"You need to think about . . . how many people you gave your credit card number to by reading over your cellular phone," said John B. Gage, director of the science office at Sun Microsystems Inc. in Mountain View. Cellular phones are so vulnerable that Gage estimated that perhaps 60% of the cellular calls in Silicon Valley are being taped.
Information technology is turning the business of private investigation topsy turvy. The job that was once the preserve of gumshoes like Philip Marlowe, whose assets were their charm, fists and gun, now falls in the province of mouses and modems.
Using Information America, a commonly available commercial database, anyone can plug into People Finder and find the phone number, address, dwelling type, estimated age and average income of 70 million Americans and 10 million businesses, not to mention the average price of a house in every neighborhood.
Its Skip Tracer can find people who are on the move by combing change-of-address records from the post office.
A database called Assets has property records for people nearly everywhere in the country. The Lawsuit databank offers court records. Other databases hold records on bankruptcies, liens, births and deaths, high school and college listings, wedding announcements and more. Any information is available within hours.
In 1990, the congressional General Accounting Office reported there were 910 federal databanks containing health, financial, Social Security and other personal information around the country; many of them were shared with corporations and commercial databanks.
Kroll Associates, the nation's largest private investigation firm, has access to 700 on-line databases. That makes Kroll the largest subscriber outside the U.S. government, according to managing partner Alan Brill.
The agency used its computer skills to track down Ferdinand E. Marcos' worldwide financial holdings, plus those of Jean-Claude (Baby Doc) Duvalier of Haiti and Saddam Hussein's Iraq during the Persian Gulf War.
A dizzying array of information is available to the direct marketing industry.
The Direct Marketing List Source, a massive catalogue that marketers use to buy mailing lists, offers 12,000 categories of lists for sale--everything from "born-again doctors who donate" to "Bill Moyers' Journal transcript buyers" to the 750,000 people who called TV's "The Jessica Hahn Show."
Perhaps more important, direct marketing firms can compile these various sources into super lists, or "master files."
The P$ycle Financial Markets list--sold by the "target marketing" subsidiary of TRW, the giant credit bureau--contains 87 million households segmented by the head of household's age, weight, height, ethnicity, net worth and financial behavior, among other things.
The Behavior Bank divides 28 million U.S. households by 100 lifestyle categories such as the types of investments people have, their hobbies and the kinds of vacations they take.
"Most consumers think of catalogues," said Lorna Christi, a spokeswoman for the Direct Marketing Assn. "But there are very few major corporations today that don't do direct marketing."
Direct marketing accounts for $350 billion in sales annually, and 54% of adult Americans, or 111 million consumers, shop this way, Christi said.
The association, which has 3,600 member firms, has an ethical code and a "guide to effective self-regulatory action." But the guidelines are necessarily vague:
"Direct marketers should be sensitive to the issue of consumer privacy and should limit the combination, collection, rental, sale, exchange and use of consumer data to only those data which are appropriate for direct-marketing purposes," the group's 13-page pamphlet on "Ethical Business Practices" reads.
The association can recommend referring members found to be in violation of the code to its ethics group, or it can suspend their membership. In the last year, Christi said, the group has referred two members and suspended one.
Some privacy advocates wonder whether self-regulation is enough.
Jeff Smith, an assistant professor at Georgetown University's Graduate School of Business, has written what some experts call the most thorough analysis of corporate America's approach to privacy. "Managing Privacy: Information Technology and Corporate America" is a soon-to-be-published study of how banks, insurance companies and credit card firms process medical, financial and consumer data.
"Almost without exception, when it comes to privacy, companies are reactive," Smith said. "They drift along and make policy only when some crisis occurs. It could be a consumer backlash or a legal challenge, but at that point they react with task forces and committees and they create policies."
What most concerns the handful of privacy experts around the country is that legislative policy-making is just as haphazard and reactive.