sealPurdue News


September 1995

Computer expert advises how to keep your private life private

WEST LAFAYETTE, Ind. -- Getting an unlisted phone number and erecting a high fence used to ensure some privacy. But keeping others from peering into the day-to-day dealings of your personal life is becoming more difficult in the electronic age, says a Purdue University computer specialist.

"One big problem with privacy is that the information collected for one purpose is often used for something else, making it difficult for consumers to control what information is kept on them and who has access to that information," says Eugene Spafford, associate professor of computer sciences at Purdue. "Many consumers are unaware that, merely by using a credit or check-cashing card, entering a raffle or subscribing to a magazine, they are providing personal information that can be sold to marketers and distributed to data bases throughout the world."

Information on personal preferences and interests also may be gleaned from electronic sources, such as the World Wide Web. "People using the network should understand that the sites they visit and download things from make a record that may or may not be traced back to them," Spafford says. "This is not protected, as when you check things out of the library."

Other types of personal information, such as Social Security, credit card or bank account numbers, may become more difficult to contain as electronic advances make it easier to copy, combine and transport such data, Spafford says.

Spurring this collection of data are a number of large organizations dedicated to constructing and keeping lists that can be sold to advertisers and marketers. Such companies make it profitable for businesses and organizations, even at a local level, to provide information they collect on consumers' spending habits, preferences and income.

"Twenty-five years ago, people weren't concerned that, to get credit for a purchase, the manager at the local department store knew where they worked or lived, because the information wasn't likely to go any further," Spafford says. "Now, whenever you give this information out, the potential is that the information can go worldwide."

Furthermore, he says, the information can stay around for a long time, even if it's not correct. "If someone is using incorrect information," he says, "you may not even know about it or know whom to talk to correct the situation."

As the number of data bases grows, and more people gain access to computers, such information will become even harder to contain.

"You may not care today if someone knows what you buy at the grocery store, but what if five years from now or next week, because of a medical condition, you suddenly start buying antidepressant drugs, ulcer medication, or medication for high blood pressure, and then that information is used to deny employment or insurance coverage," he asks. "Similarly, we don't necessarily want our neighbors to know what magazines we are buying, or how often we purchase alcohol or birth control materials."

Though such information is not yet readily accessible to the public, Spafford says someone with a strong interest can often buy the information from market-research companies, or hack into their systems to get it.

"At least one or two research firms now offer to sell personal profiles to private investigators, and this material would likely be included in such a profile," he adds.

Because most companies that collect such information are not restricted in how they use or market the data, consumers are left vulnerable to a variety of potential abuses, Spafford says. For example, information collected today may be used someday in ways that were never intended.

"Though most people feel that they have nothing to hide, they probably aren't being imaginative enough about how the information can be used against them," Spafford says. "Imagine, for example, if your employer or health insurance company was able to look at your buying history to see if you had purchased cigarettes or alcohol in the past five years. Though such abuses have not been reported to date, we don't have regulations in place to prevent such actions."

Consumers can take the first step to increasing privacy by letting businesses know what kinds of protection they want. "If you're interested in subscribing to a magazine, for example, you might inquire whether they sell their mailing lists to advertisers, and indicate your displeasure if they do," he says. "A number of publications and businesses are becoming sensitive to these issues, and give customers the option of omitting their names from such lists."

Another solution is to call for the development of laws to provide some privacy protection.

"Some countries in Europe, for example, require that any business or agency that keeps a record on you must periodically provide, at their expense, a full copy of the record to you with an opportunity to correct mistakes," he says. "This would go a long way to fixing some of the abuses, and would keep us aware of what information is out there and who's keeping it."

Having a time limit on most information records would also enhance privacy, Spafford says.

But while laws may help cut down on abuses, the proliferation of electronic data makes it impossible to protect all records. "The technology is moving so quickly that almost anything we try to put in place today is going to be obsolete tomorrow," Spafford says. "Within the next few months, there will be an additional five or six million people on the Internet. As such services reach the Internet, there is more potential for the information to be accessed by unauthorized personnel."

Ultimately, individuals will have to take it upon themselves to try to protect personal information, rather than holding everyone else responsible, Spafford says.

Such actions might include:

Source: Eugene Spafford, (765) 494-7825; Internet,

Writer: Susan Gaidos, (765) 494-2081; Internet,

* To the Purdue News and Photos Page