brad@looking.on.ca (Brad Templeton) (12/25/90)
I wrote earlier about a possible act declaring an implied contract of confidentiality on personal information given as part of a commercial transaction. Let's expand on this a bit more. First of all, let me list some "levels of privacy" that I can think of for a transaction. I will refer mostly to privacy of the buyer, but we could also extend this to the vendor. A) Total Privacy: The vendor doesn't even know who the buyer is. For example, a purchase form a coin-operated vending machine. This is rare, but not too rare. B) Strong Privacy: The vendor (or its agent) sees the buyer during the transaction, but keeps no record of the buyer's identity. Ie. buying something cash and carry. This is a very common form of transaction today. C) Courteous Privacy: The vendor knows who the buyer is and has that on file long enough to complete the transaction -- processing a cheque or delivering the item, for example. The information is eventually destroyed. D) Common Privacy: The vendor knows who the buyer is and keeps a semi-permanent record of the transaction for the files. This is used to things like customer support and other actions relating to the sale. The information does not leave the vendor, except perhaps in being passed to a delivery service or fulfillment house. E) Follow-up Privacy: The vendor records the buyer's identity, and uses it to solicit new business directly related to the past purchase. Ie. magazine renewal, sale of accessories, etc. F) Vendor-only: The vendor records the buyer's identity, and does not pass it to outsiders, but uses it to solicit new business of any kind. G) Controlled-Public: The vendor records the buyer's identity, and passes it on to outsiders in a controlled fashion -- as part of general mailing list sales or demographic info, for example. The vendor does *not* release info on any one specific buyer on request. H) Requested-Public: The vendor provides the information to anybody who requests it, either for pay or not. Z) Published: The vendor actively publishes the identity of the buyer, in varying degrees of detail. Ie. the telephone book. ----- I can think of degrees of most of these, and some cases in between. We might all like the world to run on class A privacy, but it can't. However, I think we might not feel too bad about classes C through F as standard default rules for transactions. I would suggest that a default be set of C through E based on the type of transaction, allowing vendors to specify F just by announcing it (implicit agreement) and explicit agreement required for G and beyond. Comments? -- Brad Templeton, ClariNet Communications Corp. -- Waterloo, Ontario 519/884-7473
abrams@cs.columbia.edu (Steven Abrams) (12/26/90)
In article <1990Dec25.062336.16836@looking.on.ca> brad@looking.on.ca (Brad Templeton) writes: [ Excellent list of "levels of privacy" deleted...] >However, I think we might not feel too bad about classes C through F as >standard default rules for transactions. > >I would suggest that a default be set of C through E based on the type of >transaction, allowing vendors to specify F just by announcing it (implicit >agreement) and explicit agreement required for G and beyond. > >Comments? In level D, where the vendor keeps semi-permanent records (for customer support, etc) and perhaps gives info to a delivery service or something, we need to guarantee that the third party service bureau maintains class C privacy (destroys information after transaction is complete), but other than that, I think the classes are very well defined. It seems fair to allow solicitation by the original vendor by implicit agreement, so long as the customer has a method of discontinuing this "service." And it is also important that a customer's failure to agree to a worse level of privacy can not be sufficient to refuse that customer a sale. ~~~Steve -- /************************************************* * *Steven Abrams abrams@cs.columbia.edu * **************************************************/ #include <std/dumquote.h> #include <std/disclaimer.h>
brad@looking.on.ca (Brad Templeton) (12/26/90)
Yes, I forgot to mention that you also want to define the level of privacy when your information is going to a delivery company, or credit company, or bank, etc. Somebody once pointed out to me that American Express has very detailed knowledge of the economy. They know down to the day almost every retailer's sales levels, and something about the buying habits off their members. He suggested that the investment end of A.E. could use that to buy and sell shares. "Hey, Sears sales are really up this month. Gonna be a good quarter for them...." We don't always want immediate destruction of the info by delivery companies. For example, often one signs for delivery, and you want that record around later if there's trouble relating to the product or delivery. Same applies to bank transactions or credit cards -- clearly the credit card info stays at least until you pay it, and the cheque info until the canceled cheque is returned to you. I also didn't point out that there are often many different types of information exchanged in a transaction that go at different levels. The Telco publishes your name and number. You expect it to keep the records of who you called highly confidential. You would like them destroyed after the bill it settled, although you would be glad to let them collect general stats before destroying them. While I am in favour of implicit or explicit contracts of confidentiality, I do not want to force them on people. Those who wish to waive the terms may. And companies can be free to refuse service to those who insist on too much confidentiality, unless they're monopolies, or there is "privacy fixing." (like price fixing) You can always take your business elsewhere. Today few care. In the future, they will care. -- Brad Templeton, ClariNet Communications Corp. -- Waterloo, Ontario 519/884-7473
abrams@cs.columbia.edu (Steven Abrams) (12/28/90)
In article <1990Dec26.081615.27988@looking.on.ca> brad@looking.on.ca (Brad Templeton) writes: >Somebody once pointed out to me that American Express has very detailed >knowledge of the economy. They know down to the day almost every retailer's >sales levels, and something about the buying habits off their members. He >suggested that the investment end of A.E. could use that to buy and sell >shares. "Hey, Sears sales are really up this month. Gonna be a good quarter >for them...." How does A.E. get this info on the retailers -- just from their knowledge of what percent of the sales comes from AE? And are there any laws about their use of this information? Inquiring minds want to know... ~~~Steve -- /************************************************* * *Steven Abrams abrams@cs.columbia.edu * **************************************************/ #include <std/dumquote.h> #include <std/disclaimer.h>
peterm@sumax.seattleu.edu (Peter Marshall) (12/28/90)
Re: AmEx, inquiring minds might also want to be aware of an interesting conjunction of AmEx and AT&T, a joint venture, if I recollect correctly, put together 1-2 years ago. Peter Marshall
brad@looking.on.ca (Brad Templeton) (12/29/90)
I am not saying that American Express does indeed collect the information in this way. But it certainly has the information in its files. It, and even moreso the Visa company, probably know much more about the state of the economy, and sooner, than any government department -- if they want to. I am sure that all three Credit Card companies have excellent figures on their market share at various types of stores. -- Brad Templeton, ClariNet Communications Corp. -- Waterloo, Ontario 519/884-7473
johne@hp-vcd.HP.COM (John Eaton) (01/11/91)
<<< < I am sure that all three Credit Card companies have excellent figures on < their market share at various types of stores. ---------- They know a lot more than you think. About a year ago police in Seattle arrested a suspect in the Green River Serial Killings. An article about the arrest listed dozens of actual credit card purchases the suspect made that placed him in the vicinty of a known killing. Some of the information was eight years old at the time but they were able to get it. Now that supermarkets have scanners that give you an itemized list the next step is to let you pay with your ATM card. Safeway will be able to create mailing lists that precisely target customers. "I want a list of families who spend more than $100 a week and who also purchase Pepsi products". or "I want a list of customers who purchase at least a dozen condoms ever two weeks". Computers have made it possible to collect and use a lot of information that in the past was defacto private. Sure it was available but nobody was going to spend the time or money to collect,sort,file or access it. Now they can and this information can be used against you. Big Brother is getting bigger every day. John Eaton !hpvcfs1!johne
new@ee.udel.edu (Darren New) (01/11/91)
In article <6750001@hp-vcd.HP.COM> johne@hp-vcd.HP.COM (John Eaton) writes: >Now that supermarkets have scanners that give you an itemized list >the next step is to let you pay with your ATM card. This is already happening at the local stores here in Delaware. I don't know what kind of lists they keep, tho. >able to create mailing lists that precisely target customers. Actually, if it was just the sales companies that could get this information, it would probably make for a *better* world. I would no longer get junk mail about IBM PCs (which I don't use and never owned) or coupons for products which I don't buy. I would consider this a *good* thing. Advertising costs would go down, allowing that money to be put into better goals (research, lower prices, etc). I would no longer get phone calls from computers because it would now be possible to call few enough people that you still hit most that would buy what is being sold without having to hit so many that it isn't even worth paying a human to make the phone calls. Being a precisely targetted *customer* is not a problem for me. It's being a precisely targetted something else that makes me nervous. -- Darren -- --- Darren New --- Grad Student --- CIS --- Univ. of Delaware --- ----- Network Protocols, Graphics, Programming Languages, Formal Description Techniques (esp. Estelle), Coffee, Amigas ----- =+=+=+ Let GROPE be an N-tuple where ... +=+=+=
rick@pavlov.ssctr.bcm.tmc.edu (Richard H. Miller) (01/11/91)
In article <6750001@hp-vcd.HP.COM> johne@hp-vcd.HP.COM (John Eaton) writes: >Now that supermarkets have scanners that give you an itemized list >the next step is to let you pay with your ATM card. Safeway will be >able to create mailing lists that precisely target customers. "I want >a list of families who spend more than $100 a week and who also >purchase Pepsi products". or "I want a list of customers who purchase >at least a dozen condoms ever two weeks". They have already started doing this with another method. A local supermarket chain in Houston has started a program with Citicorp to provide "cash-back" if you buy a certain number of items over a month period. This is done by placing a bar-code strip on the back of your check-cashing card. Then they scan the bar code whenever you pay for stuff. Each month you get a statement of what you bought (as far as the program goes) and a coupon to be used the next time you shop. However, this is separate from the ATM/check validation system. You have the option of paying for your purchases with either your ATM card, a credit card, check or cash. If you use the first three, you use a small ATM terminal and if approved, the checker must copy the approval code into the scanner to clear the POS system. The two systems are not tied together *yet). Participation is voluntary in both systems. -- Richard H. Miller Email: rick@bcm.tmc.edu Asst. Dir. for Technical Support Voice: (713)798-3532 Baylor College of Medicine US Mail: One Baylor Plaza, 302H Houston, Texas 77030
rcd@ico.isc.com (Dick Dunn) (01/11/91)
rick@pavlov.ssctr.bcm.tmc.edu (Richard H. Miller) writes: > ...A local supermarket > chain in Houston has started a program with Citicorp to provide "cash-back" if > you buy a certain number of items over a month period. This is done by placing > a bar-code strip on the back of your check-cashing card. Then they scan the bar > code whenever you pay for stuff. Each month you get a statement of what you > bought (as far as the program goes) and a coupon to be used the next time you > shop... Safeway (a national chain) is doing essentially the same thing here in Colorado. You have a personal card, scanned at the start of your order, to track what you buy and give you "free" groceries (based on what you buy) at the end of the month. Mind you, I would never *think* of getting one of these things...but I did check out the application you sign. There's a note on it saying, in effect, that you authorize them to collect information about you and they can do whatever they want with it! Now, the idea is obvious--things like giving you coupons or freebies for stuff you actually buy--and there are other plausible uses, such as in-depth marketing analysis. It's valuable information, and they want it so they can sell it. There are all sorts of interesting correlations that might be drawn among your various purchase habits. But it need not stop there--if you get the card, they can do just about anything they want with the info... 1. Let's see--guy buys rubber bands for ponytail; he's a longhair. Buys too many plastic bags--must be into dope. Let's keep track of him; next time he's buying chips and donuts after midnight, it's cause he's stoned; let's tell the cops and have them go bust him. (I constructed this fun one because it almost fits the things I do! I do have a ponytail. Like many old-time computer folk, I do stay up late, and get the munchies at the most unreasonable hours, tho not because I'm a doper. And we do buy a lot of plastic "baggies"--because that's what we use for repack- aging cat food in quantity.) 2. Think about what an unscrupulous employee might do with the information: Hmmm...guy started buying condoms all of a sudden. Must be cheating on his wife; looks like a good blackmail target. 3. Women - if you're often a last-minute sort of purchaser, do you want the information recorded about your purchases to give Safeway your menstrual schedule??? Or, on a more mundane level, will it be "only her hairdresser and the Safeway purchase database know for sure..."? 4. How much info could an insurance company use out of this to deny insurance or raise premiums? (They could find out not just the obvious stuff like smokers, but unhealthy dietary habits, unusual amounts of over-the-counter medicine,...) Perhaps I should offer a prize for most outlandish invasion of privacy that could be conducted with this database. I'm not surprised that people will sell some of their privacy for con- venience or money...but in this case I'm surprised that people are willing to sell so much privacy for so little gain. Over a longish period--a year or so--you can learn an awful lot about a person or family if you have a complete record of items/quantities purchased, with date/time of each. Pay cash! -- Dick Dunn rcd@ico.isc.com -or- ico!rcd Boulder, CO (303)449-2870 ...Mr. Natural says, "Use the right tool for the job."
jgd@Dixie.Com (John G. DeArmond) (01/12/91)
rick@pavlov.ssctr.bcm.tmc.edu (Richard H. Miller) writes: >However, this is separate from the ATM/check validation system. You have the >option of paying for your purchases with either your ATM card, a credit card, >check or cash. If you use the first three, you use a small ATM terminal and if >approved, the checker must copy the approval code into the scanner to clear the >POS system. The two systems are not tied together *yet). Participation is >voluntary in both systems. IT's worse than that. They ARE now tied together at the data concentration point. I can't say how I know this but I do. And the situation is getting worse. I recently had myself removed as project manager of what turned out to be a competitor to Citi. It's interesting to look back and see how ethical programmers were conned into working on this project. Within a year, the grocery store will know exactly what you bought and when you bought it and so will the manufacturers who are footing a large part of the implementation bill. The system exists now to create a very complete personal consumption profile of you. In case I don't have you panicing yet, consider what will happen to your life or health or disability insurance when the insurance pool finds out that you like to eat a LOT of red meat or that you smoke or that you buy a significant quantity of birth control devices even though you are single? There are people on this group who have poo-poo'ed the dangers to personal liberty involved with the collection of personal data. I have to assume that they either are not informed or are part of the problem. The RAW fact is that this information is being collected explicitly to make your life miserable by reducing the risk assumed by big corporations such as insurance companies. And they are using first class propaganda and are playing on peoples' greed in order to entice the people into voluntarily (in some cases at least) submitting to this travesty. By the time the average joe realizes what has been done to him, it is too late; the data is already committed to multiple databases. What usually drives it home is when the person is suddenly denied insurance or finds his rates jacked through the ceiling. Or worse, finds the IRS on his case because he lives better than the model says he should. NOW is the time to start pressuring your congresslime for some protection. It will take vast pressure, as many politicians are securely in the insurance industry's pocket. Wait around or poo-poo the dangers and one day you will be harshly reminded that you are not the average person as defined by the models and as a result are out in the cold. John -- John De Armond, WD4OQC | "Purveyors of speed to the Trade" (tm) Rapid Deployment System, Inc. | Home of the Nidgets (tm) Marietta, Ga | "To be engaged in opposing wrong offers but {emory,uunet}!rsiatl!jgd | a slender guarantee of being right."
johne@hp-vcd.HP.COM (John Eaton) (01/12/91)
<< < Perhaps I should offer a prize for most outlandish invasion of privacy that < could be conducted with this database. ---------- You are nominated for the Supreme Court and a video store releases a list of dirty movies that you have rented. John Eaton !hpvcfs1!johne
cyberoid@milton.u.washington.edu (Robert Jacobson) (01/12/91)
Watch it! Wherehouse Records and Video maintains a database of your video rentals. On the back of your membership agreement, in very small type, it says, notwithstanding the appropriate federal and state laws, The Wherehouse may sell this data for marketing and other purposes. It says you can opt out by telling the salesperson to so modify your records. But if you don't see the small print, fat chance for you. Bob Jacobson
bzs@world.std.com (Barry Shein) (01/12/91)
It seems to me that the best way to curtail the abuses described would be a good liability suit. Corporations hear that, and if they don't hear that, then their insurance companies hear it and they'll see it in their rates. One would, of course, have to produce some real harm, and perhaps even change what is perceived as harm by the courts, but that's the challenge of frontiers. The advantage to this approach is that it doesn't question the RIGHT to own or publish data, it punishes its abuse and defines what is considered harm and potentially litigious. I know that most places I've worked various court decisions were always affecting company's behavior (memos etc go out.) For example, some decision regarding what you can say about an ex-employee certainly changed things at large companies (managers are now generally told by corporate counsel that it's much safer to be silent than to ever say anything negative about an ex-employee.) -- -Barry Shein Software Tool & Die | {xylogics,uunet}!world!bzs | bzs@world.std.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
cyberoid@milton.u.washington.edu (Robert Jacobson) (01/13/91)
People applying for work are regularly denied employment based on past filings for workers compensation (injuries on the job), but the evidence is apochryphal...it seldom makes it into print! Same for applicant renters who have challenged a landlord's upkeep, etc. These databases are more public, available usually only to landlords. Doctors have databases about patients who have filed malpractice suits, and will refuse to attend to these patients' needs. Finally, about five years ago when the Southern California ACLU exposed a police officer's loading of "leftists'" private records into a right-wing political group's computers, it was intimated that police department "red squads" in several cities maintain an underground network to trade information for political purposes. It would be refreshing for higher level law enforcement to look into these technology-aided civil-rights abuses, and thus display a more even hand than when they only go after private hackers. Bob Jacobson
bzs@world.std.com (Barry Shein) (01/14/91)
From: cyberoid@milton.u.washington.edu (Robert Jacobson) >People applying for work are regularly denied employment based on past >filings for workers compensation (injuries on the job), but the evidence >is apochryphal...it seldom makes it into print! Although we can dicker about the use of the term "regularly" I find this a little hard to believe in general. The purpose of Worker's Comp is to make sure you get NO MORE than $1000 (e.g.) for your lost finger, eye, etc. It establishes a "fair rate" for recompense for various injuries. I would expect it is people who have refused to accept worker's comp settlements and sued to be avoided by employers. But people who quietly accept their $5000 for the hand that got cut off by the unsafe bandsaw would generally be considered desireable (other than their one-handedness perhaps...) You can chop them into little pieces and you know in advance the limits of your liability. -- -Barry Shein Software Tool & Die | {xylogics,uunet}!world!bzs | bzs@world.std.com Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
cyberoid@milton.u.washington.edu (Robert Jacobson) (01/14/91)
This isn't an argument about the worth of workers compensation, Barry, but rather a discussion about how personal data is misused. When BUSINESS WEEK repeatedly talks about misuse of workers comp data, I'm inclined to believe its true. Jeff Rothfeder at BW is an expert in this; wish he were here. Bob Jacobson
johne@hp-vcd.HP.COM (John Eaton) (01/15/91)
<<< < And they are using first class propaganda and are < playing on peoples' greed in order to entice the people into voluntarily < (in some cases at least) submitting to this travesty. By the time the < average joe realizes what has been done to him, it is too late; the ---------- One plan that I have heard of is a store "coupon card". You give them your ID card at checkout and you receive credit for all manufactor coupon discounts that are applicable at that time. Apparently with the handling costs and fraud it is cheaper for them to do this than to handle individual coupons. It also produces an record of your individual purchases. Computers in the checkout line can create many unexpected problems for the unwary public. These problems should be addressed beforehand rather than waiting for disaster to strike. If we wait it will be to late. When the phone company installed automatic switches they did not consider some the potential problems that would occur. You could now use the phone for obscene or threatening calls that could not be made through a live operator. If this had been considered then some means could have been incorporated into the switch to prevent it. For example if a called phone remains off-hook for 30 seconds after the calling phone hangs up the switch could print a log of both numbers before clearing the line. You then call the phone company and they can look up the offending number. But people didn't realize the problem until it was to late so little was done. John Eaton !hpvcfs1!johne
johne@hp-vcd.HP.COM (John Eaton) (01/15/91)
<<< < Being a precisely targetted *customer* is not a problem for me. It's < being a precisely targetted something else that makes me nervous. ---------- Something else = taxpayer. Everyone got upset when the SSA started sharing data with TRW. Imagine TRW sharing data with the IRS. If the infomerchants in this country can collect enough data to realisticly estimate your annual income then it would be worth the trouble for the IRS to compare this estimate with your reported income. John Eaton !hpvcfs1!johne
ian@airs.UUCP (Ian Lance Taylor) (01/15/91)
In article <14285@milton.u.washington.edu> cyberoid@milton.u.washington.edu (Robert Jacobson) writes: > >People applying for work are regularly denied employment based on past >filings for workers compensation (injuries on the job), but the evidence >is apochryphal...it seldom makes it into print! Same for applicant >renters who have challenged a landlord's upkeep, etc. These databases >are more public, available usually only to landlords. Doctors have >databases about patients who have filed malpractice suits, and will >refuse to attend to these patients' needs. If the evidence is apocryphal, then I assume the problem is as well? :-). Seriously, do you have any documentation of any sort for this? I'm somewhat inclined to believe it, but I know that if I showed this posting to anybody who was not a conspiracy-theory buff they would think it was hogwash. I have worked at a small company in which I was involved in employment decisions, I am a landlord of sorts, and my mother is a doctor; none of us have ever seen such information or been offered access to it. Is it only available to *THEM*? -- Ian Taylor uunet!airs!ian | If I were employed, my opinions would not be airs!ian@uunet.uu.net | my employer's. As it is, they are not anyone's.
cyberoid@milton.u.washington.edu (Robert Jacobson) (01/15/91)
Jeff Rothfeder of BUSINESS WEEK has collected a fairly substantial number of accounts of this sort of discrimination -- employment, housing, medical, etc. -- taking place. He has written about it in both cover stories and shorter pieces. In the California Legislature, bills were introduced to curtain landlords using databases to discriminate against "undesirable" tenants (i.e., those who complained about maintenance, illegal rent hikes, etc.). The bills were passed but enforcement remains difficult. I'm glad you're so ethical, Iain, or out of touch. It makes you a better person. Bob Jacobson