understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border

.:home:.     .:project:.    .:people:.     .:research:.     .:blog:.     .:resources:.     .:media:.

navigation menu bottom border
main display area top border
« Existing and Emerging Privacy-based Limits In Litigation and Electronic Discovery | Main | For Better, For Worse, or Until I Decide to Spy on You »

Cash(less) on the Road

posted by:Byron Thom // 11:59 PM // September 04, 2007 // ID TRAIL MIX

trailmixbanner.gif

Credit cards and databases/data-mining/data aggregation. How does the database nation get affected by a cashless society?

I recently had the opportunity to dwell upon the loss of anonymity as we continue the path to cashless-ness. It was on one of those west coast road trips that seem like the perfect way to cap off a summer.

Driving to South Bay

This August, a couple of friends and I drove down to the Bay Area of California from Vancouver to visit with friends working there. An interesting exercise we got caught up in was to see how difficult it would be to “stay off the radar”. Although we realized that giving out personal information itself is not dangerous, but rather simply provides a possibility for misuse, the recent discourse on domestic spying and the Patriot Act in the US got us to think deeper about sharing our spending habits with US businesses and the US government.

Like any good conspiracy theorist, travel begins by taking large wads of cash out from under the mattress - or a Canadian bank, if your mattress is rather thin. Minimizing our use of credit cards was the obvious step. This was also facilitated (others say caused) by the midsummer drop in the Canadian dollar and our desire not to be gouged by Visa’s exchange/conversion rate. [1]

So we used cash, and lots of it. All of our food, hotel rooms, and activities were anonymous transactions. When we stopped for gas, we prepaid the attendant in $20s. As Canadians, we had never seen so many green bills. Because realistically, although not quite to the level of a wheelbarrow or a duffel bag, carrying enough money for three guys on an 11 day trip is a significant task in itself and more than a little inane.

For the most part, our experiment was successful. Although frustrated by the inefficiency of their monotone bills, our system seemed to work as cash equalled anonymity in most situations encountered. But one time it didn’t was when we came up against the dreaded loyalty card.

Safeway and the Loyalty Card

Loyalty cards are a common occurrence in today's consumer driven world. It seems like everything from airline tickets to cups of coffee have a mode of tracking your purchases and collecting detailed information regarding your personal shopping habits. [2]

But loyalty systems also seem to “work”. The collection of points almost seems like a North American sport. Canadians seem to do anything for their points. [3] And sometimes using the loyalty system is almost forced upon you.

While at the local Safeway trying to buy some supplies in California, we encountered an insidious ploy to force shoppers to self-identify. It has always been part of the loyalty system to offer discounts to those who sign onto the system; discounts of 5% to 10% are not uncommon. But at this particular Safeway, oranges were over $1/lb cheaper for those showing a Safeway card. 1$/lb or more than 30%!

With this kind of price differential, how can you resist? How can you compare the intangible benefit of remaining anonymous with the prospect of saving money on fresh fruit? Although I knew about the privacy implications and why Safeway was operating in such a manner, my biggest concern wasn't about data mining but rather me not having an American Safeway account to be able to take advantage of this offer!

Luckily, or scary depending upon your point of view, the Safeway databases in the United States and Canada are linked and my Canadian account worked just fine. And on top of that, I didn't even need my physical card. Supplying my phone number was enough for the clerk to identify me by name and recite my home address. I'm sure in some way it is useful for Safeway to know that while on vacation in California I enjoy oranges, bananas and croissants for breakfast.

But data collection can go far beyond that. Demographic shopping information is big business in today's always-on marketing environment. Companies like Choicepoint and Acxiom aggregate and sell personal information to government and businesses on everything from health and insurance records to consumer purchasing information. [4] The US government even claims that these aggregators fill a necessary role in the “war on terror” by allowing the government to search for specific purchasing trends and monitor suspicious activity. [5] Vast databases are being filled and very few seem to mind that there are numerous instances of databases being hacked or leaked due to shoddy security practices and inadequate protections.

Adam Greenfield says in his book Everyware that

We may have to accept that privacy as we have understood it may become a thing of the past: that we will be presented the option of trading away access to the most intimate details of our lives in return for increased convenience, and that many of us will accept this possibility.

But, seriously? Identity or oranges. The red pill or the blue. They were good oranges.

Final Thoughts

The beauty of technology is its ability to make life easier. A GPS system and a cell phone were lifelines in trying to navigate the complicated mass of streets and highways of California's Bay Area. But, there are always trade-offs. Simson Garfinkel's Database Nation [7] draws a picture of a frightening dystopia where identifiers such as credit and debit cards, cell phones and surveillance records link to vast databases of personal information that can track you from dawn to dusk and from birth to grave. It is already a reality. There are billions to be made. [8]

But, it doesn’t have to be this way. Besides better laws to control the transfer of personal information, there are electronic alternatives to large wads of money. Electronic e-cash or smartcard systems are making the rounds. They can be programmed with privacy in mind.

An example of an effective privacy respecting system is the Octopus Card system implemented in Hong Kong. The Octopus Card, in one of its selectable iterations, allows its users to anonymously access the transit system in addition to purchasing items from a wide variety of stores. All this is done with a contactless RFID embedded in the card that boasts a 95% penetration rate. [9]

By not requiring any information to purchase, the Octopus Card has many of the same privacy benefits as cash. But not all implementations of this ubiquitous technology are so benign. [10] When done without sufficiently respecting privacy concerns, electronic cash is an effective form of surveillance allowing marketers to tie purchase and travel history to other demographic information.

Even more effective is comprehensive legislation protecting consumer privacy. But it's difficult for legislatures to keep up with advancing technology. Safeguards need to be put in place where the convenience and benefit of a cashless system benefits consumers and is not a tool for marketers and data aggregators. Without that framework, and the penalties to compel adherence, corporations will continue with policies that are in their best interests, in an environment where the majority of consumers are unaware and uninterested in personal data protection.

By the end of our trip, a little bit sunburned and a little bit poorer with cash supplies depleted, we broke down and resorted to credit. We were pretty good, though. Over an 11 day trip and 4000km, 10 days went by without using credit – although there were numerous instances where we had to self-identify. The fact of the matter is that credit is just too easy, and that's how they like it.

[1] Joe Paraskevas, “Credit Cards No Bargain Abroad” Winnipeg Free Press (August 22, 2007) http://www.winnipegfreepress.com/local/story/4025999p-4637816c.html
[2] CBC Marketplace, “Loyalty cards: Getting to know you” (October 24, 2004) http://www.cbc.ca/consumers/market/files/services/privacy/loyalty.html
[3] ACNielsen, “Loyalty Program Participation Rate on the Rise According to new ACNielsen Study” (September 16, 2005) http://www.acnielsen.ca/news/20050916.shtml
[4] EPIC, Choicepoint, online: http://www.epic.org/privacy/choicepoint/
[5] Richard Behar. “Never Heard of Acxiom?” (February 23, 2004) http://money.cnn.com/magazines/fortune/fortune_archive/2004/02/23/362182/index.htm
[6] Greenfield, Adam. Everyware: The Dawning Age of Ubiquitous Computing, (Berkeley: Peachpit Press, 2006).
[7] Garfinkel, Simson. Database Nation: The Death of Privacy in the 21st Century, (Cambridge: O’Reilly, 2000).
[8] Choicepoint alone reported revenue of $1.05 billion in 2006. See Google Finance, online: http://finance.google.com/finance?q=NYSE%3ACPS
[9] Opening Remarks by Mr. Alfred Ng, Assistant Government Chief Information Officer, at the NFC Conference 2007 of the ICT Expo (April 17, 2007) http://www.ogcio.gov.hk/eng/pubpress/esp070417.htm
[10] The Oyster Card in London is used to track customer transit movements. See Aaron Scullion. “Smart Cards Track Commuters” (September 25, 2003) http://news.bbc.co.uk/1/hi/technology/3121652.stm

Comments

Post a comment




Remember Me?


main display area bottom border

.:privacy:. | .:contact:.


This is a SSHRC funded project:
Social Sciences and Humanities Research Council of Canada