Amazon Patent’s Privacy PratfallWritten by Erik Sherman
Against a backdrop of years of vigilance in protecting consumer privacy, a newly public Amazon Patent application raises a wide range of privacy concerns. The Patent Pending envisions making gift recommendations to strangers, leveraging Amazon’s legendary database of consumer data. It speaks of using third-party databases, in addition to its own, to suggest gift ideas for–in an example the Patent Pending actually uses–”single Protestant Asian women between the ages of 25 and 35 with disposable incomes greater than $50,000.”
And because Amazon’s new invention would make specific gift recommendations for anyone who asked, it raises the question of how easily crooks could go on private-data fishing expeditions, trying one gift after another to uncover personal details about their targets.
The system the Patent application describes represents a sharp departure from Amazon’s previous approach of employing only user-approved data for gift recommendations. Less than two years ago, Amazon executive Michal Geller said that when it came to gift customization, “anything related to privacy is off the table,” forcing Amazon to focus on “some creative ways [that are] not creepy.”
But “unintentionally creepy” may be the best way to characterize Amazon’s description of the automated gift registry (AGR) system the company is trying to patent. It’s not hard to understand the need for collecting data on age, ethnic background, religion, marital status and disposable income to make gift suggestions. After all, no one would want the system to recommend either alcohol or a preschooler’s toy for a 10-year-old recipient.
Exactly how does the Patent application make that point? Like so: “For example, the system may determine to eliminate male-specific items (e.g., men’s underwear) from Sally123′s recommendation list.” (If you’re trying to avoid “creepy,” opting for an example of “men’s cologne” or a “beard trimmer” may be a better choice. But if you’re going for that “to Uncle Ernie from Tommy” feeling, it’s ideal.)
Along with the personal information, the engine also is designed to know what gifts the customer has already received, expects to receive, plans to buy and has received but returned. It tracks which items it thinks customers wouldn’t mind more of, such as silverware, as opposed to copies of a particular CD. And it draws its own conclusions about the customer’s preferences.
But there’s a troubling aspect to this possible future for Amazon recommendations. Today, Amazon makes recommendations to its customers on what to buy for themselves. In this Patent application, Amazon proposes using its own huge collection of customer data, along with data from third parties, to let almost anyone get recommendations of gifts for its customers.
And that opens the opportunity for some truly creepy games of “20 Questions.” An identity thief or cyberstalker may glean large amounts of information about an Amazon customer by bouncing potential gift ideas off the recommendation engine.
Remember, the recommendation engine envisioned in this Patent knows practically everything about a customer. But it’s also going to be devoid of human commonsense. Any human Amazon employee hearing questions like “Would a bong be appropriate? How about hollow-nosed bullets? ” would immediately recognize that something strange was going on.