WASHINGTON - Long before Edward Snowden’s revelations of NSA monitoring programs, privacy advocates have warned about encroaching government surveillance and the erosion of privacy in the digital age.
But less attention has been paid to the many ways that private companies monitor, track, and even buy and sell personal information.
Now, a Harvard-based researcher is shining a light on the specific ways corporations are using our private information for their own profit.
In his new book What Stays in Vegas, author Adam Tanner documents how the world’s largest casino operator, Caesars Entertainment, turned the detailed collection of personal data into millions in profit.
Tanner, a fellow at Harvard’s Institute for Quantitative Social Science and a decades-long journalist, doesn’t argue whether such comprehensive data tracking is good or bad. But he does make clear that the burgeoning business of mining personal data represents as serious a challenge to guarding privacy as the NSA.
VOA spoke with Tanner about personal data collection at casinos and elsewhere online.
VOA: Who legally owns an individual’s personal information?
Tanner: “You ask a very simple question which has a very complicated answer. It’s not exactly clear who owns your personal information. And this is across all the different things you do: as a consumer, as a patient and in other areas. For example, if you’re shopping, data is shared from you to the merchant so they can make use of that data to fulfill your order. But then, do they keep all that information? Do they sell if off to others? Is there this big commerce of your data beyond? That’s the focus of this book and my research.”
VOA: Where does all this data live, and have you ever been surprised by what’s out there?
Tanner: “There are different realms of the places where it could be floating. There’s the Internet, but there’s also the realm of private commerce stuff that you don’t see but is still out there. For example, data brokers are large companies that have files on hundreds of millions of people – not only in the United States, but increasingly worldwide. These files are available to other companies who buy this information. So it’s not available directly on the Internet for anyone to see, but it is available to anyone willing to purchase it. I’ve been surprised not specifically what might be on the Internet, but the kind of detailed lists, often very intimate, that exist for big groups of consumers.”
VOA: That is not very comforting, is it?
Tanner: “There are a lot of things about technology that are great and have improved our lives, from cellphones to the Internet and so on. But there is a side effect of possible dangers to our privacy. I’d draw a parallel to the development of automobiles. As cars developed they became much faster, but there was very little safety mechanisms. Then, first came seat belts, then three-point belts, and now airbags; all this came much later. The same might be needed as we develop the Internet in the digital age when it comes to our personal data. I would like that you at least have a say in what goes on with your personal data.”
VOA: What’s the difference between government surveillance and private data collection?
Tanner: “The difference is that governments can be very sophisticated how they collect data on individuals they want to target. But many governments – and I’m talking here of countries that aren’t authoritarian – aren’t interested in maintaining active dossiers on hundreds of millions of people. Commercial entities, however, are interested in that, because they want to sell stuff and make profits. So curiously, you have a situation where this detailed, personal information is most actively gathered not by a government but by private entities.”
VOA: A lot of this book is set in Caesars Palace, and if there’s a protagonist here, it’s someone named Gary Loveman. Who is he?
?Tanner: “Gary Loveman is the boss of Caesars Entertainment, the largest casino company in the world. He’s very different from the kind of casino boss in Hollywood movies – people like “Bugsy” Siegel or “Lefty” Rosenthal. Instead of links to the mob, today’s casino boss is very different. Gary has a Ph.D. in mathematics from the Massachusetts Institute of Technology and was a much beloved professor at the Harvard Business School.
“Gary developed the concept of “lifetime value” of customers, trying to keep people coming back again and again. He was hired by Harrahs, which became Caesars, to bring these tricks to Las Vegas. The problem in Vegas is that casinos are largely the same – they may look different on the outside, but the games are all the same. Same rules, same odds. He was brought in to gather lots of data about customers to keep them coming back, which was controversial at the time.”
VOA: Why does a casino care more about data than the odds?
Tanner: “Data is so special because the casino wants to make you feel special. You can go to any number of casinos in Vegas. Harrah’s wanted to you to come to theirs, so Loveman originated the “Total Rewards” loyalty program, which has now become standard in many different businesses. It works like this: the casino gives a good customer special perks – free food, free rooms, free other things. But they have to figure out who deserves those things, and who’s going to gamble a lot of money. Loveman figured out how to learn a tremendous amount about customers to keep the best ones coming back.”
VOA: It seems that a big difference is that Caesars’ loyalty program is totally voluntary; you agree to share personal information for possible perks. But in a lot of online businesses, there’s nothing clear or voluntary about it at all. Is that correct?
Tanner: “That’s exactly right. At Caesars, if you want to gamble anonymously, you can lay cash on the table and no one will ask anything about you. And Caesars doesn’t sell its data on you to anyone else. With many businesses online, it’s not at all clear what they collect and what they do with your personal, often intimate, information. One trick is they have these very lengthy privacy policies that confuse even lawyers. You shouldn’t have to worry if you made a mistake by ordering something from an online company because you have no idea who they really are and what they’ll do with your information.”
VOA: What kind of data can a casino acquire, and how do they use that?
Tanner: “If you’re using the loyalty card, they can know on any visit exactly how much you spend and where you spend it. They can track you in real time down to the penny; they could see today you’re down $515 dollars, for example, even though the odds of the game you’re playing say you should only be down $200, and that typically you’re only down $300 per machine.
“So now they know you’re way down today, and may then send a text message to a casino employee to come over to you and say ‘Mr. Jones, so good to see you again. We wanted to give you some something.’ And let’s say they also know that you like Elton John or often dine at a specific restaurant, so they may give you free tickets for one of those. Having that level of specific information about you in real time changes the entire experience. It’s all very sophisticated.“
VOA: What are some examples of online business profiting from personal data collection?
Tanner: “Just one example: there’s an industry you could call the ‘people lookup’ business on websites which has become common in recent years. When you look up someone’s name in a search engine, you’ll see advertisements on the results page saying, ‘Look up this person’ for their history, background, criminal background, what have you. These kinds of sites compile public information – birth certificates, mortgages, arrests – and private data they’ve purchased.
“In the U.S. particularly, there’s not much regulation on this than in some other nation; but even people not in the United States should be concerned about this because the companies and models we develop here often influence what happens worldwide. So even if they don’t have these companies in your nation now, they may be coming.”
VOA: How legal is all of this?
Tanner: “Some companies have certainly gone over the line, but the lines are often blurry when you’re dealing with personal data about what is, and what isn’t allowed. One area where some of these online people search have gone over the line is when they advertise something like ‘Look up your babysitter for criminal records.’ By U.S. law if you hire someone, there’s a special standard of information, and you can’t just do that for people you hire, so these companies have been fined pretty substantially.”
VOA: OK, it might be legal, but that still doesn’t make it any less creepy, right?
Tanner: “That’s very true. Again, there’s all this good stuff these technologies are bringing us, but there is certainly a creepy factor with the mass aggregation of personal information. Even pieces of information that seem very innocent, put together can suggest a whole lot about you in ways that you had not expected.
“For example, take what size pants you wear combined with what sort of cable TV plan you have. Together, they might suggest you’re overweight, you watch a lot of sports, and you spend a lot of sedentary time at home. So now, maybe a health insurer might deem you a higher risk. We should really be cautious about how seemingly unconnected information may be used to discriminate against you or create some really negative impact.
“It all makes sense economically, but it does carry with it worries. I’ve certainly used a lot of privacy tools and experimented with different ways how one could share data. I have a whole appendix in the book on things people can do if they want to take more precautions. And it is true if you’re interested in protecting your privacy, it does take some work, starting even with reading those privacy policies you agreed to or installing programs on your phone or your computer. It’s extra work, but if it’s something you care about, it’s worth exploring.”
VOA: So how concerned should people be about their privacy and this personal data economy?
Tanner: “I think people should be concerned enough to give it some thought as to what happens with your data and then respond accordingly. There may be companies you love and you’re confident they’re doing good things, so you happily share your personal data for the services they can provide. But maybe there are a lot of other companies online that you have no idea who they are, where they’re based, what their policies are, you might want to be more wary of doing business or sharing anything with them. There’s probably certain areas of your life – health, finances, sexual things – that you want to be much more.”