Chucking Privacy

If one were to list the seven wonders of the Internet, that massive online auction site eBay would be near the top of the list.

It’s a virtual flea market in which you can browse and buy everything from anthropomorphized socks to Barack Obama’s half-eaten waffles. eBay allows anyone with an Internet connection to satisfy their urge for garage-sale eccentricities from the security and privacy of their own home.

But if Iowa’s Senator Chuck Grassley gets his way, any expectation of privacy will soon go the way of Netscape Navigator. Grassley snuck a provision into the mortgage bailout bill currently winding its way through Congress that will require credit card processing companies to track and store data on any online vendor who makes more than 200 transactions a year or sells any item with a value of more than $10,000. Once these payments are tracked and reported, any profits they generate can be taxed.

Thought the IRS knew too much before? Wait till it’s got access to the sales records for your diamond-studded, gnome-shaped salt-and-pepper shaker collection.

Believe it or not, increased tax demands from the IRS aren’t the biggest problem with the mandate. Ostensibly, the purpose of the law is to raise money. It’s being pitched as a revenue offset for other spending in the mortgage bill. But the amount the law’s authors estimate they will collect is relatively small — only about a billion dollars a year.

Instead, the biggest threat is the tracking itself, which is almost certainly a foot in the door to greater government snooping into online sales that effectively conscripts private organizations to do the bureaucracy’s dirty work.

FORCING PRIVATE organizations to busy themselves with the government’s record keeping sets a dangerous precedent. For one thing, it puts a heavy recordkeeping burden on small businesses. In House testimony, Todd McCracken of the National Small Business Association argued that, under this law, many business will be “subject to greatly increased audits,” despite having done nothing illegal.

It also sets the stage for the further use of business intermediaries as extensions of the tax-and-regulatory infrastructure. That’s a disincentive for businesses to add services — more records-keeping and administrative costs will make new risks less likely –and it undermines trust in the market. When any online business becomes an informant, that’s likely to scare off business.

Some believe the current scheme won’t even work. As David Sohn of the Center for Democracy and Technology recently explained to Congress, “it is quite likely that the government will need even more information in order to make use of the information that banks would be required to report initially…”

In other words, the law would mandate the collection of just enough information to be dangerous, but not enough to be effective. And when the current plan fails it will only lead to calls for more detailed — and more invasive — data collection.

In general, the best way to promote privacy is to collect and store as little information as possible. You can’t steal, abuse, or garble information that doesn’t exist. But when bad actors know valuable personal data is there, it makes any business storing it a more attractive target. Stockpiling sensitive details will only increase the risk of identity theft or data breach.

THERE IS NO question that the information the law would require be stored is quite sensitive.

The law would require companies to track these transactions using Taxpayer Identification Numbers (TINs). Often, especially in the case of small businesses, TINs are just Social Security numbers. And when it comes to online identity, Social Security numbers are the most precious family jewels. When the FTC investigated online identity theft last year, it found that Social Security numbers were the “most valuable commodity” for thieves.

Further, the FCC said that reducing the use of Social Security numbers — which presumably includes their storage — was the single most important step that could be taken in reducing incidents of electronic ID fraud. That means Grassley’s mandate would explicitly contradict the government’s own recommendations for preserving online privacy.

Perhaps that’s not surprising. As John Barlow, a Grateful Dead lyricist who co-founded the privacy watchdog Electronic Frontier Foundation, once said, “Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds.”

That’s especially true when Sen. Grassley’s involved. He has developed an unfortunate fetish for reporting more information to the government. As head of the Senate Finance Committee, he’s spent years investigating the tax status of various non-profit organizations.

The same nosy impulse that’s caused Grassley to root around in the dealings of televangelists is what’s driving the current law.

It’s an impulse based on a false understanding of public accountability. In many cases, when someone notes that a politician wants more accountability, that’s a good thing. But Grassley’s notion of how it ought to work is grass backwards.

You see, the government is supposed to be accountable to the people, not the other way around.

Matt Kibbe is president of FreedomWorks.