Confidentially Yours: The Difference between Private and Public Snooping
By Declan McCullagh
“If you don’t like Safeway’s discount card, shop at Whole Foods, which doesn’t offer one.”
State Senator Ken Chlouber, a Republican, introduced legislation on Jan. 9 to force grocery stores to halt their discount programs. Chlouber’s bill was fairly straightforward, saying “it shall be unlawful for a grocery store retailer to offer, provide, or continue to use a loyalty program or discount program.”
“I considered it immoral,” Chlouber told the Rocky Mountain News, claiming the cards represented a horrific privacy intrusion. “I’m admittedly not the brightest lantern on the ranch when it comes to this thing… (But) there’s all sorts of mischief that is possible.”
Not to be outdone, an activist group called Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN) has sprung up with the avowed purpose of condemning supermarket discount cards. “We’ve got to stop supermarkets from manipulating us into surrendering one of our most intimate possessions—the ability to make reasoned, non-coercive decisions about how and to whom to disclose intimate information about ourselves,” CASPIAN warns. “How can supermarkets justify this vicious mistreatment of the very patrons who keep them in business?”
The answer, of course, is simple. Nobody is forcing shoppers to sign up for discount cards; they do it because the perceived benefits outweigh the perceived costs.
The evident ire of some politicians and activists shows how confused the debate over electronic data collection has become. Instead of focusing on legitimate threats to privacy such as relaxed laws regulating government wiretapping and police snooping through databases to which they should not have access, busybodies are expending their energy in attempts to outlaw reasonable commercial transactions.
This activism may be well-intentioned, but it is sadly misguided. It confuses privacy, a vague and malleable idea, with confidentiality, a much more specific concept. It targets supermarkets and ignores other loyalty programs such as hotels, airlines, and drugstores. It unreasonably imposes activists’ personal preferences on everyone else. It demonstrates a lack of appreciation for economic reality and a misunderstanding of the proper role of government in a free society.
Muddled thinking is not limited to discount cards. The same outrage among regulatory enthusiasts is building against Radio Frequency ID (RFID) tags, which are miniature tags sporting unique ID numbers that may eventually be placed on consumer products. RFID tags are a useful development and a compelling technology. They permit retailers to slim inventory levels and reduce theft, which one industry group estimates at $50 billion a year. With RFID tags providing economic efficiencies for businesses, consumers likely will end up with more choices and lower prices. And wouldn’t it be handy to grab a few RFID’d items from store shelves and simply walk out, with the purchase price automatically debited from your (hopefully secure) RFID-equipped credit card?
So far, no retailer appears to be sticking RFID tags on products, though WalMart has indicated it’s moving in that direction. Nevertheless, pro-regulation groups like the American Civil Liberties Union, CASPIAN, the Electronic Frontier Foundation, and Ralph Nader’s Consumer Project on Technology already are agitating for new laws. They released a manifesto in November saying, as one of its demands, that “merchants must be prohibited from forcing or coercing customers into accepting live or dormant RFID tags in the products they buy.” That flips the principle of consumer choice upside-down. If WalMart eventually begins to sell toasters with RFID tags on the boxes, consumers can choose to remove the tags or shop elsewhere. Sam Walton’s relentless focus on customer satisfaction that is enshrined today in WalMart’s corporate culture suggests that his company would be extraordinarily sensitive to customers’ privacy concerns—even in the absence of any specific RFID tag laws.
On February 20, California state senator Debra Bowen introduced a bill, SB1834, that seeks to regulate RFID technologies. It says before they can be used for information collection, a business “shall obtain written consent.” Even if you agree with her approach, Bowen’s approach seems chronologically backwards. In a world where we can get a credit card over the phone and open a bank account over the Internet, why require a signature on a piece of paper? The only way Bowen’s legislation makes sense is if her intent is to make a new technology so unwieldy that few people will use it.
Then there’s the Internet. The U.S. Congress has convened dozens of hearings on efforts aimed at regulating data collection by Web sites, highlighted by Democratic Sen. Ernst Hollings’ now-defunct “Online Personal Privacy Act” introduced in April 2002. Hollings’ bill would have controlled how Internet service providers, online service providers and any commercial Web site—including non-commercial ones that are supported by advertising or sell products—may collect information about visitors. The measure covers “personally identifiable information,” including name, e-mail address, or even a numeric Internet protocol address.
“How can we trust companies with our personal information when their every economic incentive is to collect, compile, enhance, target, and disseminate it for profit?” Hollings said at the time. “It is like letting the fox guard the henhouse. Our bill grants consumers, not companies, control over their personal information on the Internet. And our opt-in component is the only method for ensuring that Internet users have the ultimate control.”
Hollings’ proposal contained an unusual, technophobic twist. It would have applied only to the customer records of Internet-related firms, not their meatspace competitors. During one Senate hearing, an Amazon.com lobbyist pointed out the discrepancy and unfair advantage, and Hewlett-Packard predicted that the vague definitions in Hollings’ bill would invite lawsuits.
Government distortions of the market in the name of protecting privacy also can be found in credit reporting. The federal Fair Credit Reporting Act says that credit card issuers may not be informed about civil judgments, arrest records, tax liens, and unpaid bills relating to an applicant if they are more than seven years old. The expiration date for a personal bankruptcy is 10 years. Because those facts are useful in judging whether a person is likely to pay on time in the future, a company that is denied them cannot discriminate against deadbeats as effectively. It may have to charge higher introductory rates to all new customers—an outcome that unfairly harms the scrupulously creditworthy.
Muddled Thinking
It is supermarket discount cards, though, that provide one of the best examples of muddled thinking over privacy and one of the most compelling illustrations of how pro-regulation arguments can go awry. For one thing, complaints against grocery store cards, like most other criticisms of data collection by the private sector, are based on harms that are speculative or imaginary. Chlouber, the Colorado state senator, appears to have identified no downside to the cards beyond his vague nervousness that mischief might be “possible.” Sound public policy demands better.
Such a ban also reinforces the belief that if politicians can’t assure themselves that all possible implications of a development are benign, then that development must be prohibited. This turns the normal state of affairs on its head. Politicians are hardly omniscient; few have substantial backgrounds in science or business. That view is a cousin of the precautionary principle—the concept, beloved by European politicians, that assigns the burden of proof to those who wish to advance a new technology.
But who can reliably predict the future? Taken to an extreme, this mode of thinking would have prevented banks from issuing credit cards because of the possibility that records of purchases could be sold or misused. Because artificial intelligence could have had negative consequences, the precautionary principle would have militated against permitting research in that field to begin.
The practice of pre-emptive intervention to ban certain business practices brings with it other risks as well. By voiding private agreements between two consenting parties, it establishes an unfortunate precedent. It transfers responsibility for making decisions from the shopper, the person with the most knowledge of his or her own preferences, to government officials, who necessarily have less information about individual wants and needs. It tends to destabilize the business world, sowing uncertainty and hindering future investment and innovations. (Why bother, if new ideas will be verboten?) If discount cards give companies more detailed information about product turnover and shopping habits—probably a reasonable assumption—that tends to lead to economic efficiencies. A ban might mean that shoppers end up paying more at the checkout counter.
Perhaps most importantly, there are demonstrable benefits to the cards that far outweigh any imaginary costs. During the recent mad-cow beef recall, the supermarket chain Albertsons used information in its discount card database to tell customers who phoned the company whether they had bought suspect meat or not. Citing privacy concerns, Albertsons, like other chains, did not pre-emptively contact customers who bought the recalled beef.
If Albertsons or any other store offering discount cards violates its privacy policy, consumers have plenty of options under existing law. As the U.S. Department of Commerce put it a few years ago: “The right to recover damages for invasion of personal privacy is well established under U.S. common law.” Courts have found privacy violations when an insurance company used information about an actual accident in an advertising campaign, when an employer tried to snoop through workers’ credit card records to verify sick day absences, and when a college tested students for HIV without their knowledge. In 2001, Amazon.com’s Alexa subsidiary agreed to pay up to $1.9 million to settle a class-action lawsuit alleging information was being sent from Alexa to Amazon without customers’ permission.
When Albertsons, Safeway or Giant offer cards to shoppers, it’s not because their executives are making value judgments about whether it’s morally more appropriate for someone to nosh on Ben and Jerry’s Chunky Monkey Ice Cream instead of a tofu and brown rice salad. Instead, supermarket managers use the cards to evaluate the effects of promotional campaigns, understand the impact of price on consumer demand, and make better predictions about what customers might be looking for on their next shopping trip. IBM even sells grocers software to “quickly roll out a loyalty program designed to reward and retain your best customers and track shopping patterns.”
Technological innovations are crucial in the cutthroat supermarket business, where profit margins hover around 2 percent and sales at rival supercenter stores like Sam’s Club and BJ’s Price Warehouse have been increasing at an inexorable 19 percent a year. Far from a means to snoop on customers, discount cards seem to be becoming a way for supermarket chains simply to survive.
Nobody is forcing shoppers to patronize grocery stores that offer discount cards. The cards are merely one factor that a supermarket patron considers, along with the store’s selection, its prices, how long the lines are, how close it is, how friendly the cashiers are, and innumerable other factors that vary from individual to individual. Some people may not be willing to sign up for a card until the discounts become sufficiently substantial; that should remain their choice. In such cases, privacy is not a right but a personal preference. It represents information about human behavior that can be exchanged in the marketplace for cash in the form of cheaper goods and services.
Government Intrusions
In general, when dealing with private corporations, you can elect whether to give them your information or not. If you don’t like Safeway’s discount card, shop at Whole Foods, which doesn’t offer one. If Amazon.com’s recommendations about books based on your previous orders are annoying, try barnesandnoble.com or walk down to your local bookstore instead. You have a choice.
That choice vanishes when the government demands data. Whether you’re filing tax returns or filling out a form for a driver’s license, governments have the unique—and uniquely dangerous—ability to compel you to divulge information whether you want to or not. Police also have the unique power to conduct wiretaps, set up roadblocks, and employ search warrants. Retired Admiral John Poindexter’s unsuccessful attempt to complete his massive Total Information Awareness project under the aegis of the Defense Department would have put private-sector databases to shame.
To curb this awesome power, the usual response has been to slap limits on what government agencies can do. The U.S. Constitution’s Fourth Amendment and laws like the Privacy Act of 1974 restrict government searches and information collection. State constitutions have long restricted government data collection. In an 1874 case dealing with a police search, the Supreme Court of Michigan said: “For cause so trivial the privacy of the citizen can not be invaded and his house ransacked from cellar to garret. If this can be done, the rampart which the constitution has built up to secure the hearthstone from rude intrusion, is an effectual defense no longer. The search provided for is odious and unreasonable, and in conflict with the Declaration of Rights.”
In today’s interconnected world, existing measures like the Privacy Act probably don’t go far enough to restrict government abuses. Enacted largely as a result of a federal report on automated data systems, the Privacy Act covers any “system of records” the government operates with personal information on American citizens. It limits the use and disclosure of those records and requires that the databases be protected with “appropriate administrative, technical and physical safeguards” to preserve their security and confidentiality. But the U.S. Congress could never have envisioned the tremendous outsourcing of databases where information is stored by the private sector on behalf of the Feds—that’s taken place during the last three decades.
Documents obtained through the Freedom of Information Act show that the Immigration and Naturalization Service—now part of the U.S. Department of Homeland Security—queries private-sector databases 20,000 times a month. In fiscal year 2002, the U.S. Department of Justice inked an $11 million contract for access to databases held by ChoicePoint—a self-described “leading provider of identification and credential verification services for business and government”—including Americans’ names, addresses, previous addresses, places of employment, spouses’ name and Social Security numbers. The FBI now insists, improbably, that the bureau’s arrangement with ChoicePoint is so secret that even the contract number may not be disclosed. Northwest Airlines appears to have turned over three months of passenger data to the National Aeronautics and Space Administration (NASA) to be used in a data mining and passenger profiling study. Meanwhile, innocent travelers are being swept up in the Transportation Security Administration’s “no fly” watch list.
The USA Patriot Act is another law that shrinks Americans’ sphere of privacy. Enacted soon after the Sept. 11, 2001 terrorist attacks, it awarded federal police more power to conduct Internet surveillance against not only terrorists but also suspected perpetrators of a broad range of drug-related, computer hacking and white collar crimes.
The law made it much easier for federal police to conduct warrantless Internet surveillance with the permission of a network operator and to obtain “pen register” and “trap and trace” orders that could identify a suspect’s e-mail correspondents and Web sites visited. (Pen register and trap and trace orders are easier to obtain because they don’t reveal the actual body of a message.) In addition, the Patriot Act permitted police to learn information about an Internet subscriber, such as credit card or bank account numbers and temporarily assigned network addresses, without seeking a judge’s approval first, and authorized “sneak and peek” warrants that permit surreptitious searches of homes and businesses. In his State of the Union speech last month, President George W. Bush asked Congress to extend some of the portions of the law that would otherwise expire at the end of 2005.
Other government actions in this area are almost too numerous to list. A federal copyright law, currently being tested in the courts, permits the Recording Industry Association of America to obtain the names of alleged file-traders without seeking a judge’s approval or filing a lawsuit first. U.S. cities are experimenting with cameras equipped with face recognition software. Last year’s report from the secretive Foreign Intelligence Surveillance Court shows that applications for electronic surveillance and physical searches are at an all-time high. The U.S. Supreme Court ruled in January that police roadblocks to seek information about possible criminal activity are constitutional. And so on.
Some of those laws and rulings may be justified. Others may not be. But because government actions lead to situations that are involuntary, it probably makes sense to focus on them instead of attempting to outlaw ephemeral privacy invasions that remain more imaginary than real.
*Declan McCullagh is a journalist, programmer, and photographer. He lives and works in Washington, DC. His email address is declan@well.com.
For more articles by Declan McCullagh, see the Archive.