Wednesday , October 17, 2018

Naked Before The Data Miner

Security Notes

It has long been established that something as simple and ordinary as our handwriting exposes our character traits, and may determine whether we receive a job offer or not. But it has only recently been established that something as simple and ordinary as our payment record exposes the same thing, with greater accuracy and higher credibility.

Tell me what you do with your money, and I will tell you who you are, who you have been, and who you are going to be. It’s the power of data mining. Checking your payment history in comparison to the payment records of millions like you, I can reach a statistically solid conclusion about which store you will frequent, what you will purchase tomorrow, and what your most likely next move will be.

Data mining algorithms have spotted hidden wealth just by tracing what prices people are paying to whom and for what. Honesty, morality, and political opinions are all readable.

Mining algorithms will develop an oddity map for each of us. If we drive too much or too little (compared to our reference group), if we dine out too often, if we buy ski gear but don’t go skiing, if we buy prescription drugs but never pay doctors—it’s endless, and it defines us. And the data is solid.

Google profiles us by our searches, which may represent fanciful curiosity but not a pressing need. Facebook knows what we wish to be known. But payment data is tied to a person, and represents a personal choice to spend that money. We are totally and frightfully naked before the data miner who slashes through our payment data.

That is why you have so many free apps that lure you with games, services—even identity protection and cloud backups—just to get a window into your spending history.

The literature is replete with great achievements by law enforcement made possible by mining the payment history of suspects. Quite a few money launderers who lived on cash became suspects by having no record of gasoline purchases while their E-ZPass records showed heavy travel. Bribe takers were caught because they routinely paid for valet parking at fancy restaurants where they never paid for food, or they bought incidentals like shaving cream in high-priced hotels where they never paid for rooms.

On a massive scale, we see new industries, like peer-to-peer credit assessment and hiring practices, based on what the payment-mining algorithms come up with. Marketers, too, are paying top price for payment intelligence. Yet, though this nakedness is a private asset, its use is not up to us. Con artists and schemers exploit it just as honest marketers do.

When a bank rejects your loan application, citing a credit report, you have the right to review that report and respond to it. But when a peer-to-peer lender turns you down, you have no clue why. It may be a blemish discovered in your payment records, or it may be a misfitting algorithmic twist. It may also be an unbecoming payment record that was put there by someone who bought your hacked credit card credentials, and is using them to buy indecent merchandise he doesn’t want showing up on his record. If you don’t see the report that caused your rejection, you will never know.

These powerful mining algorithms are worrisome in many ways. For one thing, it is not clean math. These are not thoroughly justified calculations like the ones used to certify a bridge or a building. Every programmer has his or her version, and that version gets tweaked, clipped, expanded, and branded, with very little underlying science.

Most data-mining algorithms would fail the random-data test. That is, chewing on random data, they would nonetheless infer pattern, observe regularities, extract conclusions. The programmer may be the only one in charge of the gory details of the mining, and you and I may be the victims.

—Gideon Samid • Gideon@BitMint.com

n n

 

n

Check Also

Eye on P2P: Venmo Jacks up Its Fee for Instant Transfers; BofA Touts Zelle Results

In the hotly contested market for person-to-person transactions, PayPal Holdings Inc.’s Venmo unit has rarely …

Leave a Reply