Your information thumbprint in cyberspace.
Fifty-seven per cent of New Zealanders say they are worried about invasion of privacy through new technology. In the United States—probably for good reason—the figure is 70 per cent, and in Australia 64 per cent.
Privacy advocates would say we are too complacent: everyone with an email account and a credit card should be worried. But assistant privacy commissioner Katrine Evans says it isn’t the technology we should be concerned about.
“Technology itself is neutral,” she says. “It’s what we do with it.”
And what can be done with it, using just a few snippets of information, is astounding. Latanya Sweeney, a data-privacy researcher at Carnegie Mellon University, found that 87 per cent of Americans can be identified through nothing more than their date of birth, gender and five-digit postcode.
Consider this. Every time you make a telephone call, purchase something using a credit card, subscribe to a magazine or pay your taxes, a little parcel of information that can be linked to you goes into a database somewhere. Every electronic transaction, every email, every phone call leaves a mark. Like snails, we leave a trail behind us. It may be invisible but it’s almost impossible to erase.
We do it without thinking. Just surf the web, send an email, register a car, use a supermarket loyalty card, buy a house, go to the doctor…
On their own, these packages of data reveal little. But put them together and you can develop a data profile that is extremely valuable to people who want to sell us stuff. In the US, where direct-marketing campaigns account for about three-quarters of a billion dollars in sales each year, the personal-data industry is booming. One company, Donnelly Marketing, keeps dossiers on 90 per cent of American households.
In New Zealand, loyalty schemes like Fly Buys or Progressive Supermarket’s One Card allow companies to collect information such as name, address and date of birth and correlate it with buying patterns.
Companies can use a method called data mining to profile a card-holder and forecast their response to special offers. This allows offers to be targeted at the people most likely to take them up.
University of Waikato professor of marketing Richard Varey says, “Once an electronic connection is established, every move is recorded and trackable.”
One often-quoted example is of a US grocery chain that used data mining to analyse local buying patterns. It discovered that when men bought nappies on Thursdays and Saturdays, they also tended to buy beer. Retailers could use this information to increase revenue by moving their beer closer to their nappies and making sure beer and nappies were sold at full price on Thursdays and Saturdays.
“Tracking and analysis of shopping behaviour, linked to time, place and activity, is now commonplace,” Varey says. Marketing planners look at what a person purchases, and in what combinations, to draw conclusions about their lifestyle. They can time offers to match birthdays, weddings or anniversaries.
“This is way more sophisticated than simple revenue or profitability measurement—and the customer is no longer anonymous to the supplier,” Varey continues. “Communication via email, SMS [Short Message Service, i.e. texting], etc. is now almost costless, and endlessly personalisable, avoiding the waste of large-scale broadcast advertising. The benefit to sellers is obvious.”
As Massey University marketing professor Ben Healey explains: “There’s an old adage that says half of your advertising money is wasted, but you don’t know which half.” By targeting offers, marketers can reduce such waste.
“My personal experience in working with these organisations is that they’re quite well run. Of course, there are always instances where people misuse information, and you hear about people in the US hacking into computer systems and stealing data. There’s always the potential for that, but there’s also a heavy incentive not to misuse data.” Healey believes that New Zealand companies that have loyalty schemes tend to use them more for their original purpose, encouraging customers to choose one chain over another, than anything else.
So should we be concerned about a supermarket knowing who we are, where we live and which brands we prefer?
“It comes down to the individual,” Healey says. “We definitely need to be more aware of what data’s collected and we need to be comfortable with what information we’re giving out.”
Why do marketers want to know so much about us? The answer is summed up in the name of a new corporate strategy, “relationship marketing”, which companies are adopting to try to bond with customers for life through an increasingly differentiated array of transactions. Buy books from Amazon and you will probably receive regular, detailed emailed information on other books that might interest you—and they will be well-chosen!
Whatever you might think of this— helpful, pushy, a bit creepy—there are some disturbing technologies in development to help sellers learn even more about purchasers’ habits. A New Jersey company called PreTesting is developing a watch that records messages encoded in the sound tracks of radio and TV commercials to determine what people listen to. The same device will also detect signals from a chip inserted into the spine of a magazine, conveying how long a reader spends perusing that publication.
The old standard for selling to the masses, demographics, is being replaced by a more precise classification of personality profiles called psychographics. Psychographics are used to determine not just who is buying a certain product but why they are buying it. Demographics include statistics on age, income, education, status or type of occupation, region lived in and household size. Psychographics take the process several steps further, garnering information on people’s lifestyles and behaviours—their hobbies and interests, their favourite holiday destinations, the values they hold, and how they behave.
Keeping such close tabs on the consumer population requires a high level of surveillance, or what Australian information-privacy consultant Roger Clarke calls dataveillance. Clarke coined the term in 1988 and defines it as “the ability to monitor a person’s activities by studying the data trail created by actions such as credit card purchases, cell phone calls, and internet use”.
Felicity Brown, a master’s student at the Auckland University of Technology, is researching surveillance.
“In the private sector, dataveillance is used by agencies such as Baycorp to determine an individual’s credit history,” she says. “In the public sector, citizens are watched to make sure they correctly declare their income for taxation, welfare payments or a student allowance. In fact, dataveillance is a very pervasive part of our everyday lives. We require these passports that testify to our trustworthiness when applying for insurance, a hire purchase agreement or finance, or in any dealings with the bank.”
One of the most common ways in which your personal information can be used against you is identity theft. Identity theft is much talked about overseas, especially in the US (where identity fraud is the fastest-growing crime and now costs $52.6 billion a year), but it’s also on the rise in New Zealand.
Using a bank statement, driver’s licence or passport, or even a power or phone bill, identity thieves steal personal details to commit theft or fraud. They can use another person’s identity to buy items on hire purchase, open a credit-card account or take out a loan. They may fraudulently obtain benefits. Repairing the damage done by identity theft can be an expensive and time-consuming business. Victims in the US spend an average of 600 hours recovering from this crime—the equivalent of nearly US$16,000 in lost potential or realised income.
Identity fraud is the most ominous misuse of personal data, but there is also a more common consequence of being classified according to your data trail. Clarke believes a person’s digital profile can extend the biases of class into everything from their getting (or being refused) a mortgage to the marketing information they receive in the mail or the way a company responds to a complaint they make. Once established, your profile is hard to shake off.
Brown says monitoring consumer activities reverses the perceived benefit of the free market—consumer choice. “In telling consumers what to think about, direct marketers create shopping agendas for individuals, seeking to programme particular choices by privileging certain options, and then smoothing the path to the door of the outlet.”
Fooled by the mistaken belief that we are anonymous online, we often reveal vast amounts of information about ourselves while we surf the web. The internet—by definition—is a system designed to share information among computers. It should come as no surprise, therefore, that our online activities are an open book. Whenever we surf the web, send an email, chat or post to news groups, our computer leaves behind a digital fingerprint called an Internet Protocol (IP) address. An IP address is a computer’s unique identifier.
We may be anonymous, but our computers aren’t. Little files called cookies can provide a record of every site visited on a computer. Web merchants may monitor internet chatrooms or news groups, collecting email addresses and demographic information based on users’ online behaviour and postings. Every time you subscribe to a newsletter or fill in a form, your profile becomes more comprehensive. In this way, marketers assemble an increasingly precise image of your wants and needs. And the information they garner can be sold to other interested parties and direct marketers.
Sometimes people are quite willing to sacrifice privacy for free services. Google’s popular Gmail service, released in 2004, offers users a free email account with a huge 2 GB mailbox. Is Google just being generous? No. By signing up, users agree to have their emails scanned, and then Google delivers targeted advertisements based on their content. You might think that would put people off, but Gmail now has tens of millions of users.
Advertising we agree to may soon be about to assail us from another direction. As recently as November 13, 2006, Vodafone announced it was trialling a system that would allow ads to be sent to mobile phones when in the vicinity of premises belonging to retailers who subscribe to the scheme. Walk down the street and your mobile will be flooded with ads and invitations from surrounding retailers. Location specific advertising it’s called. In return, the phone owner might get discounted calling. A method called triangulation, in which the strength of cellphone signals will be compared at three towers, will probably be used to determine the shifting locations of mobile phones—and their owners—to within a couple of hundred metres.
When governments start to take an interest in the information held by search engines, things get scary. Yahoo has been cited in a Chinese court decision to jail a dissident internet writer for 10 years for subversion. This is the fourth case implicating the US search engine, which has responded by saying, “The Chinese government ordered Yahoo China to provide user information and Yahoo China complied with local laws.”
While the Chinese government has a reputation for jailing dissidents and disrespecting privacy, search engines have also received subpoenas from US courts. In March 2006, a US judge ruled that Google had to give the Federal Trade Commission the entire contents of a customer’s Gmail account, including deleted messages. In another case, a judge ordered Google, along with a number of other companies, to provide 50,000 web addresses from its database to the Justice Department for a study of child pornography online. While Google initially resisted the subpoena, Yahoo, AOL and MSN complied without a fight.
Apart from those who hold electronic data on our spending habits, the holder of most information about us is the government, which has records such as electoral rolls, car registrations, building consents, property and tax information and the register of companies.
If you are under the impression that data held by the government is safe—locked up in some grey Wellington office block—you are mistaken. Thanks to the Freedom of Information Act, public information is, well, public. And more and more of it is available online.
Without leaving my desk, I can find out if you are a director of any companies or trusts. If you’re listed in Telecom’s directory, I can find your phone number and address. I can search Quotable Value or LandOnline to see if you own the house at that address, and, for a small fee, I can find out how much, and when, you paid for it, what its approximate market valuation is now, and what your rates are. Thanks to Land Transport NZ’s Personal Property Securities Register, designed to protect car buyers from purchasing stolen or fraudulently obtained vehicles, I can punch in a vehicle registration number and find out who owns the vehicle and whether they bought it outright or financed it, and, if the latter, how much is owing.
There are other examples of government-held information being passed on to third parties. In June 1998 it was revealed that thousands of Auckland property-valuation records had been sold to a marketing company in Queensland by Valuation New Zealand (now Quotable Value). As a result, property owners received unsolicited marketing in the mail. Some government agencies, such as the motor-vehicle register and the drivers’-licence register, give information away for free. It may be that the law hasn’t kept pace with technology. When these registers were made public, it was anticipated that someone seeking information would have to go into an office and request the appropriate file in person. Now that the databases are electronic, however, they’re more subject to abuse.
If you were born in a New Zealand hospital after 1969, a sample of blood taken from a pinprick in your heel will have been stored at the National Testing Centre in Auckland’s National Women’s Hospital. It will have been tested for seven diseases and then retained, the store doubling as a DNA database, from which samples are sometimes released to the police for criminal investigations.
The electronic age also allows government agencies to share information. In 2005, the Office of the Privacy Commissioner reported that over the period 2004–05, 21.4 million files had been officially disclosed by one government agency to another. The privacy commissioner says that data matching is done mainly to detect fraud. Work and Income NZ and Immigration NZ might cross data to make sure that someone collecting unemployment benefit hasn’t left the country for a holiday in Australia.
Parliament has to approve any data matches made by government organisations, and the privacy commissioner acts as an expert adviser. Requests for data matching must show that the public good overrides the intrusion of privacy. Brown comments: “In terms of government dataveillance, a certain amount of information is required to run a nation and do the things that we collectively agree to through democracy. Specifically, the provision of welfare, student allowances and the electoral system all require some degree of dataveillance.”
Properly handled, data matching can provide both an efficient and a beneficial bureaucratic solution to a problem. But it is basically a series of inferences based on a formula, and sometimes the inferences can be wrong. In 2006, a British government minister had to resign after it was revealed that, over a seven-year period, 1023 foreign prisoners who should have been considered for deportation at the end of their sentences had instead been released into the community. Everyone had assumed the computer wouldn’t lie.
When there are discrepancies in data in New Zealand, the law dictates that those concerned be given a chance to explain themselves. Brown says this is the biggest problem with dataveillance: “It reverses the basic tenet of justice, that citizens are innocent until proven guilty. When dataveillance flags an individual as having transgressed the rules, it is up to them to prove that they haven’t. Apart from the worry that there might be mistakes in the system, this is the opposite to the way we’ve usually done things.”
There is also the risk that the aim of the data matching might be discriminatory. “Information matching might be encouraged in order for welfare fraud to be identified, which is great—no one wants their tax dollars ripped off. But welfare fraud might be more ‘surveilled’ than tax evasion on the part of large corporations.”
Brown goes on to say that dataveillance in general doesn’t affect everyone to the same degree. “Dataveillance involves a series of pre-determined judgements about an individual’s innate qualities, their moral fibre, their strengths and weaknesses. For instance, large databases of information may be searched for particular sets of qualities which signal a ‘risk’. The combination ‘male + Arab + flying from Dubai to Auckland’ will require investigation, while the combination ‘female + Australian + arriving from Sydney’ will not.”
International terrorism has driven a lot of recent surveillance initiatives. Since September 11, 2001, the New Zealand government has passed several laws that require internet-service providers and telecommunications companies to have systems in place so that calls and communications can be intercepted.
“These are laws that give police and intelligence agencies much greater access and dramatically increase the legal capabilities of the government to engage in surveillance,” says Tim McBride, a law lecturer and barrister with a special interest in privacy issues. These laws, he says, have crept in mostly unnoticed. Mostly. In 2004, McBride was spokesman for the Big Brother Awards, bestowed on people and agencies responsible for “outstanding abuse or disregard of privacy and civil liberties in New Zealand”. Three of the five awards were related to “antiterrorism” and surveillance legislation.
“Person of the Year” went to all politicians responsible for passing the legislation, which, according to the award organisers, “allows additional, secret snooping—with little or no public accountability—into the private lives, transactions and communications of New Zealanders. While falling mercifully short of the excesses of the United States Patriot Act, these various pieces of legislation result in significantly reduced privacy and civil liberties for all of us, but do little to reduce any actual terrorist threat.”
Similar criticism saw Minister of Justice Phil Goff named “Worst Elected Representative”, while the Government Communications Security Bureau won “Worst Public Agency or Official” for having systematically invaded New Zealanders’ privacy.
In Australia, privacy advocates have been fired up by John Howard’s proposal for a national identification card. Supporters argue it will increase efficiency and streamline government services, but according to Clarke: “National identity cards are an extremist measure, attuned to the needs of countries subject to central planning and despots, not to the expectations of free countries. The dangers of the card are serious enough, but the real focus needs to be on the dangers of the national identification scheme that provides the infrastructure to go with it.”
Katrine Evans says New Zealand laws don’t allow different organisations to use the same unique identifier. For example, a university cannot use drivers’-licence numbers as student numbers, and the heath service cannot keep track of patients using tax-file numbers. This arrangement is designed to keep different kinds of information separate—and therefore safe.
“We don’t have the quantity of war stories in New Zealand that we see in other places,” says McBride, “and that’s partly because we have strict limitations on the uses of unique identifiers. Another department cannot use IRD numbers to identify people because that would allow data aggregation.”
But McBride believes biometric identification cards are inevitable. “I’m sure we will fall into line but we need informed public debate on it. The proponents need to provide compelling arguments as to why we need such a system.”
The government is already involved in a much bigger exercise—the operation of a massive electronic intercept program called Project Echelon, designed to collect huge amounts of data from sources such as blogs and email and, by linking these to government records and intelligence reports, to search for patterns of terrorist activity. According to intelligence experts in the US and Europe, Echelon scans internet traffic, cellphone conversations, faxes and telephone calls, looking for evidence of terrorist activity, military threats and crime.
This electronic spying is being conducted by the US National Security Agency (NSA) and its counterparts in Australia, Canada, the UK and, yes, New Zealand. Echelon is so secret that the NSA won’t even acknowledge its existence.
The possibility that innocent people may become Echelon targets, or that the project’s spying activities may exceed legal boundaries, bothers privacy activists. Researcher and writer Nicky Hager, who has written a book on the subject—Secret Power: New Zealand’s Role in the International Spy Network—says he doesn’t believe Echelon is a threat to most New Zealanders. “But it is an example of large-scale international spying, which does have implications for all kinds of issues that New Zealanders care about.”
Hager says there is a much more immediate and pervasive threat to our privacy in the vast amount of data we 75 leave behind in our everyday lives. “When you put it all together in a systematic way, it adds up to a very complete picture of someone’s life,” he says.
Though this information can potentially be used against us by anyone from a jealous partner to a zealous employer or an aggressive marketer, Hager says the danger is even greater than that.
“The potential actually changes the way people live in very subtle, long-term ways,” he says. We behave differently knowing that our emails might be read by our employers and that the websites we view can be looked up by other family members. “It changes the way somebody feels about their sense of private self. Most effect of that from day to day is psychological. The serious, society-altering thing is where people who like to be private stop believing that they have privacy.”
Computer forensics has shown the remarkable degree to which people’s lives can be reconstructed from the data on their computers.
“People have no comprehension of how much of their lives is going into computers, texts and emails on the assumption that these are private,” continues Hager. “The thing that’s changed since 30 years ago, when surveillance meant a telephone tap, is that very large parts of people’s lives and relationships and legal and private personal matters are being recorded electronically as they do their business. That means there is a much larger part of a person’s self which is susceptible to interception.” A warrant to seize a computer can be signed off by a junior registrar of the court with only a generalised explanation.
“I’ve heard of cases in Auckland where protesters—moderate, lawful protesters—have had their computers seized by police,” Hager says. “Suddenly, you have somebody who did a small, democratic political action and the police know more about their lives than anybody could have known about anyone 10 years ago.”
Hager says the level of warrant required to seize a person’s computer doesn’t reflect the seriousness of this intrusion into their privacy. “It’s normalisation of what I would say is the most intrusive form of surveillance. The amount of data left on a computer about someone’s life is mind boggling.”
He predicts that when it dawns on people how much their computers reveal about them, there will be a call for the laws regarding seizure to be completely re-thought.
Although Hager accuses the New Zealand government of not being interested in privacy issues, he isn’t pessimistic. “What happens with new technology is that people at first are dazzled by the advantages, and it takes longer to realise the down side. I take a more optimistic view. Over time people can understand and control the bad sides of it.” And that will happen, he says, when there is more commitment from the government, or when the issues become controversial enough to arouse greater public pressure.
Tim McBride has spelled out his expectations for privacy protection in the New Zealand Privacy Charter 2004, which states: “A free and democratic society requires respect for the autonomy of individuals, and limits on the power of both state and private organisations to intrude on that autonomy. Privacy is a value which underpins human dignity and other key values such as freedom of association and freedom of speech. It is a fundamental human right.”