In the wake of 11 September, Americans everywhere quietly agreed that national security trumps personal privacy. With the public’s support, the Bush administration and Congress quickly ramped up the collection of antiterrorist information. While there’s debate about how increased government surveillance powers might threaten democracy, this debate overlooks the greatest threat, which comes from private rather than government surveillance. Current political, technology, and business trends threaten to mushroom into the collection by private companies of massive amounts of personal data, which in turn will become available to government agencies.

Our willingness to give up privacy for security comes at a time when information technology has made every daily convenience an opportunity for surveillance. It has long been understood that credit card purchases and phone calls leave electronic clues to our lives. But as cell phones, personal digital assistants, smart cards, frequent-shopping cards, wireless identification devices, and related technologies proliferate, our electronic trail will become detailed: potentially every purchase, every phone call, every movie, every email, every instant message, every website, every store, every company, every parking lot, every tollbooth, every subway stop …

Consider just one example: machine-readable driver’s licenses are now issued by about 40 states, and most of the other states will follow suit within a few years. License scanners are already used to check identities at Logan Airport, record visitors at New York University Hospital, and record visitors to the Delaware legislature. A Boston bar owner recently described how the system provides useful information about customer demographics, interests, and attendance patterns. License scanners are proliferating and easily could result in a de facto national ID card tracked by every business.

The dramatic increase in private surveillance is worrisome even if one assumes that business is a trustworthy custodian. But the mission of business is to profit and grow, not protect and serve. The safety of private surveillance data is at risk from uncertain budgets, loosely vetted employees, and changing business priorities. Misused, accidentally released, or stolen data can mean embarrassment, harassment, and persecution. Yet we have little knowledge about the data collected about us and little control over its accuracy and safety.

The hidden danger in this post–11 September world is that all this private data will become available to government agencies. Well-meaning companies are releasing their data to the government without subpoenas, court orders, customer notifications, or other due-process protections. Some even offer their data without being asked. Moreover, the government now encourages private surveillance in the name of national security. For example, The USA PATRIOT Act requires that financial institutions file reports on suspicious activities; furthermore, the act protects those institutions from liability. Similarly, with its misguided TIPS program, the Bush administration is encouraging private citizens to become government informants. Business can now justify intrusive surveillance and monitoring practices as serving the national interest.

It’s now business more than government that has the motives, means, and opportunities to collect vast amounts of increasingly powerful data. This data will become irresistibly attractive to government agencies, which will intensify their demands for access. There are plenty of early-warning signs: Ken Starr subpoenaed Monica Lewinsky’s book purchases. Colorado police tried to force a bookstore to reveal who purchased a book on illegal drug making. Police departments have reportedly called bars that use driver’s license scanners to ask about certain names and Social Security numbers.

We are seeing the balance of surveillance power shifting from government to private industry, but with the view that surveillance has been privatized or outsourced. But who will watch the private watchers? And who will assure that government gets only the information it truly needs?

Without new laws, government access to private surveillance data will be far in excess of what would have been otherwise acceptable. Congress should set limits on private surveillance and impose onerous liabilities in cases of inappropriate use or disclosure. Congress also should establish tougher limits on government access to private surveillance data, particularly as part of legislation to establish the Department of Homeland Security. Finally, it’s time to revisit the Privacy Act of 1974 in earnest, strengthening provisions designed to prohibit government agencies from disclosing private information to third parties or other agencies without an individual’s consent. It’s not privacy we need to protect, it’s democracy. Technical, business, and political trends make the loss of privacy inevitable. But democracy won’t fall just because our privacy is invaded; it will fall if we don’t ensure due process for those on whom data is collected and accountability of those who collect and control the data.