Privacy under attack

Read the article in the Cayman Financial Review Magazine 

Communications privacy lets people say what they want, to whom they want. Health privacy creates room for people to seek the treatments they want. Financial privacy allows people to own and control what they want. Financial privacy is as important a protection for individual security and liberty as any. 

But privacy is under threat from all sides today. What dimension of privacy you’ll defend is up to you, but defending your financial privacy from rapacious governments is as important as any other defence of freedom and autonomy.

The old joke says that people travel to Grand Cayman to visit their money. How do you suppose your privacy will fare on your next trip to the Caribbean? Probably quite badly. The information economy is developing quite rapidly, and you’re a part of it. Governments know that personal privacy is counter to their interests. Let’s travel from the US to Cayman, paying attention to what happens with information about you on the way.

So you’ve decided to take a trip. Smart traveller that you are, you use an online aggregator site to find the best flight times and deals and to make your hotel and rental car reservations. If it’s like most, the site is advertising supported. This means that there is an ad network and its code embedded in the site.

The network probably set a cookie on your computer months ago. A “cookie” is a short line of code that identifies your browser to a Web site when you return to the Web domain that placed it. Ad networks use cookies (and other tech) to track you across the commercial web.

Using a profile it has developed, the ad network instantly matches you with an advertiser who wants to reach people like you. It serves up an ad for a golf outing in Florida rather than bungee jumping in Mexico.

If you don’t know how online advertising works, all this might offend your privacy. You may have thought that you were surfing the Web in seclusion, but there is a network of actors behind every commercial web page.

It’s up to you to decide whether targeted online advertising invades your sense of privacy. If it does, take some time and learn how to control cookies. Whatever the case, now it’s time to buy your ticket.

You’ve entered your credit card number and other details on the website to buy your tickets. When you hit “purchase”, you’re not just sending money to an airline. You’re commencing a whole series of information-economy transactions.

Your credit card company, for example, runs a variety of security checks to make sure it should fund this purchase. The information you entered, including your credit card’s “CCV” security code, has to match up adequately well with its records. But not too well. If you “fat-fingered” your street address and added an extra number, the transaction will probably go ahead. That’s not a strong signal of fraud.

But the network will also will run the transaction through a few more filters. Is it the kind of purchase it’s accustomed to seeing from you, or is this buy more consistent with someone using a stolen card to buy goods that can be fenced for cash?

With tens of thousands of fraudulent transactions per year, and millions of good ones, credit card networks have deep reservoirs of data that they use to look for patterns indicating misuse of credit cards. If you’ve even gotten a call from your credit card company asking about a recent transaction, that’s their algorithm turning up suspicious activity. For their protection and yours, they double-check. To do that, they’re watching your activities.

The credit card network might also be watching you for the same reasons the Internet ad networks do. They want to study your behaviour so they can cater to you. Your next bill might have an advertising insert that’s been chosen for you based on your credit card use. This time it’s a promotion of a luxury car instead of discount diapers and baby formula.

But that’s not all that’s going on. The bank that issued you credit keeps tabs of your payment behaviour and reports it to one or all of the three major credit bureaus. The dossiers kept by credit bureaus are used to generate scores reflecting your trustworthiness, not only for loans but for employment and insurance decisions.

In recent years, the Fair Credit Reporting Act credit has been amended to make credit files more easily available to the US government for grand jury investigations, to state and local child support agencies, to the Federal Bureau of Investigation for counterintelligence purposes, and, in the USA-PATRIOT Act, to the US government for counterterrorism purposes.
Does this cross privacy lines for you? Which part? Use of information for advertising? Or making data available to the government?

One worry you might have is that your online credit card payment might lead to identity theft. It’s possible, but not likely.

If you’re making a payment on any established website, the connection between you and the web server was encrypted – scrambled – so that someone observing your web traffic couldn’t read your credit card information. There’s always a risk that credit card records held by retailers can be compromised, and this happens fairly often. But the risk of loss when credit card numbers are lifted from databases falls on the credit card issuers, not with you.

The most serious identity frauds are not from breached credit card data, though. The perpetrators of account takeovers and impersonation fraud are not usually strangers on the Internet, but family members, household help, and workers in banks or government offices with access to the variety of personal information needed for these frauds.

But enough worrying about credit reporting, your credit score, and identity fraud. It’s time to head for the airport!

On the way, you’ll probably make some calls to check in with the office, let family members know you’re on the road, and so on. Even if you don’t make a call on the way to the airport, your mobile phone is regularly checking in with the nearest cell tower to let the network know how to reach you.

Records of cell phones’ whereabouts accumulate in the records of wireless phone companies at a rate of billions of lines per day. The contents of your communications are protected by the Electronic Communications Privacy Act, but not your location data. US authorities want easy access to this kind of information.

Now you’ve arrived at the airport, gotten your ticket, and you’re heading to the gate. From the moment you purchased your ticket (in the US), the Transportation Security Administration began examining you. It requires airlines to collect and hand over information about travellers so it can conduct surveillance of their travels. The Secure Flight programme, for example, matches travellers against “no-fly” and “selectee” lists in the FBI’s “Terrorist Screening Database”.

As you arrived at the airport, collected your ticket, and made your way to the gates, “behaviour detection officers” working for TSA may have looked at you to see if you were acting suspiciously. A drawing-board programme called “Future Attribute Screening Technology” would do this automatically. For the Secure Flight programme to work, the person presenting the boarding pass must be the person who got the government background check. Showing your ID at the TSA checkpoint is the last step in applying your background check to you.

Then there are the new “whole body-imaging” machines or “strip-search” machines. These beam radio waves or x-rays at you to get a view of what is under your clothes. Only recently did the TSA start to reprogram these systems to stop them from showing intimate, accurate pictures of travellers unclothed bodies.

A trip to Cayman crosses national borders, of course, so be aware of US policy with regard to laptop searches. Customs and Border Patrol agents have nearly unrestrained authority to examine the hundreds of gigabits of photos, business records, emails, financial files and health records that travellers carry in their computers, phones and handhelds when they leave the United States or return, whether for business or pleasure.

Finally, you’ve arrived on Cayman. The weather is warm and the people are friendly. Your privacy may be better protected here than it is in the United States, but it is not necessarily secure over time.

Groups like the Organization for Economic Cooperation and Development are using terrorism, corruption and money laundering as excuses to pressure small, “tax-haven” countries like the Cayman Islands to provide them information about your assets and investing there. The irony is rich – a recent study found that compliance with rules that prevent illegal activity is higher in the so-called tax havens than in OECD countries like the United States and Britain.

Something other than law enforcement may is on the agenda. It’s the pursuit of higher tax collections.

Seeking greater revenues, the United States passed the Foreign Account Tax Compliance Act (FATCA) in March 2010. FATCA will require financial institutions in Cayman and elsewhere to disclose information about financial accounts held by US taxpayers on pain of withholding requirements of 30 per cent tax on US-sourced income.

 A leading US opponent of financial freedom, Senator Carl Levin (D-MI), has pushed for years to thwart lawful tax avoidance by going after financial privacy. His “Stop Tax Haven Abuse Act” targets $100 billion as “lost revenue” due to Americans taking their wealth where they are more likely to keep it, outside the United States. The bill would allow the US Treasury Department to go after jurisdictions and financial institutions that “impede” US tax enforcement. It would “strengthen” the already intrusive FATCA law. Levin’s bill attacking financial privacy would reduce the ability of Americans to own and control foreign assets, investing their wealth as they see fit.

“Privacy” is a word with many meanings. Its heart is the power to control information about oneself, which fosters liberty interests like free speech, autonomy and the freedom to travel. It’s a part of the American tradition that people should have privacy for any reason or no reason. There is not a presumption that a person seeking privacy is doing anything wrong.

But today Americans often have to seek privacy on other shores. If an American can move assets to a place where they can be more productive, and if doing so also satisfies security-based and social needs like the desire for entirely confidential legal relationships, that is something that US policy should embrace. The United States is supposed to be a free country.

But we see on our journey to Grand Cayman that information about is collected at every turn: when we shop online, when we go to the airport, when we cross an international border and especially when we save and invest.

The privacy invasions of private sector actors are relatively benign – if they’re invasions at all. Online data collection may be “creepy”, but the advertising world can never come to your house and kick down your door. Private actors have no power to stop you from crossing a border or to take your assets from you by force. The threats to privacy are greater from the government actors, who are collecting information they can use to control us and our wealth.


Previous articleBDO Cayman Islands celebrates 10 years in business
Next articleTo list or not to list…Taking private equity public:
Jim Harper

As director of information policy studies at the Cato Institute, Jim Harper works to adapt law and policy to the unique problems of the information age, in areas such as privacy, telecommunications, intellectual property and security. Harper maintains online federal spending resource and he holds a J.D. from UC Hastings College of Law. 


Jim Harper
Director of Information Policy Studies
The Cato Institute, Washington, D.C.
United States

T: +1 (202) 218 4602            
E: [email protected]             


Cato Institute

The Cato Institute is a public policy research organization — a think tank — dedicated to the principles of individual liberty, limited government, free markets and peace. Its scholars and analysts conduct independent, nonpartisan research on a wide range of policy issues.

Founded in 1977, Cato owes its name to Cato's Letters, a series of essays published in 18th- century England that presented a vision of society free from excessive government power.   Those essays inspired the architects of the American Revolution. And the simple, timeless principles of that revolution — individual liberty, limited government, and free markets — turn out to be even more powerful in today's world of global markets and unprecedented access to more information than Jefferson or Madison could have imagined. Social and economic freedom is not just the best policy for a free people, it is the indispensable framework for the future.

In an era of sound bites and partisanship, Cato remains dedicated to providing clear, thoughtful, and independent analysis on vital public policy issues. Using all means possible — from blogs, Web features, op-eds and TV appearances, to conferences, research reports, speaking engagements, and books — Cato works vigorously to present citizens with incisive and understandable analysis.


Cato Institute
1000 Massachusetts Ave., N.W.
Washington, D.C.

T: (202) 842-0200
E: [email protected]