WASHINGTON – Not long before headlines exposed National Security Agency programs that secretly collect records of Americans’ phone calls, another surveillance system got far less attention: Nordstrom, the department store chain, acknowledged that it was tracking customers without their knowledge in 17 stores.
Nordstrom had hired a company to log a unique number emitted by shoppers’ smartphones, which automatically connected to Wi-Fi systems as they moved through the stores. Shortly after a Dallas TV station broke the story in May, Nordstrom announced that it was discontinuing the program.
The company that sold the tracking service, Euclid Analytics, has tracked 50 million devices in 4,000 locations for 100 corporate and other customers, its founder has said. Shoppers are free to opt out, but the process is complex — they must enter their phone’s media access control address, known as a MAC address, on Euclid’s website.
Self-confessed leaker Edward Snowden’s disclosures about domestic spying by the NSA have sparked a broad debate about whether the government is using sophisticated surveillance and data-mining techniques on its own citizens without sufficient oversight.
But information gathered and exploited by Internet giants such as Google, Amazon and Facebook — and traded by lesser-known data brokers such as Datalogix and Acxiom — can be more revealing than what the NSA can legally collect on most Americans.
“We normally think of the NSA as being far ahead of corporate America, but I’m not so sure they are that far ahead anymore,” said Mark Herschberg, chief technology officer at Madison Logic, a New York-based firm that provides data for advertisers.
Vacuuming data on us
“There are thousands of companies out there collecting information on customers, and together they are really aggregating quite a bit of data,” he added. “Google is reading through your e-mail. Amazon is looking at not just what you buy, but what you shop for.”
The collection and analysis of consumer information in bulk is enabled by what has been dubbed the “big data” revolution — the combination of digitization, cheap storage, robust computing power and sophisticated analytics that allows experts to find correlations in ever-expanding pools of data.
In many ways, big data has been a boon for consumers, allowing companies to tailor products and services. Netflix says three-fourths of its film and TV show rentals come from its own recommendations, which rely on automated analysis of customer preferences.
Big data also has the potential, advocates say, to improve medical outcomes, streamline government services and reduce crime. The Los Angeles Police Department is analyzing data to isolate hot spots in its “predictive policing” program, for example, steering officers to where crimes are expected to happen.
The downside may be just as dramatic, however.
Most Americans emit a stream of personal digital exhaust — what they search for, what they buy, who they communicate with, where they are — that is captured and exploited in a largely unregulated fashion. The information can be used by identity thieves, insurance companies, prospective employers or opponents in a lawsuit.
“How do I express my privacy requirements? Increasingly, it means I have shut off my phone and become a digital hermit,” said Ian Glazer, a vice president at Gartner Inc., an information technology research and advisory company.
In addition to privacy threats, he said, “there is a fundamental problem with fairness, in the sense that I am generating all this data about me through my devices, and these organizations are harvesting it and making a profit off it.”
Google says it uses algorithms, not humans, to mine the content of Gmail messages. Thus if someone sends a digital note about an upcoming trip, the computer may generate an ad for an airline or hotel.