We are in the midst of an information revolution, and we are only beginning to understand its implications. The past few decades have witnessed a dramatic transformation in the way we shop, bank, and go about our daily business—changes that have resulted in an unprecedented proliferation of records and data. Small details that were once captured in dim memories or fading scraps of paper are now preserved forever in the digital minds of computers, in vast databases with fertile fields of personal data. Our wallets are stuffed with ATM cards, calling cards, frequent shopper cards, and credit cards—all of which can be used to record where we are and what we do. Every day, rivulets of information stream into electric brains to be sifted, sorted, rearranged, and combined in hundreds of different ways. Digital technology enables the preservation of the minutia of our everyday comings and goings, of our likes and dislikes, of who we are and what we own. It is ever more possible to create an electronic collage that covers much of a person’s life—a life captured in records, a digital person composed in the collective computer networks of the world.

Computer Databases. Computers and cyberspace have vastly increased our ability to collect, store, and analyze information. Today, it seems as if everyone is collecting information—the media, employers, businesses, and government. Countless companies maintain computerized records of their customers’ preferences, purchases, and activities. There are hundreds of records detailing an individual’s consumption. Credit card companies maintain information about one’s credit card purchases. Video stores keep records about one’s video rentals. Online retailers, such as Amazon.com, preserve records of all the books and other items a person buys. And there are hundreds of companies people aren’t even aware of that maintain their personal information. For example, Wiland Services maintains a database of about 1,000 different points of information on over 215 million individuals.² Acxiom.com collects and sells data on consumers to marketers. In its InfoBase, it provides “[o]ver 50 demographic variables . . . including age, income, real property data, children’s data, and others.” It also contains data on education levels, occupation, height, weight, political affiliation, ethnicity, race, hobbies, and net worth.³

Public Records. Imagine that the government had the power to compel individuals to reveal a vast amount of personal information about themselves—where they live; their phone numbers; their physical description; their photograph; their age; their medical problems; all of their legal transgressions throughout their lifetimes; the names of their parents, children, and spouses; their political party affiliations; where they work and what they do; the property that they own and its value; and sometimes even their psychotherapists’ notes, doctors’ records, and financial information.

Government Access. The data in digital dossiers increasingly flows from the private sector to the government, particularly for law enforcement use. Law enforcement agencies have long sought personal information about individuals from various companies and financial institutions to investigate fraud, white-collar crime, drug trafficking, computer crime, child pornography, and other types of criminal activity. In the aftermath of the terrorist attacks of September 11, 2001, the impetus for the government to gather personal information has greatly increased, since this data can be useful to track down terrorists and to profile airline passengers for more thorough searches. Detailed records of an individual’s reading materials, purchases, diseases, and website activity enable the government to assemble a profile of an individual’s finances, health, psychology, beliefs, politics, interests, and lifestyle. Many people communicate over the Internet using a screen name or pseudonym; the data in digital dossiers can unveil their identities as well as expose all of the people with whom they associate and do business.

What Is the Problem? The growing collection and use of personal information in digital form has long been viewed as problematic—a fear typically raised under the banner of “privacy.” The use of personal information certainly presents privacy problems, but what exactly is the nature of these problems? Although the problems of personal information are understood as concerns over privacy, beyond this, they are often not well defined. How much weight should our vague apprehensions be given, especially considering the tremendous utility, profit, and efficiency of using personal information?

Orwell’s Big Brother. The dominant metaphor for modern invasions of privacy is Big Brother, the ruthless totalitarian government in George Orwell’s novel 1984. Big Brother oppresses its citizens, purges dissenters, and spies on everyone in their homes. The result is a cold, drab, grey world with hardly any space for love, joy, original thinking, spontaneity, or creativity. It is a society under total control. Although the metaphor has proven quite useful for a number of privacy problems, it only partially captures the problems of digital dossiers. Big Brother envisions a centralized authoritarian power that aims for absolute control, but the digital dossiers constructed by businesses aren’t controlled by a central power, and their goal is not to oppress us but to get us to buy new products and services. Even our government is a far cry from Big Brother, for most government officials don’t act out of malicious intent or a desire for domination. Moreover, Big Brother achieves its control by brutally punishing people for disobedience and making people fear they are constantly being watched. But businesses don’t punish us so long as we keep on buying, and they don’t make us feel as though we are being watched. To the contrary, they try to gather information as inconspicuously as possible. Making us feel threatened would undermine rather than advance the goal of unencumbered information collection. Finally, while Big Brother aims to control the most intimate details of a citizen’s life, much of the information in digital dossiers is not intimate or unusual.

The Secrecy Paradigm. In another traditional way of understanding privacy that I refer to as the “secrecy paradigm,” privacy is invaded by uncovering one’s hidden world, by surveillance, and by the disclosure of concealed information. The harm such invasions cause consists of inhibition, self-censorship, embarrassment, and damage to one’s reputation. The law is heavily influenced by this paradigm. As a result, if the information isn’t secret, then courts often conclude that the information can’t be private. However, this conception of privacy is not responsive to life in the modern Information Age, where most personal information exists in the record systems of hundreds of entities. Life today is fueled by information, and it is virtually impossible to live as an Information Age ghost, leaving no trail or residue.

The Invasion Conception. Under the traditional view, privacy is violated by the invasive actions of particular wrongdoers who cause direct injury to victims. Victims experience embarrassment, mental distress, or harm to their reputations. The law responds when a person’s deepest secrets are exposed, reputation is tarnished, or home is invaded. This view, which I call the “invasion conception,” understands privacy to be a kind of invasion, in which somebody invades and somebody is invaded. However, digital dossiers often do not result in any overt invasion. People frequently don’t experience any direct injury when data about them is aggregated or transferred from one company to another. Moreover, many of the problems of digital dossiers emerge from the collaboration of a multitude of different actors with different purposes. Each step along the way is relatively small and innocuous, failing to cause harm that the invasion conception would recognize as substantial.