Having attended the University of Michigan, I regularly hung out in the very first Borders bookstore of the Ann Arbor-based company, which is now going through bankruptcy. So I have watched with special interest as Borders has tried to sell its customer data to help pay back creditors – what the company calls “one of its main assets.”
After requesting a delay to review privacy concerns, a judge approved this week the $13.8 million sale of the personal data to Barnes & Noble after B&N agreed to provide an explicit “opt-out” opportunity for customers on the list, which B&N initially called unreasonable. B&N will send emails to all customers and post an ad in USA TODAY announcing the opt-out opportunity.
As one of their 48 million customers, I can only wonder what information they have on my family and me from the past 20 years. While I am thankful the 1988 Video Privacy Act will prevent Borders from selling any information on videos I may have purchased from them, no law exists to protect the even more revealing history of my book and magazine purchases (and good luck sorting out which I bought for myself and which as gifts). And, like most busy people, I will probably miss the chance to opt out because it just won’t be convenient enough for me to do.
So what should happen to “customer data” when a company is sold or goes out of business? What if that company were not just a bookstore but Facebook, Google, Twitter or LinkedIn? What if the buyer were not a reputable company like B&N but one of the growing number of data brokers whose sole business is exploiting customer data for their own financial gain? This doesn’t even consider theft, which is exactly what Borders has claimed in a lawsuit against its online rewards partner Next Jump because it used Borders’ data to solicit their customers to make a jump to its own OO.com reward site.
Given the amount of data being collected these days, and the fact it is becoming a more and more valuable “asset,” visionary companies should be thinking of entirely new and transparent ways to engage their customers in sharing and using their data. Otherwise they will increasingly find “opt-out” as the default response.
We’ve all heard the expression, “Why reinvent the wheel?” It turns out there are good reasons to do that sometimes. At Personal, privacy is a key consideration, so we do everything we can to prevent information from leaking from our platform, including which web pages people visit.
It is no secret that Google Analytics is one of the best tools for website analytics, but have you ever wondered why such a powerful tool is free? Because it comes with strings attached. When used, website visitors are tracked by Google as they move from page to page, allowing Google to produce great reports for the website owner, but also to aggregate data on users as they travel from Google-enabled site to Google-enabled site. Instead of allowing individuals to be tracked on our site, we opt to process our logs using a mix of Open Source and homegrown tools that we install and run.
The problem is not just limited to website analytics. It exists with every tool that is integrated directly from third party sites, such as CAPTCHA, Facebook Like buttons, social network share buttons, and others. Here are some ways we protect individual’s privacy at Personal:
- We use Open Source software that we install and run.
- We build our own tools to perform specific tasks.
- We partner with companies and use their tools in ways that are not at odds with privacy.
- We proxy requests to some third party services for users so they are not directly exposed.
All of these efforts cost time or money, or both, but because privacy is a crucial aspect of what we do, we wouldn’t have it any other way.
Most people think their passwords are pretty good. After all, these passwords protect a growing stash of precious digital information about us. I used to do a party trick and/or a security demonstration where I bet people I could ask them five questions and then guess their password in five tries or less. I won the bet a frightening percentage of the time. For most people, my five password questions would be along the lines of:
- What is your significant other’s name?
- What is your pet’s name?
- What is your firstborn child’s name?
- When is your birthday?
- When is your anniversary?
Combining these in a fairly predictable way, I could almost always get close. After a few questions, many people started to realize that their entire digital life was locked away behind these easily picked locks of their own creation. Banking, credit card accounts, emails, instant messages – all potentially hanging in the breeze. Not a good feeling when you’ve always acted with the presumption of security and privacy.
For some people, I would ask different questions, “what is your favorite beer,” or “who is your favorite athlete/celebrity,” but the principle is that people generally create passwords around things meaningful to them that they can remember. If you understand this principle, passwords become increasingly easy to guess, as they are almost always based on common words and names. They more you know about a person, the easier the guessing game.
This gave me a natural segue to talk about password security and password complexity, topics of ever increasing importance in the digital age, and as more and more of our lives transition to the digital realm, the trend isn’t going to reverse anytime soon.
Stay tuned for the next installment where we’ll talk further about how to keep your digital property safe and secure!