If one were to list the seven wonders of the Internet, that
massive online auction site eBay would be near the top of the
list.
It’s a virtual flea market in which you can browse and buy
everything from anthropomorphized socks to Barack Obama’s
half-eaten waffles. eBay allows anyone with an Internet connection
to satisfy their urge for garage-sale eccentricities from the
security and privacy of their own home.
But if Iowa’s Senator Chuck Grassley gets his way, any
expectation of privacy will soon go the way of Netscape Navigator.
Grassley snuck a provision into the mortgage bailout bill currently
winding its way through Congress that will require credit card
processing companies to track and store data on any online vendor
who makes more than 200 transactions a year or sells any item with
a value of more than $10,000. Once these payments are tracked and
reported, any profits they generate can be taxed.
Thought the IRS knew too much before? Wait till it’s got access
to the sales records for your diamond-studded, gnome-shaped
salt-and-pepper shaker collection.
Believe it or not, increased tax demands from the IRS aren’t the
biggest problem with the mandate. Ostensibly, the purpose of the
law is to raise money. It’s being pitched as a revenue offset for
other spending in the mortgage bill. But the amount the law’s
authors estimate they will collect is relatively small — only
about a billion dollars a year.
Instead, the biggest threat is the tracking itself, which is
almost certainly a foot in the door to greater government snooping
into online sales that effectively conscripts private organizations
to do the bureaucracy’s dirty work.
FORCING PRIVATE organizations to busy themselves with the
government’s record keeping sets a dangerous precedent. For one
thing, it puts a heavy recordkeeping burden on small businesses. In
House testimony, Todd McCracken of the National Small Business
Association argued that, under this law, many business will be
“subject to greatly increased audits,” despite having done nothing
illegal.
It also sets the stage for the further use of business
intermediaries as extensions of the tax-and-regulatory
infrastructure. That’s a disincentive for businesses to add
services — more records-keeping and administrative costs will make
new risks less likely — and it undermines trust in the market.
When any online business becomes an informant, that’s likely to
scare off business.
Some believe the current scheme won’t even work. As David Sohn
of the Center for Democracy and Technology recently explained to
Congress, “it is quite likely that the government will need even
more information in order to make use of the information that banks
would be required to report initially…”
In other words, the law would mandate the collection of just
enough information to be dangerous, but not enough to be effective.
And when the current plan fails it will only lead to calls for more
detailed — and more invasive — data collection.
In general, the best way to promote privacy is to collect and
store as little information as possible. You can’t steal, abuse, or
garble information that doesn’t exist. But when bad actors know
valuable personal data is there, it makes any business storing it a
more attractive target. Stockpiling sensitive details will only
increase the risk of identity theft or data breach.
THERE IS NO question that the information the law would require be
stored is quite sensitive.
The law would require companies to track these transactions
using Taxpayer Identification Numbers (TINs). Often, especially in
the case of small businesses, TINs are just Social Security
numbers. And when it comes to online identity, Social Security
numbers are the most precious family jewels. When the FTC
investigated online identity theft last year, it found that Social
Security numbers were the “most valuable commodity” for
thieves.
Further, the FCC said that reducing the use of Social Security
numbers — which presumably includes their storage — was the
single most important step that could be taken in reducing
incidents of electronic ID fraud. That means Grassley’s mandate
would explicitly contradict the government’s own recommendations
for preserving online privacy.
Perhaps that’s not surprising. As John Barlow, a Grateful Dead
lyricist who co-founded the privacy watchdog Electronic Frontier
Foundation, once said, “Relying on the government to protect your
privacy is like asking a peeping tom to install your window
blinds.”
That’s especially true when Sen. Grassley’s involved. He has
developed an unfortunate fetish for reporting more information to
the government. As head of the Senate Finance Committee, he’s spent
years investigating the tax status of various non-profit
organizations.
The same nosy impulse that’s caused Grassley to root around in
the dealings of televangelists is what’s driving the current
law.
It’s an impulse based on a false understanding of public
accountability. In many cases, when someone notes that a politician
wants more accountability, that’s a good thing. But Grassley’s
notion of how it ought to work is grass backwards.
You see, the government is supposed to be accountable to the
people, not the other way around.
