Who Knows is an important book about the dangers of information technology, and an alarming reminder of how we are unwittingly giving up vast amounts of personal information to government and business. It also offers a survey of the techniques and policies by which we might protect ourselves from a future where every intimate detail of our lives would be an open book to those who want to control our behaviour or profit from it.

Ann Cavoukian, Ontario's Assistant Commissioner for Privacy, and Don Tapscott, co-authorS of Paradigm Shift: The New Promise of Information Technology, begin with the premise that information is power and that, in a free society, power must ultimately rest with the people. Privacy is the safeguarding of that power and the recognition, in a commercial sense, that we own our personal information. To give it up as we do, imperceptibly but steadily, with no control or recompense, is to hand over the very control over our own lives that is at the heart of a free society. It is not up to us to justify our right to privacy, to answer the question, "What do you have to hide?" Rather it is for those who want information about us to answer the question, "Why do you want to know?"

We can readily appreciate the dangers in granting the state unrestricted access to technological powers of surveillance. But the steady erosion of privacy in the marketplace is all the more dangerous in that it is generally unnoticed. Many of our day-to-day doings can reveal as much as the most intrusive of surveillance technologies. The amount of personal information about us that lies stored in databases is staggering. Every credit card purchase, every marketing survey, every insurance application, every banking transaction, every telephone call, every mail purchase, every video rental, leaves a permanent electronic record which, when read with the others, can form a surprisingly thorough personal profile. Even records not actually stored on computer databases, such as job applications and medical records, can be obtained by those who know how to ask. Who Knows brings home with chilling examples the degree to which these types of records are available to those with an interest in reading them, either through our own written consent to disclosure by way of small-print clauses buried in credit and insurance applications, or because there is no coherent legislation that tries to control the use, and misuse, of personal information.

Consider, for example, the case of a Montreal woman who had just returned home from a hospital, where she had been diagnosed with cancer. Although she had an unlisted number, she got a call from a local funeral home, asking for her by name and soliciting her business. Or consider the hypothetical, but conceivable, case of a woman who orders lingerie by mail-order catalogue and an erotic movie through her pay-per-view cable company. Later she applies for life insurance; the insurance company, having got hold of that information, turns her down, suspecting she has a promiscuous lifestyle with too much risk of AIDS.

The authors use these and other examples to illustrate the secondary use of information originally obtained for an entirely separate purpose. This sharing of information has been going on for decades and is speeding up as the ability to capture, store, and transmit data improves. Our buying habits, as shown in our credit card transactions, become a valuable commodity, sold to direct marketers who wish to target specific markets. A direct marketer can buy lists with the names and addresses of people whose income exceeds $50,000, who have just joined a gym (whom they might target with food products, by inferring a weight problem, and hence a vulnerability), or who have made donation to a particular cause or political party. This is the industry behind the 63 billion pieces of junk mail and 20 billion unsolicited telemarketing calls received by Americans every year-an industry to which we supply the raw materials for free.

Cavoukian and Tapscott focus on some specific areas of vulnerability. They discuss the astounding potential of the "information highway", with its networked connection of every conceivable database. They address the "transactional" information generated by our consumer behaviour, both in terms of its commercial value and of the enormous surveillance and lifestyle information it can supply to the police, or other politically interested parties.

And they expose the surprising lack of practical and legal protection of our medical records. For instance, during a routine audit for OHIP (Ontario's medicare), a medical file, chosen at random, is seen by several OHIP examiners, their secretarial staff, the doctor's lawyers and their clerical staff, the stenographers and assistants at the hearing, if one is held, and, if the matter ends up in court, the public at large.

Though the book does not specifically deal with this, lawyers and others who have been through personal injury lawsuits know very well that lifetime medical records, including psychiatric ones, are subject to subpoena and disclosure in open court.

Particularly unsettling is the discussion of the increasing amount of background checks and on-the-job surveillance associated with employment and the workplace. The results may affect our future, but never be communicated to us.

Throughout these discussions, the authors remind us of the devastating effects errors can have, especially when they spread though the networked system of shared databases. Even if we are lucky enough to catch and correct an error, which is not always possible, it is rarely feasible to trace it though to all the secondary users, who will rely on the information when deciding whether to grant us credit, sell us insurance, or give us employment. A dispute with a retailer, a false positive on an insurance drug test, or a medical misdiagnosis may haunt us for years, particularly if there is no mechanism to get at and correct the database.

What, then, can be done to provide us with some level of protection? Cavoukian and Tapscott offer both technological and regulatory solutions, but they emphasize that the ultimate control over our own information rests with us.

Technological solutions include encryption of data, digital and blind signatures, and other techniques that permit the passage of electronic data, including payment transactions, without the personal identification of the user.

Regulatory solutions include legislated schemes and self-imposed business policies designed to limit the secondary use of personal information without the consent of the subject of the information, whether that subject be citizen, employee, patient, or customer. There are beginnings of such laws and self-regulated schemes, but they are woefully inadequate, do not apply to everybody or even most people, and are notoriously hard to enforce.

The key to any meaningful privacy in this world of surveillance, databases, and networks, the authors stress throughout, is that we have to recognize where we are losing it and choose to preserve it.

Refuse to give unnecessary information to telephone marketers, or to stores that seek information going beyond the needs of the warranty card or credit account form that you are completing. Read the consent forms attached to applications and modify them so as to deny the retailer the right to sell your information for secondary purposes. Demand access to your personal files at credit agencies or at the Medical Insurance Bureau and, if you can get them, try to correct misinformation. Ask your doctor or pharmacist if your information is made available to third parties, and to tell youif they are forced to release it (as in an OHIP audit). You will not always be successful, and may find that by taking this approach you will be denied important services. But only by such vigilance will government and business be forced to recognize the public's interest in maintaining the privacy that is so essential to our broader political freedoms, which we must constantly monitor and fight to preserve.

It may, however, already be too late.