Home/red-rock-eater/American Express, tracking devices

American Express, tracking deviceswriting

surveillancecivil-libertiesprivacyrrecommerceforwarded-contentauto-importedrre-post
1998-04-20 · 7 min read · Edit on Pyrite

Source

Automatically imported from: http://commons.somewhere.com:80/rre/1998/American.Express.trackin.html

Content

This web service brought to you by Somewhere.Com, LLC.

American Express, tracking devices

``` [This abridged issue of Privacy Forum includes articles on American Express' new plans to sell summaries of its customers' purchase histories to other companies and on the very rapid spread of devices for tracking individuals' movements. For information on Privacy Forum see http://www.vortex.com .]

---

This message was forwarded through the Red Rock Eater News Service (RRE). Send any replies to the original author, listed in the From: field below. You are welcome to send the message along to others but please do not use the "redirect" command. For information on RRE, including instructions for (un)subscribing, send an empty message to rre-help@weber.ucsd.edu

---

Date: Wed, 13 May 98 21:37 PDT From: privacy@vortex.com (PRIVACY Forum)

PRIVACY Forum Digest Wednesday, 13 May 1998 Volume 07 : Issue 09

---

Date: Wed, 13 May 98 11:30 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: American Express Selling Customer Purchase Data

Greetings. You hand over your American Express (AMEX) card to a merchant, and later walk away with your goodies. Not only have you just made a convenient purchase, but apparently you've also participated in a largescale marketing plan, where your purchase profiles will be cross-referenced through an external database and sold to outside parties for commercial use.

Surprised? You don't recall giving permission for this sort of use of your purchase data? You're not alone. It's another example of business "data creep"--data that was collected for one purpose, being used for various different purposes, often without the knowledge or explicit permission of the customer party involved.

It was recently reported that AMEX has entered into an agreement with KnowledgeBase Marketing to provide detailed purchase profiles to small businesses for marketing purposes.

KnowledgeBase Marketing states that it gathers information from public sources, and reports indicate that the information can include everything from the value of your home to the ages of your children. AMEX would apparently be combining in your purchase profiles--reportedly not the specific purchases you made--but rather the detailed types of purchases. Perhaps you make frequent trips to Europe or buy lots of cat food. Your purchase history can be profiled down to very specific categories and targeted in a precise manner.

While AMEX has stated that customers can choose to remove themselves ("opt-out") of the plan by writing to them, initial reports indicate that AMEX has not been planning to explicitly inform customers about this database/marketing effort or their options in regard to this plan.

My reading of AMEX's policies about such issues on their web site suggests that this marketing plan would not explicitly violate the letter of those principles. As long as AMEX customers have been notified (presumably somewhere deep in the routine customer disclosure documents) that they can write in to opt-out from (unspecified) marketing plans, AMEX apparently considers them to be "on notice" for all future outside marketing efforts.

However, by not being more explicit about notifying customers regarding specific marketing plans and partners, it would appear that AMEX is definitely not interested in making the opt-out option (writing a letter) particularly popular. And of course, it would apparently be unthinkable for AMEX to ask customers in advance if they wanted to participate in particular marketing efforts ("opt-in").

I've been attempting to get more information about this AMEX plan and their policies in this regard. However, my efforts to reach the AMEX Vice President who has been quoted about this marketing plan, have so far been unsuccessful.

For a point of comparison, I contacted Visa International regarding their policies when it comes to customer information and received a prompt response. Visa International says that they themselves do not sell cardholder information to merchants, though individual members (e.g. card issuing banks) set their own policies regarding such matters, since the members themselves manage their relationships with their cardholders.

This whole issue tends to again call into question the repeated claims from the marketing industry that "self-regulation" is sufficient to protect consumers, and that legislation to shield consumers from abuse of their purchase and other personal data is unnecessary. The best intentions of some business entities can be swamped by the more exploitive data management practices of less enlightened enterprises.

So just say "charge it!"

--Lauren-- Lauren Weinstein Moderator, PRIVACY Forum http://www.vortex.com

---

Date: Mon, 20 Apr 1998 09:30:13 -0400 (EDT) From: Brian Clapper Subject: ID implants, anyone?

The first page of section B of the Wall Street Journal, Monday, April 20, 1998, contains a story about electronic tags--radio frequency identification (RFID) technology that broadcasts arbitrary information. Not only is the technology used in many of the plastic anti-theft devices attached to merchandise, but its use in wrist bracelets is becoming very popular. The story discusses various new, "exciting" uses for such technology, including:

  • Keeping track of children in those temporary day care centers in
    • supermarkets.
  • Keeping Alzheimer's patients from wandering astray in nursing homes.
  • Controlling who has access to office buildings, parking garages, etc.
  • Paying for auto fuel without using cash, credit or debit card (i.e.,
    • Mobil's Speedpass system, which I believe has been mentioned before in this forum).
  • Tracking medical information. According to the article, "[RFID devices]
    • have even found their way into some breast implants to store information that doctors may need later."

    There are a few specific comments in the article that, while chilling, will come as no surprise to readers of the PRIVACY Forum. For example:

  • "Someday, a few RFID enthusiasts say, we may all have tags implanted
    • under our skin. If so, the tags could zap data about us into computers, saving us from endlessly reciting our names, allergic reactions, and frequent-flier codes."
  • A property developer contracted with a security company to install an
    • RFID security system in his office building; he uses the system to track computers and other office equipment, and to track employees. "`We had a cleaning lady who said that she worked all night,' he recalls, `and we know she left at 9:04 [pm]'".
  • The CEO of Sensormatic (Robert Vanourek) is hoping retailers will start
    • using RFID for customer tracking, giving customers cards that can track not only what they purchase, but where they go in the store and how much time they spend at each location. At that point in the article, one encounters the only paragraph that even comes close to touching on the privacy concerns of this technology: "Wouldn't customers resent an electronic snoop? Sensormatic thinks they will get used to it, especially if they get more personalized service in return." Sadly, they're bound to be correct in that assumption.

    The article ends with a paragraph that asks the question: "While they're at it, why not implant ID tags in people?" That final paragraph does not contain one single sentence that acknowledges the dangers of this kind of monitoring; instead, it merely mentions Robert Vanourek's belief that "it will take time", but will eventually happen; and, he believes, the earlobes will make the perfect location for such implants.

    The article is decidedly enthusiastic about RFID technology; it fails to discuss, or even mention in passing, the frightening compromises to privacy and personal autonomy that become possible once this kind of technology has gained broad acceptance. Instead, it focuses entirely on the gee-whiz nature of the technology and on the wonderful conveniences it will bestow upon us.

    Maybe it's not as bad as I fear, though: Perhaps some entrepreneur will come along and devise portable Tempest technology for one's earlobes, wrists, and automobiles. Of course, by that time, such technology will have been outlawed in the interests of national security.

    Brian Clapper, bmc@WillsCreek.COM

    ---

    Date: Fri, 08 May 1998 15:10:23 -0400 From: "Philip N. Gross" Subject: Remotely tracked passports

    Last week's issue of the Far Eastern Economic Review (http://www.feer.com) had an article on Malaysia's new high-tech passports. These will have a chip and antenna embedded in the rear cover. In its 8K of encrypted memory, "the chip can store a digitized photograph, a thumb print, a digital signature and several pages of information about the passport's owner".

    Later in the same article they mention that the same company is planning to use the same technology for airline boarding passes, and an extra feature is revealed:

    "Yap says the hi-tech boarding passes also could be used to track passengers in the departure lounge. Airlines lose hundreds of millions of dollars a year because passengers miss their flights while they're busy shopping or eating. With chips in their boarding passes, laggard passengers could be quickly located (their movements would be picked up by electronic readers stationed throughout airports)."

    Finally (you can see this coming) plans are revealed for:

    "...Malaysia's new multipurpose smart card. This would merge several documents--the identity card carried by all Malaysians, a restricted passport for travel to Singapore, a driving licence and health data--into one card. The company is part of a consortium bidding to supply 14 million such cards."

    Unsurprisingly, among the other countries that have expressed interest in the technology are Indonesia, China, Syria, and Iran.

    Governments and others are offering "high-security" tamper-proof encrypted smart cards/passports, while playing down the fact that the carrier can be tracked remotely.

    Philip Gross png3@columbia.edu

    ---

    End of PRIVACY Forum Digest 07.09

    --- ```

    This web service brought to you by Somewhere.Com, LLC.