INFORMATION ENTREPRENEURALISM, INFORMATION TECHNOLOGIES and the CONTINUING VULNERABILITY OF PRIVACY Rob Kling, Mark S. Ackerman, and Jonathan P. Allen December 27, 1994 (Draft 4.4) [6900 words] --------------------------------- For: Computerization and Controversy: Value Conflicts and Social Choices. 2nd Ed: Rob Kling (Ed). Academic Press, 1995. Copyright, 1994. Rob Kling. Note: This article may be circulated for non-commercial purposes. Please contact the authors or compare it with the final published version before quoting directly. ----------------------------------- ABSTRACT Why is there a continuing development of information technologies, applications, and uses that impinge on personal privacy? One explanation focuses upon the changing social conditions in which many modern organizations deal with large, mobile clienteles. Environmental factors such as social mobility and computer improvements, however, cannot completely explain the diverse ways that surveillance technology has been implemented across industries, or even in different organizations within a single industry. In this paper, we link the adoption and use of new computer technologies for large-scale record keeping to a set of social practices we refer to as information entrepreneurialism. Our explanation focuses on the active attempts of coalitions within organizations to organize corporate production to take advantage of changes in information technology. Organizations have been transformed by the rise of professional managers, who have been trained in and rewarded for pursuing managerial strategies that depend upon data-intensive analysis techniques. This internal structure is an important institutional explanation of modern society's push to increase the monitoring of indirect social relationships. We illustrate these issues with examples of commercial uses of surveillance technology. INTRODUCTION Why is there a continuing development of information technologies, applications, and uses that impinge on personal privacy? In the early 1990s Lotus Development Corporation announced plans to market a CD-based database of household marketing data, Marketplace:Household. Lotus Marketplace:Household would have given anyone with a relatively inexpensive Apple Macintosh access to personal data on more than 120 million Americans (Levy, 1991; Culnan, 1993). Lotus Marketplace:Household is only one example of surveillance and monitoring technologies and products. Many similar cases can be found. In 1991, for example, the Metromail division of R.R. Donnelley obtained names from voter-registration lists to sell to direct mail campaigns, violating state laws (Wartzman, 1994). More recently, in 1994 the Orange County California sheriff's department constructed a text and photo database of possible gang members to help thwart a growing trend of ethnic gang violence. The database included many teenagers of Hispanic or Asian descent who had merely worn currently fashionable gang-like clothes to school. Lotus withdrew Marketplace:Household from the market after receiving over 30,000 complaints from consumers about the privacy implications of the product. The Metromail division is under investigation. The Orange County sheriff's office has scaled back plans for its database. All of these stories ended well, or at least under control, but how are we to understand why these systems and products -- with their substantial privacy implications -- were developed in the first place? Were these strange, one-time aberrations in introducing abusive products? Or rather, were they particularly visible examples of a longer-term societal trend towards tightened surveillance and social control? During the next decades we expect to see new streams of services whose technologies include computer components, such as on-line household-oriented medical diagnostic systems, vehicle identification and location systems, "smart cards" for shoppers, and so on. These information services attract customers, in part, by giving them a little more control over some part of their lives. But in collecting personally sensitive data, and placing it in organizational matrices of information sharing arrangements whose nature is not well understood by non-specialists, such systems also reduce many people's effective control over the use of information about themselves ("privacy"). These matrices of information sharing can be very different for different kinds of data, such as records about medical diagnoses and recent purchases. So these new services need not lead to a centralized ("panoptic") surveillance megasystem which can electronically integrate all digital records about any member of a society. What is at stake is the extent to which the resulting social order enables people to live dignified lives; that they can participate in diverse social and economic relationships that they can adequately comprehend and control; and that people are not thrust into crises because of errors or sublime idiosyncrasies of personal record systems. This paper examines why some modern organizations find it attractive to develop and use these types of technologies and products. We will argue that certain societal and institutional arrangements reward organizations that develop such "informationalized services," and thus answer the question of why there is a constinuing threat to personal privacy through even undeveloped information technologies and routine organizational practices. Institutional and Environmental Explanations In general, most studies of computers and privacy focus on the problems surrounding a particular law, portion of a social system (e.g., credit reporting), or kind of practice (e.g., computer matching) (Laudon, 1986; Lyon, 1991). Even broad ranging studies, like The Politics of Privacy (Rule et. al., 1984), Protecting Privacy in Surveillance Societies (Flaherty, 1989), or The Rise of the Computer State (Burnham, 1983), focus on describing the rise of elaborate social surveillance systems and their legal and administrative frameworks. When authors explain the link between new technologies and changes in surveillance at the broader societal level, they tend to focus upon the needs of bureaucracies, both public and private, to improve the fairness of their services and to better control their clientele and environments. Classic works such as Rule's Private Lives and Public Surveillance (1974), stress the mandates of various organizations to enforce social control -- to make their clients' behavior more predictable and more acceptable. We find this classic view too limited. Explaining the development and adoption of commercial surveillance technologies such as the ill-fated Lotus Marketplace:Household requires more than a generic "need" to enforce social control or improve bureaucratic efficiency. In contrast, we argue here that the expansion of existing information systems and the development of newer surveillance systems are being driven by a set of social dynamics that amplify the use of personal data and ignore privacy concerns. Laudon (1986) makes a valuable distinction between "environmental" and "institutional" explanations for the adoption of computer technologies by organizations. Environmental explanations portray organizations as responding rationally to objective uncertainties created by their environments. For example, an organization may have too many clients or face severe financial losses from doing business with people who are not well known to the organization's staff. Institutional explanations, on the other hand, argue that technology adoption strategies may operate independently of environmental pressures to be rationally efficient; they carry their own internal logic. Institutional explanations, for example, focus on the ways that organizations computerize to maintain legitimacy, or the way that computerization reflects the values and interests of specific groups and individuals within the organization. For example, some of the managers who are looking for an exciting project to help advance their careers will find that developing a new information system is a plausible vehicle. Of the millions of North American managers seeking a career enhancing project, at any time only a relative handful may try to develop or expand an information system that contains personally senstive data. But these systems projects add up to help create a new social order. Laudon studied the adoption of criminal records databases operated by state governments in the U.S.. He found that the initial adoption of the technology was well explained by environmental models, but institutional explanations provided a better understanding of how that surveillance technology was ultimately implemented, routinized, used and expanded. Fully explaining the expanding use of surveillance technologies in commercial organizations, we argue, will require both environmental and institutional explanations. We view the expansion and use of new computer technologies for personal record keeping as the by-product of a set of social practices that we refer to as information entrepreneurialism. Information entrepreneurialism refers to the active attempts of organizational groups to take advantage of changes in key social relationships and in information technology to gain market and organizational advantage. Of particular interest here is when information entrepreneurialism exists within information capitalism, an economic arrangement in which people and organizations are expected to profit from the use or sale of information (to be further described below). Information entrepreneurial practices are made useful by many social transformations over the past century: the increasing mobility of populations, the growth of nationwide organizations, and the increasing importance of indirect social relationships. Information entrepreneurial practices are also encouraged by the development of more cost-effective technologies for managing large-scale databases. However, external, environmental factors such as social mobility and computer improvements cannot completely explain the diverse ways and varying degrees to which surveillance technology has been implemented across industries, or even in different organizations within a single industry. The information entrepreneurialism model is useful for distinguishing the institutional from environmental motivations for corporate practices. Organizations selectively adopt technologies which serve the interests of coalitions that can afford them and which are considered legitimate. The internal structure of organizations has been affected tremendously by the rise of professional management, trained and rewarded for pursuing managerial strategies that depend upon data-intensive analysis techniques. The growth of managerial analysts inside North American organizations is an important institutional explanation of modern society's push to increase the monitoring of people and their social relationships. The information entrepreneurialism model, then, helps us recognize the taken-for-granted beliefs on the part of managers, as well as the institutional (rather than profit- motivated) rewards they reap for pursuing data-intensive strategies and their desire to keep those strategies unfettered. At the same time, it recognizes the active and effective pursuit of gain through legitimate patterns of action -- the "offensive" side of new surveillance technologies -- in direct mail and telemarketing campaigns. In the rest of this article, we discuss information entrepreneurial practices by examining them in the context of information capitalism, computerization, and the monitoring of indirect social relationships. The first section examines information entrepreneurialism as an institutional explanation of computer and privacy practice in the commercial world. The second section discusses some of the major social transformations that enable information entrepreneurial practices to be rewarding for participants. This section also examines the important role of quantitatively-oriented professional management in disseminating information entrepreneurial strategies. In the final section, information entrepreneurialism is tied to key policy debates about computerization and privacy. THE ENGINES OF INFORMATION CAPITALISM AND INFORMATION ENTREPRENEURIALISM Over the next 20 years, we expect computer technologies designed to support databases that contain personally sensitive information to accelerate an interesting social trend - - the expansion of information entrepreneurialism. Within a practice of information entrepreneurialism, organizations and organizational actors use data-intensive techniques, such as profiling and data-mining, as key strategic resources for corporate production (Luke and White, 1985; Kling, Olin and Poster, 1991; Kling, Scherson and Allen, 1992). The owners and managers of agricultural, manufacturing, and service firms increasingly rely upon imaginative strategies to "informationalize" production. Sometimes they sell information as a good or service, in the way that magazines can sell their mailing lists or that airlines sell the use of their reservation systems. Or they may use refined information systems to focus their production and marketing. Because of the potential value of these diverse approaches, computerized information systems have joined factory smokestacks as major symbols of economic power. Just as traditional entrepreneurial behavior is embedded within a larger system of capitalist institutions and rewards, information entrepreneurialism is embedded and encouraged within a larger institutional system of information capitalism. The information capitalism metaphor joins both information and the traditional dynamism of capitalist enterprise. Information capitalism is not a fundamentally new economic system. But focussing on the economic and political system for regulating information use gives us a different view of how business owners, managers and professionals organize and use information systematically. We view information capitalism as the overarching economic system in which organizations are expected to profit from the use or sale of information. Information capitalism's legal basis is anchored in the body of law that assigns property rights to information -- such as laws for copyright, patents, and trade secrets. Of particular importance here, information capitalism is also anchored in the laws (or lack thereof) that regulate ownership of information about people. The structure and practices of a capitalist system differ in key details between countries (say, Japan, the U.S. and France), and in different time periods. Similarly, information capitalism can take on somewhat different forms. But information capitalism differs, is distinct, from alternative economic regimes, such as information socialism. For example, under extreme forms of information capitalism, some private firms could routinely expect to profit from the use or resale of information collected by government agencies such as census data, economic data, and the texts of legal documents. Under extreme forms of information socialism, this information collected with public funds would be treated as a public trust and made available to all citizens and without enabling a few firms to make handsome profits by monopolizing its resale. Just as capitalism is nourished by the hunger of entrepreneurs, we find information entrepreneurs in information capitalism. Within capitalism, abundant rewards await a competitor who can develop a more clever angle on making a business work. The underlying edge to capitalism comes from this potential for rich rewards for innovation and the risk of destruction or displacement when the complacent are blindsided by their competitors. Similarly, information entrepreneurs within a system of information capitalism innovate in numerous ways, including the development and sale of more refined financial management, market analyses, customer service, and other information-based products. Only a small fraction of these diverse innovations may enhance the surveillance capacity of organizations. But this is an important fraction. The organizations that employ an information entrepreneurial approach are most likely to effectively exploit the use of sophisticated computer-based surveillance technologies such as databases of personal data. Information entrepreneurialism, as a set of practices for fostering corporate production, has evolved in the context of important social transformations and technological advances that encourage and reward, but do not determine, information entrepreneurial strategies. Some of these social transformations are discussed in the following section. THE EMERGENCE OF INFORMATION ENTREPRENEURIALISM AND THE INTENSIFICATION OF COMPUTER-BASED SURVEILLANCE Modern Societies and Indirect Social Relationships One of the major social transformations of the last 100 years in industrial societies is the growth of a mobile population, and the commensurate growth of organizations that must serve a shifting, diverse customer base. Though these broader "environmental" shifts provide a socio-historical context, we have argued that linking these transformations to changes in social monitoring require an additional institutional explanation of the organizational adoption and use of surveillance technologies. In this section we will sketch the links between these changes on one hand and the increasingly intensive use of data systems for monitoring through the emergence of information entrepreneurialism in the last few decades. Information entrepreneurialism has become more prevalent, we argue, because of the combination of analytic management education, the job market, and career paths. Consider the changes in walking into a store over the last 100 years. The transformation between a person's dealing with the small town store and a huge retail-chain store like Sears is not in the retail-sale transaction itself; it is in the change in relationship between the customer and the seller. In a chain- store, customers rarely deal with people who know them outside these specific narrow business transactions. The small town shopkeeper also knew his clients from school, church, and other, localized places. During the last 100 years, there has been an astounding transformation in the ways that life in industrial societies is organized. Today, in a highly urbanized and mobile society, a huge fraction of the urban population moves from city to city, following better jobs and better places to live. Adolescents often leave their home towns to attend college, and may move even farther away for jobs. Further, over 130 metropolitan areas in the United States number over 250,000 in population. Even moving "across town" in one of these cities can bring a person into a new network of friends, employers, and service providers. This combination of mobility and urban development means that many people seek jobs, goods, and services from businesses whose proprietors and staff do not have much first-hand knowledge about them. In the last 100 years the scale of businesses and the number of government agencies with huge clienteles have also increased. In the 19th century few businesses had thousands of clients (Yates, 1989). Moreover, a smaller fraction of the public interacted frequently with the larger businesses of the day. Similarly, government agencies were also smaller. Overall, most business was conducted through face to face (direct) relations. Calhoun (1992) characterizes contemporary industrial societies as ones in which a significant fraction of people's important activities are carried out through people whom they do not see, and may not even know exist. Today, banks extend credit to people who come from anywhere in the country. And they can do so with relative safety because of large-scale credit record systems that track the credit history of over 100 million people. The credit check brings together a credit-seeker and employees of the credit bureau who are related only indirectly. Other private firms, such as insurance companies and mail order companies, also extend services to tens of thousands of people whom local agents do not -- and could not -- personally know. In these transactions, judgments about insurability and credit worthiness are made through indirect social relationships, often mediated with computerized information systems. Furthermore, many new government agencies have been created in the 20th century that are responsible for accounting for the activities of millions of people, including the Federal Bureau of Investigation (1908), the Internal Revenue Service (1913), the Social Security Administration (1935), and the state departments of motor vehicles. The sheer scale of these services creates "environmental conditions" that give organizations incentives to use computerized record systems to help routinize the maintenance of indirect social relationships. However, organizations of a similar kind and size, such as banks, differ in their aggressiveness in using new technologies and management practices. The Rise of Information Entrepreneurialism What explains the difference between the more and less information-intensive organizations when many of their environmental conditions are similar? We believe that informational entrepreneurial styles of management are an important part of the answer. But information entrepreneurialism is a relatively recent phenomenon, only developing after managerial capitalism. In The Visible Hand, Alfred Chandler (1977) documents the way that certain large enterprises in the late 19th century helped foster professional management jobs. The railroads were among the first U.S. firms to organize enterprises on such a large scale that families were too small to staff all of the key management positions. Other larger industrial and commercial enterprises followed suit by the first decades of the 20th century. Schools of professional management also developed to train young men for these new positions. And by mid-century, the MBA was a popular degree in the United States. After World War II, management schools began to shift from the case study approach, identified with the Harvard Business School, to more mathematical approaches. These curricula emphasized more quantitative skills based on microeconomics, managerial finance, and management science -- de- emphasizing the examination of problems within their rich and complex organizational life. By the 1970s, most U.S. schools of business had reorganized their curricula to emphasize analytical techniques. These analytical techniques include a new academic specialty, developed during the 1970s, "information systems." Today, a majority of business schools offer both required courses and elective courses in information systems. While information systems courses teach business students diverse ways to computerize to help gain economic advantage, they very rarely teach about privacy issues and the problematic side of some information systems. In general, the shift in the education of MBAs from the traditional case-based approach, with its statement of a complex organizational richness, to a grounding in narrow quantitative analyses trained a generation of MBAs to use the approaches fostered by information capitalism. The role of management training in ignoring privacy (and other concerns in social life) can be seen through an examination of two leading textbooks. Management Information Systems by Laudon and Laudon (1994) devotes about four pages of its 776 to privacy issues. The text lists five core privacy principles from a very influential Federal report. But the text does not examine how these principles can be applied to any specific case, including any of the dozens of cases which the authors use to illustrate many other practices of information management. And the text does not provide any cases which examine privacy issues directly. Corporate Information Systems Management by Cash, McFarland, McKenney, and Applegate (1992) is more generous, devoting five pages of its 702 pages to privacy issues. Cash and his colleagues begin their short privacy section with three brief illustrations of how the practices of credit bureaus and marketing managers can intrude on personal privacy. Their text gives students several additional concrete examples about ways that managers can compromise or protect their customer's privacy while practicing information capitalism. Cash and his colleagues make a serious effort to sensitize their student readers to privacy issues. One could hope for analyses of privacy issues in other sections of the book which advance the development of new information systems with personal data. Their account is probably the best in any of the popular information systems texts for MBA students. Information systems texts written before the late 1980s completely ignored privacy issues. In a similar way, texts about marketing teach business students how to better identify potential customers and to improve sales and service by retaining and analyzing more data about customers' behavior. Overall, business schools teach their students to be clever and opportunistic information entrepreneurs -- without much attention to the ways that routine business practices can create problems in public life, such as intruding on personal privacy. By 1989, U.S. colleges and universities were conferring almost 250,000 bachelors degrees in business and almost 75,000 MBAs each year (U.S. Department of Commerce and Bureau of the Census, 1992). The number of BAs in business awarded annually more than doubled in the past 20 year period. During the 1980s alone, U.S. business hired almost 2.5 million people with BA degrees in business and almost 600,000 with MBAs. These numbers are crude indicators, rather than rigid parameters of a mechanistic process of social change. For example, only a small portion of graduates stimulate innovation in their organizations. But a large fraction of college-educated management educated since the 1970s understand key aspects of information entrepreneurialism, even when they follow rather than lead. Schooling is, however, just the beginning for many of the managers who seek to innovate. The business press publishes (and exaggerates) stories of computerization efforts that promise better markets and profits. Magazines like The Harvard Business Review and Business Week publish stories about using information technology for competitive advantage. But they rarely highlight the privacy issues in their enthusiasm to excite managerial readers about new ways of conceiving of business opportunities (Bloom, Milne, and Adler, 1994). In addition, professional associations help managers learn diverse approaches to their trades. Professional associations offer talks, workshops and publications for their members which also help popularize key aspects of information entrepreneurialism. These professional communication channels serve to legitimize an understanding that diverse infomation systems can serve as valuable strategic resources, and that they pose no significant social risks. In summary, the institutional processes that lead to extending surveillance technology use include the professionalization of managerial analysts within organizations and the risk-free conceptions of information systems that are taken for granted in their specialized professional worlds. But organizations that adopt these systems are also likely to face environmental conditions that reward information entrepreneurialism, such as increasingly large clienteles. In any era, organizations use the available technologies for keeping records -- papyrus and paper were used for centuries. But in modern societies, where an enterprise may have millions of customers, there is a significant payoff to organizations that can effectively exploit the informational resources that this systematic record keeping entails for identifying potential customers, for assessing credit risks, and so on. This payoff has led to the development of third party data brokers, like financial brokers (e.g., TRW Information Services, Equifax, and Dunn & Bradstreet) and marketing data brokers (e.g., Information Resources Inc.). These data brokers have developed lively businesses by collecting data from some organizations and restructuring it for sale to other organizations -- through custom search services, passing information to client firms, and also devising new information products to facilitate precision electronic marketing. For example, grocery scanner data, tied to individuals' demographic characteristics, is an extremely valuable commodity because it can be used for marketing analyses and direct advertising. The next section examines the growing role of these data brokers, as well as the political debates surrounding privacy. DATABASE TECHNOLOGY, INFORMATION ENTREPRENEURIALISM, AND CHANGING PATTERNS OF SOCIAL CONTROL A society where social relationships are often indirect can give people a greater sense of freedom. One can move from job to job, from house to house and from loan to loan, selectively leaving some of one's past behind. Managers in organizations that provide long-term services, such as banks, insurance companies, and apartment houses, often want to reduce their business risks by reconstructing what they believe are relevant parts of that past. This desire to reduce risk encouraged larger organizations, such as some of the biggest banks, insurance companies, and public agencies, to take an early lead in adapting mainframe computing to support their huge personal record systems in the 1950s and 1960s. In the 1970s and 1980s these organizations enhanced their computer systems and developed networks to more effectively communicate data regionally, nationally, and internationally. Many such organizations have massive appetites for "affordable" high speed transaction processing and tools to help them manage gigabytes and even terabytes of data, and they have teams of professionals who are eager to exploit new technologies to better track and manage their customers and clients. Computerized database technology supports finer grained analyses of indirect social relationships, such as precision marketing, to improve their abilities to target customers for a new product, or the ability of a taxing agency to search multiple large databases prowling for tax cheaters. In fact, the key link between information entrepreneurialism and surveillance technologies is the possibility for enhanced information processing that large-scale data bases or advanced computational techniques allow. Significant advances in computer technology allow analysts to pursue managerial strategies that involve detailed analysis of the records of an organization's current and potential clients and of its operations. A huge organization might follow the path of American Express which purchased two CM-5 parallel supercomputers for analyzing cardholders' purchasing patterns (Markoff, 1991). But many organizations can effectively use higher end PCs and software based on rule induction, neural networks, fuzzy logic, and genetic algorithms to support data mining (Gendelev, 1992). Managers and professionals in business organizations and public agencies defend their searches for information about people as limited and pragmatic actions that improve their rationality in making specific decisions about who to hire, who to extend a loan to, who to rent an apartment to, and who to arrest (Kusserow, 1995). The increasing importance of indirect social relationships which we described earlier gives many organizations a legitimate interest in using computerized personal records systems to learn about potential or actual clients. It is not difficult to find examples of this. For example, landlords may legitimately wish to avoid renting to convicted felons. Or employers may want to analyze how to reduce their health insurance costs. However, such legitimate activities may extend until they impinge on the freedoms of individuals. Landlords may want to use a database of potential gang members, even though the people in the database were not convicted of any crime. Or, employers may screen potential employees on the basis of their health histories. (For an analysis of the potential misuses of medical records, see Consumer Reports, 1994.) These kinds of situations create a tension between the preferences of an organization's managers and the freedoms of individual clients or workers. In these situations, organizations usually act to maintain the largest possible zone of free action for themselves, while downplaying their clients' interests. It is not surprising, then, that privacy issues are rarely considered when systems are constructed or implemented. Jeff Smith (1993) documented the way that managers of U.S. firms which manage huge amounts of personally sensitive data, such as health and life insurance and credit card processing, examined privacy issues only when their organization was faced with an external threat, such as a public embarrassment or impending privacy legislation. Adding to the force of this tension between the interests of managers and their organization's clients,, personal data systems have become increasingly larger and interlinked. Many databases of personal information now contain data from many different sources. Yet, there are few corresponding protections to reduce the risks of error, inappropriate disclosure, and other problems (Kling, 1995). In large-scale record systems (with millions of records), there are bound to be inaccuracies (Shattuck, 1995). But people have few rights to inspect or correct records about them in the U.S. -- except for credit records. During the last 30 years, people have consistently lost significant control over records about them. Increasingly, courts have ruled that records about a person belong to the organization that collects the data, and the person to whom they apply cannot restrict their use (Privacy Protection Study Commission, 1977). Consequently, inaccurate police records, medical records, and employment histories can harm people without their explicit knowledge about why they are having trouble getting a job, a loan, or medical insurance. These new ways of doing business -- taken together with computer systems -- have reduced people's control over their personal affairs. Elected officials have periodically tried to create new laws to help correct this imbalance. In 1992, more than 1,000 bills on privacy issues were presented in state legislatures and least 10 bills made an appearance at the federal level (Miller, 1993). Few of these bills emerge from various legislative committee and even fewer are enacted into law. Unfortunately, representatives of those private firms and government agencies that have an interest in expanding their computerized information systems frequently argue vehemently against legal limits, or substantial accountability to people about whom records are kept. They deny that problems exist, or they argue that the reported problems are exaggerated in importance (see for example, Posch, 1994). And they argue that proposed regulations are either too vague or too burdensome, and that new regulations about information systems would do more harm than good. The proponents of unregulated computerization have been wealthy, organized, and aligned with the anti-regulatory sentiments that have dominated U.S. federal politics during the last 15 years. Consequently, they have effectively blocked many attempts to preserve personal privacy through regulation. In this way many representatives of the computer industry and of firms with massive personal record systems behave similarly to the representatives of automobile firms when they first were asked to face questions about smog. As smog became more visible in major U.S. cities in the 1940s and 1950s, the automobile industry worked hard to argue that there was no link between cars and smog (Krier and Ursin, 1977). First their spokesmen argued that smog was not a systematic phenomenon, then they argued that it was primarily caused by other sources such as factories. After increases in smog were unequivocally linked to the use of cars, they spent a good deal of energy fighting any regulations that would reduce the pollution emitted by cars. Overall, the automobile industry slowly conceded to reducing smog in a foot dragging pattern that Krier and Ursin (1977) characterize as "regulation by least steps." In a similar way the organizations that develop or use personal record keeping systems behave like the automobile industry in systematically fighting enhanced public protections. Information entrepreneurs, like other entrepreneurs in a capitalist economy, are sensitive to the costs of their services. When there is no price on goods like clean air or personal privacy, those goods are usually ignored unless there are protective regulations to compensate for market failures. The history of federal privacy protections in the U.S. is likely to continue unchanged without a new level of political interest in protections. The Privacy Act of 1974 established a Privacy Protection Study Commission, which in 1977 issued a substantial report on its findings and made 155 recommendations to develop "fair information practices." Many of these recommendations gave people the right to know what records are kept about them, to inspect records for accuracy, to correct (or contest) inaccuracies, to be informed when records were transferred from one organization to another, and the like. Less than a handful of these proposals were subsequently enacted into federal law. Leaders of the computing movements and the associated industry that enable large-scale databases could help minimize the possible reductions of privacy that their applications foster by helping to initiate relevant and responsible privacy protections. It is hardly realistic, however, to expect them to take such initiatives, since they work within social arrangements that do not reward limiting their own market opportunities. As a consequence, we expect privacy regulation in the next two decades to be as lax as in the previous two decades. While the public is becoming sensitized to privacy, it does not have the salience and energizing quality of recent issues like tax reduction, abortion, or even environmental pollution. This does not mean that there will not be any new privacy protections for private persons. Regulation by least steps, in the case of personal privacy, can take the form of very bounded regulations, like the Video Privacy Protection Act, which regulates access to video store rental records or the Electronic Communications Privacy Act of 1986, which protects communications on wires between organizations but not within buildings. In the US, there may be new protections restricting the dissemination of health records, but the prospects of those protection seem tied to the comprehensive restructuring of health care. CONCLUSIONS We opened our paper with a simple but fundamental question: Why is there a continuing development of information technologies whose use impinges on personal privacy in modern societies? Few analysts have tried to answer this question directly, although some answers are implicit. Laudon and Laudon (1994:702-703), for example, focus on rapid improvements in the absolute capabilities and the cost/performance ratio of information technologies. They also identify "advances in data mining techniques" used for precision-marketing by firms like Walmart and Hallmark. Our answer concentrates not only on these environmental factors, but as well on the micro-practices of those who manage such systems and their incentives, as well as the institutional structures in which they work (i.e., information capitalism). In short, we argued that the dynamics of expanding sureiallnce systems is systemic rather than the result of isolated practices. Unfortunately, we know relatively little about the ways that informational entrepreneurs conceive, and build internal alliances to develop information systems that collecta nd organize personally senstive data. Within modern corporations and organizations, there exists a set of social practices that encourage the use of data about individuals, data-intensive analystical and computerization as key strategic resources. We called these practices "information entrepreneurialism." Information entrepreneurialism thrives within an information capitalist social and political sytem. It has been stimulated by many social transformations in the past 100 years in industrialized societies, especially North America: the increasing mobility of populations, the growth of nationwide organizations, and the increasing importance of indirect social relationships. The key link between information entrepreneurialism and the new technologies that support databases of personally senstive data lies in the possibilities for enhanced information processing that it provides to analysts whose managerial strategies profit from significant advances in analyzing records of an organization's (potential) clients' and operations. We find it especially important to examine how managers and professionals develop surveillance technologies (Smith, 1993; Laudon, 1986), as well as changing technologies. The information entrepreneurial model argues that the growing importance of indirect social relationships in North American society leads many organizations to seek personal data about potential and actual clients. At the same time, managers and other organizational employees trained in analytical techniques and actively pursuing data-intensive strategies foster the use of personal data. Attempts to introduce products such as Lotus Marketplace:Household are difficult to understand without examining this organizational context. The positive side of these informational strategies lies in improved organizational efficiencies, novel products, and interesting analytical jobs. However, as a collection, these strategies reduce the privacy of many citizens and can result in excruciating foulups when record keeping errors are propagated from one computer system to another, with little accountability to the person. David Lyon (1994) argues that a sound analysis of changes in technology and social control should be based on a vision of "the good society," rather than simply upon avoiding social orders that are horrifying or perverse. Social changes toward a society which prizes fair information practices could be influenced by the policies and routine actions of commercial firms and public agencies. They are not inevitable social trends, as shown by the differences between US and European regulatory systems for managing personal data (Flaherty, 1989; Trubow, 1992). For instance, the North American public might insist upon stronger fair information practices to reduce the risks of expanding records systems. Or Laudon's (1995) proposals for pricing personal data might be developed for some areas, such as marketing. The society could change some key rules, rights and responsibilities that characterize the current practice of unfettered information entrepreneurialism. Unfortuantely, broad systematic changes in US information policies seem politically infeasible today, for reasons that we have sketched above. Currently, relatively few restraints have been imposed upon the exchange of personal information between organizations, both public and private, in North America. We are not sanguine about any substantial shifts towards more privacy protections during the next two decades. Without changes which are exogenous to the direct use of specific computer applications, the trends which we have discussed are likely to continue. These trends can be the subject to systematic empirical inquiry, and merit such an investigation. ACKNOWLEDGMENTS This paper benefited from discussions about information capitalism with Phil Agre, Vijay Gurbaxani, James Katz, Abbe Mowshowitz, and Jeffrey Smith. Conversations with Mary Culnan, Jeff Smith, and John Little provided important insights into the importance of computerization in marketing. Our colleagues John King and Jonathan Grudin have been continuous partners in provocative discussions about technology, privacy, and social change. REFERENCES Bloom, Paul N; George R Milne, and Robert Adler. 1994. "Avoiding Misuse of New Information Technologies: Legal and Societal Considerations." Journal of Marketing 58(1) (Jan):98-110. Burnham, David. 1983. The Rise of the Computer State. New York: Random House. Calhoun, Craig. 1992. "The Infrastructure of Modernity: Indirect Social Relationships, Information Technology, and Social Integration" in H. Haferkamp, and N. Smelser, eds., Social Change and Modernity. Berkeley: University of California Press. Cash, James Jr., Warren F. McFarland, James McKenney, and Linda Applegate, eds. 1992. Corporate Information Systems Management: Text and Cases. Boston: Irwin. Chandler, Alfred D. 1977. The Visible Hand: The Managerial Revolution in American Business. Harvard University Press. Chandler, Alfred D. 1984. "The Emergence of Managerial Capitalism." Business History Review. 58(Winter):473- 503. Consumer Reports. 1994. "Who's Reading Your Medical Records?" Consumer Reports, 59 (10): 628-633. Culnan, Mary. 1993. "How Did They Get My Name? An Exploratory Investigation of Consumer Attitudes Toward Secondary Information Use." MIS Quarterly, 17(3): 341- 363. Flaherty, David. 1989. Protecting Privacy in Surveillance Societies: The Federal Republic of Germany, Sweden, France, Canada and the United States . University of North Carolina Press. Gendelev, Boris. 1992. MIS and Marketing: Secrets of Strategic Information Mining. Chief Information Officer Journal v5, n1 (Summer):12-16,23 Kling, Rob. (Ed). 1995. Computerization and Controversy: Value Conflicts and Social Choices. San Diego: Academic Press. Kling, Rob, Spencer Olin and Mark Poster. 1991. "Emergence of Postsuburbia." In R. Kling, S. Olin and M. Poster, eds. Postsuburban California: The Transformation of Postwar Orange County. Berkeley: University of California Press. Kling, Rob, Isaac Scherson and John Allen. 1992. "Massively Parallel Computing and Information Capitalism." In W. Daniel Hillis and James Bailey, eds. A New Era of Computing. Cambridge: The MIT Press. Krier, James and Edmund Ursin. 1977. Pollution and Policy: A Case Essay on California and Federal Experience with Motor Vehicle Air Pollution, 1940-1975. Berkeley: University of California Press. Kusserow, Robert P. 1995. "The Government Needs Computer Matching to Root Out Waste and Fraud" in Kling (1995). Laudon, Kenneth. 1986. "Data Quality and Due Process in Large Interorganizational Record Systems," Communications of the ACM 29(1): 4-11. Laudon, Kenneth. 1986. Dossier Society: Value Choices in the Design of National Information Systems. New York: Columbia University Press. Laudon, Kenneth and Jane Laudon. 1994. Management Information Systems: A Contemporary Perspective. 3rd Ed., New York: McMillan. Laudon, Kenneth. 1995. "Markets and Privacy" in Kling (1995). Levy, Steven. 1991. "How the good guys finally won: keeping Lotus MarketPlace off the market," MacWorld 8(6): 69-74. Luke, Timothy and Stephen White. 1985. "Critical Theory, the Informational Revolution, and an Ecological Path to Modernity." in J. Forester, ed. Critical Theory and Public Life. Cambridge: M.I.T. Press: 22-53. Lyon, David. 1991. "British Identity Cards: The Unpalatable Logic of European Membership?" The Political Quarterly 62 (3): 377-385. Lyon, David. 1994. The Electroic Eye: The Rise of Surveillance Society. Minneapolis: The University of Minnesota Press. Markoff, John. 1991. "American Express to Buy 2 Top Supercomputers from Thinking Machines Corp." New York Times, Oct 30, 1991: C7(N), D9(L). Miller, Cyndee. 1993. Privacy vs. Direct Marketing: Industry Faces "Something on the Order of a Survival Issue". Marketing News 27(5) (Mar 1):1,14+. Posch, Robert. 1994. "After MPS - Then What? Direct Marketing 56(11) (March):63-64+, also reprinted in Kling (1995). Privacy Protection Study Commision. 1977. Personal Privacy in an Information Society. Washington, DC: U.S. Government Printing Office. Rule, James. 1974. Private Lives and Public Surveillance. New York: Schocken. Rule, James, David McAdam, Linda Stearns, and David Uglow. 1980. The Politics of Privacy: Planning for Personal Data Systems as Powerful Technologies. New York: Mentor. Shattuck, John. 1995. "Computer Matching is a Serious Threat to Individual Rights." in Kling (1995). Smith, Jeff. 1993. Privacy policies and practices: inside the organizational maze:how corporations are handling sensitive personal information. Communications of the ACM 36(12) (Dec):104-119. Trubow, George B. 1992. The European harmonization of data protection laws threatens U.S. participation in trans border data flow. Northwestern Journal of International Law & Business 13(1) (Spring/Summer):159-176. U.S. Department of Commerce and Bureau of the Census. 1992. Statistical Abstract of the United States, 1992. Washington, DC: U.S. Government Printing Office. Wartzman, Rick. 1994. "A Research Company Got Consumer Data From Voting Rolls." The Wall Street Journal, December 23, 1994: A1+. Yates, JoAnne. 1989. Control through Communication: The Rise of System in American Management. Baltimore: Johns Hopkins Press.