Digital Footprints

Even before the Industrial Revolution and the wave of invention that followed, employers had some basic tools for tracking what their employees were doing during the course of a day: Delivery records, customer receipts, travel logs, expense reports, and other types of business records could be used by an employer to analyze the effectiveness and efficiency of their employees.

As various technological innovations became commonplace, the information companies have been able to collect regarding employee behavior has grown steadily more comprehensive and detailed. In most cases, information gathering is incidental to the main purpose of the technology: For example, the point of a company credit card is to facilitate business travel and purchases, not to generate information about what employees are doing outside of the office. Yet the use of a credit card does generate that kind of information, providing employers with a powerful tool for learning more about the people who work for them.

Credit Cards Get Steadily Smarter

In truth, the amount of information that can be generated by a small plastic rectangle—the now-ubiquitous credit card—is stunning. Thanks to the marvels of the modern telecommunications system and increasingly powerful computers, and depending on your usage habits, a credit card can compile a nearly step-by-step record of your daily activities.

The first credit cards were issued during the 1920s. For instance, General Petroleum Company issued a card in 1924 that allowed employees to charge gasoline and the cost of auto repairs. After the bugs were worked out of the system, GPC expanded its charge card program to established customers and then to the general public.

Despite the Great Depression in the 1930s, the popularity of charge cards continued to grow. American Telephone & Telegraph instituted the "Bell System Credit Card," and a number of airlines and railroads created similar programs. The only thing that slowed the growth of the charge card industry was World War II: In the summer of 1941, in an effort to curb war economy inflation, the U.S. government issued "Regulation W," which severely limited the issuance of consumer credit (including charge cards) and the maximum time allowed for the repayment of loans.

Following the end of the war, consumer consumption began steadily increasing. In 1952, "Regulation W" was repealed and, to the horror of those who survived the Depression, credit became a increasingly popular means of financing purchases. To meet the increased demand for consumer credit, companies began issuing general-purpose credit cards, which were not limited to a single business but could be used at a variety of establishments.

The first such card was offered by Diners Club, Inc. in 1950; American Express made its appearance in 1958. The primary competition for these credit card companies was the cards issued by individual banks. Bank cards had one significant advantage: revolving credit. Banks quickly discovered that consumers were willing to spend more if they did not have to pay the entire amount each month, and that banks could earn significant amounts of money by charging interest on the outstanding balance. In 1965, California's Bank of America entered into licensing agreements with banks in a variety of other states and created the national BankAmericard system, which would be rechristened "Visa" in 1977; in 1967, four other Californian banks formed a coalition to offer the MasterCharge card, which became MasterCard in 1979.

The fundamental requirement for a successful credit card system is accurate record keeping. When you make a purchase using a credit card, you voluntarily set in motion a large flow of information. In order for a merchant to receive payment for the goods or service you've charged, the merchant must correctly record your name, the item or service being purchased and its cost, any applicable taxes, the name of the merchant, the location of the purchase, and the date.

The impact of credit cards on employee privacy depends in large part on who's paying the bills. If the credit card is in your name, your employer has no legal right to access your spending records. Even if you use your personal credit card for business-related expenses, your employer will only know about those activities if you turn in the charges for reimbursement. But if the credit card bills are paid by your employer, then it should come as no surprise that your employer can and probably does review how you're using the card. You might be under the impression that if the bill for your corporate card is sent directly to you and you pay it out of your own pocket, your purchases are free from inspection. Far from it. A copy of your charges is also typically provided to the organization that requested the card. The logical conclusion is that if there are things that you don't want your employer to know about your personal spending habits (what you've bought, where you ate lunch, your midday assignation at a local motel), the best solution is to leave the corporate charge card in your pocket.

Increasingly, however, that may be difficult. As we saw in Chapter 3, there's a steady trend—led by the Department of Defense—to issue smart cards to employees. The primary purpose of smart cards is to provide a more secure identification of the bearer, but the steadily increasing capabilities of the cards offer a host of other possibilities, including charging meals at the company cafeteria and buying snacks at a vending machine. Already, a number of colleges and universities use cards that combine identification and payment systems. The Smart Card Alliance, in fact, reports that one in seventeen college students is currently carrying a smart card. Depending on their institution's system, students can use the card to enter school facilities, buy food, purchase school supplies and books, do laundry, pay library fines, make copies, receive scholarship and grant funds, and even make tuition payments. ^[5]

At first, a smart card ID that doubles as a payment card (also known as combo cards) will be limited to the facility or organization that issued it. Right now, for instance, you can use a combo card to buy a meal at a company cafeteria, but you can't use most combo cards to purchase lunch at a local restaurant. But the desire for convenience (and the need to cut down on multiple cards) will eventually merge smart IDs with general payment systems like Visa and MasterCard. And if the use of smart cards is to make micropurchases (the morning newspaper, a cup of coffee, etc.), employers issuing combo cards will have access to yet another level of detail about what their employees do during the course of the day.

At least one government agency has already experimented with a smart card that combines both identification and financial services. In 1999, the General Services Administration (GSA) issued a combo card to 450 of its employees at its Willow Wood, Virginia, facility. One side of the card was a traditional Citibank Visa card, which the GSA employees could use for various financial services under Citibank's contract with GSA. On the other side of the card was a smart chip running the Java Card operating system developed by IBM. The smart card functions as a key to the GSA building, regulates network access by comparing a stored fingerprint to the data gathered by a keyboard fingerprint reader, and contains a digital signature that card carriers can use to sign their e-mails. The GSA smart card program is just one of at least fifty-five smart card pilot programs that the GSA/Office of Electronic Government is tracking at the federal level. ^[6]

E-ZPass and MetroCards

One way to significantly cut down on the size of the paper trail that you leave during the day is to avoid credit cards altogether and pay cash. Increasingly, however, other types of convenient payment systems are being developed that threaten to expand the tracking capabilities of both employers and marketers.

For nearly a decade, drivers in the New York area have been using an electronic toll collection (ETC) system called E-ZPass. The system consists of a small radio transponder or tag that is attached to the windshield of an automobile and a receiver that can read a number emitted by the transponder as it goes by. The system can process E-Zpass-equipped vehicles nearly four times faster than coin-paying vehicles. In October 2001, The New York Times reported that there were six million E-ZPass tags in use in the North-east. ^[7]

There are a variety of other ETC systems in use across the country, and the main concern for state and federal highway administrators is what can be done to make the systems compatible. Ultimately, the goal is to resolve the technical issues so that people can drive from one end of the country to the other without having to fish for change.

Convenient? Unquestionably. The problem, as we've seen from the start of this chapter, is that convenience is paid for in the coin of privacy. When your ETC tag is read by a receiver, it creates a data record marking the specific location of your car at a certain date and time. The pool of potential data entries is likely to grow steadily in the months and years to come. McDonald's, for instance, is field-testing the use of the E-ZPass technology for its drive-up windows, and ETC companies are exploring numerous auto-related applications, including gas stations and parking garages.

It's not only cars that can be tracked through the use of ETC tags or their equivalent. Urban metro systems have been using ETC cards for years. Unlike auto transponders, however, mass transportation ETC cards are still fairly anonymous; for instance, if I go into the Washington or New York metro system and use cash to buy a MetroCard, there's no electronic record to link me to that particular card. Even though the MetroCard system tracks the fact that a particular card was used at a particular station at a particular time, the card is one of hundreds of thousands of anonymous cards purchased each day. (Of course, if I'm arrested with the card on me, or if the police successfully search a trash barrel and lift my fingerprints from a discarded card, then all bets are off.)

For the time being, even the privacy cost of having a transponder in your car is fairly low. The companies that operate ETC systems are adamant that they do not market information about the travel habits of drivers. The problem, however, is that there is no impediment to their doing so at some point in the future.

While aggregate ETC usage information is interesting to highway and metro administrators, to city planners, and to the providers of emergency services, data about the specific habits of individuals is of intense interest to retailers. The problem with most advertising methods is that they are overly broad; only a small percentage of the people who see a newspaper ad, for instance, are actually interested in what the ad offers. The Holy Grail of advertising is the perfectly targeted ad: the ideal pitch to a specific person with a particular interest. There's a widespread consensus that the travel data collected by systems like ETC brings advertisers closer to that goal. As the amount and accuracy of the information collected continues to grow, its value will steadily rise, and companies will be increasingly tempted to add another revenue stream by licensing or selling it to advertisers. ^[8]

Moreover, regardless of how loudly ETC companies trumpet their privacy policies, they are relatively meaningless in the face of a prosecutorial subpoena. In the spring of 2001, the E-ZPass records of a defendant in a murder trial in Poughkeepsie, New York, were subpoenaed to show that the defendant had time to meet with a coconspirator at a highway rest stop. The defendant's E-ZPass data showed that he took nearly an hour to travel nineteen miles, which the prosecutor successfully argued was more than sufficient time to hold a meeting along the way.

Earlier this summer, a thirty-five-year-old former Transit Authority employee was convicted of murder based in part on information collected by the MetroCard system. Charles Stewart, who worked as a subway motor-man for eleven years, was given an employee identification card that doubled as a MetroCard. He denied murdering his ex-girlfriend, Angelique Williams, but MetroCard records showed that Stewart boarded a bus heading toward Williams's home just before the murder and returned to his house from the murder scene shortly afterwards. According to prosecutors, it was the first time that MetroCard data had been used in a homicide prosecution. It is highly unlikely to be the last time.

As with credit cards, the person other than yourself who can easily request tag data is the person paying for the tag. If your company is paying for an ETC tag on the automobile you drive, there is nothing to prevent the company from asking for the location of the tolls paid with the tag and the times the tolls were paid. With relatively little effort, a company can compile fairly detailed information about an employee's daily driving habits, up to and including the employee's average speed between toll booths.

An employer's access to such information raises interesting privacy questions. Is it appropriate for an employer to map out exactly when an employee went through a particular toll booth? Is the employer entitled to know how fast its employees drive? Should your boss be able to check which train or bus you take to work? As a practical matter, if your employer is paying for your E-Zpass or Metrocard, there is little you can do to limit your employer's access to that type of information.

^[5]By focusing on colleges and universities, the manufacturers of smart cards are following a trail blazed by the personal computer industry. In the early and mid-1980s, many if not most educational institutions had programs that let students purchase computers through the school. Students grew increasingly comfortable with personal computers, and carried that experience with them into the workforce when they graduated. Similarly, today's graduates will be increasingly comfortable with the use of smart cards as cashless payment devices.

^[6]"SmartData," U.S. General Services Administration, n.d. Available online at egov.gov/scripts/sc_viewer.asp.

^[7]Jeffrey Selingo, "It's the Cars, Not the Tires, that Squeal," The New York Times (October 25, 2001).

^[8]The tempting value of customer information was amply demonstrated in the summer of 2000, when the Web retailer Toysmart went belly-up and tried to sell its customer list to raise funds for its creditors. The Federal Trade Commission sued Toysmart, and the company settled the suit by agreeing to abide by the terms of its privacy policy.