Your personality in a shopping cart: Why did people stop caring about their private data?

Of Privacy and Publicity

In “The Right to Privacy” from 1890 Warren and Brandeis state that in order to meet the new demands of society, there must be a right “to be let alone” - for the protection of a person, and for securing the individual. Already at the end of the 19th century they felt a strong demand to “protect the privacy of the individual from invasion either by the too enterprising press, the photographer, or the possessor of any other modern device for recording or reproducing scenes or sounds.” The main concern these days lay in taking or copying private photos of people and especially celebrities, and making them public without the affected person giving permission. Warren and Brandeis foresee that political, social and economical change will lead into excessive public exposure of individuals, and declare that it is a right of everyone to have a private life. A private life therefore means to have control over how much and what printable, traceable, reproducible data is over one is being brought to public. Publishing someone’s production in any form without consent, they also see a casual letter as well as a very personal entry in a diary as a good to be protected from the public.

After more than a hundred years it seems that the right of privacy is obsolete, and that people are very well aware of the Big-Brother notion but no one seems to care anymore. Warren and Brandeis could foresee the impact on privacy-infringements in our daily life, and draw a clear line between publicity and privacy: “The intensity and complexity of life, attendant upon advancing civilization, have rendered necessary some retreat from the world, and man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury.”

In the 21st century we seem to be confronted with a world, where this scenario has obviously become true, if we call the Internet and especially social networks a retreat from the world, and refer to the prediction of the WHO that within 20 years more people will be affected by depression than any other health problem. But by talking about publicity in 1890 no one could image a world were mass media is not created and dominated by journalists only, but by every individual themselves through the means of new, participatory media. The sensitivity to publicity has turned into careless handling of the own privacy. The Internet finally created a channel for individuals to expose themselves to the world, regardless all privacy and propriety, just to name YouTube besides an immense number of similar home-video-streaming portals, as a very self-evident example.

Social Network Sites such as Facebook, Myspace or their Dutch equivalent Hyves create a container for content that is created by the individual users themselves. These networking services rely on the existence of personal data of their users and their willingness to share that content online through the particular service. A social network site without the participation of users would just state an empty container. Only when users decide to provide the databases with input the social network processes that given data and allows users to build up online networks and link to any relevant content. This content consists mainly out of information on their private life such as interests, friends, photos and videos. It goes beyond the diary entry or the casual letter, much farther than just the distribution of a certain picture or personal letter without consent. Also people that have not registered themselves in the system can be easily tracked through their friends, who provide the database not only with whole albums of images and videos showing the faces of all people in their surrounding, they also make us of the function to tag people’s faces with their full name or nick name. The self-display of the own person has dispersed into a collective exhibitionism: If you do not provide your own content to the mass, someone else will – supposedly a person from your circle of acquaintances or friends, which means the loss of the control over your own picture drawn in cyberspace. By avoiding this publicity one also abandons the control over the own privacy, or this particular part of one’s privacy that can be seen by the online publicity. Being not a part of facebook, whereas all the friends provide content means that your environment provides takes the control over an image of you, that you will never see yourself, if you succeed in avoiding to join any social network site, but an image that can be seen and judged by anyone else part of the network Wendy Chun points out, that new definitions of privacy as secrecy emerge in response to electronic publicity. Where do we see us between the two resulting extremes? Either total exposure to this new public in order to show that there is nothing to be dissimulated or taking the opposite effort, to avoid any traceable information about one’s existence and trying to stay a blank page in the network. In between stands the broad mass of people who perhaps are not aware of the possible impact of their electronic presence on their everyday life, giving up a certain part of their privacy, without considering the consequences, trusting in the system because everyone around is doing it the same way. Also Peter Weibel sees exhibitionism moving from a personal pathology to an everyday social condition. Is self-display and the surrender of personal privacy becoming a more and tolerated behavior and therefore inherent part of our existence? “I am seen, therefore I am” is forming an existence that would not allow the individual any notion of “Right to Privacy” anymore.

In his talk “Privacy is Dead – get over it” at HOPE 2006 private investigator Steven Rambam displays that his job as a private investigator has never been easier since all these services full of private user-created content exist. People voluntarily publish relevant information connected to their name such as their sex, birth date, hometown, phone number, detailed contact information, their social security number, relationship status, religious and political views, education and work information and even their annual income. That makes them easy to be profiled, categorized and traceable – not only for private investigators but also for businesses, salesmen or even for criminals.

He asks into the audience whether people were aware of the fact that Google is using bots that search, index and categorize their e-mails sent through their Gmail accounts. Many hands rise. After asking how many of them would care, all hands were lowered. Companies such as Google are seen by most of the users as handy and convenient services rather than a privacy-threatening hazard. Indeed these services available to everyone with an internet-connection for free profit from the data they get out of the user.

The verdict “Get over it” stems already from 1999 where the former CEO of Sun Microsystem Scott McNealy clarifies that consumer privacy issues are a “red herring” and “You have zero privacy anyway” to the public. So if we had by now gotten over the fact that our privacy is declared null and void, why are some fringe groups still fighting goliath while the rest is maybe adopting the course proposed by McNealy through simply closing their eyes from their loss of the notion of privacy, willingly handing over the control over their private data to businesses and governments?

Serving the exhibitionist

“Ultimately, successful loyalty programs deliver insight and help to build customer relationships by being open, modular, and simple—and by offering rewards that not only interest individual customers, but also encourage those customers to take specific actions that align with the company's business goals.”

Every person is seen and treated a potential customer, and in order to find out what potential the person to the company could have it’s vital to know and understand as much as possible about that single person. Every puzzle of data about an individual can be fed into an algorithm that calculates possible offerings tailored to their preferences and desires. We are already used to systems like amazon.com uses when welcoming us personally with a link “We have recommendations for you.” Out of every purchase made there, every article you ever searched for or were looking at combined with data of other customers with similar orders the website presents a potpourri of offers that you might like. People seem to find that a very convenient tool too, and maybe prefer to look into these offers first rather than making up their own mind on what they really would like to have and what they themselves would indeed would buy. They give up the ownership of their private data in order to have an easier choice at their next purchase. Is it really convenient to let a system make the choices for you on what you will spend your money on to make you a satisfied customer? These systems are still very popular and it seems people do not care anymore to what extend their purchase data is evaluated by the vendor.

These recommendation-systems only work well if there is enough data available. Having bought only one quite rare headset on amazon.de my recommendations only circulated around this special purchase, where apparently no other useful links to similar purchases or customers were available. Therefore the system sees me only as a potential client for headsets and is in the dark for any other sort of products I might be interested in. By contrast purchasing books, music or DVDs makes it much easier for the system to create links to other related products because these products are much easier to be categorized in styles and genres the customer might like too. So if I would only rely on the recommendations given by amazon.de I would be constantly stuck within a feedback-loop: The system would never lead me into another range of products than headsets.

This means that frequent purchases optimize the recommendation-system and the more a person buys the more the system can encircle and predict further desired products. So a vital point to the seller is the loyalty of the clients, and many vendors make use of special loyalty programs to ensure that their customers will stick to the company and come back frequently. Customer Strategist Peppers and Rogers state that loyalty programs are at their core tactical mechanisms for altering the behaviors of specific customers. They call the infringement of the person’s private data an opportunity to gain insight about a customer in order to be more competitive in the market.

One of the first popular loyalty programs was the S&H Green Stamps in the market from the 1930s until the late 1980s. With every purchase at a Sperry and Hutchinson retailer people received stamps to collect, which could be redeemed for products as a reward for being a frequent customer. These stamps are indeed stimulation for the customer to buy only at the selected stores offering that reward program, but at the same time naturally raise the popularity of the brand and make it more competitive. Collecting stamps seems rather simple and trivial but technological progress has allowed more effective systems to turn people into loyal customers.

A mentionable technique introduced in the 1970s is the barcode, which allowed vendors to easily identify and checkout products by using a laser scanner. Printing a barcode on a customer card that is also scanned alongside the products gives the once anonymous supermarket shopper a face. An example for that kind of loyalty program is the Dutch supermarket chain albertheijn. Every week a certain range of products is offered for a cheaper price as in the regular assortment. But only customers owning the albertheijn Bonuskaart can get these products for the reduced price. Handing this card containing a barcode over to the teller to be scanned alongside the products is a naturalized behavior in albertheijn shops when at the checkout. Most customers see only the benefit in getting products cheaper and do not care about the value their information means to the supermarket. The Bonuskaart is available on request at all stores and comes along with a form asking for personal data, which can be filled out voluntarily. People who filled out that form give full information on who they are to albertheijn. This means that all purchases made with that particular card cannot only nailed down on one individual anonymous customer, they also know exactly who this person is. One the one hand, this particular set of data does not seem very harmful, since doing the groceries is a public event in a store anyways and everyday purchases seem to be no highly confidential data. But maybe this data is very interesting when looked at from different angles. The amount and frequency of your purchases tell a lot about your habits and preferences, your income, your nutrition, your religion, your personal hygiene – all this data might be relevant to other salespeople in the supermarket business, but also to loan agencies, insurance companies or employers, which could track down your alimentation, your bad eating habits or your alcohol consumption. Social network sites could never provide this particular set of data in a so detailed way.

The implicitness on how people are carrying personal barcodes in their wallet is evidence that the question on privacy and private data is not present in people’s heads. But other supermarket chains also offer a set of reduced products regularly without asking people to give them access to their private sphere – but apparently this has never been a reason to avoid albertheijn since this chain is one of the biggest and most prominent ones throughout the Netherlands. There seems to be widespread trust into companies, that companies treat personal data with high confidence. And apparently people are not caring at all if there was a data leak in those systems, since they are willing to share their private data with the rest of the world voluntarily anyways. In fact, people who are not part of the loyalty program, have literally to pay a fine for keeping their privacy at the checkout.

In the early 2000s in America an organization of critical customers was founded under the name CASPIAN – Consumers Against Supermarket Privacy Invasion and Numbering. On their website www.nocards.org they published information on privacy in the supermarket business specifically relating to supermarket cards and customer segmentation. They publish cases where supermarkets fool their clients by charging them higher prices than the manufacturer suggests, and lowering the price to the manufacturer price only to card customers. So the reward that comes across to the cardholder is in fact a rip-off of non-card-holders. The website against consumer cards is filled with examples like this, but this particular website was stopped being updated in 2005, alongside other websites of peoples’ initiatives to trick out the card systems, that seem to be abandoned for some years now. According to their new website CASPIAN is busy with a new initiative, focusing on RFID Privacy Issues, the next technological privacy threat after the invention of the barcode. They encourage people now to protest against RFID technology being introduced to track and trace any product wirelessly and invisibly. So the watchdogs on privacy have to adapt continuously to new surveillance-technologies. On their website they claim a protest against RFID tagged clothes in New York to be a huge success, while a photo is showing nine protesters.

This topic does not seem to have reached a broad mass that was willing to support the protest of the consumer activists, although every person is a consumer, so should these issues not concern everyone of us? Perhaps the issue of RFID tagging is too specific and not tangible enough for people, that they have the feeling they cannot trace nor influence technological evolution and its abusive component whatsoever.

Activism on Consumer Privacy

Major protest actions against consumer-tagging and profiling-mechanisms have been done in the early 2000s when customer cards and loyalty programs seemed to be a threat to people’s privacy, but there is hardly anything to be found about recent hack-attempts on equivalent systems. In 2001 Rob Carlson created an online card-swap for Giant Food discount cards with a database-backed service where people could submit their card number and swap it with another person through a simple barcode-generating script. By using this barcode on their own card people should be able to stay untraceable for the system. A similar attempt called the “Ultimate Shopper” worked with the Safeway Club card: People could use the card number of a Safeway Club to form an army of clone cards, helping him to become the biggest shopper at Safeway and help the people keeping their anonymity with their purchases. Both projects have not been updated after 2002.

A noteworthy European project by the German organization FoeBuD dealing with protection of data privacy is the project “Privacy Card” from 2001/2002. The Payback card is a German reward point system, which allows customers to collect points when doing purchases in certain shops. These points are worth money that is transacted to the cardholder’s bank account as a bonus for their loyalty.

In 2000 the company “Loyalty Partner” was awarded the “Big Brother Award” in the category of Business and Finances with the Payback Card. The card comes across as a discount-card, but is a tool for gathering private data about individual buying patterns, and to make commercial use of those without letting the customers know. Although there is no concrete case of data abuse known, the award wants to highlight the danger of building a system that aims to track and evaluate consumer buying habits. The fact that all information already known from the receipt of the purchase is now connected to a specific person or household and their bank data is a problematic evolution from the simple stamp systems of the 20th century, where the data stayed offline and loyal customers could receive their rewards anonymously. Loyalty Partner does not make the terms and specifications clear and the customer does not have any insight in the data that is being processed through his buying behavior. Lack of transparency and no respect for customer’s privacy were the main reasons why Loyalty Partner has been awarded the “Big Brother Award”.

Even though the participation in Payback seems to be voluntarily, FoeBuD states that prices have been raised before the introduction of the card in order to enable such a reward system. Also in their point of view clients who do not own a Payback Card, have to pay up for the right to their privacy. That’s why they created the Privacy Card, a clone of one Payback Card that was connected to the organization’s bank account copied a thousand times. They offered the clone card to customers who still wanted to make use of the reduced prices without having to reveal their buying patterns to the data mining specialists of Loyalty Partner. When sharing one account with hundreds of other customers throughout the country every individual movement becomes invisible and impossible to evaluate. The collected points and their financial reward went onto the bank account of FoeBuD to support the organization in their fight for the privacy of the individual. In December 2002 the Privacy card and its nearly 1500 owners made 23.202 points, which equal a refund of about 235 € (460 Deutsche Mark). After some legal issues with the company, even though the copying of the card was not illegal according to the porous terms and conditions of Loyalty Partner, the payback on the bank account was terminated, but customers could still make use of the card to keep their privacy.

The interest in customer’s private data from the side of the vendors is big, since it enables the seller to find out what product the customer is likely to buy next, according to the recent purchases made. The customer is on the other hand also interested in paying as little as possible for his purchases and does not see the risk of giving away personal data in order to get products at a discount. A lot of people seem to buy the advertising on such reward programs as they see it as a service not having to think for themselves but let the business decide what they should spend their money on. Among the standard supermarket-shopper the awareness might be not very high while on online-portals such as Slashdot.org a huge discussion starts as an IT-specialist for medium-sized medical and law practices asks whether Google Apps are a suitable and especially confidential solution for their practice IT. One answer states “you're unnecessarily risking your clients' confidentiality by sending your communications wholesale to a 3rd party”. Especially for confidential data online apps do not seem like a good solution since they are very public and more probably hacked than personal business solutions.

But can shopping goods also be classified as confidential data? There might be a lot of businesses that could make profit when knowing your shopping behavior but also banks, insurance companies or loan offices could be interested in your lifestyle to avoid to high risks on you. It is not easy to figure out, why people abandoned their right to privacy and keep on filling out any form that asks for al their private details. Perhaps there is still a broad trust into the government and the legislation that prevents the abuse of personal data and perhaps people do not see a concrete enemy in the fight for privacy. Even if someone already filled in hundreds of profiles through social networks, dating-portals, lotteries and other subscriptions it is never too late to change your mind on privacy issues. People should boycott filling out forms that make no use and keep in mind that the biggest data leak are they themselves when spreading every private detail around voluntarily. The success of data mining lies not only in the advanced development of technologies but also in the carelessness of people. The industry is working on more clever products but who is working on making people cleverer? If people stop feeling responsible for their own data and hand privacy-control over to commerce we might shift into a world where products might become more intelligent than the people who are willing to buy them.

Sources:

Warren & Brandeis, “The Right to Privacy” (Harvard Law Review Dec 15, 1890 Vol IV.) http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html
BBC News, “Depression looms as global crisis”, 2 September 2009, http://news.bbc.co.uk/2/hi/8230549.stm
Pepper and Rogers, Customer Strategist, the Executive Journal by Peppers&Rogers Group Date 11/10/2009, Volume 1, Issue 2
Wendy Chun, Control and Freedom: Power and paranoia in the age of fiber optics, MIT Press
Steven Rambam at HOPE2604, “Privacy is dead – get over it”, http://video.google.com/videoplay?docid=3079242748023143842&ei=R0cOS6nGDcmb-AbNi73hAQ
Bonuscard Swap: http://epistolary.org/rob/bonuscard/
The Privacy Card: http://www.foebud.org/fruehere-projekte/privacycard/
Big Brother awards: http://www.bigbrotherawards.de/2000/.com
Heise News, "FoeBuD hackt die Payback-Karte": http://www.foebud.org/fruehere-projekte/privacycard/
Slashdot.Org, "Can we abandon Privacy for Google apps?": http://yro.slashdot.org/story/09/08/04/2012209/Can-We-Abandon-Confidentiality-For-Google-Apps Slashdot.Org, "Can we abandon Privacy for Google apps?": http://yro.slashdot.org/story/09/08/04/2012209/Can-We-Abandon-Confidentiality-For-Google-Apps