Amazon Patent’s Privacy Pratfall

Written by Erik Sherman
July 8th, 2010

Against a backdrop of years of vigilance in protecting consumer privacy, a newly public Amazon Patent application raises a wide range of privacy concerns. The Patent Pending envisions making gift recommendations to strangers, leveraging Amazon’s legendary database of consumer data. It speaks of using third-party databases, in addition to its own, to suggest gift ideas for–in an example the Patent Pending actually uses–“single Protestant Asian women between the ages of 25 and 35 with disposable incomes greater than $50,000.”

And because Amazon’s new invention would make specific gift recommendations for anyone who asked, it raises the question of how easily crooks could go on private-data fishing expeditions, trying one gift after another to uncover personal details about their targets.

The system the Patent application describes represents a sharp departure from Amazon’s previous approach of employing only user-approved data for gift recommendations. Less than two years ago, Amazon executive Michal Geller said that when it came to gift customization, “anything related to privacy is off the table,” forcing Amazon to focus on “some creative ways [that are] not creepy.”

But “unintentionally creepy” may be the best way to characterize Amazon’s description of the automated gift registry (AGR) system the company is trying to patent. It’s not hard to understand the need for collecting data on age, ethnic background, religion, marital status and disposable income to make gift suggestions. After all, no one would want the system to recommend either alcohol or a preschooler’s toy for a 10-year-old recipient.

Exactly how does the Patent application make that point? Like so: “For example, the system may determine to eliminate male-specific items (e.g., men’s underwear) from Sally123’s recommendation list.” (If you’re trying to avoid “creepy,” opting for an example of “men’s cologne” or a “beard trimmer” may be a better choice. But if you’re going for that “to Uncle Ernie from Tommy” feeling, it’s ideal.)

Along with the personal information, the engine also is designed to know what gifts the customer has already received, expects to receive, plans to buy and has received but returned. It tracks which items it thinks customers wouldn’t mind more of, such as silverware, as opposed to copies of a particular CD. And it draws its own conclusions about the customer’s preferences.

But there’s a troubling aspect to this possible future for Amazon recommendations. Today, Amazon makes recommendations to its customers on what to buy for themselves. In this Patent application, Amazon proposes using its own huge collection of customer data, along with data from third parties, to let almost anyone get recommendations of gifts for its customers.

And that opens the opportunity for some truly creepy games of “20 Questions.” An identity thief or cyberstalker may glean large amounts of information about an Amazon customer by bouncing potential gift ideas off the recommendation engine.

Remember, the recommendation engine envisioned in this Patent knows practically everything about a customer. But it’s also going to be devoid of human commonsense. Any human Amazon employee hearing questions like “Would a bong be appropriate? How about hollow-nosed bullets? ” would immediately recognize that something strange was going on.


3 Comments | Read Amazon Patent’s Privacy Pratfall

  1. Glanglois Says:

    Nicely done, Erik. It’s scary stuff and you explained it well. Thanks!

    However … “Patent Pending(s)” ???

    Where do we find “patent pending” used as a thing rather than a simple, short statement that a patent is pending for the invention?

    When patents are pending, they’re simply pending patents, right?

    And why on earth do we find “patent” capitalized in this piece? Even the United States Patent and Trademark Office doesn’t capitalize the word except in headlines, document titles, etc.

    OK, so it’s a nit. You’re in a hurry and supported by an editor who has less time than you do to bang these things out. It’s just the Internet.

    I don’t have an editor so I’m sure I’ve used sloppy language somewhere in the above ….. Mea culpa.

  2. Bob LeMay Says:

    Okay, this begs the question: How does Amazon know who the “stranger” is? Certainly a name isn’t sufficient: I can’t just say I want to buy a gift for Jane Smith, as there must be hundreds or thousands in the database. Will the system prompt me for the correct address? Because this could allow someone to “look up” a person who may not be listed in other online directories.

    And the example of the 5-year-old: Do I have to provide the name and age? It is unlikely that the 5-year-old will be in Amazon’s database–who lets 5-year-olds shop online under their own name? So now I am ADDING the 5-year-old to Amazon’s database FOR THEM! Along with the address, etc.

    Now, you could claim that many gifts are purchased for 5-year-olds from Amazon, so they are already in the “ship-to” database. But those names are not specifically tied to the age of the recipient; even if the gift is age-specific, it may be shipped in the parent’s name.

    And, since many of us buy from multiple online sources, Amazon’s database on us is necessarily incomplete, so the example of indicating that a CD has already been purchased for someone would only occasionally be possible.

  3. Glanglois Says:

    Bob, you’re quite right but missed the point: of course Google will need access a great deal more data, specifically including that from the infamous third parties – perhaps public records of various sorts. Then they can cross-reference the data to uniquely identify all of us. All under the name of making it easy to purchase gifts for one another. How innocuous does that sound?

    This is one more strategem Google is using to amass the Database of Destiny (DoD) that will allow them to insinuate themselves into our lives at every point.

    Let’s all re-read George Orwell, shall we?


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.