The Secret Life of Laurence Lorence

Let's Say you go to the doctor one day complaining of the sniffles and he gives you a pill. Let's say it's the wrong pill--there's been some mistake--and it doesn't cure you at all. Let's say it's an experimental pill and it makes you extremely paranoid instead. Let's say you work for Bank One in Columbus, Ohio, part of a regional banking conglomerate that issues MasterCards throughout the United States, and that the first effect of your paranoia is this: You become convinced that a member of the executive board of directors of Bank One, Mr. John R. Parsons, does not exist.

You've never seen him, so how do you know he exists? True, you've seen his correspondence, but perhaps there are little mechanical people with feelers who actually write his letters.

And while you're busy having paranoid delusions, let's say you get the idea that your MasterCard is the key to opening up vast stores of intimate information about you and that you can't hide even by paying cash. Not only that but you've become convinced that people are asking your neighbors questions about you, filing reports on your personal habits and storing them in warehouses around the country. To top it off, let's say you also imagine that your medical records are being passed around without your knowledge.

As you walk down the street, you become convinced that someone is following you, someone who looks just like you but has no face, a distorted version of yourself, stalking you like a shadow every step you take from birth to death.

And that's only the first day.

•

The alarming thing about this experimental drug is that, in all likelihood, it would not make you paranoid enough for your own good. To illustrate, let me tell you about an experience I had recently: A letter arrived at my house from Bank One in Columbus, Ohio. It was addressed to Laurence Lorence, someone who does not exist, and signed John R. Parsons, Bank Card Division Manager.

"I'm inviting you," Mr. Parsons wrote, "to... enjoy the credit card for a new age in shopping: the Master Card Insiders' Card.... Not long ago... I decided I was through with waiting in lines.... As a banker, I'd learned enough about computers to know that if a computer link were made between the consumer and the wholesaler directly, shopping could be quicker, easier and much less expensive." Mr. Parsons' offer joined MasterCard with Comp-U-Card for instant electronic shopping, as well as the usual line of MasterCard credit.

I called Bank One and asked to speak with John R. Parsons. A customer-service representative said, "He's a member of our executive staff. He doesn't take calls."

I pressed the matter. My representative put her supervisor on the line. He said, "I'm sorry. Mr. Parsons is on our executive board, and he doesn't take calls."

I left my name and number. I wanted to talk computers with Mr. Parsons, seeing as how he knew so much about them. He was, after all, proposing to link me via his computer to Comp-U-Card.

A little while later, a Bank One executive named Mike Van Buskirk called back. He was very polite, very low-key.

"Who's John R. Parsons?" I asked.

"Uh, mm, he's a, um...."

I was beginning to feel as though I were trapped inside a rerun of Three Days of the Condor.

"Is there a real Mr. Parsons?" I asked.

"Uh, actually, no, there's not."

"He's a fiction, in other words."

"Well, he's a name generic to the product."

We had a nice chat, Van Buskirk and I. He explained to me that there was enough credit information on Laurence Lorence for Bank One to feel secure in granting him the $1000-credit-limit MasterCard without checking any further than to verify the fact that the address was correct.

When we hung up, I immediately called the Bank One customer-service number to ask for Mr. Parsons again. I knew I needed two sources. I didn't want Mr. Parsons to sue me for saying he didn't exist. And if he did not exist, then I felt it would only be fair if I opened a MasterCard account at Bank One in the name of Laurence Lorence and started dining out pronto. For how could someone who did not exist defraud someone else who did not exist? (Of course, Laurence Lorence would not take phone calls when the bills came. How could he? He doesn't exist.)

"Toni speaking; may I have your account number?"

"I'd just like to speak with John R. Parsons," I said.

"He's just a member of our executive board here, and he's not available to be spoken with now."

"So Mr. Parsons is a member of your executive board?"

"Yes."

"Have you seen him?"

"No, I haven't seen him," the Bank One representative said.

"Then how do you know who he is?"

"We do get correspondence from him on a fairly regular basis."

"Do you really believe he's a real person?"

"Yes, I do."

"Do your superiors tell you he's a real person?"

"No, they don't tell us he's a real person; I just know he's a real person. I get correspondence from him all the time."

John H. Fullmer is senior vice-president of marketing for Comp-U-Card. I called him the next day. "Who's John R. Parsons?" I asked.

Fullmer stammered for a moment before his voice got in gear. "The position," he said, "is that one of us...." He paused, then began again. "I'm a little reluctant to, ah ... many things we do, uh ... this is a very proprietary thing, and many people compete with us, and a lot of that is privileged information."

I read him excerpts from Mr. Parsons' letter. "Is he a computer expert?" I asked. "He is a banker, isn't he? It says here he's a banker."

"I'm a little reluctant to comment. I don't think we need to get into individuals. I really would rather not comment on John R. Parsons."

"Does Mr. Parsons exist?" I asked.

Fullmer cut me off and a woman came on the line. "John just got an overseas call," she said.

I said I could hold. I could hold for a very long time if necessary. Months.

Fullmer sounded different when he came back on the line.

"Did a specific person write that letter?" I asked.

"No," he said. He had become low-key.

"John R. Parsons is a name that is used in our mailing that represents our bank. John R. Parsons is not a person." In defending the practice, he asked, "Who the hell is Betty Crocker? She never existed."

Does John R. Parsons make cakes? No, but he does pry into your financial affairs without asking permission.

I told Fullmer that Toni had said that Mr. Parsons--this computer expert/ banker who knows so much about Laurence Lorence--was a member of the executive board of Bank One.

Fullmer seemed surprised. "You know," he said, "maybe he does exist. I'd better call you back, because, you know, when we came up with that name...I mean, I don't know that he doesn't exist. I'll have to call you back. I'm going to find out if he does exist or not." I never heard from Fullmer again.

•

That experience raises a number of intriguing questions. For example, just what are we supposed to believe from these companies that would fudge on a matter so fundamental as to who does and does not exist? And where did Bank One get so much information on Laurence Lorence it was willing to grant him $1000 credit? Mr. Parsons wrote to Laurence Lorence, "Because of your excellent credit rating, you start with an instant credit line already reserved in your name."

Here's how it works. Bank One wants to get a high rate of return on the solicitations it mails, so it goes to a credit-reporting company. A credit-reporting company keeps records on money you borrow, where you use credit cards, what you buy and how promptly you pay your bills. That record may also show transactions that never took place, accounts that don't exist (or people who don't exist), or it may omit important information that could help you get the credit you need. I tried to borrow money from a bank a few years ago and was told that my credit rating was bad because of a delinquent Diners Club account. I found that curious, because I hadn't had a Diners Club card for a number of years. On the other hand, my file failed to point out that I'd been paying (promptly) on my home mortgage for almost half the life of the loan. The quality of information stored on me is fairly typical: about half baked. Privacy Journal in Washington, D.C., offers a reward to anyone who finds his own credit-bureau file to be 100 percent error-free. As of this writing, no one has collected.

Nevertheless, Bank One told Trans Union Credit of Chicago that it wanted a list of people whose credit files showed them to have the qualities usually associated with paying their bills, people likely to stand good for a kilobuck of credit. Trans Union screened all its files, and in the wink of an eye, enough names popped out to choke a triceratops. That's how Bank One came up with Laurence Lorence. Although Lorence happens to be my wife's last name, Trans Union was unable to explain how the computer had put it together with my first name.

Question: Is that the only mistake Trans Union ever made?

Question: Do other credit-reporting companies make mistakes, too?

Take TRW Information Systems, a giant conglomerate that has the nation's largest credit-reporting computer system. Apart from the Census Bureau's and the National Security Agency's, TRW's information bank is reputed to be the largest in the world.

TRW--in addition to Trans Union and others--supplies mailing labels to Bank One of Columbus, Ohio, and every other bank that solicits membership for VISA and MasterCard with a preapproved credit limit.

You may remember seeing a newspaper item last summer about computer hobbyists who cracked TRW's codes, gaining access to vast stores of confidential files, yours and mine and John R. Parsons'. TRW insists that its files are about as likely to be stolen as the Tower of London. The company called the theft of its password "a minor problem, comparable to having someone steal the keys to your car but not your car itself."

On the other hand, even if no unauthorized passwords are floating around, there are still 24,000 retailers that can get any of TRW's 90,000,000 files almost instantaneously. The reason for all this interest in your whereabouts, of course, is not so that little mechanical people with feelers can watch you. The store simply wants your name because you have purchasing power. You're a valuable addition to a mailing list. Hardware stores, ice-cream parlors, beauty salons, book and record stores-- there's hardly a retailer today that hasn't some sort of mailing list. In fact, you may remember seeing another little news item last summer. This one was about an icecream-parlor chain that offered free ice cream to kids on their birthdays. All the kids had to do was fill out a form--name, address, date of birth. It seems that this list was eventually sold to an East Coast list broker who, in turn, sold it to the Selective Service, which wrote to the kids when they turned 18, asking, "Have you registered for the draft lately?"

How did the kids find out where the Selective Service got the list?

They had used fake names.

Those kids had something on the ball: If you want to keep track of yourself as your life history goes zinging merrily through the computers of this world, always use a different middle initial when you fill out forms. It's not illegal. (So, OK, use your real name when you sign a binding contract.) Then, when you get junk mail or when your life insurance is suddenly canceled, you'll have a better idea of where the trouble began.

And if you are like most of us, the trouble began a long time ago. For the fact is, someone has been following you all your life--a phantom version of yourself, represented by the trail of files you leave behind as you go through the documentation processes associated with being born, going to school, getting a driver's license or a job or buying almost anything. There are an average of 18 government files on every man, woman and child in the United States, and that doesn't include private files, such as the ones that provide a steady stream of junk mail to a fellow I know who doesn't exist. Yes, there is a phantom self following you, and there's no way to shake him. He's there for life. And beyond. I (continued on page 120)Secret Life(continued from page 80) know one fellow who's been dead five years and still gets his junk mail.

Do you think it's completely confidential when you tell your psychiatrist that you believe an executive member of your board of directors doesn't exist? The Medical Information Bureau (M.I.B.) is a giant information bank in Boston that is so secret and secretive that Senator William Proxmire calls it "the medical CIA." Through M.I.B., medical information is routinely passed around--sold, in fact--to people who wish to make decisions about you, such as insurance companies and employers. Your complete medical file is available for a nominal fee.

You probably never stopped to think about it when you filled out insurance applications. At the bottom is a form you sign that gives anyone who has the form (or a photocopy of it) permission to get medical information about you forever afterward. (Don't you read what you sign? You see: You're not paranoid enough for your own good.)

Your bank's records are a different story, however. You don't have to sign anything. Banks routinely pass around information about customers. And they are required by law to photograph every transaction of more than $100 that passes through your checking account and to store those photographs for five years. (Most banks find it simpler to photograph everything than to spend the time necessary to separate transactions over $100.) The bank must also photograph and store every deposit or loan-payment slip and every debit notice and must keep copies of all correspondence concerning your account. Who gets to look at the stored records? Little mechanical people with feelers, of course. And anybody who waves a badge in the face of a bank officer. (As Robert Ellis Smith, the publisher of Privacy Journal, puts it, "After all, if they don't cooperate, whom will they call for help when their bank gets held up--a U.S. Senator?") In a wonderfully Orwellian turn of phrase, the law governing these records is called the Bank Secrecy Act.

•

Is this situation merely amusing? Or is it dangerous?

It's a little like exposure to radiation: You have to wait a long time to see who's going to get sick. It may have no effect on you at all, or it may trap you in a nightmare from which there is no escape. One Government study cited "the danger of permanent, inescapable stigmatization."

Arthur R. Miller, a Harvard law professor and a widely recognized authority on privacy, writes:

Concern over privacy is hardly irrational. In our increasingly computerized life, whenever a citizen files a tax return, applies for life insurance or a credit card, seeks Government benefits or interviews for a job, a dossier is opened on him and his informational profile is sketched. It now has reached the point at which whenever we fly on a commercial airline, stay at one of the national hotel chains or rent a car, we are likely to leave distinctive electronic tracks in the memory of a computer that can reveal much about our activities, habits and associations.

Distinctive electronic tracks. Is your paranoia exaggerated? Miller says:

The same electronic sensors that can warn us of an impending heart attack might be used to locate us, track our movements and measure our emotions and thoughts.... Some criminologists already have suggested that a prisoner be subjected to sensor implantation as a condition of parole. Law-enforcement people then could monitor his activities and take him into custody should his aggression level become too high.

The italics are his. He's talking about control of the individual, one of the most fundamental and most sensitive subjects of debate within a democratic society. The questions have always been, How far can society go in protecting itself against the individual? How do we balance the rights of the individual with the needs of the society and still retain freedom?

Similarly, where does information gathering leave off and control begin?

A friend of mine, a journalist and college professor, spent part of 1984 in Yugoslavia on a Fulbright teaching fellowship. He had an apartment in Skoplje, where he and his wife would sit in the evenings and have their meals and talk. One day, they commented on the plaster falling down in the bathroom. The next day, a repairman showed up at the door asking where they wanted the plaster repaired. "It was kind of nice," my friend said, "except you knew they were always listening." One day, they said something about being tired of waiting in long lines to buy meat or bread, and the secret police showed up the next day to ask if they were still happy in Yugoslavia.

Where does information gathering leave off and control begin? My friends stopped talking in their apartment.

Do you have any qualms about giving out your Social Security number? Isn't it, after all, a universal identifier? That bastion of liberal paranoia, the Department of Health, Education and Welfare, concluded "that excessive use of the Social Security number should be curtailed," according to the Senate Judiciary Committee, and that "citizens be informed as to the nature of information concerning them in Government files and be given meaningful rights to access and control and correct such data." That recommendation was made more than ten years ago, but nothing has been done. In fact, Mr. Parsons' letter asked for a Social Security number. I asked Mike Van Buskirk, my Bank One spokesman, what he was going to do with it. "I don't know," he said. "It's just considered a commonly acceptable identifier."

Although Federal law requires Government agencies to tell you how and by what authority they plan to use your SS number when asking for it, there are no laws governing private uses, such as the one Van Buskirk doesn't know about.

If Van Buskirk cannot say how your Social Security number might be used, Privacy Journal's Robert Ellis Smith can. "One great fear we have," he says, "is of computers pooling resources." An entire lifetime of data about us would then become available to those who would make decisions about us without our knowledge. That was precisely how Mr. Parsons made the decision to grant Laurence Lorence credit. Two computers got together and decided. At the same time, someone else was denied credit.

When I called Trans Union Credit in Chicago to try to find out how Laurence Lorence was created, the spokesman said, "Give me your Social Security number and I'll see what I can find out."

Smith again: "Each of [these computers] has our name and our facts. And most of them have our number--our Social Security number. The number is the one means that makes it easier for all of these disparate computer systems to link information about a particular individual. If we deny our Social Security number to a particular data gatherer, this will make it a little more difficult for that data gatherer to share our information with another system that has information about us."

•

And what about the investigating agency asking your neighbors questions and filing vivid descriptive reports on you? Surely, that's simple paranoia, a grand delusion. While still a Congressman, Mayor Edward I. Koch of New York City spoke before Congress on the subject of (continued on page 179)Secret Life(continued from page 120) being denied life insurance. In his own case, Koch had tried and tried to find out why but had run into a great deal of trouble. This is from the Congressional Record, October 17, 1974:

I finally was able to secure and off-the-record statement from an individual who had solicited the account. He said, "Well, we have information in our records that ten years ago you had cancer."

I said, "Well, that is very interesting, but I am not aware of it." I asked what the nature of this cancer was. The records showed it was leukemia. I asked, "Where did you get that information?" The company indicated they had obtained it from a neighbor ... and finally they agreed that the information that had been provided them had been given maliciously.

Are we being asked to believe that a respectable insurance company would actually send someone out to collect malicious gossip about us from our disgruntled neighbors?

No. Of course not. Insurance companies hire Equifax to do that kind of work.

Equifax, formerly the Retail Credit Company, is an 85-year-old firm that investigates people for a fee, usually about seven dollars, and prepares a report. You've probably heard of this sort of thing: You apply for life insurance and little mechanical people with feelers come around asking silly questions of your neighbors. Well, those little people work for Equifax, which Forbes magazine has called "the insurance industry's CIA." It would be wrong to say Equifax has a monopoly on what's called consumer investigations. However, it would also be wrong to say IBM has a monopoly on computers. The U.S. Government, in a report on privacy, singled out Equifax as "the industry giant." Equifax also happens to be second only to TRW in preparing credit reports (which, you'll remember, deal only in what you've borrowed and how promptly you've paid and do not contain malicious gossip, only occasional misinformation).

Equifax presents the frightening specter of highly trained spies using their finely honed skills to pry into your private affairs. Perhaps more frightening, however, is the specter of untrained and virtually uneducated spies, unburdened by any skills whatsoever, blundering around in your private affairs. And while it's difficult to say which would be worse, the latter is far closer to reality than the former. The Privacy Protection Study Commission described qualifications for becoming an Equifax spy: "An individual need only have a high school diploma and a car." And at least one report said the diploma was optional.

Equifax has branch offices in every major city in the United States. The one I saw was a large room with a low ceiling that made everyone stoop a bit. Lined with desks and telephones, the room was illuminated by fluorescent lights and manned by--would it be fair to characterize them as little mechanical men with feelers? No, it would not; they looked like people who had failed in the used-car business interspersed with people who had not yet gotten their first real job. They sat working over forms that asked for the most personal sort of information.

When I walked in unannounced and started pawing through stacks of claim forms, no one in the office seemed the least bit concerned that I was violating someone's privacy. Most of the forms I saw there concerned investigations of people who had filed a claim for death benefits. Other Equifax forms I obtained through the Federal Government, however, contained this category:

B. Hallucinogenic drugs

(1) LSD, etc.

(a) Regular, extensive user

(b) Occasional use

(c)Former experimentation

Equifax prepares the large majority of its reports for insurance companies but also does investigations for employers who wish to check on applicants for jobs. An Equifax investigator, in other words, may be the critical element in whether or not you get your next insurance policy or job.

Question: How does he (armed with nothing more than a high school diploma and a car) tell if you're on LSD?

According to the Federal Trade Commission (FTC), the average Equifax report takes eight to 16 minutes to prepare. That supposedly includes judgments on your reputation, financial status, criminal tendencies, the neatness of your front yard, your character, sexual preferences, drinking habits and state of health, to name just a few. It should also include, according to a company handbook, a determination of whether or not you are engaged in drug traffic ("definite suspicion" is one category), rodeo or moral turpitude characterized by "indiscriminate associates." And, of course, the LSD question.

The average Equifax investigator is burdened with a production quota equal to about 23 cases a day and has only three to six hours on the street each day to gather the information that will go into his reports.

Is Big Brother watching you? Let's see.

The National Cancer Institute (NCI) hired Equifax in an attempt to locate certain people for follow-up research. NCI let a contract worth $3,300,000 to Equifax. Although officers of the Cancer Institute weren't aware of it, the FTC had filed a complaint against Equifax. But that wasn't why the Cancer Institute canceled its contract.

"Equifax would report back that a person was 'last known to be living in a nursing home in St. Louis' or 'thought to have died.' This was of no assistance in helping us locate the person," said the Cancer Institute's spokesman.

Equifax has just such a fact-filled file on one out of every four Americans. And for about seven dollars (free if you've recently been refused credit), it will provide yours. If it produces prattle like that for $3,300,000, imagine what you get for seven dollars. Most of us are inclined to believe that people who keep files on us must check their facts or that, at the very least, they must let us inspect our file and change what is incorrect. Most of us, in other words, are hopelessly naïve.

First of all, it's not likely that you will even get to see your file. Secondly, no matter how careful Equifax is in checking its facts, insurance companies, Equifax' largest clients, are not interested in hearing that you are a model citizen. If you are a model citizen and your report says so, your file will probably be destroyed in a short time, a year or so. If your report contains something derogatory, it will probably be kept. For as long as ten years.

In defending his position that many reports must contain derogatory information, the chairman of Equifax told the Privacy Protection Study Commission, "We know the social behavior of our population is not improving that much....We know that if [an investigator] works intelligently and carefully and conscientiously...he is going to develop a rather substantial amount of information that we term as pertinent." Meaning derogatory.

The Equifax "Branch Manager's Manual" states, "Actionable Information: This is the basis on which we sell our services....Insurance companies must have information to properly rate each acceptable risk, as well as to decline or cancel the 'poor risk.'"

The FTC found that Equifax audited itself for the percentage of damaging information that was being submitted. Managers of branch offices producing more bad news would receive more bonus money. There was a point system whereby an investigator would get ten points for saying you were "grossly fat" and five points for saying you were "slightly overweight." In a pre-employment report, an investigator would receive as many as ten points for getting two sources to say you lacked ambition and zero to four points for only one source. If the investigator said you were "not loyal" to your country, he would get ten points. A "known friendliness or allegiance to country with opposing ideology" would count for eight to ten.

Thomas Whiteside, who investigated Equifax for The New Yorker when the Government became interested in the company, told me, "The problem remains today. The incentive is there to get more business, and so there are going to be more inquiries. [Equifax investigators] are poorly paid, they're badly harried, they're very nervous and they're told they've got to come up with that information. The problem will not go away."

Equifax maintains a staff of 8500 investigators nationwide making about 200,000 reports daily. That's about 52,000,000 reports a year. From one leap year to the next, Equifax could produce a report on every man, woman and child in the U.S. An FTC spokesman said, "The real disagreement between the FTC and Equifax is what you call the system, not that it exists."

The spokesman meant the Equifax quota system, by which an investigator is expected to make meaningful, thorough reports on 23 individuals a day and is given three to six hours in which to make them (the rest of his typical eight-hour day is taken up with paperwork). Furthermore, he is allowed only 125 miles of fully reimbursed driving a day, and he must either type all his own reports or dictate them and pay a typist. He is penalized if he works overtime. He is given a bonus if he completes more reports.

In the face of threats or orders from the FTC, Equifax has now backed away from its policy of giving investigators such clear incentives as it used to for the amount of bad news they produce. But the company's output per investigator remains the same, and there have been no technical or biological advances that make it any easier to be in 23 places at once.

To illustrate how investigators cope with the pressures to produce, a witness before the Senate Committee on Banking, Housing and Urban Affairs described an Equifax practice called zinging. "A zing means you do nothing," the former investigator said. "You do not contact the investigatee. One does not go out on the street... he utilizes whatever information was supplied by the insurance company and, it's hoped, looks up the insured in the phone book to assure that he lives there; then you just fill in the form."

This investigator said one report "cited a source at a certain address which turned out to be a parking lot." He also described an investigator who "zinged a report on an individual who was no longer living. Such practices are flagrant violations of corporate policy, but they apparently do occur."

Is Big Brother watching you? No, he doesn't have the time. But he is filling out forms about you, and even if he happens to be 99 percent right, that means that erroneous Equifax dossiers are assembled on about 500,000 people each year. And unlike the Yugoslavs, Equifax investigators will not repair your falling plaster while they're spying on you.

•

Equifax is not alone. Nor is it necessarily the most dangerous commercial agency of privacy invasion. The Wackenhut Corporation--well known for its rent-a-cop operations at airports and rock concerts--is the third-largest private security company in the U.S. Wackenhut performs its investigations for employers who wish to know more about job applicants. So where does Wackenhut get its information? The company bought a list of subversives known as the Barz Lag List (Barz Lag was a retired Navy officer who spent his time culling names from the House of Representatives Internal Security Committee hearings). Then Wackenhut employees scanned the news for individuals to add to the list. Anyone deemed politically suspicious to Wackenhut clippers was put on file. Then they indexed this master list, patterned on the FBI's own classifications--by individual and by subject matter.

According to the Privacy Protection Study Commission, "Wackenhut donated the list to the Church League of America, a political group that claims to hold 'the largest and most comprehensive files on subversive activity, with the single exception of the FBI.' Today Wackenhut continues to use the Church League files..." Presumably, when Wackenhut needs that type of information, the Church League supplies it. And with that list, a quick search could be conducted to keep political radicals out of the work force in America. In fact, Wackenhut conceived of a central data bank for employers from which they could instantly screen anyone to see if he were involved in "various types of criminal as well as subversive activities." Fortunately, the plan was abandoned for lack of employer interest.

Wackenhut and its fellow security companies can get information on us from almost anywhere it's kept. One firm's list of sources--suggested places for its investigators to look first--includes banks, schools, law-enforcement agencies, HEW, the IRS, the Immigration and Naturalization Service, the Securities and Exchange Commission, the drugenforcement agencies and even the Postal Service. Information from these sources is generally confidential, but "private investigative agencies are able to circumvent authorization procedures," said one Government report. One way to do that is to hire former police or Government employees.

A Rand Corporation researcher who studied investigative agencies says that executives of those agencies readily admit that they get confidential law-enforcement information even when it is illegal to do so. They may also obtain information from credit bureaus, such as Dun & Bradstreet and TRW, and from Equifax itself. Employees of Wackenhut are instructed not to reveal such sources when they exist, and so it would be impossible, say, for you to trace a mistake from your Wackenhut file back to an error originally made by an Equifax sleuth.

Of course, since those are both dossiers that you have no legal right to inspect, that's a rather academic concern, isn't it?

•

One of the most peculiar elements of privacy protection in America is that the individual--the victim, as it were--appears to have so few rights. Almost anyone can see his file except him. The Fair Credit Reporting Act (FCRA), just about your only protection when it comes to little mechanical people with feelers, says that Wackenhut or TRW or Equifax or any business like them must "clearly and accurately disclose to the consumer the nature and substance of all information (except medical information) in its files on the consumer at the time of the request." (This does not apply if you are filing an insurance claim.)

Here's how one consumer-investigation agency, O'Hanlon Reports, interpreted the law in its handbook for branch-office managers:

The important thing is to NEVER check the files in the presence of the consumer ... prior to the time of your appointment with the consumer, you will have received the Statement of Disclosure from the Home Office .... You are not to show anything or acknowledge that you have anything other than the Statement of Disclosure.

Actual disclosure will be accomplished by reading the Statement of Disclosure to the consumer. The Statement is to be read word for word at your normal reading speed. It is not to be read slow enough for anyone to copy down word for word, nor is it to be read so fast that the consumer will not understand what you were saying. Part or all of the Statement of Disclosure may be reread if the consumer indicates he did not understand what you were telling him. The consumer and/or the person with him may not have a copy of the Statement, nor may they be allowed to read the Statement or touch it.

Unless you live in Oklahoma, where a state law requires that you be given a copy of a report on you before anyone else sees it, you are out of luck. The FCRA was written to protect the consumer. But it was subjected to major changes as a result of three years of intensive insurancecompany lobbying in Washington.

The Privacy Protection Study Commission said, "Perhaps the most blatant weakness in the FCRA is the impracticality of its provisions aimed at giving an individual a way of getting inaccurate, incomplete or obsolete information in an investigative report corrected, amended or deleted .... Requiring that the 'nature and substance' of a report be revealed to the individual effectively deprives him of his corresponding right to challenge its content." The commission called the FCRA "much less effective protection for the individual consumer than he needs" and said it had concluded "that additional legislative action is clearly needed."

Nothing has been done. The insurance lobby is too strong.

Worse yet is the situation with medical information. When you sign the form at the bottom of an application for insurance, you waive your claim to the confidentiality of your doctor-patient relationship. Anyone with an old Xerox of that form can request and get your medical records from your doctor, psychiatrist, hospital or other institution. And there's no time limit. There are almost 7000 hospitals in the United States. According to an Equifax manual on insurance claims, Equifax agents can get medical records from all but 1200. Among private investigators, those 1200 have a reputation as "problem hospitals" because they try to keep medical records confidential.

Adding insult to injury is the fact that the law does not recognize your right to see your own medical records. The belief seems to be that, in the first place, you will not be able to understand the contents and, in the second place, you may be so alarmed by what you find that you will drop dead on the spot. What to tell the public has always been a question in service organizations. Should the doctor tell you that you have cancer? Should the airline pilot tell you that the plane is on fire? Should Equifax tell you that you were turned down for a job because you told your psychiatrist that you believed that a member of your company's board of directors didn't exist--a Mr. John R. Parsons?

•

Law and legal opinion on privacy reflect the traditional notions of liberty, self-determination and the sanctity of the individual. But those old-fashioned ideals have become virtually outmoded by the complexity of modern society and by the general unwillingness of individuals to do anything to protect themselves.

What do you know about your right to privacy? Does it mean that you can strip down to your suntan and go skinny-dipping in the woods? Or does it mean that no one can read your mail? If a policeman asks you for identification, must you show it to him? Do you have a legally protected right to loaf?

In fact, you are legally protected while skinny-dipping. Most people think it's against the law to open first-class mail. No, it's only against the law for a Federal agent to read first-class mail. There is no law against opening it. On the other hand, a 1983 Supreme Court decision made it illegal for police to stop you and ask for identification without a clear reason to believe that you're committing a crime. And Justice William O. Douglas, in concurring with the Supreme Court's decision to legalize abortion in 1973, enumerated three areas in which individual privacy was protected. One, he wrote, "is the freedom to care for one's health and person, freedom from bodily restraint or compulsion, freedom to walk, stroll or loaf."

In many transactions today, however, you are able to present yourself only by proxy--by that phantom self, your record, that follows you throughout your life. But let's say that your record contains an error. Typically, you discover the error in your record when you are least disposed to deal with it properly. Put upon by adversity or crisis, you must let the error stand while you cope with the more urgent needs of the moment. And often, by the time you get around to addressing the problem of inaccuracies in your file, it is too late. The damage has been done. The file has multiplied out of control. Or your psychic energy has been drained away.

Indeed, most people never have to think about the system until it goes awry and the record comes back to haunt them.

•

Although we call ourselves civilized, we have not come so very far from the forest. The gun on the hip of the man in the uniform is evidence enough. It is a symbol of our collective suspicion. This same distrust has been elevated to a high level of sophistication: In our day-to-day dealings with one another, we are suspect until we give proof. Our character must be given an official stamp of approval before it can be trusted. No, the Government doesn't require that we carry identity cards. But the Government hasn't had to require it. We require it of one another. We no longer want to know the person; we have become our records.

The only way out of the nightmare is through knowledge. But it must be equally distributed. We must have the same right to know about ourselves as others have to know about us. And if laws are made, we should have an equal opportunity to know about them. As the system is now, people have no idea what rights they're giving up when they sign forms allowing others to investigate them. The signature on a credit-card or an insurance application can work like a forced confession.

The answer is simple. There are three parts to it: First, you should be able to call up your records (any records--criminal, tax, credit-bureau, bank, school, and so on) as quickly and as easily as "they" can. That means that computer terminals, much like electronic bank tellers, must be provided for public use (or, far easier, access through your personal computer). There you can call up your records in an instant, putting you on an equal footing with those who collect data about you. You should have the same right to alter and edit your record as anyone else has. A computer system could easily keep track of your alterations and the original record at the same time, but at least you'd be able to put in your two cents' worth.

Second, perhaps equally important, your records--all records--should be automatically destroyed after a certain length of time; about six months for routine business records.

Third, only what is absolutely necessary for serving you, the consumer, should be requested when organizations collect data on you. (Numbers, such as Social Security, are not necessary for identifying you, not even for the sake of computers.)

In the exhibit of the 1455 Gutenberg Bible in the Library of Congress, there is a plaque that says:

The Gutenberg Bible is the first great book printed in Europe from Movable type. It is there fore a monument which marks a turning point in the Art of Bookmaking, and consequently in the transition from the middle ages to the modern world. Through the invention of Printing it became possible for the accumulated knowledge of the human race to become the common property of every man who knew how to read--an immense forward step in the Emancipation of the Human Mind.

The same might be said of the accumulated knowledge of the great filing systems kept by Equifax, TRW, Wackenhut, our various governments, schools, hospitals, insurance companies, and so on. But the remarks about the Bible leave out an important chapter in the history of movable type, that chapter in which books were the exclusive province of the ruling class--a step in the oppression, not the emancipation, of the human mind.

"Who gets to look at the stored records? Little mechanical people with feelers, of course."

"Perhaps more frightening, however, is the specter of untrained and virtually uneducated spies."