Blown to Bits
Your Life, Liberty,
and Happiness After
the Digital Explosion
Hal Abelson
Ken Ledeen
Harry Lewis
Upper Saddle River, NJ • Boston • Indianapolis • San Francisco
New York • Toronto • Montreal • London • Munich • Paris • Madrid
Cape Town • Sydney • Tokyo • Singapore • Mexico City

Many of the designations used by manufacturers and sellers to distinguish their products are
claimed as trademarks. Where those designations appear in this book, and the publisher was
aware of a trademark claim, the designations have been printed with initial capital letters or in
all capitals.
The authors and publisher have taken care in the preparation of this book, but make no
expressed or implied warranty of any kind and assume no responsibility for errors or omissions.
No liability is assumed for incidental or consequential damages in connection with or arising
out of the use of the information or programs contained herein.
The publisher offers excellent discounts on this book when ordered in quantity for bulk
purchases or special sales, which may include electronic versions and/or custom covers and
content particular to your business, training goals, marketing focus, and branding interests. For
more information, please contact:
U.S. Corporate and Government Sales
(800) 382-3419
corpsales@pearsontechgroup.com
For sales outside the United States, please contact:
International Sales
international@pearson.com
Visit us on the Web: www.informit.com/aw
Library of Congress Cataloging-in-Publication Data:
Abelson, Harold.
Blown to bits : your life, liberty, and happiness after the digital explosion / Hal Abelson,
Ken Ledeen, Harry Lewis.
p. cm.
ISBN 0-13-713559-9 (hardback : alk. paper) 1. Computers and civilization. 2. Information
technology—Technological innovations. 3. Digital media. I. Ledeen, Ken, 1946- II. Lewis,
Harry R. III. Title.
QA76.9.C66A245 2008
303.48’33—dc22
2008005910
Copyright © 2008 Hal Abelson, Ken Ledeen, and Harry Lewis
For information regarding permissions, write to:
Pearson Education, Inc.
Rights and Contracts Department
501 Boylston Street, Suite 900
Boston, MA 02116
Fax (617) 671 3447
3.0 United States License. To view a copy of this license visit
http://creativecommons.org/licenses/by-nc-sa/3.0/us/ or send a letter to Creative Commons
171 Second Street, Suite 300, San Francisco, California, 94105, USA.
This work is licensed under the Creative Commons Attribution-Noncommercial-Share Alike
ISBN-13: 978-0-13-713559-2
ISBN-10: 0-13-713559-9
Text printed in the United States on recycled paper at RR Donnelley in Crawfordsville, Indiana.
Third printing December 2008
This Book Is Safari Enabled
The Safari® Enabled icon on the cover of your favorite technology book means the book is
available through Safari Bookshelf. When you buy this book, you get free access to the online
edition for 45 days.
Safari Bookshelf is an electronic reference library that lets you easily search thousands of
technical books, find code samples, download chapters, and access technical information
whenever and wherever you need it.
To gain 45-day Safari Enabled access to this book:
• Go to http://www.informit.com/onlineedition
• Complete the brief registration form
• Enter the coupon code 9SD6-IQLD-ZDNI-AGEC-AG6L
If you have difficulty registering on Safari Bookshelf or accessing the online edition, please
e-mail customer-service@safaribooksonline.com.
Editor in Chief
Mark Taub
Acquisitions Editor
Greg Doench
Development Editor
Michael Thurston
Managing Editor
Gina Kanouse
Senior Project Editor
Kristy Hart
Copy Editor
Water Crest Publishing, Inc.
Indexer
Erika Millen
Proofreader
Williams Woods Publishing Services
Publishing Coordinator
Michelle Housley
Interior Designer and Composition
Nonie Ratcliff
Cover Designer
Chuti Prasertsith

CHAPTER 1
Digital Explosion
Why Is It Happening, and
What Is at Stake?
On September 19, 2007, while driving alone near Seattle on her way to work,
Tanya Rider went off the road and crashed into a ravine.* For eight days, she
was trapped upside down in the wreckage of her car. Severely dehydrated and
suffering from injuries to her leg and shoulder, she nearly died of kidney failure. Fortunately, rescuers ultimately found her. She spent months recuperating in a medical facility. Happily, she was able to go home for Christmas.
Tanya’s story is not just about a woman, an accident, and a rescue. It is a
story about bits—the zeroes and ones that make up all our cell phone conversations, bank records, and everything else that gets communicated or stored
using modern electronics.
Tanya was found because cell phone companies keep records of cell phone
locations. When you carry your cell phone, it regularly sends out a digital
“ping,” a few bits conveying a “Here I am!” message. Your phone keeps “pinging” as long as it remains turned on. Nearby cell phone towers pick up the
pings and send them on to your cellular service provider. Your cell phone
company uses the pings to direct your incoming calls to the right cell phone
towers. Tanya’s cell phone company, Verizon, still had a record of the last
location of her cell phone, even after the phone had gone dead. That is how
the police found her.
So why did it take more than a week?
If a woman disappears, her husband can’t just make the police find her by
tracing her cell phone records. She has a privacy right, and maybe she has
good reason to leave town without telling her husband where she is going. In
1
* Citations of facts and sources appear at the end of the book. A page number and a phrase
identify the passage.

Tanya’s case, her bank account showed some activity (more bits!) after her
disappearance, and the police could not classify her as a “missing person.” In
fact, that activity was by her husband. Through some misunderstanding, the
police thought he did not have access to the account. Only when the police
suspected Tanya’s husband of involvement in her disappearance did they
have legal access to the cell phone records. Had they continued to act on the
true presumption that he was blameless, Tanya might never have been found.
New technologies interacted in an odd way with evolving standards of privacy, telecommunications, and criminal law. The explosive combination
almost cost Tanya Rider her life. Her story is dramatic, but every day we
encounter unexpected consequences of data flows that could not have happened a few years ago.
When you have finished reading this book, you should see the world in a
different way. You should hear a story from a friend or on a newscast and say
to yourself, “that’s really a bits story,” even if no one mentions anything digital. The movements of physical objects and the actions of flesh and blood
human beings are only the surface. To understand what is really going on, you
have to see the virtual world, the eerie flow of bits steering the events of life.
This book is your guide to this new world.
The Explosion of Bits, and Everything Else
The world changed very suddenly. Almost everything is stored in a computer
somewhere. Court records, grocery purchases, precious family photos, pointless radio programs…. Computers contain a lot of stuff that isn’t useful today
but somebody thinks might someday come in handy. It is all being reduced
to zeroes and ones—“bits.” The bits are stashed on disks of home computers
and in the data centers of big corporations and government agencies. The
disks can hold so many bits that there is no need to pick and choose what
gets remembered.
So much digital information, misinformation, data, and garbage is being
squirreled away that most of it will be seen only by computers, never by
human eyes. And computers are getting better and better at extracting meaning from all those bits—finding patterns that sometimes solve crimes and
make useful suggestions, and sometimes reveal things about us we did not
expect others to know.
The March 2008 resignation of Eliot Spitzer as Governor of New York is a
bits story as well as a prostitution story. Under anti-money laundering (AML)
rules, banks must report transactions of more than $10,000 to federal regulators. None of Spitzer’s alleged payments reached that threshold, but his
2 BLOWN TO BITS

bank’s computer found that transfers of smaller sums formed a suspicious
pattern. The AML rules exist to fight terrorism and organized crime. But while
the computer was monitoring small banking transactions in search of
big-time crimes, it exposed a simple payment for services rendered that
brought down the Governor.
Once something is on a computer, it can replicate and move around the
world in a heartbeat. Making a million perfect copies takes but an instant—
copies of things we want everyone in the world to see, and also copies of
things that weren’t meant to be copied at all.
The digital explosion is changing the world as much as printing once did—
and some of the changes are catching us unaware, blowing to bits our
assumptions about the way the world works.
When we observe the digital explosion at all, it can seem benign, amusing, or even utopian. Instead of sending prints through the mail to Grandma,
we put pictures of our children on a photo album web site such as Flickr. Then
not only can Grandma see them—so can Grandma’s friends and anyone else.
So what? They are cute and harmless. But suppose a tourist takes a vacation
snapshot and you just happen to appear in the background, at a restaurant
where no one knew you were dining. If the tourist uploads his photo, the
whole world could know where you were, and when you were there.
Data leaks. Credit card records are supposed to stay locked up in a data
warehouse, but escape into the hands of identity thieves. And we sometimes
give information away just because we get something back for doing so. A
company will give you free phone calls to anywhere in the world—if you
don’t mind watching ads for the products its computers hear you talking
about.
And those are merely things that are happening today. The explosion, and
the social disruption it will create, have barely begun.
We already live in a world in which there is enough memory just in digital cameras to store every word of every book in the Library of Congress a
hundred times over. So much email is being sent that it could transmit the
full text of the Library of Congress in ten minutes. Digitized pictures and
sounds take more space than words, so emailing all the images, movies, and
sounds might take a year—but that is just today. The explosive growth is still
happening. Every year we can store more information, move it more quickly,
and do far more ingenious things with it than we could the year before.
So much disk storage is being produced every year that it could be used to
record a page of information, every minute or two, about you and every other
human being on earth. A remark made long ago can come back to haunt a
political candidate, and a letter jotted quickly can be a key discovery for a
CHAPTER 1 DIGITAL EXPLOSION 3

biographer. Imagine what it would mean to record every word every human
being speaks or writes in a lifetime. The technological barrier to that has
already been removed: There is enough storage to remember it all. Should
any social barrier stand in the way?
Sometimes things seem to work both better and worse than they used to.
A “public record” is now very public—before you get hired in Nashville,
Tennessee, your employer can figure out if you were caught ten years ago
taking an illegal left turn in Lubbock, Texas. The old notion of a “sealed court
record” is mostly a fantasy in a world where any tidbit of information is
duplicated, cataloged, and moved around endlessly. With hundreds of TV and
radio stations and millions of web sites, Americans love the variety of news
sources, but are still adjusting uncomfortably to the displacement of more
authoritative sources. In China, the situation is reversed: The technology creates greater government control of the information its citizens receive, and
better tools for monitoring their behavior.
This book is about how the digital explosion is changing everything. It
explains the technology itself—why it creates so many surprises and why
things often don’t work the way we expect them to. It is also about things the
information explosion is destroying: old assumptions about our privacy,
about our identity, and about who is in control of our lives. It’s about how
we got this way, what we are losing, and what remains that society still has
a chance to put right. The digital explosion is creating both opportunities and
risks. Many of both will be gone in a decade, settled one way or another.
Governments, corporations, and other authorities are taking advantage of the
chaos, and most of us don’t even see it happening. Yet we all have a stake in
the outcome. Beyond the science, the history, the law, and the politics, this
book is a wake-up call. The forces shaping your future are digital, and you
need to understand them.
The Koans of Bits
Bits behave strangely. They travel almost instantaneously, and they take
almost no space to store. We have to use physical metaphors to make them
understandable. We liken them to dynamite exploding or water flowing. We
even use social metaphors for bits. We talk about two computers agreeing on
some bits, and about people using burglary tools to steal bits. Getting the right
metaphor is important, but so is knowing the limitations of our metaphors. An
imperfect metaphor can mislead as much as an apt metaphor can illuminate.
4 BLOWN TO BITS

We offer seven truths about bits. We call them “koans” because they are
paradoxes, like the Zen verbal puzzles that provoke meditation and enlightenment. These koans are oversimplifications and over-generalizations. They
describe a world that is developing but hasn’t yet fully emerged. But even
today they are truer than we often realize. These themes will echo through
our tales of the digital explosion.
Koan 1: It’s All Just Bits
Your computer successfully creates the illusion that it contains photographs,
letters, songs, and movies. All it really contains is bits, lots of them, patterned
in ways you can’t see. Your computer was designed to store just bits—all the
files and folders and different kinds of data are illusions created by computer
programmers. When you send an email containing a photograph, the computers that handle your message as it flows through the Internet have no idea
that what they are handling is part text and part graphic. Telephone calls are
also just bits, and that has helped create competition—traditional phone companies, cell phone companies, cable TV companies, and Voice over IP (VoIP)
service providers can just shuffle bits around to each other to complete calls.
The Internet was designed to handle just bits, not emails or attachments,
which are inventions of software engineers. We couldn’t live without those
more intuitive concepts, but they are artifices. Underneath, it’s all just bits.
This koan is more consequential than you might think. Consider the story
of Naral Pro-Choice America and Verizon Wireless. Naral wanted to form a
CHAPTER 1 DIGITAL EXPLOSION 5
CLAUDE SHANNON
Claude Shannon (1916–2001) is the undisputed founding figure of information and
communication theory. While working at Bell
Telephone Laboratories after the Second
World War, he wrote the seminal paper, “A
mathematical theory of communication,”
which foreshadowed much of the subsequent
development of digital technologies.
Published in 1948, this paper gave birth to
the now-universal realization that the bit is
the natural unit of information, and to the
use of the term.
Alcatel-Lucent, http:www.bell-labs.com/news/2001/february/26/shannon2_lg.jpeg.

text messaging group to send alerts to its members. Verizon decided not to
allow it, citing the “controversial or unsavory” things the messages might
contain. Text message alert groups for political candidates it would allow, but
not for political causes it deemed controversial. Had Naral simply wanted
telephone service or an 800 number, Verizon would have had no choice.
Telephone companies were long ago declared “common carriers.” Like railroads, phone companies are legally prohibited from picking and choosing
customers from among those who want their services. In the bits world, there
is no difference between a text message and a wireless phone call. It’s all just
bits, traveling through the air by radio waves. But the law hasn’t caught up
to the technology. It doesn’t treat all bits the same, and the common carriage
rules for voice bits don’t apply to text message bits.
Verizon backed down in the case
of Naral, but not on the principle. A
phone company can do whatever it
thinks will maximize its profits in
deciding whose messages to distribute. Yet no sensible engineering distinction can be drawn between text
messages, phone calls, and any other
bits traveling through the digital airwaves.
Koan 2: Perfection
Is Normal
To err is human. When books were
laboriously transcribed by hand, in
ancient scriptoria and medieval
monasteries, errors crept in with
every copy. Computers and networks
work differently. Every copy is perfect. If you email a photograph to a
friend, the friend won’t receive a
fuzzier version than the original. The
copy will be identical, down to the
level of details too small for the eye
to see.
Computers do fail, of course.
Networks break down too. If the
6 BLOWN TO BITS
EXCLUSIVE AND RIVALROUS
Economists would say that bits,
unless controlled somehow, tend to
be non-exclusive (once a few people have them, it is hard to keep
them from others) and nonrivalrous (when someone gets them
from me, I don’t have any less). In a
letter he wrote about the nature of
ideas, Thomas Jefferson eloquently
stated both properties. If nature
has made any one thing less susceptible than all others of exclusive property, it is the action of the
thinking power called an idea,
which an individual may exclusively possess as long as he keeps
it to himself; but the moment it is
divulged, it forces itself into the
possession of every one, and the
receiver cannot dispossess himself
of it. Its peculiar character, too, is
that no one possesses the less,
because every other possesses the
whole of it.

power goes out, nothing works at all. So the statement that copies are normally perfect is only relatively true. Digital copies are perfect only to the
extent that they can be communicated at all. And yes, it is possible in theory
that a single bit of a big message will arrive incorrectly. But networks don’t
just pass bits from one place to another. They check to see if the bits seem to
have been damaged in transit, and correct them or retransmit them if they
seem incorrect. As a result of these error detection and correction mechanisms, the odds of an actual error—a character being wrong in an email, for
example—are so low that we would be wiser to worry instead about a meteor
hitting our computer, improbable though precision meteor strikes may be.
The phenomenon of perfect copies has drastically changed the law, a story
told in Chapter 6, “Balance Toppled.” In the days when music was distributed
on audio tape, teenagers were not prosecuted for making copies of songs,
because the copies weren’t as good as the originals, and copies of copies
would be even worse. The reason that thousands of people are today receiving threats from the music and movie industries is that their copies are perfect—not just as good as the original, but identical to the original, so that
even the notion of “original” is meaningless. The dislocations caused by file
sharing are not over yet. The buzzword of the day is “intellectual property.”
But bits are an odd kind of property. Once I release them, everybody has
them. And if I give you my bits, I don’t have any fewer.
Koan 3: There Is Want in the Midst of Plenty
Vast as world-wide data storage is today, five years from now it will be ten
times as large. Yet the information explosion means, paradoxically, the loss
of information that is not online. One of us recently saw a new doctor at a
clinic he had been using for decades. She showed him dense charts of his
blood chemistry, data transferred from his home medical device to the clinic’s
computer—more data than any specialist could have had at her disposal five
years ago. The doctor then asked whether he had ever had a stress test and
what the test had shown. Those records should be all there, the patient
explained, in the medical file. But it was in the paper file, to which the doctor did not have access. It wasn’t in the computer’s memory, and the patient’s
memory was being used as a poor substitute. The old data might as well not
have existed at all, since it wasn’t digital.
Even information that exists in digital form is useless if there are no
devices to read it. The rapid progress of storage engineering has meant that
data stored on obsolete devices effectively ceases to exist. In Chapter 3,
“Ghosts in the Machine,” we shall see how a twentieth-century update of the
CHAPTER 1 DIGITAL EXPLOSION 7

eleventh-century British Domesday Book was useless by the time it was only
a sixtieth the age of the original.
Or consider search, the subject of Chapter 4, “Needles in the Haystack.” At
first, search engines such as Google and Yahoo! were interesting conveniences, which a few people used for special purposes. The growth of the World
Wide Web has put so much information online that search engines are for
many people the first place to look for something, before they look in books
or ask friends. In the process, appearing prominently in search results has
become a matter of life or death for businesses. We may move on to purchase
from a competitor if we can’t find the site we wanted in the first page or two
of results. We may assume something didn’t happen if we can’t find it quickly
in an online news source. If it can’t be found—and found quickly—it’s just as
though it doesn’t exist at all.
Koan 4: Processing Is Power
The speed of a computer is usually
measured by the number of basic
operations, such as additions, that
can be performed in one second. The
fastest computers available in the
early 1940s could perform about
five operations per second. The
fastest today can perform about a
trillion. Buyers of personal computers know that a machine that seems
fast today will seem slow in a year
or two.
For at least three decades, the
increase in processor speeds was
exponential. Computers became
twice as fast every couple of years.
These increases were one consequence of “Moore’s Law” (see sidebar).
Since 2001, processor speed has
not followed Moore’s Law; in fact,
processors have hardly grown faster
at all. But that doesn’t mean that computers won’t continue to get faster. New
chip designs include multiple processors on the same chip so the work can be
split up and performed in parallel. Such design innovations promise to
8 BLOWN TO BITS
MOORE’S LAW
Gordon Moore, founder of Intel
Corporation, observed that the
density of integrated circuits
seemed to double every couple of
years. This observation is referred
to as “Moore’s Law.” Of course, it is
not a natural law, like the law of
gravity. Instead, it is an empirical
observation of the progress of
engineering and a challenge to
engineers to continue their innovation. In 1965, Moore predicted that
this exponential growth would
continue for quite some time. That
it has continued for more than 40
years is one of the great marvels of
engineering. No other effort in history has sustained anything like
this growth rate.

achieve the same effect as continued increases in raw processor speed. And
the same technology improvements that make computers faster also make
them cheaper.
The rapid increase in processing power means that inventions move out of
labs and into consumer goods very quickly. Robot vacuum cleaners and selfparking vehicles were possible in theory a decade ago, but now they have
become economically feasible. Tasks that today seem to require uniquely
human skills are the subject of research projects in corporate or academic laboratories. Face recognition and voice recognition are poised to bring us new
inventions, such as telephones that know who is calling and surveillance
cameras that don’t need humans to watch them. The power comes not just
from the bits, but from being able to do things with the bits.
Koan 5: More of the Same Can Be a Whole New Thing
Explosive growth is exponential growth—doubling at a steady rate. Imagine
earning 100% annual interest on your savings account—in 10 years, your
money would have increased more than a thousandfold, and in 20 years,
more than a millionfold. A more reasonable interest rate of 5% will hit the
same growth points, just 14 times more slowly. Epidemics initially spread
exponentially, as each infected individual infects several others.
When something grows exponentially, for a long time it may seem not to
be changing at all. If we don’t watch it steadily, it will seem as though something discontinuous and radical occurred while we weren’t looking.
That is why epidemics at first go unnoticed, no matter how catastrophic
they may be when full-blown. Imagine one sick person infecting two healthy
people, and the next day each of those two infects two others, and the next
day after that each of those four infects two others, and so on. The number
of newly infected each day grows from two to four to eight. In a week, 128
people come down with the disease in a single day, and twice that number
are now sick, but in a population of ten million, no one notices. Even after
two weeks, barely three people in a thousand are sick. But after another week,
40% of the population is sick, and society collapses
Exponential growth is actually smooth and steady; it just takes very little
time to pass from unnoticeable change to highly visible. Exponential growth
of anything can suddenly make the world look utterly different than it had
been. When that threshold is passed, changes that are “just” quantitative can
look qualitative.
Another way of looking at the apparent abruptness of exponential
growth—its explosive force—is to think about how little lead time we have to
respond to it. Our hypothetical epidemic took three weeks to overwhelm the
CHAPTER 1 DIGITAL EXPLOSION 9

population. At what point was it only a half as devastating? The answer is
not “a week and a half.” The answer is on the next to last day. Suppose it took
a week to develop and administer a vaccine. Then noticing the epidemic after
a week and a half would have left ample time to prevent the disaster. But that
would have required understanding that there was an epidemic when only
2,000 people out of ten million were infected.
The information story is full of examples of unperceived changes followed
by dislocating explosions. Those with the foresight to notice the explosion
just a little earlier than everyone else can reap huge benefits. Those who move
a little too slowly may be overwhelmed by the time they try to respond. Take
the case of digital photography.
In 1983, Christmas shoppers could buy digital cameras to hook up to their
IBM PC and Apple II home computers. The potential was there for anyone to
see; it was not hidden in secret corporate laboratories. But digital photography did not take off. Economically and practically, it couldn’t. Cameras were
too bulky to put in your pocket, and digital memories were too small to hold
many images. Even 14 years later, film photography was still a robust industry. In early 1997, Kodak stock hit a record price, with a 22% increase in
quarterly profit, “fueled by healthy film and paper sales…[and] its motion picture film business,” according to a news report. The company raised its dividend for the first time in eight years. But by 2007, digital memories had
become huge, digital processors had become fast and compact, and both were
cheap. As a result, cameras had become little computers. The company that
was once synonymous with photography was a shadow of its former self.
Kodak announced that its employee force would be cut to 30,000, barely a
fifth the size it was during the good times of the late 1980s. The move would
cost the company more than $3 billion. Moore’s Law moved faster than
Kodak did.
In the rapidly changing world of bits, it pays to notice even small changes,
and to do something about them.
Koan 6: Nothing Goes Away
2,000,000,000,000,000,000,000.
That is the number of bits that were created and stored away in 2007,
according to one industry estimate. The capacity of disks has followed its own
version of Moore’s Law, doubling every two or three years. For the time being
at least, that makes it possible to save everything though recent projections
suggest that by 2011, we may be producing more bits than we can store.
10 BLOWN TO BITS

In financial industries, federal laws now require massive data retention, to
assist in audits and investigations of corruption. In many other businesses,
economic competitiveness drives companies to save everything they collect
and to seek out new data to retain. Wal-Mart stores have tens of millions of
transactions every day, and every one of them is saved—date, time, item,
store, price, who made the purchase, and how—credit, debit, cash, or gift card.
Such data is so valuable to planning the supply chain that stores will pay
money to get more of it from their customers. That is really what supermarket
loyalty cards provide—shoppers are supposed to think that the store is granting them a discount in appreciation for their steady business, but actually the
store is paying them for information about their buying patterns. We might
better think of a privacy tax—we pay the regular price unless we want to keep
information about our food, alcohol, and pharmaceutical purchases from the
market; to keep our habits to ourselves, we pay extra.
The massive databases challenge our expectations about what will happen
to the data about us. Take something as simple as a stay in a hotel. When you
check in, you are given a keycard, not a mechanical key. Because the keycards can be deactivated instantly, there is no longer any great risk associated with losing your key, as long as you report it missing quickly. On the
other hand, the hotel now has a record, accurate to the second, of every time
you entered your room, used the gym or the business center, or went in the
back door after-hours. The same database could identify every cocktail and
steak you charged to the room, which other rooms you phoned and when, and
the brands of tampons and laxatives you charged at the hotel’s gift shop. This
data might be merged with billions like it, analyzed, and transferred to the
parent company, which owns restaurants and fitness centers as well as hotels.
It might also be lost, or stolen, or subpoenaed in a court case.
The ease of storing information has meant asking for more of it. Birth certificates used to include just the information about the child’s and parents’
names, birthplaces, and birthdates, plus the parents’ occupations. Now the
electronic birth record includes how much the mother drank and smoked during her pregnancy, whether she had genital herpes or a variety of other medical conditions, and both parents’ social security numbers. Opportunities for
research are plentiful, and so are opportunities for mischief and catastrophic
accidental data loss.
And the data will all be kept forever,
unless there are policies to get rid of it. For
the time being at least, the data sticks
around. And because databases are intentionally duplicated—backed up for security,
CHAPTER 1 DIGITAL EXPLOSION 11
The data will all be kept
forever, unless there are
policies to get rid of it.

12 BLOWN TO BITS
or shared while pursuing useful analyses—it is far from certain that data can
ever be permanently expunged, even if we wish that to happen. The Internet
consists of millions of interconnected computers; once data gets out, there is
no getting it back. Victims of identity theft experience daily the distress of
having to remove misinformation from the record. It seems never to go away.
Koan 7: Bits Move Faster Than Thought
The Internet existed before there were personal computers. It predates the
fiber optic communication cables that now hold it together. When it started
around 1970, the ARPANET, as it was called, was designed to connect a handful of university and military computers. No one imagined a network connecting tens of millions of computers and shipping information around the
world in the blink of an eye. Along with processing power and storage capacity, networking has experienced its own exponential growth, in number of
computers interconnected and the rate at which data can be shipped over
long distances, from space to earth and from service providers into private
homes.
The Internet has caused drastic shifts in business practice. Customer service calls are outsourced to India today not just because labor costs are low
there. Labor costs have always been low in India, but international telephone
calls used to be expensive. Calls about airline reservations and lingerie
returns are answered in India today because it now takes almost no time and
costs almost no money to send to India the bits representing your voice. The
same principle holds for professional services. When you are X-rayed at your
local hospital in Iowa, the radiologist who reads the X-ray may be half a
world away. The digital X-ray moves back and forth across the world faster
than a physical X-ray could be moved between floors of the hospital. When
you place an order at a drive-through station at a fast food restaurant, the
person taking the order may be in another state. She keys the order so it
appears on a computer screen in the kitchen, a few feet from your car, and
you are none the wiser. Such developments are causing massive changes to
the global economy, as industries figure out how to keep their workers in one
place and ship their business as bits.
In the bits world, in which messages flow instantaneously, it sometimes
seems that distance doesn’t matter at all. The consequences can be startling.
One of us, while dean of an American college, witnessed the shock of a father
receiving condolences on his daughter’s death. The story was sad but familiar, except that this version had a startling twist. Father and daughter were

both in Massachusetts, but the condolences arrived from half-way around the
world before the father had learned that his daughter had died. News, even
the most intimate news, travels fast in the bits world, once it gets out. In the
fall of 2007, when the government of Myanmar suppressed protests by
Buddhist monks, television stations around the world showed video clips
taken by cell phone, probably changing the posture of the U.S. government.
The Myanmar rebellion also shows the power of information control when
information is just bits. The story dropped off the front page of the newspapers once the government took total control of the Internet and cell phone
towers.
The instantaneous communication of massive amounts of information has
created the misimpression that there is a place called “Cyberspace,” a land
without frontiers where all the world’s people can be interconnected as
though they were residents of the same small town. That concept has been
decisively refuted by the actions of the world’s courts. National and state borders still count, and count a lot. If a book is bought online in England, the
publisher and author are subject to British libel laws rather than those of the
homeland of the author or publisher. Under British law, defendants have to
prove their innocence; in the U.S., plaintiffs have to prove the guilt of the
defendants. An ugly downside to the explosion of digital information and its
movement around the world is that information may become less available
even where it would be legally protected (we return to this subject in Chapter
7, “You Can’t Say That on the Internet”). Publishers fear “libel tourism”—
lawsuits in countries with weak protection of free speech, designed to intimidate authors in more open societies. It may prove simpler to publish only a
single version of a work for sale everywhere, an edition omitting information
that might somewhere excite a lawsuit.
Good and Ill, Promise and Peril
The digital explosion has thrown a lot of things up for grabs and we all have
a stake in who does the grabbing. The way the technology is offered to us, the
way we use it, and the consequences of the vast dissemination of digital information are matters not in the hands of technology experts alone. Governments
and corporations and universities and other social institutions have a say. And
ordinary citizens, to whom these institutions are accountable, can influence
their decisions. Important choices are made every year, in government offices
CHAPTER 1 DIGITAL EXPLOSION 13

and legislatures, in town meetings and police stations, in the corporate offices
of banks and insurance companies, in the purchasing departments of chain
stores and pharmacies. We all can help raise the level of discourse and understanding. We can all help ensure that technical decisions are taken in a context of ethical standards.
We offer two basic morals. The first is that information technology is inherently neither good nor bad—it can be used for good or ill, to free us or to
shackle us. Second, new technology brings social change, and change comes
with both risks and opportunities. All of us, and all of our public agencies and
private institutions, have a say in whether technology will be used for good or
ill and whether we will fall prey to its risks or prosper from the opportunities
it creates.
Technology Is Neither Good nor Bad
Any technology can be used for good or ill. Nuclear reactions create electric
power and weapons of mass destruction. The same encryption technology that
makes it possible for you to email your friends with confidence that no eavesdropper will be able to decipher your message also makes it possible for terrorists to plan their attacks undiscovered. The same Internet technology that
facilitates the widespread distribution of educational works to impoverished
students in remote locations also enables massive copyright infringement. The
photomanipulation tools that enhance your snapshots are used by child
pornographers to escape prosecution.
The key to managing the ethical and moral consequences of technology
while nourishing economic growth is to regulate the use of technology without banning or restricting its creation.
It is a marvel that anyone with a smart cell phone can use a search engine
to get answers to obscure questions almost anywhere. Society is rapidly
being freed from the old limitations of geography and status in accessing
information.
The same technologies can be used to monitor individuals, to track their
behaviors, and to control what information they receive. Search engines need
not return unbiased results. Many users of web browsers do not realize that
the sites they visit may archive their actions. Technologically, there could be
a record of exactly what you have been accessing and when, as you browse a
library or bookstore catalog, a site selling pharmaceuticals, or a service offering advice on contraception or drug overdose. There are vast opportunities to
14 BLOWN TO BITS

CHAPTER 1 DIGITAL EXPLOSION 15
use this information for invasive but
relatively benign purposes, such as
marketing, and also for more questionable purposes, such as blacklisting and blackmail. Few regulations
mandate disclosure that the information is being collected, or restrict the
use to which the data can be put.
Recent federal laws, such as the USA
PATRIOT Act, give government
agencies sweeping authority to sift
through mostly innocent data looking for signs of “suspicious activity”
by potential terrorists—and to notice
lesser transgressions, such as
Governor Spitzer’s, in the process.
Although the World Wide Web now
reaches into millions of households,
the rules and regulations governing
it are not much better than those of
a lawless frontier town of the old
West.
New Technologies Bring Both Risks and Opportunities
The same large disk drives that enable anyone with a home computer to analyze millions of baseball statistics also allow anyone with access to confidential information to jeopardize its security. Access to aerial maps via the
Internet makes it possible for criminals to plan burglaries of upscale houses,
but technologically sophisticated police know that records of such queries can
also be used to solve crimes.
Even the most un-electronic livelihoods are changing because of instant
worldwide information flows. There are no more pool hustlers today—journeymen wizards of the cue, who could turn up in pool halls posing as outof-town bumpkins just looking to bet on a friendly game, and walk away
with big winnings. Now when any newcomer comes to town and cleans up,
his name and face are on AZBilliards.com instantly for pool players everywhere to see.
BLACKLISTS AND WHITELISTS
In the bits world, providers of services can create blacklists or
whitelists. No one on a blacklist
can use the service, but everyone
else can. For example, an auctioneer might put people on a blacklist
if they did not pay for their purchases. But service providers who
have access to other information
about visitors to their web sites
might use undisclosed and far more
sweeping criteria for blacklisting.
A whitelist is a list of parties to
whom services are available, with
everyone else excluded. For example, a newspaper may whitelist its
home delivery subscribers for
access to its online content, allowing others onto the whitelist only
after they have paid.

Social networking sites such as facebook.com, myspace.com, and
match.com have made their founders quite wealthy. They have also given
birth to many thousands of new friendships, marriages, and other ventures.
But those pretending to be your online friends may not be as they seem.
Social networking has made it easier for predators to take advantage of the
naïve, the lonely, the elderly, and the young.
In 2006, a 13-year-old girl, Megan Meier of Dardenne Prairie, Missouri,
made friends online with a 16-year-old boy named “Josh.” When “Josh”
turned against her, writing “You are a bad person and everybody hates you….
The world would be a better place without you,” Megan committed suicide. Yet
Josh did not exist. Josh was a MySpace creation—but of whom? An early
police report stated that the mother of another girl in the neighborhood
acknowledged “instigating” and monitoring the account. That woman’s lawyer
later blamed someone who worked for his client. Whoever may have sent the
final message to Megan, prosecutors are having a hard time identifying any
law that might have been broken. “I can start MySpace on every single one of
you and spread rumors about every single one of you,” said Megan’s mother,
“and what’s going to happen to me? Nothing.”
Along with its dazzling riches and vast horizons, the Internet has created
new manifestations of human evil—some of which, including the cyberharassment Megan Meier suffered, may not be criminal under existing law. In
a nation deeply committed to free expression as a legal right, which Internet
evils should be crimes, and which are just wrong?
Vast data networks have made it possible to move work to where the
people are, not people to the work. The results are enormous business opportunities for entrepreneurs who take advantage of these technologies and new
enterprises around the globe, and also the other side of the coin: jobs lost to
outsourcing.
The difference every one of us can make, to our workplace or to another
institution, can be to ask a question at the right time about the risks of
some new technological innovation—or to point out the possibility of doing
something in the near future that a few years ago would have been utterly
impossible.
✷
16 BLOWN TO BITS

We begin our tour of the digital landscape with a look at our privacy, a social
structure the explosion has left in shambles. While we enjoy the benefits of
ubiquitous information, we also sense the loss of the shelter that privacy once
gave us. And we don’t know what we want to build in its place. The good and
ill of technology, and its promise and peril, are all thrown together when
information about us is spread everywhere. In the post-privacy world, we
stand exposed to the glare of noonday sunlight—and sometimes it feels
strangely pleasant.
CHAPTER 1 DIGITAL EXPLOSION 17

CHAPTER 2
Naked in the Sunlight
Privacy Lost, Privacy Abandoned
1984 Is Here, and We Like It
On July 7, 2005, London was shaken as suicide bombers detonated four
explosions, three on subways and one on a double-decker bus. The attack on
the transit system was carefully timed to occur at rush hour, maximizing its
destructive impact. 52 people died and 700 more were injured.
Security in London had already been tight. The city was hosting the G8
Summit, and the trial of fundamentalist cleric Abu Hamza al-Masri had just
begun. Hundreds of thousands of surveillance cameras hadn’t deterred the
terrorist act, but the perpetrators were caught on camera. Their pictures were
sent around the world instantly. Working from 80,000 seized tapes, police
were able to reconstruct a reconnaissance trip the bombers had made two
weeks earlier.
George Orwell’s 1984 was published in 1948. Over the subsequent years,
the book became synonymous with a world of permanent surveillance, a society devoid of both privacy and freedom:
…there seemed to be no color in anything except the posters that were
plastered everywhere. The black-mustachio’d face gazed down from
every commanding corner. There was one on the house front immediately opposite. BIG BROTHER IS WATCHING YOU …
The real 1984 came and went nearly a quarter century ago. Today, Big
Brother’s two-way telescreens would be amateurish toys. Orwell’s imagined
19

London had cameras everywhere. His actual city now has at least half a million. Across the UK, there is one surveillance camera for every dozen people.
The average Londoner is photographed hundreds of times a day by electronic
eyes on the sides of buildings and on utility poles.
Yet there is much about the digital world that Orwell did not imagine. He
did not anticipate that cameras are far from the most pervasive of today’s
tracking technologies. There are dozens of other kinds of data sources, and
the data they produce is retained and analyzed. Cell phone companies know
not only what numbers you call, but where you have carried your phone.
Credit card companies know not only where you spent your money, but what
you spent it on. Your friendly bank keeps electronic records of your transactions not only to keep your balance right, but because it has to tell the government if you make huge withdrawals. The digital explosion has scattered
the bits of our lives everywhere: records of the clothes we wear, the soaps we
wash with, the streets we walk, and the cars we drive and where we drive
them. And although Orwell’s Big Brother had his cameras, he didn’t have
search engines to piece the bits together, to find the needles in the haystacks.
Wherever we go, we leave digital footprints, while computers of staggering
capacity reconstruct our movements from the tracks. Computers re-assemble
the clues to form a comprehensive image of who we are, what we do, where
we are doing it, and whom we are discussing it with.
Perhaps none of this would have surprised Orwell. Had he known about
electronic miniaturization, he might have guessed that we would develop an
astonishing array of tracking technologies. Yet there is something more fundamental that distinguishes the world of 1984 from the actual world of today.
We have fallen in love with this always-on world. We accept our loss of privacy in exchange for efficiency, convenience, and small price discounts.
According to a 2007 Pew/Internet Project report, “60% of Internet users say
they are not worried about how much information is available about them
online.” Many of us publish and broadcast the most intimate moments of our
lives for all the world to see, even when no one requires or even asks us to
do so. 55% of teenagers and 20% of adults have created profiles on social
networking web sites. A third of the teens with profiles, and half the adults,
place no restrictions on who can see them.
In Orwell’s imagined London, only O’Brien and other members of the Inner
Party could escape the gaze of the telescreen. For the rest, the constant gaze
was a source of angst and anxiety. Today, we willingly accept the gaze. We
either don’t think about it, don’t know about it, or feel helpless to avoid it
except by becoming hermits. We may even judge its benefits to outweigh its
risks. In Orwell’s imagined London, like Stalin’s actual Moscow, citizens spied
on their fellow citizens. Today, we can all be Little Brothers, using our search
20 B LOWN TO BIT S

engines to check up on our children,
our spouses, our neighbors, our colleagues, our enemies, and our
friends. More than half of all adult
Internet users have done exactly
that.
The explosive growth in digital
technologies has radically altered
our expectations about what will be
private and shifted our thinking
about what should be private.
Ironically, the notion of privacy has
become fuzzier at the same time as
the secrecy-enhancing technology of
encryption has become widespread.
Indeed, it is remarkable that we no
longer blink at intrusions that a decade ago would have seemed shocking.
Unlike the story of secrecy, there was no single technological event that
caused the change, no privacy-shattering breakthrough—only a steady
advance on several technological fronts that ultimately passed a tipping point.
Many devices got cheaper, better, and smaller. Once they became useful
consumer goods, we stopped worrying about their uses as surveillance
devices. For example, if the police were the only ones who had cameras in
their cell phones, we would be alarmed. But as long as we have them too, so
we can send our friends funny pictures from parties, we don’t mind so much
that others are taking pictures of us. The social evolution that was supported
by consumer technologies in turn made us more accepting of new enabling
technologies; the social and technological evolutions have proceeded hand in
hand. Meanwhile, international terrorism has made the public in most democracies more sympathetic to intrusive measures intended to protect our security. With corporations trying to make money from us and the government
trying to protect us, civil libertarians are a weak third voice when they warn
that we may not want others to know so much about us.
So we tell the story of privacy in stages. First, we detail the enabling technologies, the devices and computational processes that have made it easy and
convenient for us to lose our privacy—some of them familiar technologies,
and some a bit more mysterious. We then turn to an analysis of how we have
lost our privacy, or simply abandoned it. Many privacy-shattering things
have happened to us, some with our cooperation and some not. As a result,
the sense of personal privacy is very different today than it was two decades
ago. Next, we discuss the social changes that have occurred—cultural shifts
CHAPTER 2 NAKED IN THE SUNLIGHT 21
PUBLIC ORGANIZATIONS INVOLVED
IN DEFENDING PRIVACY
Existing organizations have focused
on privacy issues in recent years,
and new ones have sprung up.
In the U.S., important forces are
the American Civil Liberties Union
(ACLU, www.aclu.org), the
Electronic Privacy Information
Center (EPIC, epic.org), the
Center for Democracy and
Technology (CDT, www.cdt.org),
and the Electronic Frontier
Foundation (www.eff.org).

that were facilitated by the technological diffusion, which in turn made new
technologies easier to deploy. And finally we turn to the big question: What
does privacy even mean in the digitally exploded world? Is there any hope of
keeping anything private when everything is bits, and the bits are stored,
copied, and moved around the world in an instant? And if we can’t—or
won’t—keep our personal information to ourselves anymore, how can we
make ourselves less vulnerable to the downsides of living in such an exposed
world? Standing naked in the sunlight, is it still possible to protect ourselves
against ills and evils from which our privacy used to protect us?
Footprints and Fingerprints
As we do our daily business and lead our private lives, we leave footprints
and fingerprints. We can see our footprints in mud on the floor and in the
sand and snow outdoors. We would not be surprised that anyone who went
to the trouble to match our shoes to our footprints could determine, or guess,
where we had been. Fingerprints are
different. It doesn’t even occur to us
that we are leaving them as we open
doors and drink out of tumblers.
Those who have guilty consciences
may think about fingerprints and
worry about where they are leaving
them, but the rest of us don’t.
In the digital world, we all leave both electronic footprints and electronic
fingerprints—data trails we leave intentionally, and data trails of which we
are unaware or unconscious. The identifying data may be useful for forensic
purposes. Because most of us don’t consider ourselves criminals, however, we
tend not to worry about that. What we don’t think about is that the various
small smudges we leave on the digital landscape may be useful to someone
else—someone who wants to use the data we left behind to make money or to
get something from us. It is therefore important to understand how and where
we leave these digital footprints and fingerprints.
Smile While We Snap!
Big Brother had his legions of cameras, and the City of London has theirs
today. But for sheer photographic pervasiveness, nothing beats the cameras
in the cell phones in the hands of the world’s teenagers. Consider the alleged
misjudgment of Jeffrey Berman. In early December 2007, a man about
22 B LOWN TO BIT S
THE UNWANTED GAZE
The Unwanted Gaze by Jeffrey
Rosen (Vintage, 2001) details many
ways in which the legal system has
contributed to our loss of privacy.

60 years old committed a series of assaults on the Boston public transit system, groping girls and exposing himself. After one of the assaults, a victim
took out her cell phone. Click! Within hours, a good head shot was up on the
Web and was shown on all the Boston area television stations. Within a day,
Berman was under arrest and charged with several crimes. “Obviously we,
from time to time, have plainclothes officers on the trolley, but that’s a very
difficult job to do,” said the chief of the Transit Police. “The fact that this girl
had the wherewithal to snap a picture to identify him was invaluable.”
That is, it would seem, a story with a happy ending, for the victim at least.
But the massive dissemination of cheap cameras coupled with universal
access to the Web also enables a kind of vigilante justice—a ubiquitous LittleBrotherism, in which we can all be detectives, judges, and corrections officers. Mr. Berman claims he is innocent; perhaps the speed at which the
teenager’s snapshot was disseminated unfairly created a presumption of his
guilt. Bloggers can bring global disgrace to ordinary citizens.
In June 2005, a woman allowed her dog to relieve himself on a Korean
subway, and subsequently refused to clean up his mess, despite offers from
others to help. The incident was captured by a fellow passenger and
posted online. She soon became
known as “gae-ttong-nyue” (Korean
for “puppy poo girl”). She was identified along with her family, was
shamed, and quit school. There is
now a Wikipedia entry about the
incident. Before the digital explosion—before bits made it possible to
convey information instantaneously,
everywhere—her actions would have been embarrassing and would have been
known to those who were there at the time. It is unlikely that the story would
have made it around the world, and that it would have achieved such notoriety and permanence.
Still, in these cases, at least someone thought someone did something
wrong. The camera just happened to be in the right hands at just the right
moment. But looking at images on the Web is now a leisure activity that anyone can do at any time, anywhere in the world. Using Google Street View, you
can sit in a café in Tajikistan and identify a car that was parked in my driveway when Google’s camera came by (perhaps months ago). From Seoul, you
can see what’s happening right now, updated every few seconds, in Picadilly
Circus or on the strip in Las Vegas. These views were always available to the
public, but cameras plus the Web changed the meaning of “public.”
CHAPTER 2 NAKED IN THE SUNLIGHT 23
There are many free webcam sites,
at which you can watch what’s happening right now at places all over
the world. Here are a few:
www.camvista.com
www.earthcam.com
www.webcamworld.com
www.webworldcam.com

And an electronic camera is not just a camera. Harry Potter and the
Deathly Hallows is, as far as anyone knows, the last book in the Harry Potter
series. Its arrival was eagerly awaited, with lines of anxious Harry fans
stretching around the block at bookstores everywhere. One fan got a prerelease copy, painstakingly photographed every page, and posted the entire
book online before the official release. A labor of love, no doubt, but a blatant copyright violation as well. He doubtless figured he was just posting the
pixels, which could not be traced back to him. If that was his presumption,
he was wrong. His digital fingerprints were all over the images.
Digital cameras encode metadata along with the image. This data, known
as the Exchangeable Image File Format (EXIF), includes camera settings
(shutter speed, aperture, compression, make, model, orientation), date and
time, and, in the case of our Harry Potter fan, the make, model, and serial
number of his camera (a Canon Rebel 350D, serial number 560151117). If he
registered his camera, bought it with a credit card, or sent it in for service,
his identity could be known as well.
Knowing Where You Are
Global Position Systems (GPSs) have improved the marital lives of countless males too stubborn to ask directions. Put a Garmin or a Tom Tom in a
car, and it will listen to precisely timed signals from satellites reporting their
positions in space. The GPS calculates its own location from the satellites’
locations and the times their signals are received. The 24 satellites spinning
12,500 miles above the earth enable your car to locate itself within 25 feet,
at a price that makes these systems popular birthday presents.
If you carry a GPS-enabled cell phone, your friends can find you, if that
its what you want. If your GPS-enabled rental car has a radio transmitter, you
can be found whether you want it or not. In 2004, Ron Lee rented a car from
Payless in San Francisco. He headed east to Las Vegas, then back to Los
Angeles, and finally home. He was expecting to pay $150 for his little vacation, but Payless made him pay more—$1,400, to be precise. Mr. Lee forgot to
read the fine print in his rental contract. He had not gone too far; his contract was for unlimited mileage. He had missed the fine print that said, “Don’t
leave California.” When he went out of state, the unlimited mileage clause
was invalidated. The fine print said that Payless would charge him $1 per
Nevada mile, and that is exactly what the company did. They knew where he
was, every minute he was on the road.
A GPS will locate you anywhere on earth; that is why mountain climbers
carry them. They will locate you not just on the map but in three dimensions,
telling you how high up the mountain you are. But even an ordinary cell
phone will serve as a rudimentary positioning system. If you are traveling in
24 B LOWN TO BIT S

settled territory—any place where you can get cell phone coverage—the signals from the cell phone towers can be used to locate you. That is how Tanya
Rider was found (see Chapter 1 for details). The location is not as precise as
that supplied by a GPS—only within ten city blocks or so—but the fact that it
is possible at all means that photos can be stamped with identifying information about where they were shot, as well as when and with what camera.
Knowing Even Where Your Shoes Are
A Radio Frequency Identification tag—RFID, for short—can be read from a
distance of a few feet. Radio Frequency Identification is like a more elaborate
version of the familiar bar codes that identify products. Bar codes typically
identify what kind of thing an item is—the make and model, as it were.
Because RFID tags have the capacity for much larger numbers, they can provide a unique serial number for each item: not just “Coke, 12 oz. can” but
“Coke can #12345123514002.” And because RFID data is transferred by radio
waves rather than visible light, the tags need not be visible to be read, and
the sensor need not be visible to do the reading.
RFIDs are silicon chips, typically embedded in plastic. They can be used to
tag almost anything (see Figure 2.1). “Prox cards,” which you wave near a
sensor to open a door, are RFID tags; a few bits of information identifying
you are transmitted from the card to the sensor. Mobil’s “Speedpass” is a little RFID on a keychain; wave it near a gas pump and the pump knows whom
to charge for the gasoline. For a decade, cattle have had RFIDs implanted in
their flesh, so individual animals can be tracked. Modern dairy farms log the
milk production of individual cows, automatically relating the cow’s identity
to its daily milk output. Pets are commonly RFID-tagged so they can be
reunited with their owners if the animals go missing for some reason. The
possibility of tagging humans is obvious, and has been proposed for certain
high-security applications, such as controlling access to nuclear plants.
But the interesting part of the RFID story is more mundane—putting tags
in shoes, for example. RFID can be the basis for powerful inventory tracking
systems.
RFID tags are simple devices.
They store a few dozen bits of information, usually unique to a particular tag. Most are passive devices,
with no batteries, and are quite
small. The RFID includes a tiny electronic chip and a small coil, which
acts as a two-way antenna. A weak
CHAPTER 2 NAKED IN THE SUNLIGHT 25
SPYCHIPS
This aptly named book by Katherine
Albrecht and Liz McIntyre (Plume,
2006) includes many stories of
actual and proposed RFID uses by
consumer goods manufacturers and
retailers.

current flows through the coil when the RFID passes through an electromagnetic field—for example, from a scanner in the frame of a store, under the carpet, or in someone’s hand. This feeble current is just strong enough to power
the chip and induce it to transmit the identifying information. Because RFIDs
are tiny and require no connected power source, they are easily hidden. We
see them often as labels affixed to products; the one in Figure 2.1 was
between the pages of a book bought from a bookstore. They can be almost
undetectable.
26 B LOWN TO BIT S
FIGURE 2.1 An RFID found between the pages of a book. A bookstore receiving a
box of RFID-tagged books can check the incoming shipment against the order
without opening the carton. If the books and shelves are scanned during stocking,
the cash register can identify the section of the store from which each purchased
copy was sold.
RFIDs are generally used to improve record-keeping, not for snooping.
Manufacturers and merchants want to get more information, more reliably,
so they naturally think of tagging merchandise. But only a little imagination
is required to come up with some disturbing scenarios. Suppose, for example,
that you buy a pair of red shoes at a chain store in New York City, and the
shoes have an embedded RFID. If you pay with a credit card, the store knows
your name, and a good deal more about you from your purchasing history. If
you wear those shoes when you walk into a branch store in Los Angeles a
month later, and that branch has an RFID reader under the rug at the
entrance, the clerk could greet you by name. She might offer you a scarf to
match the shoes—or to match anything else you bought recently from any
other branch of the store. On the other hand, the store might know that you
have a habit of returning almost everything you buy—in that case, you might
find yourself having trouble finding anyone to wait on you!

The technology is there to do it. We know of no store that has gone quite
this far, but in September 2007, the Galeria Kaufhof in Essen, Germany
equipped the dressing rooms in the men’s clothing department with RFID
readers. When a customer tries on garments, a screen informs him of available sizes and colors. The system may be improved to offer suggestions about
accessories. The store keeps track of what items are tried on together and
what combinations turn into purchases. The store will remove the RFID tags
from the clothes after they are purchased—if the customer asks; otherwise,
they remain unobtrusively and could be scanned if the garment is returned
to the store. Creative retailers everywhere dream of such ways to use devices
to make money, to save money, and to give them small advantages over their
competitors. Though Galeria Kaufhof is open about its high-tech men’s
department, the fear that customers won’t like their clever ideas sometimes
holds back retailers—and sometimes simply causes them to keep quiet about
what they are doing.
Black Boxes Are Not Just for Airplanes Anymore
On April 12, 2007, John Corzine, Governor of New Jersey, was heading back
to the governor’s mansion in Princeton to mediate a discussion between Don
Imus, the controversial radio personality, and the Rutgers University women’s
basketball team.
His driver, 34-year-old state trooper Robert Rasinski, headed north on the
Garden State Parkway. He swerved to avoid another car and flipped the
Governor’s Chevy Suburban. Governor Corzine had not fastened his seatbelt,
and broke 12 ribs, a femur, his collarbone, and his sternum. The details of
exactly what happened were unclear. When questioned, Trooper Rasinski said
he was not sure how fast they were going—but we do know. He was going 91
in a 65 mile per hour zone. There were no police with radar guns around; no
human being tracked his speed. We know his exact speed at the moment of
impact because his car, like 30 million cars in America, had a black box—an
“event data recorder” (EDR) that captured every detail about what was going
on just before the crash. An EDR is an automotive “black box” like the ones
recovered from airplane crashes.
EDRs started appearing in cars around 1995. By federal law, they will be
mandatory in the United States beginning in 2011. If you are driving a new
GM, Ford, Isuzu, Mazda, Mitsubishi, or Subaru, your car has one—whether
anyone told you that or not. So do about half of new Toyotas. Your insurance company is probably entitled to its data if you have an accident. Yet
most people do not realize that they exist.
CHAPTER 2 NAKED IN THE SUNLIGHT 27

EDRs capture information about speed, braking time, turn signal status,
seat belts: things needed for accident reconstruction, to establish responsibility, or to prove innocence. CSX Railroad was exonerated of all liability in the
death of the occupants of a car when its EDR showed that the car was stopped
on the train tracks when it was hit. Police generally obtain search warrants
before downloading EDR data, but not always; in some cases, they do not
have to. When Robert Christmann struck and killed a pedestrian on October
18, 2003, Trooper Robert Frost of the New York State Police downloaded data
from the car at the accident scene. The EDR revealed that Christmann had
been going 38 MPH in an area where the speed limit was 30. When the data
was introduced at trial, Christmann claimed that the state had violated his
Fourth Amendment rights against unreasonable searches and seizures,
because it had not asked his permission or obtained a search warrant before
retrieving the data. That was not necessary, ruled a New York court. Taking
bits from the car was not like taking something out of a house, and no search
warrant was necessary.
Bits mediate our daily lives. It is almost as hard to avoid leaving digital
footprints as it is to avoid touching the ground when we walk. Yet even if we
live our lives without walking, we would unsuspectingly be leaving fingerprints anyway.
Some of the intrusions into our privacy come because of the unexpected,
unseen side effects of things we do quite
voluntarily. We painted the hypothetical
picture of the shopper with the RFIDtagged shoes, who is either welcomed or
shunned on her subsequent visits to the store, depending on her shopping history. Similar surprises can lurk almost anywhere that bits are exchanged. That
is, for practical purposes, pretty much everywhere in daily life.
Tracing Paper
If I send an email or download a web page, it should come as no surprise that
I’ve left some digital footprints. After all, the bits have to get to me, so some
part of the system knows where I am. In the old days, if I wanted to be anonymous, I could write a note, but my handwriting might be recognizable, and I
might leave fingerprints (the oily kind) on the paper. I might have typed, but
Perry Mason regularly solved crimes by matching a typewritten note with the
unique signature of the suspect’s typewriter. More fingerprints.
28 B LOWN TO BIT S
It is almost as hard to avoid
leaving digital footprints as
it is to avoid touching the
ground when we walk.

So, today I would laserprint the letter and wear gloves. But even that may
not suffice to disguise me. Researchers at Purdue have developed techniques
for matching laser-printed output to a particular printer. They analyze printed
sheets and detect unique characteristics of each manufacturer and each individual printer—fingerprints that can be used, like the smudges of old typewriter hammers, to match output with source. It may be unnecessary to put
the microscope on individual letters to identify what printer produced a page.
The Electronic Frontier Foundation has demonstrated that many color
printers secretly encode the printer serial number, date, and time on every
page that they print (see Figure 2.2). Therefore, when you print a report, you
should not assume that no one can tell who printed it.
CHAPTER 2 NAKED IN THE SUNLIGHT 29
Source: Laser fingerprint. Electronic Frontier Foundation. http://w.2.eff.org/Privacy/printers/
docucolor/.
FIGURE 2.2 Fingerprint left by a Xerox DocuColor 12 color laser printer. The dots
are very hard to see with the naked eye; the photograph was taken under blue light.
The dot pattern encodes the date (2005-05-21), time (12:50), and the serial number of
the printer (21052857).
There was a sensible rationale behind this technology. The government
wanted to make sure that office printers could not be used to turn out sets of
hundred dollar bills. The technology that was intended to frustrate counterfeiters makes it possible to trace every page printed on color laser printers
back to the source. Useful technologies often have unintended consequences.

Many people, for perfectly legal and valid reasons, would like to protect
their anonymity. They may be whistleblowers or dissidents. Perhaps they are
merely railing against injustice in their workplace. Will technologies that
undermine anonymity in political discourse also stifle free expression? A
measure of anonymity is essential in a healthy democracy—and in the U.S.,
has been a weapon used to advance free speech since the time of the
Revolution. We may regret a complete abandonment of anonymity in favor
of communication technologies that
leave fingerprints.
The problem is not just the existence
of fingerprints, but that no one told us
that we are creating them.
The Parking Garage Knows More Than You Think
One day in the spring of 2006, Anthony and his wife drove to Logan Airport
to pick up some friends. They took two cars, which they parked in the garage.
Later in the evening, they paid at the kiosk inside the terminal, and left—or
tried to. One car got out of the garage without a problem, but Anthony’s was
held up for more than an hour, in the middle of the night, and was not
allowed to leave. Why? Because his ticket did not match his license plate.
It turns out that every car entering the airport garage has its license plate
photographed at the same time as the ticket is being taken. Anthony had held
both tickets while he and his wife were waiting for their friends, and then he
gave her back one—the “wrong” one, as it turned out. It was the one he had
taken when he drove in. When he tried to leave, he had the ticket that
matched his wife’s license plate number. A no-no.
Who knew that if two cars arrive and try to leave at the same time, they
may not be able to exit if the tickets are swapped? In fact, who knew that
every license plate is photographed as it enters the garage?
There is a perfectly sensible explanation. People with big parking bills
sometimes try to duck them by picking up a second ticket at the end of their
trip. When they drive out, they try to turn in the one for which they would
have to pay only a small fee. Auto thieves sometimes try the same trick. So
the system makes sense, but it raises many questions. Who else gets access to
the license plate numbers? If the police are looking for a particular car, can
they search the scanned license plate numbers of the cars in the garage? How
long is the data retained? Does it say anywhere, even in the fine print, that
your visit to the garage is not at all anonymous?
30 B LOWN TO BIT S
The problem is not just the
existence of fingerprints,
but that no one told us that
we are creating them.

All in Your Pocket
The number of new data sources—and the proliferation and interconnection
of old data sources—is part of the story of how the digital explosion shattered
privacy. But the other part of the technology story is about how all that data
is put together.
On October 18, 2007, a junior staff member at the British national tax
agency sent a small package to the government’s auditing agency via TNT, a
private delivery service. Three weeks later, it had not arrived at its destination and was reported missing. Because the sender had not used TNT’s “registered mail” option, it couldn’t be traced, and as of this writing has not been
found. Perhaps it was discarded by mistake and never made it out of the mailroom; perhaps it is in the hands of criminals.
The mishap rocked the nation. As a result of the data loss, every bank and
millions of individuals checked account activity for signs of fraud or identity
theft. On November 20, the head of the tax agency resigned. Prime Minister
Gordon Brown apologized to the nation, and the opposition party accused the
Brown administration of having “failed in its first duty—to protect the
public.”
The package contained two computer disks. The data on the disks included
names, addresses, birth dates, national insurance numbers (the British equivalent of U.S. Social Security Numbers), and bank account numbers of 25 million people—nearly 40% of the British population, and almost every child in
the land. The tax office had all this data because every British child receives
weekly government payments, and most families have the money deposited
directly into bank accounts. Ten years ago, that much data would have
required a truck to transport, not two small disks. Fifty years ago, it would
have filled a building.
This was a preventable catastrophe. Many mistakes were made; quite ordinary mistakes. The package should have been registered. The disks should
have been encrypted. It should not have taken three weeks for someone to
speak up. But those are all age-old mistakes. Offices have been sending packages for centuries, and even Julius Caesar knew enough to encrypt information if he had to use intermediaries to deliver it. What happened in 2007 that
could not have happened in 1984 was the assembly of such a massive database in a form that allowed it to be easily searched, processed, analyzed, connected to other databases, transported—and “lost.”
Exponential growth—in storage size, processing speed, and communication
speed—have changed the same old thing into something new. Blundering, stupidity, curiosity, malice, and thievery are not new. The fact that sensitive data
CHAPTER 2 NAKED IN THE SUNLIGHT 31

about everyone in a nation could fit on a laptop is new. The ability to search
for a needle in the haystack of the Internet is new. Easily connecting “public” data sources that used to be stored in file drawers in Albuquerque and
Atlanta, but are now both electronically accessible from Algeria—that is new
too.
Training, laws, and software all can help. But the truth of the matter is that
as a society, we don’t really know how to deal with these consequences of the
digital explosion. The technology revolution is outstripping society’s capacity to adjust to the changes in what can be taken for granted. The Prime
Minister had to apologize to the British nation because among the things that
have been blown to bits is the presumption that no junior staffer could do
that much damage by mailing a small parcel.
Connecting the Dots
The way we leave fingerprints and footprints is only part of what is new. We
have always left a trail of information behind us, in our tax records, hotel
reservations, and long distance telephone bills. True, the footprints are far
clearer and more complete today than ever before. But something else has
changed—the harnessing of computing power to correlate data, to connect the
dots, to put pieces together, and to create cohesive, detailed pictures from
what would otherwise have been meaningless fragments. The digital explosion does not just blow things apart. Like the explosion at the core of an
atomic bomb, it blows things together as well. Gather up the details, connect
the dots, assemble the parts of the puzzle, and a clear picture will emerge.
Computers can sort through databases too massive and too boring to be
examined with human eyes. They can assemble colorful pointillist paintings
out of millions of tiny dots, when any few dots would reveal nothing. When
a federal court released half a million Enron emails obtained during the corruption trial, computer scientists quickly identified the subcommunities, and
perhaps conspiracies, among Enron employees, using no data other than the
pattern of who was emailing whom (see Figure 2.3). The same kinds of clustering algorithms work on patterns of telephone calls. You can learn a lot by
knowing who is calling or emailing whom, even if you don’t know what they
are saying to each other—especially if you know the time of the communications and can correlate them with the time of other events.
Sometimes even public information is revealing. In Massachusetts, the
Group Insurance Commission (GIC) is responsible for purchasing health
insurance for state employees. When the premiums it was paying jumped one
year, the GIC asked for detailed information on every patient encounter. And
32 B LOWN TO BIT S

for good reason: All kinds of health care costs had been growing at prodigious rates. In the public interest, the state had a responsibility to understand
how it was spending taxpayer money. The GIC did not want to know patients’
names; it did not want to track individuals, and it did not want people to
think they were being tracked. Indeed, tracking the medical visits of individuals would have been illegal.
CHAPTER 2 NAKED IN THE SUNLIGHT 33
Source: Enron, Jeffrey Heer. Figure 3 from http://jheer.org/enron/v1/.
FIGURE 2.3 Diagram showing clusters of Enron emailers, indicating which
employees carried on heavy correspondence with which others. The evident “blobs”
may be the outlines of conspiratorial cliques.
So, the GIC data had no names, no addresses, no Social Security Numbers,
no telephone numbers—nothing that would be a “unique identifier” enabling
a mischievous junior staffer in the GIC office to see who exactly had a

particular ailment or complaint. To use the official lingo, the data was
“de-identified”; that is, stripped of identifying information. The data did
include the gender, birth date, zip code, and similar facts about individuals
making medical claims, along with some information about why they had
sought medical attention. That information was gathered not to challenge
any particular person, but to learn about patterns—if the truckers in Worcester
are having lots of back injuries, for example, maybe workers in that region
need better training on how to lift heavy items. Most states do pretty much
the same kind of analysis of de-identified data about state workers.
Now this was a valuable data set not just for the Insurance Commission, but
for others studying public health and the medical industry in Massachusetts.
Academic researchers, for example, could use such a large inventory of medical data for epidemiological studies. Because it was all de-identified, there was
no harm in letting others see it, the GIC figured. In fact, it was such good data
that private industry—for example, businesses in the health management sector—might pay money for it. And so the GIC sold the data to businesses. The
taxpayers might even benefit doubly from this decision: The data sale would
provide a new revenue source to the state, and in the long run, a more
informed health care industry might run more efficiently.
But how de-identified really was the material?
Latanya Sweeney was at the time a researcher at MIT (she went on to
become a computer science professor at Carnegie Mellon University). She
wondered how hard it would be for those who had received the de-identified
data to “re-identify” the records and learn the medical problems of a particular state employee—for example, the governor of the Commonwealth.
Governor Weld lived, at that time, in Cambridge, Massachusetts.
Cambridge, like many municipalities, makes its voter lists publicly available,
for a charge of $15, and free for candidates and political organizations. If you
know the precinct, they are available for only $.75. Sweeney spent a few dollars and got the voter lists for Cambridge. Anyone could have done the same.
According to the Cambridge voter registration list, there were only six people in Cambridge with Governor Weld’s birth date, only three of those were
men, and only one of those lived in Governor Weld’s five-digit zip code.
Sweeney could use that combination of factors, birth date, gender, and zip
code to recover the Governor’s medical records—and also those for members
of his family, since the data was organized by employee. This type of re-identification is straightforward. In Cambridge, in fact, birth date alone was sufficient to identify more than 10% of the population. Nationally, gender, zip
code, and date of birth are all it takes to identify 87% of the U.S. population
uniquely.
34 B LOWN TO BIT S

The data set contained far more than gender, zip code, and birth date. In
fact, any of the 58 individuals who received the data in 1997 could have
identified any of the 135,000 people in the database. “There is no patient confidentiality,” said Dr. Joseph Heyman, president of the Massachusetts Medical
Society. “It’s gone.”
It is easy to read a story like this and scream, “Heads should roll!.” But it
is actually quite hard to figure out who, if anyone, made a mistake. Certainly
collecting the information was the right thing to do, given that health costs
are a major expense for all businesses and institutions. The GIC made an honest effort to de-identify the data before releasing it. Arguably the GIC might
not have released the data to other state agencies, but that would be like saying that every department of government should acquire its heating oil
independently. Data is a valuable
resource, and once someone has collected it, the government is entirely
correct in wanting it used for the public good. Some might object to selling
the data to an outside business, but only in retrospect; had the data really
been better de-identified, whoever made the decision to sell the data might
well have been rewarded for helping to hold down the cost of government.
Perhaps the mistake was the ease with which voter lists can be obtained.
However, it is a tradition deeply engrained in our system of open elections
that the public may know who is eligible to vote, and indeed who has voted.
And voter lists are only one source of public data about the U.S. population.
How many 21-year-old male Native Hawaiians live in Middlesex County,
Massachusetts? In the year 2000, there were four. Anyone can browse the U.S.
Census data, and sometimes it can help fill in pieces of a personal picture:
Just go to factfinder.census.gov.
The mistake was thinking that the GIC data was truly de-identified, when
it was not. But with so many data sources available, and so much computing
power that could be put to work connecting the dots, it is very hard to know
just how much information has to be discarded from a database to make it
truly anonymous. Aggregating data into larger units certainly helps—releasing data by five-digit zip codes reveals less than releasing it by nine-digit zip
codes. But the coarser the data, the less it reveals also of the valuable information for which it was made available.
How can we solve a problem that results from many developments, no one
of which is really a problem in itself?
CHAPTER 2 NAKED IN THE SUNLIGHT 35
It is easy to read a story like
this and scream, “Heads
should roll!.” But it is actually
quite hard to figure out who,
if anyone, made a mistake.

Why We Lost Our Privacy, or Gave It Away
Information technology did not cause the end of privacy, any more than
automotive technology caused teen sex. Technology creates opportunities and
risks, and people, as individuals and as societies, decide how to live in the
changed landscape of new possibilities. To understand why we have less privacy today than in the past, we must look not just at the gadgets. To be sure,
we should be wary of spies and thieves, but we should also look at those who
protect us and help us—and we should also take a good look in the mirror.
We are most conscious of our personal information winding up in the
hands of strangers when we think about data loss or theft. Reports like the
one about the British tax office have become fairly common. The theft of
information about 45 million customers of TJX stores, described in Chapter 5,
“Secret Bits,” was even larger than the British catastrophe. In 2003, Scott
Levine, owner of a mass email business named Snipermail, stole more than a
billion personal information records from Acxiom. Millions of Americans are
victimized by identity theft every year, at a total cost in the tens of billions of
dollars annually. Many more of us harbor daily fears that just “a little bit” of
our financial information has leaked out, and could be a personal time bomb
if it falls into the wrong hands.
Why can’t we just keep our personal information to ourselves? Why do so
many other people have it in the first place, so that there is an opportunity
for it to go astray, and an incentive for creative crooks to try to steal it?
We lose control of our personal information because of things we do to
ourselves, and things others do to us. Of things we do to be ahead of the
curve, and things we do because everyone else is doing them. Of things we
do to save money, and things we do to save time. Of things we do to be safe
from our enemies, and things we do because we feel invulnerable. Our loss of
privacy is a problem, but there is no one answer to it, because there is no one
reason why it is happening. It is a messy problem, and we first have to think
about it one piece at a time.
We give away information about ourselves—voluntarily leave visible footprints of our daily lives—because we judge, perhaps without thinking about it
very much, that the benefits outweigh the costs. To be sure, the benefits are
many.
Saving Time
For commuters who use toll roads or bridges, the risk-reward calculation is not
even close. Time is money, and time spent waiting in a car is also anxiety and
36 B LOWN TO BIT S

frustration. If there is an option to get a toll booth transponder, many commuters will get one, even if the device costs a few dollars up front. Cruising
past the cars waiting to pay with dollar bills is not just a relief; it actually
brings the driver a certain satisfied glow.
The transponder, which the driver attaches to the windshield from inside
the car, is an RFID, powered with a battery so identifying information can be
sent to the sensor several feet away as the driver whizzes past. The sensor can
be mounted in a constricted travel lane, where a toll booth for a human tolltaker might have been. Or it can be mounted on a boom above traffic, so the
driver doesn’t even need to change lanes or slow down
And what is the possible harm? Of course, the state is recording the fact
that the car has passed the sensor; that is how the proper account balance can
be debited to pay the toll. When the balance gets too low, the driver’s credit
card may get billed automatically to replenish the balance. All that only
makes the system better—no fumbling for change or doing anything else to
pay for your travels.
The monthly bill—for the Massachusetts Fast Lane, for example—shows
where and when you got on the highway—when, accurate to the second. It
also shows where you got off and how far you went. Informing you of the
mileage is another useful service, because Massachusetts drivers can get a
refund on certain fuel taxes, if the fuel was used on the state toll road. Of
course, you do not need a PhD to figure out that the state also knows when
you got off the road, to the second, and that with one subtraction and one
division, its computers could figure out if you were speeding. Technically, in
fact, it would be trivial for the state to print the appropriate speeding fine at
the bottom of the statement, and to bill your credit card for that amount at
the same time as it was charging for tolls. That would be taking convenience
a bit too far, and no state does it, yet.
What does happen right now, however, is that toll transponder records are
introduced into divorce and child custody cases. You’ve never been within
five miles of that lady’s house? Really? Why have you gotten off the highway at the exit near it so many times? You say you can be the better custodial parent for your children, but the facts suggest otherwise. As one lawyer
put it, “When a guy says, ‘Oh, I’m home every day at five and I have dinner
with my kids every single night,’ you subpoena his E-ZPass and you find out
he’s crossing that bridge every night at 8:30. Oops!” These records can be
subpoenaed, and have been, hundreds of times, in family law cases. They
have also been used in employment cases, to prove that the car of a worker
who said he was working was actually far from the workplace.
But most of us aren’t planning to cheat on our spouses or our bosses, so
the loss of privacy seems like no loss at all, at least compared to the time
CHAPTER 2 NAKED IN THE SUNLIGHT 37

saved. Of course, if we actually were cheating, we would be in a big hurry,
and might take some risks to save a few minutes!
Saving Money
Sometimes it’s money, not time, which motivates us to leave footprints. Such
is the case with supermarket loyalty cards. If you do not want Safeway to
keep track of the fact that you bought the 12-pack of Yodels despite your
recent cholesterol results, you can make sure it doesn’t know. You simply pay
the “privacy tax”—the surcharge for customers not presenting a loyalty card.
The purpose of loyalty cards is to enable merchants to track individual item
purchases. (Item-level transactions are typically not tracked by credit card
companies, which do not care if you bought Yodels instead of granola, so
long as you pay the bill.) With loyalty cards, stores can capture details of
cash transactions as well. They can process all the transaction data, and draw
inferences about shoppers’ habits. Then, if a lot of people who buy Yodels
also buy Bison Brew Beer, the store’s automated cash register can automatically spit out a discount coupon for Bison Brew as your Yodels are being
bagged. A “discount” for you, and more sales for Safeway. Everybody wins.
Don’t they?
As grocery stores expand their web-based business, it is even easier for
them to collect personal information about you. Reading the fine print when
you sign up is a nuisance, but it is worth doing, so you understand what you
are giving and what you are getting in return. Here are a few sentences of
Safeway’s privacy policy for customers who use its web site:
Safeway may use personal information to provide you with newsletters, articles, product or service alerts, new product or service
announcements, saving awards, event invitations, personally tailored
coupons, program and promotional information and offers, and other
information, which may be provided to Safeway by other companies.
… We may provide personal information to our partners and suppliers
for customer support services and processing of personal information
on behalf of Safeway. We may also share personal information with
our affiliate companies, or in the course of an actual or potential sale,
re-organization, consolidation, merger, or amalgamation of our business or businesses.
Dreary reading, but the language gives Safeway lots of leeway. Maybe you
don’t care about getting the junk mail. Not everyone thinks it is junk, and the
38 B LOWN TO BIT S

company does let you “opt out” of receiving it (although in general, few
people bother to exercise opt-out rights). But Safeway has lots of “affiliates,”
and who knows how many companies with which it might be involved in a
merger or sale of part of its business. Despite privacy concerns voiced by
groups like C.A.S.P.I.A.N. (Consumers Against Supermarket Privacy Invasion
and Numbering, www.nocards.org), most shoppers readily agree to have the
data collected. The financial incentives are too hard to resist, and most consumers just don’t worry about marketers knowing their purchases. But whenever purchases can be linked to your name, there is a record, somewhere in a
huge database, of whether you use regular or super tampons, lubricated or
unlubricated condoms, and whether you like regular beer or lite. You have
authorized the company to share it, and even if you hadn’t, the company
could lose it accidentally, have it stolen, or have it subpoenaed.
Convenience of the Customer
The most obvious reason not to worry about giving information to a company is that you do business with them, and it is in your interest to see that
they do their business with you better. You have no interest in whether they
make more money from you, but you do have a strong interest in making it
easier and faster for you to shop with them, and in cutting down the amount
of stuff they may try to sell you that you would have no interest in buying.
So your interests and theirs are, to a degree, aligned, not in opposition.
Safeway’s privacy policy states this explicitly: “Safeway Club Card information and other information may be used to help make Safeway’s products,
services, and programs more useful to its customers.” Fair enough.
No company has been more progressive in trying to sell customers what
they might want than the online store Amazon. Amazon suggests products to
repeat customers, based on what they have bought before—or what they have
simply looked at during previous visits to Amazon’s web site. The algorithms
are not perfect; Amazon’s computers are drawing inferences from data, not
being clairvoyant. But Amazon’s guesses are pretty good, and recommending
the wrong book every now and then is a very low-cost mistake. If Amazon
does it too often, I might switch to Barnes and Noble, but there is no injury
to me. So again: Why should anyone care that Amazon knows so much about
me? On the surface, it seems benign. Of course, we don’t want the credit card
information to go astray, but who cares about knowing what books I have
looked at online?
Our indifference is another marker of the fact that we are living in an
exposed world, and that it feels very different to live here. In 1988, when a
CHAPTER 2 NAKED IN THE SUNLIGHT 39

videotape rental store clerk turned over Robert Bork’s movie rental records to
a Washington, DC newspaper during Bork’s Supreme Court confirmation
hearings, Congress was so outraged that it quickly passed a tough privacy
protection bill, The Video Privacy Protection Act. Videotape stores, if any still
exist, can be fined simply for keeping rental records too long. Twenty years
later, few seem to care much what Amazon does with its millions upon millions of detailed, fine-grained views into the brains of all its customers.
It’s Just Fun to Be Exposed
Sometimes, there can be no explanation for our willing surrender of our privacy except that we take joy in the very act of exposing ourselves to public
40 B LOWN TO BIT S
HOW SITES KNOW WHO YOU ARE
1. You tell them. Log in to Gmail, Amazon, or eBay, and you are letting
them know exactly who you are.
2. They’ve left cookies on one of your previous visits. A cookie is a small
text file stored on your local hard drive that contains information that
a particular web site wants to have available during your current session
(like your shopping cart), or from one session to the next. Cookies give
sites persistent information for tracking and personalization. Your
browser has a command for showing cookies—you may be surprised how
many web sites have left them!
3. They have your IP address. The web server has to know where you are
so that it can ship its web pages to you. Your IP address is a number like
66.82.9.88 that locates your computer in the Internet (see the Appendix
for details). That address may change from one day to the next. But in
a residential setting, your Internet Service Provider (your ISP—typically
your phone or cable company) knows who was assigned each IP address
at any time. Those records are often subpoenaed in court cases.
If you are curious about who is using a particular IP address, you can check
the American Registry of Internet Numbers (www.arin.net). Services such as
whatismyip.com, whatismyip.org, and ipchicken.com also allow you to
check your own IP address. And www.whois.net allows you to check who
owns a domain name such as harvard.com—which turns out to be the
Harvard Bookstore, a privately owned bookstore right across the street from
the university. Unfortunately, that information won’t reveal who is sending
you spam, since spammers routinely forge the source of email they send you.

view. Exhibitionism is not a new phenomenon. Its practice today, as in the
past, tends to be in the province of the young and the drunk, and those wishing to pretend they are one or the other. That correlation is by no means perfect, however. A university president had to apologize when an image of her
threatening a Hispanic male with a stick leaked out from her MySpace page,
with a caption indicating that she had to “beat off the Mexicans because they
were constantly flirting with my daughter.”
And there is a continuum of outrageousness. The less wild of the party
photo postings blend seamlessly with the more personal of the blogs, where
the bloggers are chatting mostly about their personal feelings. Here there is
not exuberance, but some simpler urge
for human connectedness. That passion, too, is not new. What is new is
that a photo or video or diary entry,
once posted, is visible to the entire
world, and that there is no taking it
back. Bits don’t fade and they don’t yellow. Bits are forever. And we don’t
know how to live with that.
For example, a blog selected with no great design begins:
This is the personal web site of Sarah McAuley. … I think sharing my
life with strangers is odd and narcissistic, which of course is why I’m
addicted to it and have been doing it for several years now. Need
more? You can read the “About Me” section, drop me an email, or you
know, just read the drivel that I pour out on an almost-daily basis.
No thank you, but be our guest. Or consider that there is a Facebook group
just for women who want to upload pictures of themselves uncontrollably
drunk. Or the Jennicam, through which Jennifer Kay Ringley opened her life
to the world for seven years, setting a standard for exposure that many since
have surpassed in explicitness, but few have approached in its endless ordinariness. We are still experimenting, both the voyeurs and viewed.
Because You Can’t Live Any Other Way
Finally, we give up data about ourselves because we don’t have the time,
patience, or single-mindedness about privacy that would be required to live
our daily lives in another way. In the U.S., the number of credit, debit, and
bank cards is in the billions. Every time one is used, an electronic handshake
records a few bits of information about who is using it, when, where, and for
what. It is now virtually unheard of for people to make large purchases of
CHAPTER 2 NAKED IN THE SUNLIGHT 41
Bits don’t fade and they
don’t yellow. Bits are forever.
And we don’t know how to
live with that.

ordinary consumer goods with cash. Personal checks are going the way of
cassette tape drives, rendered irrelevant by newer technologies. Even if you
could pay cash for everything you buy, the tax authorities would have you
in their databases anyway. There even have been proposals to put RFIDs in
currency notes, so that the movement of cash could be tracked.
Only sects such as the Amish still live without electricity. It will soon be
almost that unusual to live without Internet connectivity, with all the fingerprints it leaves of your daily searches and logins and downloads. Even the old
dumb TV is rapidly disappearing in favor of digital communications. Digital
TV will bring the advantages of video on demand—no more trips to rent
movies or waits for them to arrive in the mail—at a price: Your television service provider will record what movies you have ordered. It will be so attractive to be able to watch what we want when we want to watch it, that we
won’t miss either the inconvenience or the anonymity of the days when all
the TV stations washed your house with their airwaves. You couldn’t pick the
broadcast times, but at least no one knew which waves you were grabbing
out of the air.
Little Brother Is Watching
So far, we have discussed losses of privacy due to things for which we could,
in principle anyway, blame ourselves. None of us really needs a loyalty card,
we should always read the fine print when we rent a car, and so on. We would
all be better off saying “no” a little more often to these privacy-busters, but
few of us would choose to live the life of constant vigilance that such resolute denial would entail. And even if we were willing to make those sacrifices, there are plenty of other privacy problems caused by things others do
to us.
The snoopy neighbor is a classic American stock figure—the busybody who
watches how many liquor bottles are in your trash, or tries to figure out
whose Mercedes is regularly parked in your driveway, or always seems to
know whose children were disorderly last Saturday night. But in Cyberspace,
we are all neighbors. We can all check up on each other, without even opening the curtains a crack.
Public Documents Become VERY Public
Some of the snooping is simply what anyone could have done in the past by
paying a visit to the Town Hall. Details that were always public—but inaccessible—are quite accessible now.
42 B LOWN TO BIT S

In 1975, Congress created the Federal Election Commission to administer
the Federal Election Campaign Act. Since then, all political contributions
have been public information. There is a difference, though, between “public”
and “readily accessible.” Making public data available on the Web shattered
the veil of privacy that came from inaccessibility.
Want to know who gave money to Al Franken for Senate? Lorne Michaels
from Saturday Night Live, Leonard Nimoy, Paul Newman, Craig Newmark (the
“craig” of craigslist.com), and Ginnie W., who works with us and may not
have wanted us to know her political leanings. Paul B., and Henry G., friends
of ours, covered their bases by giving to both Obama and Clinton.
The point of the law was to make it easy to look up big donors. But since
data is data, what about checking on your next-door neighbors? Ours definitely leaned toward Obama over Clinton, with no one in the Huckabee camp.
Or your clients? One of ours gave heartily to Dennis Kucinich. Or your daughter’s boyfriend? You can find out for yourself, at www.fec.gov or
fundrace.huffingtonpost.com. We’re not telling about our own.
Hosts of other facts are now available for armchair browsing—facts that in
the past were nominally public but required a trip to the Registrar of Deeds.
If you want to know what you neighbor paid for their house, or what it’s
worth today, many communities put all of their real estate tax rolls online. It
was always public; now it’s accessible. It was never wrong that people could
get this information, but it feels very different now that people can browse
through it from the privacy of their home.
If you are curious about someone, you can try to find him or her on
Facebook, MySpace, or just using an ordinary search engine. A college would
not peek at the stupid Facebook page of an applicant, would it? Absolutely
not, says the Brown Dean of Admissions, “unless someone says there’s something we should look at.”
New participatory websites create even bigger opportunities for information-sharing. If you are about to go on a blind date, there are special sites just
for that. Take a look at www.dontdatehimgirl.com, a social networking site
with a self-explanatory focus. When we checked, this warning about one man
had just been posted, along with his name and photograph: “Compulsive
womanizer, liar, internet cheater; pathological liar who can’t be trusted as a
friend much less a boyfriend. Total creep! Twisted and sick—needs mental
help. Keep your daughter away from this guy!” Of course, such information
may be worth exactly what we paid for it. There is a similar site,
www.platewire.com, for reports about bad drivers. If you are not dating or
driving, perhaps you’d like to check out a neighborhood before you move in,
or just register a public warning about the obnoxious revelers who live next
door to you. If so, www.rottenneighbor.com is the site for you. When we
CHAPTER 2 NAKED IN THE SUNLIGHT 43