The Privacy Backlash

Know your customers well... but don't make them paranoid

I make my living as a data miner, and I can’t help noticing that it makes a lot of people really nervous.

An old college friend I hadn’t seen in years, an artist and anthropologist, had only a fuzzy idea of what I do from seeing the Web site of Data Miners, the consulting company I founded, and was afraid I might be into Orwellian “1984 stuff.”

But later in the same conversation, she expressed the hope, only partly tongue-in-cheek, that my work will save her time at the video store; as soon as she enters the store, someone can simply hand her the tape that data mining predicts she will want, and she can go home happy.

My friend’s reaction was a typical mix of fear, misunderstanding, and willingness to see a bright side. I wish that clearing up the misunderstandings could alleviate the fears. Unfortunately, a clearer understanding of the power inherent in the com- bination of powerful data-mining tools and widely available personal data from many sources is likely to make people (and the people’s representatives in Congress) more worried rather than less.

Data mining can modestly improve our lives by helping our vendors and service providers better understand our needs. It can also be abused to invade our privacy. It won’t take many examples of such abuse to raise an uproar leading to restrictive legislation likely to treat “good data mining” and “bad data mining” alike.

The only way to avoid such a backlash is to educate industry and consumers alike how to determine what data mining applications are legitimate, and most important, to give people some control over how their personal data is used. After all, most people are happy to trade away some of their privacy for some other benefit. We accept having our picture taken by the ATM, because it makes us feel safer knowing that a robber would also be on camera. We accept having our luggage X-rayed, bomb-scanned, and ransacked at the airport, because we are glad a terrorist’s luggage would get the same treatment.

The public’s acceptance of data mining requires that two conditions be met:

• An explicit and well-understood covenant exists between those mining the data and the subjects of their analysis

• Individuals feel they control the data they provide and how data miners can use it.

Benign Data Mining

Most data-mining applications in marketing are benign. Despite all the rhetoric about “relationship marketing,” no marketers are interested in you as a human being; they are interested in you as a potential customer. Information about you that sheds no light on your propensity to buy a certain product is simply not interesting to the vendor. Your age, income, sexual orientation, political affiliations, number of credit cards, and fondness for lima beans may all be things you choose not to share with your neighbors. But even personal information that would set the neighbors’ tongues wagging for weeks on end does not interest the commercial data miner unless it can help predict whether you will order from a catalog or default on a loan, for example.

Anyone really out to get you — an ex-spouse or a collection agency, perhaps — doesn’t need data mining. The information that finds its way into marketing databases has always been available to those willing to look hard enough. In Massachusetts, where I live, I am free to check the registry of motor vehicles for an inconsiderately parked car’s owner name and address. I can then walk over to the registry of deeds and see what his house is worth. And I can look up his number in the phone book if I want to call him to give him a piece of my mind. What is new with data mining is not the ability to determine who owns a particular car, but the ability to scan thousands of automobile registrations looking for patterns.

Informed Consent. As consumers begin to realize the value of information about themselves and their habits, they will start charging for it. Many supermarkets already pay for this information. The ability to tie purchases to an individual is valuable enough that the store is willing to pay for it in the form of additional discounts offered to people who identify themselves each time they make a purchase. As long as the data is used only to figure out what coupons to offer which customers, and not to figure out who is eating too much fat, most people don’t mind supplying the information and taking the discount. As consumers become more savvy, they will start expecting to be paid for their information in other situations as well.

The Customer Rules. As long as companies are collecting data on you only because they want to sell you things, you are in control. If they misuse that information in ways that disturb you, you will be less likely to buy their products and services. That explains why MCI asks you who your friends and family are instead of just figuring it out for themselves and calling them up. Marketers’ fear of upsetting you is the strongest protection you have against their misuse of your personal data.

Malign Data Mining

Fear of offending consumers may stop some abuses, but not where real money is at stake. Recently, a supermarket defendant in a slip-and-fall suit used loyalty-card data to show that the plaintiff was a heavy drinker (or at least purchased a lot of alcohol). The suit was dropped. All of a sudden, many people who never gave much thought to what use their loyalty-card data might be put have started worrying about it.

Similar worrying news stories are reported nearly every day. There was the wife who opened a telephone company’s discount offer for calls to a frequently dialed number that her (now former) husband shouldn’t have been calling. There were the drugstore customers alarmed to discover the reason they were getting direct-mail solicitations relevant to their illnesses was that a drugstore chain had sold its prescription data. The stories are numerous.

It is easy to imagine worse scenarios. The analysis techniques that transform catalog order data into mailing-campaign targets could easily serve nefarious purposes. For instance, a “big brother” government might find data-mining techniques handy for compiling an enemy list. If we classify data-mining applications on a continuum on which a direct mailer deciding not to send you a sweepstakes entry is at one end, and a repressive state identifying you as a target for special persecution is at the other, many of them fall somewhere in the middle. How can we draw a line between the applications that ought to be tolerated or even welcomed and those that should be feared and outlawed? My answer is to evaluate each application on two scales:

1. How close is the alignment between the people doing the data mining and the people whose data is being mined?

2. What is the balance of power between the miners and the mined?

Let’s look at a few potential applications of data mining, keeping these two scales in mind.

In the case of a consumer direct-marketing organization trying to reach the right customers, the interests of the miners and their targets are actually very closely aligned. Consumers do not want to get junk mail advertising products and services in which they have no interest. Similarly, the mailer has no interest in wasting postage on people who are unlikely to respond. Conversely, if the offer is one the consumer considers valuable, both the vendor and the consumer are pleased. As for power, it is all in the hands of the consumer, who is free to decide whether to respond to the offer.

A more troubling prospect is the mining of medical records, credit card transactions, supermarket purchase records, or lifestyle data in order to assign risks for various ailments to individuals or subpopulations. How well the miner’s interests align with those of the mined depends greatly on the nature of the healthcare system. Most of the developed world accepts that society as a whole benefits from, and is responsible for, maintaining a healthy population.

In most wealthy countries, this understanding has led to the creation of single-payer healthcare systems in which every citizen is automatically covered. The interests of such a system and of the individual are reasonably compatible. The healthcare system saves money by preventing people from becoming ill and by getting them early treatment when they are in need. Because people tend to prefer being healthy to being sick, they have no particular reason to withhold information that may help in their diagnosis or treatment. Power is balanced between the miner and the mined. The healthcare system has the power to decide which treatments to pursue, but it does not have the power to refuse coverage.

In the United States, the situation is quite different. Healthcare is usually financed through myriad for-profit insurance companies. These companies can save money and increase their profitability by refusing to cover people who are at greater risk of becoming ill. Here, the interests of the individual and the provider are at odds. The sicker I am, the more I want healthcare and the less inclined the insurer is to provide it. Furthermore, in the U.S. system, the power resides totally with the insurer, which can approve or deny coverage. Thus, while I might look with indifference on a project to use data mining for medical risk assessment in Canada or Europe, I would regard a similar United States program with alarm.

In fact, medical records are already accorded a higher level of protection than most data. But what if non-medical data were used for the same purpose? Although I do not object to the supermarket using my purchasing patterns to determine which coupons to issue me, I would feel very differently about the supermarket data being used by an insurance company to determine my risk for heart disease. And yet, premiums are already higher for cigarette smokers, so why not for people who purchase a lot of beef and sour cream?

Similar questions about data misuse come up with automatic toll-payment systems (who is interested in where you are and when?), telephone records (why do they want to know who your friends and family are?), and even magazine subscriptions, catalog orders, or Web site visits.

Data mining is a powerful tool. Like any tool, it can be used for ill. As our information society matures, we will have to develop new laws and conventions to cope with the new methods of manipulating information. We should not rush to regulate harmless data mining, but the best regulations, where necessary, will be those that best balance power and support mutuality of goals between data miners and individuals.

Michael J. A. Berry, founder and principal of Data Miners, is co-creator of the Decision-Support Systems Laboratory (www.dsslab.com) in Cambridge, Mass. You can reach him at mjab@dsslab.com.