Search This Blog

Thursday, August 25, 2005

Ethnic Profiling In Junk Mail II

In an October 2001, article titled, “Ethnic Profiling: A Rational and Moral Framework,” by Robert A. Levy, Senior Fellow in Constitutional Studies for the Cato Institute, he reports on a then Gallup poll which revealed that 60% of Americans wanted Arabs to be subjected to more intensive screening at airports. Of course, this was less than a month after 9/11. He quickly raises the question of whether any ethnic or racial profiling should ever be justified.

And then in August of this year, Ralph Hostetter’s piece, “Ethnic Profiling,” on CNSNEWS.COM, takes the ACLU to task for attempting to organize the Far Left, ultra liberals, against such targeted, ethnic profiling. The ACLU objects because terrorist acts such as Oklahoma City, the Atlanta Olympics, even a Taliban insurgent, were all Anglo-Christian Americans. But Hostetter apparently still feels this weakens the U.S. fight against terrorism and puts our citizens in jeopardy.

Levy believes, …”we must defeat without abandoning the liberties that set us apart from every other country in the world.” He goes on to call for “logic, not emotion,” “evidence, not rumor,” and …”a structured approach that weighs the competing interests rationally and morally.”

On the other hand, Hostetter states, “It is politically stupid for Americans who are so easily identified on an ethnic basis not to use ethnic profiling against our sworn enemies in the interests of our own protection.” He goes on, “Ethnic profiling works. If ethnic profiling is but one viable tool in the war against international terrorism, it must be used to the utmost.”

Two somewhat opposing views, but each with a certain degree of substance. We must defend America but we must not take away or infringe upon the civil rights of the people. And, under no circumstances should we be allowed to invade the privacy of any home or individual without confirmed provocation.

Keeping both of these positions in mind, let’s continue where we left off in my last post with the parade of ethnic lists that prevail in the junk mail industry.

Ethnic Lists & Marketing, LLC of Scottsdale, AZ, has a list called “Arab-American/Muslim-American Doctors.” There are 6,431 nationwide. Here’s one from Ethnic Technologies, LLC of South Hackensack, NJ, “Arabic Prime Prospects.” They also have “Turkish Speaking Households.” Three more from ClientLogic: “Ethnic Clubs & Organizations,” Islamic Households by Occupation,” and “Islamic Lifestyle Index” which identifies Islamic homes with guns and ammunition.

There’s an ethnic database of e-mail addresses from List Services Direct in Leonia, NY, and a huge ethnic masterfile of millions of names with added personal data from Focus USA, Hackensack, NJ. All of the smaller lists have some personal data available. Items include age of adults and children, telephone number, income, occupation, credit card usage, length of residence, language spoken, investments, education, vehicle information, frequent travelers, and, my favorite, “people interested in Middle East politics and the Arab-Israeli conflict.”

Some of the major magazines are also very aggressive in this area. Entrepreneur, U.S. News & World Report, Newsweek, the Time Inc. Group, Hearst Magazines (Cosmopolitan, Esquire, Good Housekeeping, Harper’s Bazaar, Popular Mechanics and Redbook, to name a few), and Meredith Magazines including Better Homes & Gardens and Ladies Home Journal. All have ethnic selections on lists that range in size from 500 thousand to over 30 million, the latter being the Time Inc. Group.

But the “mother” of all ethnic lists comes from Experian, also one of the three credit report providers, covering 43 different ethnic origins, and including 84 million individuals. That’s 28% of the total population. In addition to age, income, occupation, education, etc., here’s what Experian also knows about these households: whether they are business owners; number of children and their gender; wealth rating; and their summarized credit statistics.

As I indicated in my last post on “Ethnic Profiling In Junk Mail,” the real purpose of amassing all this data into lists and databases is to make more money from the sale of the names and personal information. Which is OK, if the name-holders were getting their fair share. Ethnic names range in price from 7 cents to 16 cents, the high side being just over the average of 15 cents.

As a part of the $4 billion made annually from the sale of consumers’ names and personal data, ethnic lists probably don’t represent a major contribution…yet. But considering the federal government’s recent habits of using data brokers as major investigative tools, can that time for typical overspending in this field by the feds, accompanied by humongous privacy abuses, be far away?

Read all about this in Rebecca Carr’s article, “Government employing brokers as data posse,” taken from the Palm Beach Post-Cox News Service. She reports that federal agencies still use companies like ChoicePoint and Seisint Inc. (LexisNexis) despite activist and lawmaker concerns over their recent data breaches and about this potential invasion of our privacy. You can only assume from this that we do not ever learn from our mistakes.

Tuesday, August 23, 2005

Ethnic Profiling In Junk Mail

There are over 1,500 ethnic mailing lists being sold today by the junk mail industry. Compare that with the number of apparel lists being sold: just under 600. What is the fascination of such lists? A recent Web article, Marketers seek Jewish data, by Ted Siefer, points out that junk mailers are becoming more “savvy” in targeting certain groups, and that is “cause for alarm,” considering the surge of identity theft.

As Al Jolson used to say, “You ain’t heard nothin’ yet.” Most every ethnicity is covered in the 1,541 lists, with some religions also identified: Catholic, Protestant, Jewish, Buddhist, Muslim, etc. One list, “Jewish Households By Lifestyle Interest,” available through the ClientLogic company in Fairlawn, NJ, sells Jewish families that gamble, travel overseas and drink. They also sell a similar list for Islamic households, minus the gambling and drinking. Syrian households are available from the TMA List Brokerage & Management company in Reston, VA.

The Christian Science Monitor has an interesting article on their Web site, “Profiling’s Limits,” that states “the ethnic or religious identity of a person may be one factor, preferably not the only one, leading to heightened scrutiny of some passengers, truck drivers, and so forth. But that scrutiny should be handled with care and respect”

Any ethnic list sold under that category is blatantly designed to separate out a group of people and place them in a neat category. It’s all a part of the junk mail frenzy to create another database that will outperform the one before it. The approach used to be to target households of younger females that buy expensive apparel. Today, the latter applies, but the junk mailer also wants to know her age, income, occupation, education, whether she has children and what age, whether she’s married, her investments, travel plans, and, of course her ethnicity, and the list goes on and on. The question is, exactly what is all this data used for?

Ted Seifer’s article quotes one list professional as mandating that the whole process of selling these names is safe. It is not. Yes, the list owner requires samples of what is to be mailed for approval, but the bad guys have been known to submit fraudulent samples, which were approved. Once in their hands, the crooks can do with the names as they please. Or, computer tapes are lost, as was the case with Bank of America. With the large number of transactions and times these names change hands, there are endless chances for a data breach.

So, once again, what is the real purpose of amassing all this data? The short answer the junk mail industry would have us believe is to best identify households so they can be sold only those products and services they want. This becomes laughable when you understand that 98 out of 100 pieces of mail that goes to these households ends up in the trash. The honest answer is that the ethnic craze is just the latest excuse to acquire more data on U.S. households and store it in a multitude of junk mailer computers for sale.

The exception is that in today’s hostile environment due to the terrorist threat, it does not bode well for some ethnic groups that may be sitting targets. And, we’ll dig deeper into this problem in my next post.

Wednesday, August 17, 2005

Moving Ahead With Privacy In Junk Mail

In my last post, “A Brief History of Privacy in Junk Mail,” I made some points which I felt established the fact that our rights to privacy concerning our name and personal data prevail over any rights the 1st Amendment gives junk mailers. We progressed through The Privacy Act of 1974 and a 1997 Privacy Protection Study Commission that issued its report: “Personal Privacy In An Information Society.”

This Commission recommended that junk mailers should inform consumers in advance of selling their name and personal data, specifically how it would be sold. Also, that the consumer should have the right to decide “if” it is to be sold. Just short of my concept that we should have 100% control, but a good start. It isn’t clear what it cost to form this Commission, but, obviously, it was at least partially a waste of money.

The most that came out of it was the junk mail industry’s resolve to put a sometimes barely readable message in most catalogs and other offers that said the customer could opt-out of having their name sold. No mention was ever made anywhere of the zillions of bits of private information that were being collected on the individual and compiled in huge databases.

Now, fast-forward to the year 2005, twenty-eight years later. Did we learn anything? Apparently not, considering the period of time that has elapsed with nothing else being done.

So after all the breaches by the data brokers, financial institutions and large companies, Congress has decided to take another shot at privacy. That would be the Personal Data Privacy And Security Act Of 2005, sponsored by Senators Specter and Leahy. It’s the one that requires notification of a breach after it has already happened. The Act is riddled with shortcomings for the consumer, and I am really disappointed with Senator Leahy, a Democrat, for not seeing this.

The first drawback, pointed out above, is notification “after” the fact. Second, setting a minimum (10,000 individuals) on databases that have to comply is ridiculous. What’s the magic of the number 10,000? But this one takes the prize for irony: prohibiting the sale of Social Security numbers. I can see crooked information brokers looking at this section of the Act and scampering off to their computers to steal all the SS #’s they can before the legislation is enacted.

Think, Congress! The only way to curb the problem of breaches of our private information and the resulting identity theft is federal legislation that will give consumers 100% control over their name and personal data. Like I said in an earlier post, “bite the bullet” and do it right this time.

In the meantime, if you want a really happy constituency, pave the way for the junk mail shopper to share in the $4 billion annually from the sale of names and personal data. I have made a case for using this money to supplement our Social Security, and, if acted on soon, could be in place for the alarm periods of 2018 and 2042.

And to cap it all off, junk mailers recently held something called “List Vision 2005” in New York. They are worried about list-regulation legislation that is being considered by Congress and feel self-regulation is the best defense against extensive legislative restrictions. They’re talking about alleviating consumer fears. Where were these people from 1974 to 2005?

You’d think the industry would wake up and realize that the meat of their existence, the junk mail customer, deserves better treatment. Give them what is rightfully theirs: 100% control over their name and personal data. Share with them the proceeds of that $4 billion each year.

The most-attended discussion panel at List Vision 2005 was “Suicide Prevention: Let’s Not Kill the List Industry.” The 1980”s “Me” generation has taken up residence in 2005. The major concern of the list hucksters is their own well-being, and, as a former broker of mailing list names, I don’t think that will ever change.

Wednesday, August 10, 2005

A Brief History of Privacy in Junk Mail

In the case of our name and personal data, I believe that the laws of privacy prevail. I also believe that individuals have the right to decide whether or not this private information should be sold on the open market, and, if it is, to maintain 100% control. That said, what officially—or even legally—backs my theory, when opponents repeatedly cite the 1st Amendment as their right to send unrestrained junk mail?

Paraphrased, the 1st Amendment states that Congress shall make no law prohibiting free speech. Just click on the highlighted portion and you can research the Amendment at FindLaw. My question is, where does the junk mailer’s right to free speech end and my privacy begin?

The Constitution does not specifically mention a right to privacy, but Supreme Court decisions over the years have established privacy as a basic human right. The 9th Amendment states that, although certain rights are specified by the Constitution, just because something is not specifically designated, it should not mean that it isn’t a right of the people. Again, available on FindLaw.

In the Bill of Rights, 4th Amendment, the people are given the right “to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures…” It’s not likely the architects of the Constitution could have even imagined the era of computers and personal databases. They were busy putting a new country together. However, it seems clear to me that, at least in the spirit of the law, we are supposed to enjoy a certain level of privacy.

Apparently, privacy wasn’t much of a real issue until The Privacy Act of 1974, when government agencies were restricted in what they could do with citizens’ personal data. It was enacted, in part, because the people do not have the same alternatives in dealing with the federal government as they do with private business. The major concern was assuring the public that their private information would not be abused by federal agencies or bureaucrats. Even then, they couldn’t have envisioned The Patriot Act.

Three years after The Privacy Act of 1974, a Privacy Protection Study Commission was formed and it issued its report: “Personal Privacy In An Information Society,” July 1977. Click on the highlighted area and then click on “Mailing Lists.” This report has been in my hands since its original publication, another confirmation of the number of years I have been concerned over the potential problems of selling names and personal data.

One of the recommendations made by the Commission was that organizations selling customer names and personal data “…should adopt a procedure whereby each customer, member, or donor is informed of the organization’s practice in that respect, including a description of the selection criteria that might be used in selling, renting or exchanging lists, such as ZIP codes, interest, buying patterns, and level of activity, and, in addition, is given an opportunity to indicate to the organization that he does not wish to have his address, or name and address, made available for such purposes.”

Interpretation: selling our name and personal data should be an opt-in arrangement, meaning the junk mailers shouldn’t make a move without our prior approval. Folks, this was 28 years ago. The commission had the vision to predict that certain selection criteria like our “buying habits” could be tantamount to a major invasion of our privacy. They were defining “personal data” before we really knew what it meant.

In another important move, the Commission recommended against companies selling or sharing data with their affiliates, a problem that still exists today. If you trust the parent company, why not the subsidiaries? Simply put, loss of control. And, if security is lax at the top, ie. ChoicePoint, LexisNexis, Bank of America, Time Warner, what’s it like in the companies’ smaller affiliates?

In my next post on this subject, we’ll talk about what’s happening today in personal data privacy and the mounting war against identity theft.

Thursday, August 04, 2005

More On Personal Data Protection and Identity Theft Prevention in the UK

In my last post, we had just been introduced to Graham Sadd’s theory that the responsibility for a person’s data should be returned to the individual. Sadd is the CEO of PAOGA Ltd. of Maidenhead, Berkshire, England, and his company is the creator of the concept of the Personal Data Vault. Simply put, the PDV gives the consumer 100% control over their name and personal data.

He makes a good analogy of the “data available everywhere” syndrome…“like trying to recognize someone from a photograph of someone’s face made up to from 100 different photographs taken in color and black and white throughout their lifetime.” It’s not likely to look like them today. Neither will all the combined databases—compiled for years from numerous sources, containing your name and personal data—accurately reflect your true, current profile. And why is that bad?

The reason given by the junk mail industry for amassing all this private information is that the junk mailers can better target what you want to buy. So if it’s wrong or out of date, what’s the use? I’ll tell you why. Right or wrong, they can sell it for a fortune. I’m not saying they would do this on purpose, and most junk mail companies wouldn’t. As a former broker of mailing lists, I sold what was available in the marketplace, most of which, by the way, was represented as recently updated.

My point is that unless the data comes right from a legal document—like a driver’s license, voter registration, public deeds, etc.—the accuracy is questionable. Questionnaires are a farce. The person is most likely to answer the questions in relation to what free products they want. Huge lifestyle databases are built from the latter and sold for astronomical prices. Surveys may be the most truthful of the two, due to the fact that a majority are taken live, either in person or over the phone. Guess we can’t fudge on the truth when it’s so up-close.

Another major problem is the “insider’s” approach to stealing our data. If it’s an inside job, there’s not much anyone can do about it, despite the controls the data brokers and junk mailers claim they are putting in place. I’ve witnessed personally the after effects of such an incident, and there was no way it could have been stopped. In the earlier article, “Growing Concern Over Identity Cloning…”, from Devonshire Marketing, the following AOL incident was mentioned.

In mid-2004, a former AOL employee was charged with stealing the Internet company’s subscriber list of over 30 million customers, and selling it to a spammer. You can read the whole story, “AOL customer list stolen, sold to spammer”, by Bob Sullivan, technology correspondent for MSNBC. I mention this to emphasize the apparent ease with which the crooks pull it off, even with one of the top Internet providers. And, there will always be another dishonest employee lurking nearby.

So why don’t we just dump these archaic methods and go for the gold? Give the consumer 100% control over their name and personal data and make them responsible for keeping it correct. Let them decide when and where to opt-in and be able to keep out all the bad guys. And, for each time their name and data are sold, they are compensated from the $4 billion that junk mailers gross annually by selling mailing lists.

Personal Data Vaults. They’re beginning to sound like the wave of the future.

Another one of Devonshire Marketing’s Vanessa Land articles, “Retailers To Become Loyal To Consumers – Personal Knowledge Banks Will Override Loyalty Cards Over Time,” covers a topic that has become a very sore spot with some American consumers: the supermarket loyalty card that tracks virtually every item you buy from booze to prescription medications.

Her piece makes the point that Personal Knowledge Banks, just another way of saying Personal Data Vaults, if controlled by the individual, could be updated by the person to eliminate any undesired information. They could also set restrictions on who sees the data, giving permission on an as-needed basis, and with selective access, if desired.

The more I read of what is being done, or at least planned by the Brits, the more I realize just how far the U.S. is behind. Don’t get me wrong, this is a great country and we do great things. But we do tend to put business ahead of the consumer, and this has become the rule with the current administration. As I have said before, our names and personal data should be sacrosanct, and it is time for Congressional leaders to realize this and take action.

Tuesday, August 02, 2005

The Brits are Whipping Us in the Protection of Personal Data and Identity Theft

The Data Protection Act (DPA) of the United Kingdom, passed in 1998, seeks to strike a balance between the rights of individuals and the sometimes competing interests of business. That’s a good idea for the U.S., even after it has become obvious that American companies like LexisNexis, ChoicePoint, Bank of America, (and the list goes on and on) have done a lousy job of protecting our personal data.

The UK DPA fact sheet goes on to say that…”Anyone processing personal information must notify the Information Commissioner’s Office (ICO) that they are doing so, unless their processing is exempt.” In this case the Brits have taken control over consumers’ names and personal data with the requirement that business must inform the ICO of their use. Yes, there are exemptions, but this is the “balance” mentioned in paragraph one that we must achieve.

If you really want to dig deeper, go to the UK Data Protection Act 1998 for the complete version, which is far better than what we have—which is almost nothing—but still doesn’t go far enough. And no, I won’t be satisfied until every American consumer has 100% control over their name and personal data and is compensated for its use.

U.S. Senate Bill 1408, sponsored by Gordon H. Smith of Oregon, appears to be a lame, Republican attempt to appease the electorate, while leaving the responsibility for safeguarding our private information with the very companies that have proved they can’t do it. Even two prominent Democrats are co-sponsors of the bill: Senators Hillary Rodham Clinton of New York, and Bill Nelson of Florida.

The bill—whose description states it is supposed to strengthen data protection and safeguards, require data breach notification, and further prevent identity theft—talks about restraining the sale of Social Security numbers. What possible difference could that make when it would take me no more than around $50 and five minutes to get one on the Internet? They are already available everywhere and you will never stop the black-market trade in such a valuable means to achieving identity theft. The only answer is a unique ID with an opt-in only for the use of our name and personal data.

So where is Senate Bill 1408, the Identity Theft Protection Act, going? Probably nowhere, unless there is an outcry from the American people for Congress to get off their butt and do something. It was last worked on July 28, Congress is now going into its August recess, and who knows what will happen in September? With this kind of Congressional apathy, the timing for my grass-roots movement to give consumers 100% control over their name and personal data couldn’t be better.

I ran into another very interesting site from the UK. Deavonshire Marketing’s Vanessa Land is writing on the protection of our name and personal data and the identity theft problem. Her article, “Growing Concern Over Identity Cloning, Theft and Fraud Is Forcing Companies To Take Greater Precautions To Safeguard Consumer Privacy” is a must read. She quotes Graham Sadd, CEO, PAOGA Ltd., personal records management specialists, as confirming what we all know: the fact that consumers are very concerned over identity theft.

Sadd makes another significant statement: “Data loss and identity theft doesn’t just happen at the individual level. Unscrupulous criminals are also targeting groups.” Precisely why the individual should have 100% control and be the only one with the data button. He goes on in the article to cover important topics that should catapult any lawmaking body that is supposed to protect its constituency into reality and action.

Topics like the fact that we don’t have a clue as to where all this private information is, therefore, how can we expect anyone other than ourselves to control it? Considering all the data output forced on the consumer each year, both required and willingly given, government and private, think of the number of new databases being created annually. And then Graham Sadd wraps it all up in the neatest bundle. Based on his theory that legal responsibility for a person’s data should be returned to the individual, you create a Personal Data Vault to secure this information. He does it at PAOGA using the vast resources of the Internet.

I have to tell you that I am blown away by this whole concept because it is exactly what I have been proposing for the last ten years, except for one clarification. With the number of scam artists in this country, legal ownership is probably not advised. The answer is federal legislation to give consumers 100% control. Otherwise, Mr. Sadd has the whole program in place and the U.S. junk mail industry and members of Congress should take note and get more information, which is exactly what I am going to do.

More on PAOGA and this exciting issue in my next post.