Amazon Patent’s Privacy Pratfall
Written by Erik ShermanAgainst a backdrop of years of vigilance in protecting consumer privacy, a newly public Amazon Patent application raises a wide range of privacy concerns. The Patent Pending envisions making gift recommendations to strangers, leveraging Amazon’s legendary database of consumer data. It speaks of using third-party databases, in addition to its own, to suggest gift ideas for–in an example the Patent Pending actually uses–“single Protestant Asian women between the ages of 25 and 35 with disposable incomes greater than $50,000.”
And because Amazon’s new invention would make specific gift recommendations for anyone who asked, it raises the question of how easily crooks could go on private-data fishing expeditions, trying one gift after another to uncover personal details about their targets.
The system the Patent application describes represents a sharp departure from Amazon’s previous approach of employing only user-approved data for gift recommendations. Less than two years ago, Amazon executive Michal Geller said that when it came to gift customization, “anything related to privacy is off the table,” forcing Amazon to focus on “some creative ways [that are] not creepy.”
But “unintentionally creepy” may be the best way to characterize Amazon’s description of the automated gift registry (AGR) system the company is trying to patent. It’s not hard to understand the need for collecting data on age, ethnic background, religion, marital status and disposable income to make gift suggestions. After all, no one would want the system to recommend either alcohol or a preschooler’s toy for a 10-year-old recipient.
Exactly how does the Patent application make that point? Like so: “For example, the system may determine to eliminate male-specific items (e.g., men’s underwear) from Sally123’s recommendation list.” (If you’re trying to avoid “creepy,” opting for an example of “men’s cologne” or a “beard trimmer” may be a better choice. But if you’re going for that “to Uncle Ernie from Tommy” feeling, it’s ideal.)
Along with the personal information, the engine also is designed to know what gifts the customer has already received, expects to receive, plans to buy and has received but returned. It tracks which items it thinks customers wouldn’t mind more of, such as silverware, as opposed to copies of a particular CD. And it draws its own conclusions about the customer’s preferences.
But there’s a troubling aspect to this possible future for Amazon recommendations. Today, Amazon makes recommendations to its customers on what to buy for themselves. In this Patent application, Amazon proposes using its own huge collection of customer data, along with data from third parties, to let almost anyone get recommendations of gifts for its customers.
And that opens the opportunity for some truly creepy games of “20 Questions.” An identity thief or cyberstalker may glean large amounts of information about an Amazon customer by bouncing potential gift ideas off the recommendation engine.
Remember, the recommendation engine envisioned in this Patent knows practically everything about a customer. But it’s also going to be devoid of human commonsense. Any human Amazon employee hearing questions like “Would a bong be appropriate? How about hollow-nosed bullets? ” would immediately recognize that something strange was going on.
-Marc
July 8th, 2010 at 9:43 am
Nicely done, Erik. It’s scary stuff and you explained it well. Thanks!
However … “Patent Pending(s)” ???
Where do we find “patent pending” used as a thing rather than a simple, short statement that a patent is pending for the invention?
When patents are pending, they’re simply pending patents, right?
And why on earth do we find “patent” capitalized in this piece? Even the United States Patent and Trademark Office doesn’t capitalize the word except in headlines, document titles, etc.
OK, so it’s a nit. You’re in a hurry and supported by an editor who has less time than you do to bang these things out. It’s just the Internet.
I don’t have an editor so I’m sure I’ve used sloppy language somewhere in the above ….. Mea culpa.
July 8th, 2010 at 9:50 am
Okay, this begs the question: How does Amazon know who the “stranger” is? Certainly a name isn’t sufficient: I can’t just say I want to buy a gift for Jane Smith, as there must be hundreds or thousands in the database. Will the system prompt me for the correct address? Because this could allow someone to “look up” a person who may not be listed in other online directories.
And the example of the 5-year-old: Do I have to provide the name and age? It is unlikely that the 5-year-old will be in Amazon’s database–who lets 5-year-olds shop online under their own name? So now I am ADDING the 5-year-old to Amazon’s database FOR THEM! Along with the address, etc.
Now, you could claim that many gifts are purchased for 5-year-olds from Amazon, so they are already in the “ship-to” database. But those names are not specifically tied to the age of the recipient; even if the gift is age-specific, it may be shipped in the parent’s name.
And, since many of us buy from multiple online sources, Amazon’s database on us is necessarily incomplete, so the example of indicating that a CD has already been purchased for someone would only occasionally be possible.
July 8th, 2010 at 3:51 pm
Bob, you’re quite right but missed the point: of course Google will need access a great deal more data, specifically including that from the infamous third parties – perhaps public records of various sorts. Then they can cross-reference the data to uniquely identify all of us. All under the name of making it easy to purchase gifts for one another. How innocuous does that sound?
This is one more strategem Google is using to amass the Database of Destiny (DoD) that will allow them to insinuate themselves into our lives at every point.
Let’s all re-read George Orwell, shall we?