Feb
5
2004

infosuck

I’m tired of my movements constantly being tracked, and of having to surrender reams of personal information in order to obtain and/or subsidize a product.

Take, for example, grocery discount “member” cards and airline frequent flyer programs, where you sign up — submitting all kinds of personally identifying information — in order to get discounts or freebies. But these programs aren’t “free.” Their operators use those programs to foster customer loyalty and to track — in detail — customer shopping and travel habits.

Amid all the stories about Janet Jackson’s Super Bowl exposure was a funny tidbit from TiVo that the “bare-it” moment resulted in “the biggest spike in audience reaction the company has ever measured.” (“Justin and Janet Top Super Bowl Show According to Annual TiVo Audience Measurement Analysis” - 02/02/04) Funny … but an unsettling reminder that TiVo collects pretty detailed information about its customers’ usage patterns.

Meanwhile, yesterday, The Washington Post announced that, in addition to the birth year, gender and zip code information they already collect from users, they will also ask users for job-related information. (“Post’s Web Site Will Seek More Information on Visitors” - 02/04/04)

Over the next four or five weeks, users will be asked for a job title, a description of their primary responsibility, the size of their company and the industry in which they work. Users will also have to provide an e-mail address and password to enter the site. Users who provide Zip codes in the Washington area will also have to give their home address.

The Post’s new data collection efforts sound like full-fledged site registration, more like the New York Times than USA Today. I wonder if washingtonpost.com will require an actual user login (like nytimes.com). Given the amount and specificity of information being collected, it’s arguably a more efficient solution than just setting a cookie after the user types in their information (requiring the user to retype all their information to access news stories should they delete their cookies or go to another computer).

I’m terribly uncomfortable about the inevitable day when — if it hasn’t happened already — someone finds a way to tie all these myriad databases together and, with a couple keystrokes, can look up anything about me. Not that I think I’m necessarily interesting enough an individual for someone to want to monitor my every move … but it’s discomfitting to think that someone could, and what they might do with it. And, by submitting to these requests for information, I’m an apparently willing participant in my own eroding sense of personal privacy.

Posted at 11:08 AM in online news, technology

Previous entry: local trivia (washington, dc) | Next entry: added incentive (politics & bureaucracy)

Comments

Incidentally, I used to work for a company who we nicknamed “Infosucks”, so I completely relate ;-). No but seriously, I hear what you’re saying. What’s your take on the Upromise loan repayment dealio? We were talking about that last night at Washington School 2.0….

Posted by The Girl on February 5, 2004 4:18 PM

That’s where the “willing participant” thing comes in. :P Despite my dislike and distrust of all this stuff, I actually did sign up for the Upromise thing. The deciding factor for me was the notion that, just through my everyday purchases, I’ll be able to “earn” bonuses that will make tiny chips in my student loan debt. (Yeah, it’s a piddly 1-5 percent, but that adds up after a while. I hope it does, at least.) But I had serious qualms about the amount of personal information I had to submit in order to enroll in the program, qualms that were partially eased by the knowledge that this is such a high-profile organization and therefore (if this isn’t too naive) there’s some oversight and enforcement of responsibility going on.

I also enrolled in part because (yes, I know this reasoning is probably totally illogical) my purchases are already being tracked because 1) I do most of my buying with a debit card and 2) that debit card already is attached to a frequent flyer account. So it like, “I’m already surrendering info. What’s a little more?” Illogical, I know, because it’s a total slippery slope. But there you go…

I’m being tracked and studied and direct-marketed to, and I’m complicit in the whole affair.

Posted by alykat on February 5, 2004 6:06 PM

I will add, as a postscript of sorts, that it’s always a good idea to read through the privacy policies of these organizations, as they disclose there their information-sharing policies, and how you can control (to some degree) how your information is used and how you are marketed to.

For example, from the Upromise privacy policy:

Unless you tell us not to, we may share with our affiliates all of the information we obtain about you. If you prefer that we not share with our affiliates consumer report information about you that we may receive from third parties, you may direct us not to do so by sending us an email at customercare@upromise.com containing your name, address and account number, or by calling the following toll free number: 1-800-877-6647. Please be aware that we may continue to share any other information as permitted by law.
Posted by alykat on February 5, 2004 6:16 PM

Wired had a sobering story today about all the personal information that can be gleaned by swiping and cross-referencing driver’s license information. (“Great Taste, Less Privacy” - 02/06/04)

A patron walks into a bar and orders a drink. The bartender asks to see some ID. Without asking permission, the barkeep swipes the driver’s license through a card reader and the device flashes a green light approving the order.

The bartender is just verifying the card isn’t a fake, right? Yes, and perhaps more.

Visitors to an art exhibit at the Pittsburgh Center for the Arts got more than their martinis when they ordered drinks at a bar inside the gallery’s entrance. Instead of pretzels and peanuts, they were handed a receipt containing the personal data found on their license, plus all the information that could be gleaned from commercial data-mining services and voter registration databases like Aristotle. Some patrons also got receipts listing their phone number, income range, marital status, housing value and profession. For added effect, the receipt included a little map showing the location of their residence.

The magnetic strips and bar codes on the back of most state’s driver’s licenses contain more information than people think. The way the swipers use the information might surprise them as well: Some bars and restaurants scan driver’s licenses to catch underage drinkers and fake IDs, but they’re also using the information for marketing purposes.

Posted by alykat on February 6, 2004 3:31 PM

I have waited to comment on this subject, because the first time I started, it was turning into a long diatribe. I feel very strongly about this issue, and it angers me to a great degree.

First of all, in response to one specific thing you said, it is unfortunately naive to think that since Upromise is a large company, they’re more likely to keep your information safe. Have you heard about Northwest Airlines violating not only it’s own Privacy Policy, but also federal and state laws? The big company is sometimes more likely to give away your info, because they have more of it, and it’s therefore worth more money.

Before launching too deeply into this issue and raising my blood pressure, let me just offer a bit of advice: unless strictly required to by law (or circumstances), never ever put down factual information on forms (such as grocery store cards, web site registrations, etc.) It will at least help a little bit. I even hold several separate e-mail addresses so that my information cannot be correlated that way. Paranoid? Maybe. But just because I’m paranoid doesn’t mean they’re not out to get me…

Posted by dan on February 8, 2004 8:08 AM

Dan, I definitely understand where you’re coming from. I read about the Northwest Airlines case (and the JetBlue case before it, and Delta’s aborted information-sharing agreement), and it angered and frightened me. That naive part of me would hope that, if not ethics, then the threat of public backlash and (and, if all else failed, perhaps government-imposed penalties) would keep companies from sharing customer information without their knowledge or permission. But Northwest’s information sharing, after the backlash against JetBlue, proves otherwise. And the lax government enforcement is all the more infuriating.

The government wants your information to profile and track you. Businesses want your information to study and market to you. And it’s hard to go anywhere or do anything without your card being swiped or your information being entered into some database. It’s a scary thing, and I understand (and share) the paranioa.

I do use a separate e-mail for website registrations (in large part to help cut down on spam), and I rarely enter my complete (or correct) information. But too often, for me, the “carrot” of special discounts or freebies wins out over “good smarts” when it comes to protecting my personal information.

Posted by alykat on February 9, 2004 10:32 AM

CNet’s News.com picked up the “TiVo tracks its users?” story. (“TiVo watchers uneasy after post-Super Bowl reports” - 02/05/04)

Posted by alykat on February 10, 2004 5:19 PM

Wired has a story today about the trend of newspapers moving more and more toward requiring users to submit some kind of personal information in order to access site content. (“Extra! Extra! Read All About You” - 03/01/04)

This passage from the end of the article was interesting:

While most newspaper websites haven’t seen a marked drop in traffic after instituting registration, a December report by the Newspaper Association of America noted that sites should be prepared to handle a tide of complaints and questions from readers following requests for their personal data.

The report cited the Chicago Tribune as a target of criticism for requiring readers to accept marketing promotions as a condition of registration. The paper’s website provides no way to opt out of e-mail marketing sent by the Tribune, other than declining to register. Users can only opt out of receiving messages directly from advertisers.

Privacy was also a concern, particularly given the potential for newspapers to cross-reference information provided by readers with other commercial databases. The NAA report notes that on average, about eight people with the same birthday live in each ZIP code, giving a media company a reasonable chance of uniquely identifying an individual registrant.

Of course, sites are required to reveal what they plan to do with readers’ information in their online privacy policies. And the NAA’s Runett finds that data-collection plans often backfire on sites that ask for more information than readers are comfortable providing.

After all, there’s no guarantee that the information readers submit is accurate. And the fact that registration databases are filled with phony names like “Mickey Mouse” indicates, Runett said, that readers are only so willing to trade personal information for free content.

Posted by alykat on March 1, 2004 5:58 PM

Looks like American Airlines gave the feds passenger information, too. (AP: “American Released Passenger Data” - 04/10/04)

American Airlines became the third U.S. airline to acknowledge giving passenger records to the government, sparking denunciations from privacy advocates.

The world’s largest airline said late Friday that in June 2002 it shared approximately 1.2 million passenger itineraries with the Transportation Security Administration and, inadvertently, four research companies vying for contracts with the agency…

In 2002, American’s privacy policy did not expressly prohibit sharing passenger data with the government, according to a spokesman. Today it does…

American had earlier denied releasing passenger records.

Posted by alykat on April 13, 2004 12:41 AM

Post a comment

As a spam-control measure, your comment may require my approval before it will appear on the entry. Thanks for waiting. To avoid the moderation delay, consider filling in your e-mail address. It won't appear on the site, but I use it to whitelist frequent commenters so their comments appear automatically.


The following HTML tags are permitted (if you want to use them):
p, br, a href, b, strong, u, i, em, ol, ul, li, cite, blockquote

TrackBack

1984: Where to begin... Alyson has recently mentioned information gathering and privacy issues on her blog. Whenever this topic is brought up in person, I always launch into a long winded conversation with the person and do my best to share my paranoia, hopi... read more »

Posted by Foo of the Day on February 8, 2004 8:27 AM