Search This Blog

Thursday, May 25, 2006

Yes, Virginia, Data Mining Can Catch Terrorists

A recent article from Information Week, “Can Data Mining Catch Terrorists?,” asks a question I first thought was rhetorical…until I read further. The author, J. Nicholas Hoover, covers all the recent activity of the National Security Agency (NSA) spying issue, touching on USA Today’s article, “NSA has massive database of Americans’ phone calls,” by Leslie Cauley. They’re both worth reading.

Hoover is right about the technology for assembling humongous databases, not the least of which is Microsoft’s Access. Data, of course, is a necessary part of the equation, and the jury is still out on whether that has been given up. If the NSA does not have the algorithms that allow them to conduct the predictive modeling/data mining that identifies patterns of terrorism, it is simply a matter of incompetence. It is expensive—when has that ever bothered this administration?—but readily available.

But there is one part of the article that I take issue with, and it is where Hoover indicates the NSA could learn from retailers (junk mailers) who mine customer data “without invading customer privacy.” When CitiBank buys your name and financial data from TransUnion (one of the big three credit bureaus that uses data mining techniques for selection), to send you a credit card offer that could be intercepted by an ID thief, that is invading your privacy.

My other major concern is the attention given to the “accuracy of data” in the piece. Hoover indicates its integrity “is different” for each data broker. What isn’t mentioned is the fact that much of your private information is also incorrect. In the article, “Privacy Activism study finds new problems for ChoicePoint, Acxion,” two major data brokers, there are alarming facts that should make every American consumer rise up and insist on control over their names and personal data.

The error rates for private information by Acxiom and ChoicePoint were 67 percent and 73 percent, respectively. 100 percent of the eleven participants in the survey had mistakes in their background check reports. This included the most basic information of name and address, but also involved Social Security numbers and phone numbers. The latter, of course, the basis of NSA’s database.

ChoicePoint has 19 billion records, including information on most U.S. residents. Acxiom’s warehouse is similar and includes over two hundred demographic and lifestyle items the last time I checked. Each has sufficient data to insure that the NSA could easily determine your household’s daily habits.

In the Hoover piece, the Government Accountability Office found in a 2004 survey that federal agencies were already involved in or planning 199 data mining projects, including 122 involving personal data. That’s your private stuff, folks. And, many of these will use ChoicePoint and/or Acxiom data, because of the contract these companies already have with the government.

So yes, Virginia, data mining can catch terrorists. But only if it is done correctly and with accurate data. It must not in the process, however, randomly access the personal records of innocent U.S. citizens, who give up this data for purposes that have absolutely no relationship to terrorism.

In my next post, I’m going to reveal the technology and antics of the predictive modeler/data miner, so that readers can understand the process their names and private information go through to forecast their next move. It’s an event that occurs hundreds of times daily, creating an identity crisis for your household each time.

Tuesday, May 23, 2006

Veterans Discharged After Vietnam...Beware Stolen Data

It’s hot news today, and worth a quick post to get out the word. It also underscores my fight to give U.S. consumers the right to control their names and personal data. If we had that right, there would be no need for the millions of veterans to worry about their identity being stolen, after the recent data theft.

What happened was that the private information of 26.5 million veterans was lifted from the Veterans Administration in another bizarre example of loose security. Those affected are discharges after 1975, or those who submitted claims to the agency before 1975.

According to Consumers Union, information such as names, Social Security numbers, dates of birth—all that is necessary to steal your life—were stolen from the home of a long-term employee. The data was downloaded to his or her home computer, which was stolen in the burglary. No indication from the VA why this moron was “allowed” to capture such sensitive, private information, supposedly protected by security.

In an article, “U.S. Veterans Data Stolen, VA Shows Little Concern Over Data Theft,” by Dave Porter, the VA has yet to explain why they waited until now—the data was taken early May—to make the announcement. This is, in fact, required by law in several states—remember California’s law and ChoicePoint?—and just another example of government incompetence.

And, while on that subject, Porter tells us that George W. Bush just got around to establishing a task force on identity theft on May 10, giving his henchman AG, Alberto Gonzales, the go-ahead to exercise zero tolerance in the prosecution of data loss cases. Yeah, right. At the same time one of the biggest culprits, ChoicePoint, continues to enjoy lucrative government contracts.

So, what to do? There’s a VA telephone number to call but I heard the incompetence persists even there. It is (800) 333-4636. If you get a letter from the VA, and you live in a state that allows a security freeze on your credit files, you have to consider this in relation to the risk. I suggest a free credit report from each of the three credit reporting agencies, spread out over a period of time that, hopefully, will either allow recovery of the data, or the circumstances are too hot for the ID thieves to act.

Beth Givens, Director, Privacy Rights Clearinghouse (PRC), warns veterans and their families to monitor their financial picture “indefinitely.” What does that tell you about their future? If you go to the PRC web site, there is a Chronology of Data Breaches showing close to 82 million American consumers who have had their personal data compromised since February 2005.

Folks, it’s time to voice your support for my goal of passing federal legislation giving you control over your name and private information. And, pay you, when it is sold. Let your local print and broadcast media know what you think. Contact your representative in the House, and your Senator.

Dave Porter said it best. “The one way you'd get lawmakers to pass legislation that would control how data is managed would be to go to Visa or Mastercard and buy the personal information on them and start posting it online.” He goes on to say what I have been saying for months, that there is no meaningful identity theft legislation in the works. He also agrees that it is lobbying money that has put us in this position.

Wednesday, May 17, 2006

Junk Mail Ethics IV

So far we have covered marketing surveys, envelope “teaser” copy, and shipping and handling costs, in relation to the Direct Marketing Assn.’s (DMA) guidelines: “DMA Releases Latest Ethics Report; Refers Listing Service To FCC.” My intent was to pick the four most prominent issues and highlight their importance from my experience as a former junk mail list broker. Number four is by far the most significant.

“Where do they get my name?” is a question on the minds of most junk mail shoppers, and the number one priority for anyone who has suffered identity theft. My concept of passing federal legislation to give consumers control over their names and personal data would not dampen in the least the efforts of the junk mail industry in finding new sources to uncover your name and private information. Why? Because this is inherent in the never-ending process of bulding intimate dossiers on every American household.

It would, however, stop them from using this data without you having full control and knowledge of the fact.

The DMA guideline states: “Direct marketers should disclose the source from which they obtained information about consumers upon a consumer’s request. Marketers should tell consumers the source of their name on a specific list, or, if not possible, the kinds of sources used.” I would add one more point. The junk mailer should also be prepared to tell the consumer how much they paid for their name and personal data.

Any regular reader of The Dunning Letter knows of my grass-roots movement to pass the above legislation that also advocates that the consumer be paid whenever their name and private information is sold. In all of my 35 years of selling mailing lists, I cannot remember the DMA seriously addressing the issue of letting individuals control their names and personal data. The reason is the bottom line for their members; selling lists is a $4 billion annual business.

But after 100 significant data breaches in 2005, affecting nearly 56 million consumers, resulting in 9.3 million victims, and a per-victim cost of $5,885, you should want to know where they got your name.

A few years ago, after placing list orders for one of my clients, and after their advertisement was sent, they contacted me about a disgruntled recipient who wanted to know where the junk mailer had gotten their name. Since every name is key-coded by list, it was easy to identity the source. I contacted the junk mailer as a courtesy to let them know they might get a call re. this matter. They stonewalled me with a complete refusal to allow me to reveal their name.

Probably not true of all junk mailers, but this gives you an idea of the secrecy level over names and private information. It certainly does not conform to DMA guidelines, above.

So what to do? Like with the shipping and handling charges in my last post, call or e-mail the junk mailer from whom you receive the advertisement. Look on the order page for a telephone number or web site, or just Google the company. Click on either “Contact Us” or “Customer Service.”

You have a right to know who is selling your name and personal data, and you really should put out the above effort to keep the junk mailers on the ball. Hopefully, this will all change soon when the consumer is finally in complete control.

Monday, May 08, 2006

Junk Mail Ethics III

We’ve covered junk mail marketing surveys that sell your personal data, and envelope “teaser” copy that is meant to lure you inside for the kill. In both instances, the Direct Marketing Assn. (DMA), touts its ethics standards for these and other issues, as covered in their article, “DMA Releases latest Ethics Report; Refers Listing Service to FCC.”

Next, let’s turn to another DMA point of concern. Junk mailers charge you a shipping and handling charge for sending the products you ordered. After 35 years of selling mailing lists to these companies, I am still confused about just how they arrive at the S&H. It is supposed to be the total of postage, UPS, Fed EX, etc., and the labor necessary to prepare your package for shipping.

Here are the DMA ethical guidelines: “Shipping and handling costs should not be excessive. They should bear a reasonable relationship to actual costs incurred, according to DMA’s guidelines. Marketers should be able to substantiate their shipping and handling charges.” I went to the DMA site, “Guidance For Establishing And Substantiating Shipping And Handling Charges,” and found three pages of text that basically say junk mailers should charge a fair amount.

But it is this part that I don’t understand from the above statement: “They (S&H charge) should bear a reasonable relationship to actual costs incurred…” Does that mean junk mailers can mark up shipping and handling, as if it is an extension of the merchandise they are selling? I am here to tell you that it is done. In doing list work for one company a few years ago, the person in charge told me it was customary to tack on a few bucks to S&H.

However, it is the manner in which the shipping and handling is calculated that mystifies me most. The figure you pay is based on the dollar amount of the order. If you purchase items weighing five pounds that add up to $25.00, you pay the same amount as the customer who has the same dollar amount, but the order weighs ten pounds. When I go to UPS or USPS to ship something—companies many junk mailers use—the package is weighed and I am charged accordingly, supposedly including handling.

I decided to do an analysis of major catalogs to determine a range of shipping and handling costs, based on this industry-wide system. My fictional order would total $50.00 to make sure each catalog was measured equally. Out of twelve catalogs, the S&H cost extended from FREE to 24 cents per dollar ordered, with the average around 18 cents. That means you must add an average of 18 cents to each dollar purchase you make by junk mail, which is a bargain if you don’t have the time to go to the mall. Particularly, with current gas prices.

To name a few names, Lillian Vernon ships free for over $40.00 purchases. TravelSmith is the next cheapest at 14 cents per pound. Harry and David came in highest at a whopping 24 cents. Improvements was 22 cents; Plow & Hearth and Signals 20 cents; Sharper Image and Walter Drake 18 cents; Crate and Barrel 17 cents; and Maryland Square, Coldwater Creek and PetsMart at 16 cents. Go figure.

Here’s my advice. Call or send an e-mail to your favorite junk mail catalog and ask them just what they base their shipping and handling charges on, and how they are calculated. Look on the order page for a telephone number or web site, or just Google the company of your choice. Click on either “Contact Us” or “Customer Service.” You might be interested in what you find out and I would like to hear about your results.

The next and final ethics issue is the answer to everyone’s question: where did they get my name?

Wednesday, May 03, 2006

Junk Mail Ethics II

In my last post, I covered junk mail marketing surveys, which was listed in the Direct Marketing Assn.’s (DMA) article, “DMA Releases latest Ethics Report; Refers Listing Service to FCC,” as a priority in their ethics agenda. My blog pointed out just how much of your personal data is requested in these questionnaires, and how rich the junk mailers get from selling it.

Another DMA issue from the article was “teaser” copy; those alluring statements on the front of junk mail envelopes designed to get you inside. The DMA states that they, “…should not cross the line into deceiving a consumer about the nature of the promotion.”

One only needs to remember the sweepstakes mailing received by an individual not too long ago that indicated they were a winner. The person paid their own way to Florida, if I recall correctly, to redeem the prize, only to find out they had won nothing.

My wife just received a mailing from the AAA; we both are members. The envelope has two pieces of “teaser” copy. First, the “Club President” has authorized an upgrade in our membership, “free of charge.” Second, on an oval black and gold seal: “Courtesy Upgrade, FREE, To AAA Plus.” We are instructed to confirm by return mail.

Not until you get inside the envelope and carefully read all the literature, do you find out that it’s only free for one year. Then it costs you $58.00, and that’s in addition to the $73.00 we already pay. Although the letter mentions a $58 renewal after one year, you must go to the “Return Receipt” to find out your grand total is going to be $131 ($58+$73). There are additions to the coverage but the only thing we have used AAA for in the last year is maps, so I’m not sure of the value.

Junk mail auto insurance company, 21st Century, sent us a mailing recently soliciting our business. The envelope says: “Think you have the best auto insurance just because you’re with one of the biggest companies? You’re in for a surprise.” That got me inside, because I was curious just how they knew I was with one of the “biggest companies.” They didn’t.

That was just another ploy to tell me four things my “big company” insurance agent won’t tell me: 1) I can save $300 switching to 21st; 2) No other company offers the important policy features 21st does; 3)No other company is as accessible and easy to work with; 4) They are rated A+ by Fitch Ratings. As to one through three…questionable. And for number four, my “big company” is rated AA+ by Fitch.

Finally, probably the fastest known data acquisition known to man: when you buy or refinance your home. Your name, and a bunch of private information, is made available to a host of predators, not the least of which is the very company with whom you bought or refinanced. You told them at closing you didn’t want all the extra insurance, but apparently they didn’t believe you. Add to that a number of companies you’ve never heard of, and you begin to understand the true meaning of “junk mail.”

Envelope messages like: “Important Information concerning Your Mortgage!,” “Personal and Confidential,” “Protect Your Home.” Here’s my answer. I would like to protect my home from the inane junk mail I receive, or, give me a piece of the action and pay me every time my name and personal data is sold.

Next issue of concern: do junk mailers make a profit from your shipping and handling charges?