Privacy and Security for Marketing

Mark D. RaschDirector, Privacy and Security Consulting

CSC – MRasch2@csc.com

#bridgeconf

John Wannamaker

“Half the money I spend on advertising is wasted. The trouble is, I don’t know which half.”

Goals of Marketers Obtain comprehensive, accurate and timely

data about possible customers that includes:◦ Purchasing habits and predictions◦ Profile (race, age, orientation, income) that might

influence purchasing◦ Information about readiness to buy◦ Location information

3

Secret Goal of Marketers NOT to sell to customer BUT

◦ To get customer to sell to others!

Thus, social marketing, Google, Facebook, etc.

4

Don’t Be Evil?

Google’s new privacy policy effective March 1, 2012

“if you’re signed in, we may combine information you’ve provided from one service with information from other services”

5

Goog 411

Free directory assistance 1-800-GOOG411 Business listings AND

connection and direction What does Google collect?

6

Location Data + Desire The Holy Grail of

Marketing◦ Knowing WHO wants to

buy◦ WHAT they want to buy◦ WHEN they are ready to

buy and◦ WHERE they are going to

buy

7

Location Data

From apps From IP address From databases

◦ Public Databases◦ Social Networking

From technology◦ Cell phone◦ EZ Pass◦ OnStar

From Surveillance

8

US v. Antoine Jones Government put GPS

transmitter on car No warrant (actually

exceeded scope of warrant)

Monitored all activities for 28 days

No expectation of privacy?

9

Supreme Court (January 24, 2012) Majority (Scalia) – Placing Device on Car is trespass, and a “search and seizure” under 4th Amendment – warrant likely required.

Concur – Sotomayor – agrees that there was trespass but would go much further – even reexamine Smith v. Maryland

Alito (w/Ginsburg, Breyer & Kagan) – no trespass, harm was in monitoring

10

Stingray

Spoof cell tower Obtain ESN and signal strength Learn location No warrant, no subponea In use now US v. David

Rigmaiden

11

Footpath Monitors cell phone of

customers Determines location of

customers as they travel through the mall

“ping” cell phone for location data

In use in UK – claim that data is publicly disclosed

12

18 USC 3127 “pen register” records or decodes dialing,

routing, addressing, or signaling information (not content)

“trap and trace device” captures the incoming electronic or other impulses which identify the originating number or other dialing, routing, addressing, and signaling information reasonably likely to identify the source of a wire or electronic communication, provided, however, that such information shall not include the contents of any communication;

13

Who Knows WHERE You Are? OnStar

AT&T/Verizon/Sprint (as cell provider) AT&T/Verizon/Sprint (as data provider) Google (for maps, etc.) EZ Pass Red Light/Speeding/License

Recognition Parking Meters Video Surveillance/Facial Recognition

14

Who ELSE knows where you are?

Location aware applications

Intermediaries Data Collectors ISP’s Other third parties

15

What Do Marketers Want?

Surfing activity? Purchasing Activity? Social Networks? Interactions with others?

◦ Stores◦ Hospitals◦ Insurance◦ Others?

16

Where Does Consumer Data Go?

17

Source: The Future of Privacy Forum - http://www.futureofprivacy.org/2008/11/26/where-does-your-data-go-before-you-even-click/

Amazon Kindle Fire Browser is “cloud

optimized” Means ALL data travels

through Amazon cloud services unencrypted

So, Amazon knows everything you look at, purchase, etc.

No limit on use/sale of that data

Behavioral Targeting Activities

19

Source: TRUSTe Whitepaper: Online Behavioral Advertising: A Checklist of Practices That Impact Consumer Trust

Facial Recognition Marketing

Facial Recognition for targeting

Target ads based on identity or attributes

Coke Zero Facial Profiler – why are they doing this?

20

Privacy remains extremely important to a majority of individuals.

21

Source: TRUSTe/TNS 2009 Study: Consumer Attitudes About Behavioral Targeting

Are you familiar with the term “behavioral targeting”?

22

Source: TRUSTe/TNS 2009 Study: Consumer Attitudes About Behavioral Targeting

When I am online, I am aware that my browsing information

may be collected by a third party for advertising purposes.

23

Source: TRUSTe/TNS 2009 Study: Consumer Attitudes About Behavioral Targeting

CMU Augmented Reality Experiment

August 2011 – Prof. Alessandro Acquisti, Ralph Gross, Fred Stuzman

Collected images of people walking around on campus

Used public databases

24

Augmented Reality

Image of SubjectProcess Image

(digital)

Compare Image to ALL images online

(Facebook, campus, etc.)

25

Publicly available with off the shelf facial recognition

Augmented Reality

Identify Subject

Identify Subjects’ Interests

Obtain Detailed

Information

26

Publicly available with off the shelf facial recognition

But wait… there’s more… With JUST the image of

the passer-by, could obtain subjects’◦ Name, address, telephone

number◦ Photos of friends, house,

neighbors, associates◦ Court records, license info.,

mortgage and assessment◦ Social Security Number!◦

27

NORA

Harmonizes data Looks for patterns Links databases Finds non-obvious

patterns Acts on patterns

28

Sorrell v. IMS Health, Inc. Facts

◦ Drug companies use “detailing”◦ Vermont statute regulates “prescriber-identifying

information.” Without consent: Pharmacy can’t sell it (for marketing?) Pharmacy can’t allow it to be used for marketing Drug company can’t use it in marketing

◦ Drug companies and data miners both sue Similar Maine and N.H. statutes upheld Second Circuit strikes down Vermont’s

Sorrell v. IMS Health, Inc. Heightened scrutiny

◦ The creation and dissemination of information are speech

◦ This content-based restriction is like a ban on selling cookbooks, lab results, train schedules

◦ Detailers can’t do their job (speech) without this commodity (information); like banning a trade magazine from buying ink

Privacy Principles Respect Privacy Data Subjects have a right to know what is

being collected Opt in/Opt Out Protect Data Data Accuracy Don’t be creepy…

31

Personal data should not be processed at all, except when certain conditions are met. These conditions fall into three categories: transparency, legitimate purpose and proportionality.

Basic Principles of Privacy

The data subject has the right to be informed when his personal data is being processed. The controller must provide his name and address, the purpose of processing, the recipients of the data and all other information required to ensure the processing is fair.

when the data subject has given his consent when the processing is necessary for the performance of or the entering

into a contract when processing is necessary for compliance with a legal obligation when processing is necessary in order to protect the vital interests of the

data subject processing is necessary for the performance of a task carried out in the

public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed

processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject. The data subject has the right to access all data processed about him. The data subject even has the right to demand the rectification, deletion or blocking of data that is incomplete, inaccurate or isn't being processed in compliance with the data protection rules. (art. 12)

Transparency

Personal data can only be processed for specified explicit and legitimate purposes and may not be processed further in a way incompatible with those purposes.

Legitimate purpose

Personal data may be processed only insofar as it is adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed. The data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that data which are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, are erased or rectified; The data shouldn't be kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the data were collected or for which they are further processed. Member States shall lay down appropriate safeguards for personal data stored for longer periods for historical, statistical or scientific use.

When sensitive personal data (can be: religious beliefs, political opinions, health, sexual orientation, race, membership of past organizations) are being processed, extra restrictions apply.

The data subject may object at any time to the processing of personal data for the purpose of direct marketing.

Proportionality

Don’t be evil Transparency is good Privacy can be your friend (and respect for

privacy can be to) In the end, MOST people don’t care that

much… A soldier will fight long and hard for a bit of

colored ribbon. Napoleon Bonaparte

In Summary

For more information…

Mark D. RaschDirector, CyberSecurity and Privacy Consulting, CSC3160 Fairview Park Drive, Room 305Falls Church, Virginia 22042Tel: +1 301 547-6925 Fax +1 240 209-5344mrasch2@csc.com

37

Closing Slide: Thank you and your contact info here

Don’t forget to visit the Solutions Showcase!

Many of the ideas discussed today are on display at the Solutions

Showcase! #bridgeconf