About 179,000 of these were from law-enforcement officials; the overwhelming balance no doubt came from insurance companies (State of Illinois, 1983).

Information from Social Security files, including both income data and the account-holder's 'whereabouts, is intensely attractive to many outside interests. When the Social Security system was founded in 1935, elaborate assurances were offered that data would remain confidential (Rubinstein, 1975). But confidentiality has been eroded over the years, especially since the 1970s. Social Security files are now open to state welfare departments and food stamp programs (to control access to benefits), the FBI and the Secret Service, the Immigration and Naturalization Service (to control employment of undocumented aliens), and others (U.S. Department of Health, Education and Welfare, 1977:52239). One of the more controversial users of Social Security information is the Parent Locater Service. This agency, established by Congress in 1975, uses such data for action against parents who desert spouses with dependent children (U.S. Privacy Protection Study Commission, 1977b:16). In creating the service, Congress also granted it access to personal data held by other federal agencies, including the Internal Revenue Service. Data generated by credit card companies are provided routinely to a variety of organizations. Probably the biggest data consumers are credit bureaus, who normally demand an exchange of data: organizations which purchase the credit bureaus' reports must then provide data from their own files. Such data are increasingly provided in large quantity by direct computer links. In addition, many credit card issuers provide the addresses of card holders to merchants who have accepted the card as identification for a check which subsequently bounced. This is apparently why credit cards are so often preferred as identification in check cashing: the merchant may have no other way of contacting the writer of the check. Credit card issuers help merchants in this way because of their shared desire to control bad checks written by card-holders. Credit card firms, like most other large-scale creditors, also provide information from their files to law-enforcement agencies, including the Internal Revenue Service, the FBI, and other local, state, and federal bodies. Data of interest here include the amounts of the card-holder's indebtedness and the nature of expenditures, as well as the individual's whereabouts at particular times (U.S. Privacy Protection Study Commission, 1977a:53).

Finally, data generated through use of checking and savings accounts are regularly provided to credit bureaus, prospective creditors, and a variety of law enforcement agencies. The effects of such provision, in terms of social control, range from extension or withdrawal of credit to prosecution for tax evasion and other felonies. A few banks and savings institutions resist such disclosure, but these seem to be a distinct minority (Linowes, 1979:11). Demands from law-enforce: ment agencies for data are often backed by subpoena, leaving court action the only available avenue for resistance.

Besides responding to inquiries from such outside bodies, savings institutions are required to report yearly to the federal government all interest paid to depositors. Such institutions aiso must report foreign currency transactions in excess of $10,000 (U.S. Privacy Protection Study Commission, 1977a:104). And, in compliance with still other federal regulations, virtually all personal checks paid by United States banks are microfilmed; the records are retained for live years to be available for scrutiny by federal officials (U.S. Privacy Protection Study Commission, 1977a:105).

THE FUTURE OF MASS SURVEILLANCE

The dramatic proliferation of personal documentation since the beginning of the 20th century means much more than growing possession of certificates, cards, and computer records. It reflects the growth of an important new category of relationships between ordinary people and large, centralized organizations. These new relationships entail increasing demands on personal privacy, as organizations consume more and more personal data and use these data to shape their treatment of marrone with whom they deal. As we have shown, these demands are growing apace with the

further refinement of technological and organizational resources. Where, we must ask, are these trends leading? What sort of social world is emerging from the changes detailed here?

To answer such questions, one must consider the limitations of organizational mass surveillance as much as its strengths. These limitations are by no means trivial. Organizations cannot achieve mass surveillance goals without data, and such data are by no means available simply for the asking. Indeed, we have shown how even the most seemingly powerful organizations often must accept significant limitations on their ability to master important data on the people with whom they deal.

A key example is the widespread reliance on self-identification, including personal documentation presented by those being identified. It is widely acknowledged by officials of surveillance organizations that such practices as permitting people to provide their own birth certificates lead to significant evasion of social control. Yet the organization of information flow in the United States does not yet offer an alternative to these practices at acceptable cost.

Similarly, some organizations do not even exploit relevant data already contained in files accessible to them. This is true of some state driver's licensing systems, which issue licenses on the strength of data provided by the applicants, without checking their own records of the applicants' driving histories (Tritsch and Kumbar, 1977:2-1). Here, we conclude, organizations are responding both to the costs of clerical time in searching for potentially relevant data, and to costs in terms of public complaints over delays in issuing documents. A number of officials reported that the latter were an especially important consideration for their organizations. This appears particularly true for the four government documents: birth certificates, passports, driver's licenses, and Social Security cards. The public are apt to insist on quick access to these as a matter of right (U.S. Department of Justice, 1976:F-15).

Still, the effect of such weaknesses in surveillance may be a good deal less than it would appear. Organizations do not advertise the laxity of their surveillance procedures. They are much more likely to require applicants to read and sign statements such as the following, from the application for Social Security cards:

WARNING: Deliberately furnishing (or causing to be furnished) false information on this application is a crime punishable by fine or imprisonment, or both (U.S. Department of Health and Human Services, Social Security Administration, 1982).

In fact, fraudulent applications for Social Security cards are rarely prosecuted unless they are compounded with other, more serious infractions. There were 117 prosecutions and 62 convictions in the years 1980 to 1982 inclusive, according to a Social Security official.'

The effectiveness of mass surveillance and social control depends most directly on the public's perceptions of what systems can and cannot know about them. Most U.S. citizens are apparently aware that large organizations are capable of sophisticated data linkages. They realize that income not listed on tax returns is likely to be reported directly to the Internal Revenue Service by the paying organization, or that creditors have ways of finding out about debts not acknowledged on credit applications. But relatively few people, we suspect, can distinguish between the risk that 4 credit applicant's recent bankruptcy will be reported to a prospective creditor and the risk that the Passport Office will spot an application for a passport in the name of someone who already has one. The first risk is relatively great, since credit bureaus systematically collect and report such data, while the second is relatively low, since the Passport Office ordinarily does not check new applications against records of outstanding passports.

The overall picture that emerges from these observations is one of dialectical tension between

9. Robert Sedlak, Inspector General's Office, Department of Health and Human Services, Baltimore, May 13, 1983: telephone interview.

the efforts of organizations to maximize the scope and effectiveness of mass surveillance, and the efforts of certain subsets of the public to evade organizational intent in these respects. Organizational reliance on bluff and intimidation is part of one side of this dialectic; yet such feints would mean little without the other weighty organizational efforts considered here – particularly the development and exploitation of new sources of data. Countervailing against such forces are individuals' efforts to escape the effects of bad credit records, poor driving histories, ineligibility to enter the United States, and the like.

We do not portray this opposition in simplistic terms, as nothing other than efforts by oppres sive institutional interests to manipulate innocent individuals. In fact, there is considerable grassroots support and even demand for increased mass surveillance – for example, to keep undocumented aliens out of the labor force, to keep dangerous drivers off the roads, or to keep poor credit risks from spoiling the credit markets enjoyed by others. But whatever the mixture of elite initiatives and popular demand fueling the growth of mass surveillance, there can be no doubt that organizational powers in this respect are in the ascent, and opportunities for individual evasion of mass surveillance increasingly restricted.

The key consideration mediating the interests of mass surveillance and those of evasion are the significant costs of the former. While the per-case costs of operating large data systems is ordinarily small, the starting-up costs of creating such systems is great. Thus, even relatively powerful and well-financed organizations such as those considered in this paper cannot extend their sway as rapidly as they might. Paying the armies of clerical staff who must assemble and process personal data is one significant source of these costs; procuring and operating computing systems and other data-management technologies are another. Yet the conspicuous trend in mass surveillance is toward a cumulative decline in such costs.

Consider the growing reliance of organizations on direct checking, as distinct from self-identification. At the beginning of the 20th century there were few organizations which could be counted on to generate authoritative personal information on a mass basis. Even birth certification probably covered no more than half of those being born. And without sources of "breeder documents," the bases for generating further documents were weak.

As sources of authoritative personal data available for direct checking grow, however, the costs of mass surveillance drop. Indeed, viewing the broad sweep of historical change, we conclude that mass surveillance through personal documentation feeds on itself. The more important events in life entail production or consumption of personal documentation, the more feasible it is to institute effective surveillance through direct checking based on such data. Imaginative adminis trators of surveillance organizations are constantly seeking new uses for personal data in these ways.

This, then, is the special appeal of direct checking, from the standpoint of surveillance interests. When accomplished through computer links, it is relatively inexpensive on a per-case basis, extremely quick, and unobtrusive from the standpoint of the individuals involved. These same qualities both excite the enthusiasm of bureaucratic planners and politicians and spur the anxiety of privacy advocates and civil libertarians. In the last few years, the former have been putting their concerns aggressively into practice, while the latter have mostly been on the deten Sive. One of the best publicized instances of new forms of mass surveillance through low-cost direct checking have been the programs of "computer matching" sponsored by tederal agencies. Here computerized lists of, say, welfare recipients are checked against other computerized data such as pavrolls in order to detect fraud. Originally sponsored by Joseph Califano during his tenure as President Jimmy Carter's Secretary of Health, Education and Welfare, these efforts have been pursued with increased vigor under the administration of President Ronald Reagan. Proponents of these techniques have lauded them as essential to government efficiency and costcurring opponents have characterized them as violations of due process, privacy, and civil liber

ties. Both positions were voiced in the 1982 hearings of the Subcommittee on Oversight of Government Management of the Senate Government Affairs Committee (U.S. Congress: Senate, 1983).

The perfection of direct checking within and among organizations is the wave of the future in mass surveillance. By substituting direct checking for self-identification, organizations can transcend the limitations which have beset mass surveillance in the past, and which continue to limit the effectiveness of a number of the processes described above. Instead of relying on individuals to provide information and documents themselves, organizations will increasingly seek personal data directly from other organizations. Such exchanges will increasingly take the form of computers talking to computers. And as data management in all kinds of organizations becomes computerized, the machines will have more and more to talk about. Such exchanges will transcend limitations on mass surveillance and control in the interests of enhanced efficiency. But inefficiency may protect important values. Whatever one thinks of the goals of specific surveillance procedures, few really want to see the ability of organizations to keep track of people grow without limit. At best, such developments would foster a more intrusive, less private world. At worst, they would lower institutional defenses against threats of totalitarianism. Thus, we favor limitations on direct checking in many settings, especially where personal data provided for one purpose are re-used for another purpose unfriendly to the individual (Rule et al., 1980:153). We hope this study helps to show what is at stake in these developments, and what price is paid for making personal documentation and mass surveillance more efficient.

REFERENCES

American Association of Motor Vehicle Administrators

1979

Driver's License, 1978. Statistical Report. Washington, DC: American Association of Motor
Vehicle Administrators.

American Bankers Association

1979 ABA Bank Card Letter, March 1979. Periodical. New York: American Bankers Association. Booth, Philip

1973 Social Security in America. Ann Arbor, Michigan: Institute of Industrial and Labor Relations, University of Michigan and Wayne State University.

Curtin, Richard E, and Thomas S. Neubig

1979 Survey of Consumer Finances 1977-78. Ann Arbor, Michigan: Survey Research Center, University of Michigan.

Linowes, David

1979 "Privacy in banking." Mimeograph. University of Illinois, 308 I incoln Hall. Urbana, Illinois. Rubinstein, Walter D.

1975 Confidentiality Under the Social Security Act. Pamphlet. Woodlawn, Maryland: Social Security Administration.

Rule, James B.

1974 Private Lives and Public Surveillance. New York: Schocken.

Rule, James. Douglas McAdam, I inda Stearns, and David Uglow

1980 The Politics of Privacy. New York: Elsevier.

Shils. Edward

1975 Center and Periphery: Essays in Macrosociology. Chicago: University of Chicago Press. State of Illinois

1983

Report of State Advisory Committee on Distribution of Government Information. Springfield:
Office of the Secretary of State.

Tritsch, Arthur and Albert Kumbar

1977 Comparative Data Analysis of State Motor Vehicle Administration. Washington, DC. National Highway Traffic Safety Administration.

US Congress, Office of Technology Assessment

1982

An Assessment of Alternatives for a National Computerized Criminai History System. Washington, DC. Office of Technology Assessment.

US. Congress: Senate

1983

Oversight of Computer Matching to Detect Fraud and Mismanagement in Government Programs. Committee on Governmental Affairs, Subcommittee on Oversight of Government Management, 97th Congress, 2nd Session. Washington, D.C.: U.S. Government Prinung Office.

US Department of Health and Human Services, Social Security Administration

1982 Application for a Social Security Number. Hyer. Washington, DC.. US Government Printing Office.

US Department of Health, Education and Welfare

1954

1977

Vital Statistics of the United States, 1950, Volume 1. Washington, DC.: U.S. Government Printing
Office

Privacy Act Issuances. Annual Publication, Federal Register. Washington, DC. US. Government
Printing Office.

US Department of Justice

1976 The Criminal Use of False Identification. Washington, DC.; U.S. Government Printing Office. U.S. Department of State, Passport Office

1976 The United States Passport: Past, Present, Future. Washington, DC.. U.S. Government Printing Office.

US Privacy Protection Study Commission

1977a

Personal Privacy in an Information Society. Washington, DC. US. Government Printing Office 1977b Citizen as Taxpayer. Washington, DC. U.S. Government Printing Office.

Westin, Alan

1967 Privacy and Freedom. New York: Atheneum.

Westin, Alan, and Michael Baker

1972 Data Banks in a Free Society. New York: Quadrangle Books.

Wheeler, Stanton (ed.)

1969

On Record: Files and Dossiers in American Life. New York. Russell Sage Foundation