What Stays in Vegas
Page 27
When companies figure out a way for customers to reap real benefits from their own data, they will usher in a revolution in both marketing and self-empowerment. Consumers will increasingly take control of their own data. Some will routinely export medical and other personal records into their own managed vaults to keep better track of their lives and interface with the outside world.
Businesses should provide easy online access to download the personal data they hold about you. Such information might look like your credit card bill, with details of where and when you bought something, the amount, and category such as food/beverage or medical services. They should share a fair amount of detail: what exactly did you order at the restaurant, how many days was the car rental, how many miles did you drive? Perhaps you could set the fields of data you are interested in seeing. Some people would never bother to look up such details, but others would appreciate the easy access to such information.
Kanter, who in 2014 passed on the Caesars Total Rewards portfolio to a colleague as he focused on his new role as senior vice president of revenue acceleration, envisions Caesars sharing ever more data with customers. But he points out that eventually the raw data could overwhelm even the person whose actions generated the file. I saw this many years ago after reading about all the dull moments the Stasi notated about me in 1988, such as the several minutes I spent puzzling over a map trying to figure out where I was going.
Do Caesars customers really want a chart of how many days in advance they reserved their hotel rooms, how many minutes they sat in a restaurant on average, or even how many times they passed through the lobby (if future photo recognition technology could compute such comings and goings)? In some cases customers expect Caesars to record even more than they do, such as everything they ever uttered to a hotel clerk. Even with cheap and endless data storage, there can be information overload. “We have to show some judgment about what data is meaningful to the end consumer,” Kanter said about the guidelines a company should embrace in releasing personal data. “Where does it enhance our relationship in creating value versus where does it create complexity that we don’t have already?”
Recently, Internet giants have started allowing users to access their accumulated data. Twitter, for example, allows you to “request your archive,” everything from your first tweet and all resulting interactions. Facebook’s account settings allow people to download their data. And in December 2013, Google announced it would allow users to obtain a copy of Gmail and calendar data, as well as from YouTube and other Google services.19
Some companies will complain that sharing detailed customer information would prove onerous. But they already gather the information—they just need to design an interface that works for the average consumer. The point of empowering people with their own data is not to slow the mighty wheels of commerce. People will continue to buy. Businesses can still prosper while giving customers insight and choice. And if they are open about what they are doing, everyone can feel better about the whole process.
ACKNOWLEDGMENTS
I owe thanks first of all to Harvard University Professor Latanya Sweeney. She invited me to spend the 2012–13 academic year in residence as a fellow in Harvard’s Department of Government, and then invited me back as a 2013–14 fellow at the Institute for Quantitative Social Science (IQSS). Few people understand the power of big data and personal information better than Sweeney, one of the nation’s top experts on data reidentification. Sweeney provided me with great insight, encouragement, and good humor throughout. Without her support I would not have been able to write this book.
My 2012–13 fellowship was supported in part by Harvard’s Data Privacy Lab and a grant from the National Science Foundation. I am thankful to the chairman of the Department of Government, Timothy Colton, IQSS chairman Gary King, and the Nieman Foundation for Journalism, which first brought me to Harvard as a fellow for the 2011–12 academic year. During that year I began to study the topics covered in this book. I am indebted to curator Ann Marie Lipinski, who encouraged me to pursue this project, and former curator Bob Giles, who took me into the program.
Many graciously gave their time and assistance to make this book possible, including hundreds of people interviewed, only some of whom are included in the narrative. In particular, I want to thank the main subjects of the book. Gary Loveman graciously opened the doors of Caesars casinos, allowing me access to top executives, patrons, and internal workings. Joshua Kanter, the head of Caesars Total Rewards program, proved a patient host over many months during my visits to Las Vegas and other company casinos. He provided a deep level of frank insights into the operation of a major company. Rich Mirman gave much help about the evolution of the company during his time there. Gary Thompson at Caesars also wholeheartedly supported the project.
The Monahan brothers spoke openly about their business and practices in a way still rare for the industry. Ann shared intimate details about her flirtation with Internet erotica and attempts to remain anonymous (I’ve left out her last name and Internet name at her request). Busted! founder Kyle Prall openly discussed his life and business in great detail, knowing he would face some tough questions. Janet LaBarba and Paola Roy generously shared intimate details about their arrest experiences. Claudia Perlich and her colleagues at Dstillery revealed the inner workings of online advertising to me. None of these participants made review of the material about them a precondition for their cooperation.
Shane Green and the team at Personal.com, Michael Fertik at Reputation.com, and Sarah Downey of Abine were generous with their time and knowledge. I gained insights from the Direct Marketing Association, which allowed me to join a two-day training session in New York to see what marketers are learning and to attend its annual conventions in Las Vegas and Chicago in 2012 and 2013, respectively. I thank Techonomy and its founder, David Kirkpatrick, for allowing me to attend its 2012 annual conference. I am thankful to former FBI agent Dennis Arnoldy for putting me in touch with Frank Cullotta, who lives under an assumed name in the witness protection program.
Many professors, students, fellows, and others at Harvard University shared their insights and suggestions with me, including Henry Louis Gates Jr., Laurence Tribe, David Moss, Harry Lewis, Jonathan Zittrain, Martha Minow, Mikolaj Jan Piskorski, Max Bazerman, Yochai Benkler, Phil Malone, Kit Walsh, Sean Hooley, and Charles Nesson. John Deighton of Harvard Business School gave useful comments on the advertising chapter and made valuable suggestions. Sunil Gupta, also at HBS, graciously allowed me to sit in on his online marketing class in the spring of 2012. Jim Waldo, Harvard’s chief technology officer, helped guide me on the path to this book by letting me sit in on his excellent class “Privacy and Technology,” which he coteaches with Latanya Sweeney, during my Nieman fellowship year. I am grateful to others at the university whose teachings inspired me in other fields. These include my jazz gurus Daniel Henderson, Vijay Iyer, and Ingrid Monson and language gurus Richard Delacy and Giuliana Minghelli.
Writers Paige Williams, Neal Gabler, Ron Suskind, Nazila Fathi, and Gay Talese offered inspiration, as did my long-ago professor at Princeton, John McPhee. Liza Boyd gave me tremendously valuable suggestions on improving the structure of the book, and her many improvements are reflected in these pages. Dina Kraft, Sam Loewenberg, George Nikides, David Kim, and Patrick Hoge all offered insightful editing on some of the chapters. My agent, Alice Martell, sharpened the focus of the work with infectious enthusiasm. Clive Priddle at PublicAffairs Books made this book immeasurably better with his suggestions and edits and always embodied the image of the gentleman publisher. My family supported me wholeheartedly throughout the immersive and all-consuming focus a book inevitably demands, and listened to endless dinnertime stories about personal data as I discovered new insights.
Despite all this help and my best efforts, there may be matters I did not describe as precisely as I set out to, and I apologize in advance for any errors that may have slipped by. I’d enjoy hearing from readers, and can
be reached at book@WhatStaysinVegas.us.
Copyright © 2014 Robert Leighton
APPENDIX
Take Control of Your Data
How to Control Your Data Flow
People have highly personal attitudes toward their own data. Some are alarmed by the privacy risks of the increasing amount of data collection; others scoff and ask why people make such a big fuss.
By telling the stories of how firms gather data and use them, I hope that readers will get a sense of what they are comfortable sharing. Some people are happy to receive targeted advertising online and off, and are comfortable letting firms gather data about them. Others may try to avoid such tracking. Or they may be comfortable sharing in some spheres but not others. At a Personal Genome Project conference, several volunteers told me they openly share their DNA and medical histories for science to study but refuse to maintain Facebook accounts because they do not want to transmit everything about their lives. In the end, it’s up to you to control how much data you shed.
As with healthy eating, no one magic ingredient protects against the proliferation of personal data. Just adding oatmeal will not make a substantial health difference. You have to embrace a wide variety of foods and practices to change the health impact of what you eat. The same goes with gaining more control of personal data. Some cost or inconvenience comes with seeking to stem the flow of personal data.
Other analogies apply. “It’s like a disease where there is no single drug that can heal it but there is a cocktail of drugs that would,” says Vitaly Shmatikov, who specializes in privacy issues at the University of Texas. “It is sort of unpleasant because you would like to solve the problem once and for all.”
Many Internet users may find the whole issue of seeking to protect their personal data tiresome. “I am a typical consumer of the baby boom generation and a busy person. I do shop online and I want to take advantage of the convenience and wider array of choices that the Internet offers,” says Susan Grant, director of consumer protection at the Consumer Federation of America. “Other than following the basic safety rules . . . I don’t take any special precautions or use any special programs. And I don’t generally read privacy policies. That’s why I want things like ‘do not track’ on by default, and nutrition-label-style privacy notices. Make it simple for me, please!”
On the other end of the spectrum, consider Eben Moglen, a professor at Columbia Law School and founding director of the Software Freedom Law Center. He maintains his own web server and an old-style cell phone (i.e., not a smart phone). When surfing the Internet, he encrypts his communications (via SSH), obscures monitoring of his web searches through a plug-in called TrackMeNot, uses additional privacy protection plug-ins including Adblock Plus and NoScript, and a text-based web browser like w3m or Surfraw. He avoids Google Voice and Skype and instead uses a system based on Asterisk. But he worked for a time as a programmer at IBM, so he has a special level of expertise to implement all these tools.
Alessandro Acquisti, an associate professor at Carnegie Mellon University, has done interesting work related to photo-recognition technology and Social Security numbers. He uses some privacy-enhancing tools, such as programs that increase online anonymity, but in moderation. “I do not use all those tools all the time,” he says. “After a certain point, the marginal costs (as well as the opportunity costs) of trying to ‘protect’ more and more of your personal information increase rapidly, while the effectiveness of those protective strategies equally rapidly decreases.”
Acquisti likes privacy-enhancing tools, but says they do not work alone. They need consumer awareness, market adoption, and a smart regulatory infrastructure to foster their use. “I stress that I think all those components are necessary at the same time—none is sufficient by itself,” he says.
Much like the Internet itself, the tools to control personal data are constantly changing. “You have almost an arms race of people like us and people whose business models are predicated on invading the privacy of consumers. And because we can’t get along, we fight in this arms race to give consumers control where it’s being taken away,” says Abine cofounder Rob Shavell. “And then the people that are taking away the control and trying to exploit data and inference on the part of consumers’ activities come up with technologies, and then we have to come up with new technologies.”
What follows are some strategies and tools for privacy protection I have come across in researching this book, although there are many more options to consider as well.
Internet Browsing
People who want some control over their personal data should start with how they surf the Internet. “I have not invited anyone to follow me around the Internet any more than I have invited marketers to listen to my phone calls, conversations, or email (unless it is the marketer who provides that email). So I keep different browsers on different settings depending upon what I am doing,” says Al Raider, chair of the management, accounting, and finance department at the University of Maryland, University College. “The browser I use most often is set to reject third-party cookies and automatically clears cookies when closed out. For those sites requiring third-party cookies to access, I use another browser permitting that. Then I always clear those cookies when I am finished.” Because a user can easily clear cookies from their system, more companies are seeking to place ads using techniques such as browser fingerprinting (looking at the distinguishing characteristics of your browser).
The next step, then, is to enhance Internet privacy: SurfEasy makes a small USB device that plugs into a computer to mask your IP address, location, and other details to obscure online tracking. The company has also developed the same technology for cell phones and tablet devices, and it is available for computers via VPN, which means you don’t have to have a USB device. Anonymizer.com, a service that has been around for many years, routes your Internet surfing through VPN, which is basically an encrypted tunnel, as are FoxyProxy and Unspyable. There are other pay options and several free services to step up privacy while surfing the Internet. A service called Private WiFi plays up its usefulness in protecting privacy when using public Wi-Fi.
The free WhiteHat Aviator browser builds in privacy and security protections with little sacrifice in ease of use. Remote browsers provide even more privacy and security protection. You see the normal Internet results on your computer, but the surfing is actually taking place in the host company’s computer, making it easier to block malware as well as online tracking. Authentic8’s Silo provides such a service for $100 a year, and is geared for sensitive browsing such as on financial or medical websites. It disables audio, however, so it is not a full-service browser. Quarri’s myPOQ provides a similar service without disabling audio and at present is free of charge. Cocoon (getcocoon.com) allows you to surf the Internet through its servers after signing on through a browser plug-in, although in my experience it often has to be reinstalled after Firefox or Internet Explorer introduces a new version of its browser.
Those concerned about Internet tracking and targeted advertising can also install browser plug-ins, including Abine’s DoNotTrackMe and Disconnect.me. Adblock Plus keeps many ads off the Internet pages you visit. A number of experts recommend HTTPS Everywhere to boost security when viewing websites (www.eff.org/https-everywhere/). Some privacy advocates recommend the NoScript browser plug-in for Firefox. It certainly makes it harder to navigate the web, but enhances security by allowing JavaScript, Java, Adobe Flash, and other plug-ins only for sites you approve. If you do try NoScript, you likely will be surprised to see how many programs are trying to execute on your computer every time you visit a web page.
More serious privacy advocates use a service called Tor, short for The Onion Router (www.torproject.org). This free software allows users to hide their location when surfing online. Revelations that the US government has tried to identify its users show that even Tor has limitations. Another example of how things could go wrong for users came in December 2013, when a Harvard under
graduate made a bomb threat against several buildings via Tor during final exams. He was quickly identified and arrested.
“Tor’s still great, but the default configuration leaves some vulnerabilities open in order to preserve website functionality,” says Kit Walsh, an expert on free speech and privacy at Harvard’s Berkman Center for Internet and Society. “It’s also very easy to accidentally leak info that can deanonymize you, like the Harvard bomb-threat kid who used his registered machine on Harvard’s network to connect to Tor, send the threat, and then disconnect; it was very easy for Harvard to deanonymize him.” Various apps including Orbot and Onion Browser use Tor to facilitate secure web browsing.
You can also limit data collection by online advertisers by going to the Digital Advertising Alliance’s page or the following websites: www.aboutads.info/choices/, www.networkadvertising.org/choices/, or www.evidon.com/consumers-privacy/opt-out. You can adjust your Google ads at google.com/ads/preferences/. It’s probably also worth reading Google’s privacy policy at www.google.com/intl/en/policies/privacy/. That page has links to several places that allow you to set the amount of data you share in various ways.
Email
Some free email services such as Gmail serve up ads based on keywords found in your messages, so you should read the privacy policy before signing up. Some privacy activists go so far as to suggest avoiding sending mail to others who have Gmail accounts because those incoming mails will be scanned for contextual advertising even though the non-Gmail user did not agree to such policies.