[From The Economist magazine]
New privacy services will soon allow consumers to buy goods anonymously online�forcing
web-based retailers to change the way they do business
OVER the past couple of months, a Dallas-based company called Digital Convergence has
given away more than 1m bar-code scanners to computer users across America. If the
company sticks to its business plan, it will have handed out some 40m by this time
next year. The scanners cost around $10 apiece. So why the sudden generosity? Because
the company expects to get its money back, and more, by selling information about the
users� purchasing habits.
Scanning the bar codes on a packet of cornflakes, say, sends the user�s Internet
browser to the manufacturer�s website. Each scanner, known as a CueCat, comes with its
own unique identifier code and software to operate it. On installing the software, the
user is required to register personal details such as name, e-mail address, age, sex
and post code. Such details can then be correlated with the information that the
CueCat gleans about the products a user scans. The company hopes that such marketing
information will eventually be worth more than the $400m it plans to spend seeding the
market with CueCats.
But the company had not reckoned with the ingenuity of users of Linux software. Noted
for their programming skills and their contempt for Microsoft�s Windows, a group of
Linux hackers decided to let CueCat work on computers that use the free Linux
operating system instead of the ubiquitous Windows. Being a mischievous bunch, they
wrote their software so that it would bypass Digital Convergence�s own computers. And
for a laugh, they made a Windows version available as well. Just days after the
CueCats were released, free scanning software started appearing on the Internet and
was downloaded eagerly by countless users. Digital Convergence was not amused. For the
company, every hacked CueCat was another $10 down the drain.
Data mavens
A number of e-commerce ventures have been based on the proposition that retailers,
manufacturers and advertisers are ready to pay large sums to get their hands on
marketing data collected by online services that bribe users with some free offer to
divulge their personal details. But, as the hacked CueCats show, companies that do
this are likely, sooner or later, to be bitten by their own customers. Indeed, life is
getting harder for online firms that try to survive by exploiting the marketing data
they collect. Consumers have become far more concerned about invasions of their
privacy, and they are now being given the technology to protect themselves.
Recently, two controversial incidents have caused politicians and consumer groups to
turn their attention to online privacy. After vociferous complaints, DoubleClick, an
online advertising agency based in New York, aborted its plan to merge its records of
people�s visits to websites with its database of users� names and addresses. And
public opprobrium was heaped on Toysmart, a failed Internet start-up, for violating
one of its own privacy pledges when it tried to sell its customer database to another
retailer.
Soon, consumers will no longer have to rely solely on the integrity of online
merchants to limit what advertisers glean about their web-surfing practices. A new
breed of privacy-service provider, or �infomediary�, is learning to make money from
protecting people�s privacy by short-circuiting the way that online retailers secretly
accumulate information about visitors to their websites.
One infomediary that works with consumers, Lumeria, based in Berkeley, California,
aims to let its users evade marketers selectively�and to earn money in the process.
The company�s free software encrypts a user�s profile and stores it on its own
computers. Whenever the user wants to access the Internet, he can use Lumeria�s
computer as a proxy-server, to stop his personal details from being transmitted direct
to any advertisers. The proxy-server intercedes between the user and every web page,
allowing only those adverts that match the user�s interest profile to appear on his
browser. Anonymous, aggregated information is then sold to marketers, with a royalty
paid to the user.
The only survivors
For the more paranoid, iPrivacy of New York has come up with software that can shield
a user�s activities so completely that not even the company itself has access to the
information. In iPrivacy�s scheme, a user begins by downloading software from a
company he knows and trusts�for instance, his credit-card company or bank. The
software allows the user to browse in complete privacy. When he wishes to buy
something, the program generates a new identity for him�complete with a fictitious
name and e-mail address, a coded postal address, and a one-off credit-card number.
This fresh identity is passed, via the online merchant, back to the credit-card
company, which matches the details with the user�s real identity and approves the
transaction. Meanwhile, the post office is sent a decoded address label, but still a
coded name, and ships the goods. The only entity that knows what is actually going on
is the user�s original credit-card company, which had all the personal information
already. Two added bonuses are that, because the fictitious identity is used only
once, it is impossible for online marketers to develop a profile of the user�or for
criminals to profit from its theft.
Ruvan Cohen, iPrivacy�s chief executive, has already made a contract with the United
States Postal Service for decoding addresses. The company is also working with
financial-services firms that want to license the software for their clients. The main
reason such a firm might be interested is the Gramm-Leach-Bliley Act, passed in
November 1999, which requires financial institutions to disclose details of who sees
the private information they collect from customers. The first disclosure statements
must be sent out by July 2001.
Not surprisingly, many financial institutions, anxious about their customers�
reactions, are looking for ways to shore up their reputations for confidentiality.
American Express has already launched a free one-off system of credit-card payment and
intends to provide its customers with a private web-browsing service by the end of
2000. Other credit-card suppliers plan to test iPrivacy�s software early next year so
as to be ready for the July deadline. If enough users take advantage of these online
filters, the benefits for e-commerce could outweigh the costs. Forrester Research, a
technology consultancy based in Cambridge, Massachusetts, reckons that privacy
concerns stopped consumers from completing more than $12 billion of online purchases
last year.
One worry, however, is that a privacy backlash by consumers could make it harder than
ever for online retailers to turn a profit. Amazon.com, the world�s largest online
retailer, relies heavily on its marketing database to �personalise� its interactions
with its 20m customers. Loyal customers swear by Amazon�s uncanny ability to recommend
genuinely useful purchases. But if enough users camouflage themselves, Amazon will no
longer be able to send special offers of, say, toys to customers who have just bought
some children�s books. And this kind of cross-marketing is a mainstay of Amazon�s
business model.
Many online firms have played a zero-sum game that predicated their own profitability
on their customers� loss of privacy. The balance may soon tip the other way. The
danger is that it could tip too far in the consumer�s favour. Ironically, online
consumers could then find themselves being treated rather like offline customers�with
free offers and the rest becoming a thing of the past.
Copyright � 1995-2001 The Economist Newspaper Group Ltd. All rights reserved.
