Features

net.wars: You've been red-lined. Good-bye.

A report from a time-zone which is so private to Wendy that only privacy activists can fathom it - oh, and it's also in California. And by reading this, you just invalidated your insurance ...

The theme of this year's Computers, Freedom, and Privacy conference is: "Who is watching the watchers?"

I write this early on Thursday, at more or less the precise halfway point of the conference, before I get so distracted by all the interesting ideas people are promulgating that I no longer remember that tomorrow is Friday and Friday is net.wars. At CFP you live in a sort of suspended space where several normal laws of physics are disrupted: you do not want to finish anyone else's sentence; and time is lost until the awful moment when you realise it's over for another year. This year is one of the better CFPs of recent years, but I'm always consumed by it.

Among the conference speakers and attendees of course are many people whose mission in life is to watch the watchers. One of them, Birny Birnbaum, executive director of the Austin-based Center for Economic Justice, yesterday morning delivered what has so far been the knock-out talk of the conference, "Insurance credit scoring: 21st century redlining". It is a perfect example of everything CFP was set up to do: peer into the hidden ways that technology is changing our lives and the principles we would live by.

Although, of course since then, we've been through the cybercrime treaty, proposed new business models for the music business, telecommunications law and policy, wiretapping, online political organising, and trusted computing.

Redlining is a widely used US term for rejecting a consumer's application, usually for a mortgage or other type of credit. Its use in insurance is new to me. Not, however, to Birnbaum, an economic consultant and rate advocate who has testified in states from Alaska to Florida on the subject of economic discrimination in the insurance field. An example is the January 2003 study

Briefly, what's happening is that the credit scoring developed by credit card companies and others trying to assess whether you're a good financial risk is now used by the insurance industry to decide whether to sell you insurance and at what price. The surprise is that this isn't in order to assess whether you'll pay the premiums, but whether you'll be worth taking on as a customer. Would this be a change of use under data protection law?

Obviously, part of underwriting insurance is about assessing risk: drivers who get in accidents pay more than drivers who don't, and people who have pre-existing expensive health conditions pay more than people who don't. But Birnbaum ran down a list of Things That Are Bad if you want access to insurance: young; possessed of one (too few) or six (too many) credit cards; holder of accounts more commonly used by the less affluent, such as store cards or finance companies (instead of the more respectable banks). Show up, however, with a an oil company's corporate credit card, and waltz right in.

The point is not so much to establish whether you're likely to pay the bill as whether you're likely to buy other products and whether you'll stick with this company or, being fickle, flit to the next best deal. The same factors may come into play when a customer makes a claim and the company has to assess it and decide how much to offer in settlement. Finally, the companies use a database known as CLUE (for Comprehensive Loss Underwriting Experience; if a customer has simply called to inquire if a particular situation is covered under the policy, the company may count that as a claim and refuse renewal.

The point Birnbaum makes about all this is that insurance is, for most Americans (and other nationalities, too, of course) a very important financial security tool, and the most significant tool for loss prevention. You can argue that insurance is discretionary in many areas: you are legally required only to buy car insurance, although you may be economically compelled to buy insurance on your house if you have a mortgage. You have a theoretical choice whether to buy contents insurance, personal liability insurance, and even, as the uninsured one-third of Americans prove, health insurance. But unless you yourself have the financial resources to replace all your belongings or finance years of (say) cancer treatments, you are making a high-risk choice, and practically it's one that few people can make comfortably. But it seems clear that very soon the rule of thumb will be that the only people who can get insurance will be the people the insurance companies are pretty sure will never need it.

The broader point is that this is a perfect example of the way databases and their use can mutate; it is the perfect sort of topic for this conference because it combines all three CFP prongs. This conference, which is the source encyclopedia of almost all the recurrent topics net.wars covers, is now in its 14th year. When it began in 1990, the Internet was not an important technology. People did not bring laptops, either to the conference or into the sessions. It's seen the advent and then the departure of the conference computer room, the arrival of wireless and mobile phones. The arguments it saw over crypto in the mid 1990s were succeeded first by intellectual property law disputes and now by battles over the right way to go about electronic voting.

So: who's watching the watchers? I guess it's this motley band of geeks, activists, lawyers, writers, and mavericks who passionately assemble every year. Join us in Seattle on April 11, 2005.