovered the presence and effect of the gene?

Who is (ought to be) responsible?

o If a bank relies on incorrect credit data and so denies a loan, causing the customer a loss, is the bank liable? the credit agency, the individual who entered the faulty data?

o If the security facilities of a system are inadequate, allowing one user to defraud another with the system, is only the perpetrator liable, or are the owners of the system as well? What about the manufacturers of the hardware and software?

o If a stolen bank card can be used by the thief because the owner has written the PIN access number on the card, is the owner partly liable?

o If an investment company continues to do business with the public while concealing its poor financial state, who is responsible when the firm collapses? only the principals of the firm? the regulatory authorities who failed to monitor the situation closely enough? a journalist who knew the truth, but was afraid to print it and so trigger the collapse? the investors, who ought to have been more cautious?

o If a commercial program is faulty and causes damage to a business, are the publisher and author of the program liable? What if the package had a statement disclaiming such consequential damages? What if the copy in question had been pirated rather than purchased?

o When incorrect conclusions are drawn because data is incomplete, what liability attaches to the gatherer or user of the data?

What about compensation?

When economic or other loss is caused to some party due to incorrectly stored or stated information, who ought to compensate the injured person? (the one who caused the error, the party who ran the storage system, the one who used the data, or no one?) Does it make a difference if

o the data was maliciously entered wrongly? accidentally?

o the data was changed because of a machine fault with no human intervention?

o the data was incorrectly processed into information because of a faulty program?

o the data had simply been allowed to become outdated?

o the correct data was destroyed accidentally by human carelessness? by the action of a computer virus designed to destroy the data?

o rather than losing money, the injured party lost a job opportunity? her children in a divorce case? her reputation?

o the injured party never discovered the error, but someone else did?

Who has jurisdiction (Where does the crime take place?)

o when a computer crime is committed over the telephone lines in a distant computer across state or provincial lines? national borders?

o if data (such as pornography) that is stored in one country is used in or triggers a crime causing death in another country?

o if an electronic copy of data is stolen in one state or country, then taken to another where a paper copy is made, then to a third where the data is actually used for the first time?

o when a "hacker" creates a virus, turns it loose on a network, and thousands of computers all over the world suffer loss of data?

o over the information owned by a multinational company with headquarters in one country and branch offices in others? Can one government order the firm to comply with its laws outside its own borders? What if so doing would cause it to break the laws of other countries where it operates?

Technical Legal Issues

o Is electronically stored data tangible? If it is not a "thing," can it have value? Can it be stolen?

o If funds are embezzled from many sources using a single program that generates many illicit transactions by running in a loop, is this one crime or many?

Who (or what) is the victim

o when money is stolen from a bank machine? (A machine is not a person; is the element of deceit (of a person) necessary for fraud?)

o when false data is used to win an election, engineer (or prevent) a merger, or kite stock prices?


Observations about correctness immediately lead to questions about who ought to have access to personal information. It seems at times that one must not only assume that government and private companies know every intimate detail of the lives of ordinary citizens, but also make the same assumption about the nine-year-old down the street with the cheap computer and modem in her bedroom. Although it may be possible to establish a system of safeguards that require permission of the subject before personal information could formally be obtained and used, the spread of such data may not ever be controlled entirely, for information exists in many locations. Some of these are less secure than others, or have less than scrupulous owners. Any such system that was sufficiently comprehensive to enforce rules about personal data access would by its very existence pose a threat to privacy greater than any it could prevent. Since criminals will also use data facilities, it is also not hard to imagine someone setting up, say, a blackmail data bank to store sensitive or embarrassing personal information for sale to the highest bidder.

There was a time when such information was not readily available. A president of the United States could be a notorious womanizer and the news media collectively choose not to report it. A member of Parliament could hope that an old police record would never surface. A vice-presidential candidate could keep hidden an old stay in a mental institution, and a would-be senator could keep secret a string of shady business deals or underworld connections. A high official could have an affair with a secretary or a student intern and not be found out. The past could be hidden and forgotten, whether it included unusual sexual practices, divorce, illegitimate children, molestation, abuse, bankruptcy, tax fraud, a criminal record, failure in school, a dishonourable discharge, cowardice, bad judgement, the misappropriation of funds, or a collection of traffic violations large enough to fill a car.

Today, investigative reporters armed with terminals can discover all these things and more in public records (today's Metalibrary). In the society of the future, everyone will have to assume that all details of their past life, however embarrassing, are a matter of public record. For those in the public eye, whether as government, corporate, or union leaders or as professionals in positions of trust, life will therefore be much more an open book than it has been in the past. For better or worse, the ability to forget the embarrassments of one's past is on the road to extinction. Thus, it is hard to say whether having the full Metalibrary would make blackmail any more or less likely. If all information is readily available, there can be little embarrassment in having it revealed, for it could never be concealed.

Whether anyone will care or not about others' morality or judgement is a separate question. When such information is so readily available, the result could well be a cynical and jaded public that, hearing about the private lives of the rich and famous, turns a blind eye to morality altogether.

However, what would be left of a right to privacy in such a world? Only that which leaves no record behind. Since many people would choose to have their home Metalibrary terminal monitor activities inside the house as well as their use of what is available in the outside world, there might be very little human activity that is not recorded in some manner. At the place of work, performance monitoring will be increased, and more information retained about individual commercial transactions. While there may be some restrictions, it is not difficult to imagine the state (or society collectively and informally) gathering the power to continuously record all the activities of every person. This could initially be justified in terms of law-and-order enforcement efficiencies, for every criminal would be documented. However, the corresponding possibility for absolute state control over every citizen cannot be ignored.

Likewise, if the state has control over the strong encryption of data, and forces vendors of such products to give the state "keys" to decode any data back to plain text, there could be no privacy of data or communication. In this instance, however, the technology for message and file encryption was sufficiently widespread by the late 1990s that it can no longer be controlled--government officials simply had not realized this fact as yet.

Even at present, a record of every credit card transaction is kept by the card issuer. While little could be done in the past to systematize such records because of their sheer number, the technical obstacles are melting away even as the perceived rewards to merchants and card issuers are seen to become more tempting. After all, if you know who buys what kind of goods, you can target advertising very cost effectively and efficiently, and this alone would make keeping and analysing such records worthwhile.

If all that were done was the elimination of cash so that every retail transaction were on record, it would then be impossible for any person to hide anything significant. An institution (governmental or not) that could know everything could also control everything. In such a scenario, one could easily imagine that a "universal person code" could be placed on the hand of every citizen, to be passed over the supermarket scanners along with the beans and bread--permanently recording not only all human activity but also humanity itself. That exactly such a society would one day exist was predicted by the Apostle John writing in the first century A.D.:

"He also forced everyone, great and small, rich and poor, free and slave, to receive a mark on his right hand or on his forehead, so that no one could buy or sell unless he had the mark..." Revelation 13:16-17a (NIV)

It is not difficult to see that the technology to institute an Orwellian 1984-style state already exists and that such collectivizing trends are present.

Big Brother and Little Brother

On the other hand, the effect of universal information availability upon governments may prove to be neutral or even positive. There may even be greater democracy, for there is a counterbalance here that promotes individualism. While there is the potential for increased government control of information, individual access to knowledge of government activities could also be improved. So too could the opportunities for citizens to express themselves and change the course of government. Some envision a participatory democracy emerging--one in which citizens have daily opportunities not just to express opinions, but to learn the facts and decide the issues.

Thus, even while people lose some ability to act as "private" citizens, governments may also lose much of their capacity to operate arbitrarily and in secret. That is, loss of personal privacy does not necessarily mean a gain in centralized power--it just means that nothing can be hidden from anyone.

This could also frighten away from public office those with a seamy past to hide. However, since no one has a perfect past, perfect judgement, or perfect morality, the effect even upon the aspirations of society's leaders might not be very great. People would have to judge others (including their leaders) for who they were in the present and what they might be in the future rather than for their past.

Two more extreme responses are possible. On the one hand, standards of behaviour for people in the public eye could come to include a stricter practice of moral actions. A swing of the pendulum towards a comprehensive and rigid moral legalism of the type popularly attributed to the Victorian era could not even be ruled out.

On the other hand a variation of antinomianism is already prevalent among modern liberals. This is the notion that in many areas of human activity the idea of morality is simply irrelevant. This is usually phrased in terms of tolerating alternate life-styles, but there is no effective difference between permitting all moral systems as equally valid or saying that none are valid. Although this position, as usual, carries with it the logical contradiction that it tolerates everything except disagreement with itself, it has nonetheless become a popular response to the "outing" of information with moral overtones. Indeed, it has become so popular that it is today the control belief in this arena, threatening the freedom or the very existence of those who hold that moral issues are important--especially if they say they are absolute.

Whatever the case, the implications for the information age are profound--actions will be public, and so will be the moral judgement of them (or the lack of such judgement).

Turning from the action of individuals in government to those of the state itself, there are similar tensions between the desire for secrecy and the need to gather and manage information. Although most people in the Western world do not want comprehensive statism, the opposite extreme--no government, only daily electronic democracy--may well be too unstable and discontinuous to work.

The most likely outcome is a situation involving gains and losses to both privacy and democracy--not a swing of power to either the individual or the state, but a realignment that changes both. Information availability does create the potential for a new kind of tyranny, but it also provides for new kinds of checks and balances by giving the individual citizen greater knowledge and therefore more power. The two trends may not simply cancel each other out, because an open information society will be very different, but these trade-offs between privacy and knowledge may well become generally accepted and thus little remarked upon.

Another possibility is that power over information storage and transmission will become concentrated in the hands of a few technology managers and corporate suppliers. Such developments are commonly advocated to achieve efficiency, security, or convenience, but these are not the central issues. Control is. Given the lessons of history, one must assume that where there is centralized control, there will inevitably be abuse of power, regardless of whose hands hold the reigns of power and how (why) they obtained it. To date information technology has had a largely decentralizing and democratizing effect, but there is no reason to suppose that this situation will last indefinitely. Those who wish little brother and sister to win out in the long run must be diligent to retain their freedoms or they will surely lose them.

Why Privacy?

The ethical question here relates to the fundamental basis for the desire for privacy. Is privacy a fundamental human right, or is it merely a culturally derived preference? One could argue on religious grounds, for example, that since human dignity and self-esteem are at stake, the greatest possible amount of privacy ought to be granted other people in order to affirm their value. On the other hand, one could argue that the New Testament requires the people of God to be an open and transparent community and that they ought, therefore, to have no secrets from one another. One could even argue that both of these principles are true and that they do not contradict each other.

Data Security

At the corporate and government levels, it may at first be somewhat easier to keep information confidential than at the personal level, for there will be fewer copies and these will be stored in more carefully guarded systems, not (initially) readily available through the public Metalibrary. However, sophisticated computerized analysis of the activities of business and government even now leaves them with few secrets of the quantifiable kind. Any skilled individual should be able to analyse the market share and profitability of most companies. The trick will be to keep one's actual plans for the future secret for as long as possible.

Moreover, the proliferation of international corporations and the consequent increases in money, data, and technology flows across national boundaries make it much more difficult for governments to control corporate activities. This is already illustrated by the international banking system, within which large sums of money are routinely shifted from one country to another instantaneously and without much possibility of government intervention. Even today, no one nation or group of nations can be said to control the banking system. Thus, the ability to retain information within national boundaries has already all but vanished in the Western nations and will also do so eventually in the (previously) more closed East.

Governments will still attempt to keep national security, taxation, and military information secret. Corporations, credit providers, and banks will need to guarantee the security and integrity of the information they store, just to survive. Ultimately, government and corporations must also operate in a more open environment, for it will become progressively harder to keep anything out of the public view. A secrecy-oriented government can keep fax machines and photocopiers under lock and key and track every sheet of paper they produce for only just so long. Once it develops its own appetite for the efficiency of information machines and acquires several thousand of them, effective control becomes all but impossible. When those paper files become computerized, the security problems are multiplied.

This is not good news for those who desire to keep at least some information confidential. There have been numerous incidents of computer security violations at government or corporate installations, both by insiders and by enterprising hackers from without. Freebooters have rummaged through medical records, corporate finances, and even some military files. Insiders have stolen data for competing companies or nations, and saboteurs have destroyed whole installations.

The victims of these violations have learned from their woes and tightened up their poor security. Inside personnel are screened more closely on hiring and may be searched when leaving the job site. Modems are now designed to call back only to authorized numbers before connecting, passwords are checked regularly and not left lying around, and backup copies of important files are made regularly and stored in secure, off-site locations. Disks brought in are routinely scanned for virus programs that could destroy data. Critical installations often have an entire physical duplicate, usually in another city, so that service to customers can continue uninterrupted even through an explosion or fire at the main data centre (This is standard banking practice).

As security consciousness increases and governments attempt to control data flow across borders, some countries may set up data havens, much as they now establish tax havens. There will also be an increase in data traffic (buying and selling) on a very large scale, as economic, legal, and consumer files are copied from owner to owner.

The net long-term result will surely be even greater data availability on an international basis, and a general breaking down of national borders in favour of a more global view of information. While this is tending to make Western societies more open in some ways, it has already sounded the death knell for the old closed societies of the communist world. The very efficiency of information techniques mitigates against a tightly controlled society. Widespread availability of information is inimical to totalitarian forms of government, and a computer and modem are much more deadly enemies to statism than is a copying machine. Perhaps the best way to hasten the fall of tyranny is to ensure that it is well supplied with photocopiers, computers, and fax machines.

Thus, on balance the information age may favour the individual, but nagging doubts do remain. The gains available through individual access to information imply a corresponding loss of privacy. Are the trade-offs fair? Will Big Brother still end up watching? Will the millions of "little brothers and sisters" triumph? Will people have any vestige of personal privacy, or will everyone really be able to know everything about everyone else? The answers to these questions will vary from time to time and country to country, but the extreme scenarios now seem less likely than that some middle course will instead be charted.

The Fourth Civilization Table of Contents
Copyright © 1988-2002 by Rick Sutcliffe
Published by Arjay Books division of Arjay Enterprises