It’s widely recognized that online advertisers know a lot about web users. The most “sophisticated” of these companies gather data on potential customers by tracking their behavior around the web. Specifically, they analyze what sites users visit and what links they click. They then compile that identifying information into a database, build upon it, leverage it to determine when users return, and ultimately serve up targeted advertisements.
At that point, it’s up to the user to determine whether to buy whatever the advertiser is selling. Companies are capable of tracking user clicks across their ads, but they can’t determine whether someone goes into the store and actually buys their offered product. The tracking ends there.
Well…that used to be the case.
Bridging the Digital-Physical Divide
Enter Store Sales Measurement, a new program by which Google can reportedly prove with a high degree of confidence when online ads translate into “ka-chings” at the cash register. It works with the help of mathematical formulas created by Google that convert people’s names and purchase data, like timestamps and location, into strings of numbers encrypted by a “double-blind” system. In other words, the formulas supposedly prevent Google from knowing the shoppers’ true identities and the retailers from unveiling shoppers’ Google personas.
Jerry Dischler, vice president of product management for AdWords, offers his thoughts on this type of data matching to The Washington Post:
“Through a mathematical property we can do double-blind matching between their data and our data. Neither gets to the see the encrypted data that the other side brings.”
If it works the way it says it does, Google’s program could be a huge step forward for advertisers in their ongoing efforts to traverse the digital-physical divide. But not everyone might end up a “winner” under this new framework. The tech giant’s system could infringe on users’ privacy.
The issue boils down to how far Google has gone to protect users’ data. According to another report published by The Washington Post, Google obtained credit and debit card information of 70 percent of U.S consumers for Store Sales Measurement. But it’s not entirely known how the Mountain View-based multinational company acquired that information. For instance, it didn’t specifically say if users authorized the retention of that data. Apparently, it acquired those details from unnamed partners that had “the rights necessary” to collect customers’ payment card transaction records.
No more clarity surrounds how the mathematical formulas work to secure users’ data via the double-blind system. When asked about its new technology, Google released the following statement:
“While we developed the concept for this product years ago, it required years of effort to develop a solution that could meet our stringent user privacy requirements. To accomplish this, we developed a new, custom encryption technology that ensures users’ data remains private, secure, and anonymous.”
Pushback from Privacy Advocates
With Google steeped in such reticence, it’s not surprising that privacy advocates are a bit leery of Store Sales Measurement. At the head of them all is the Electronic Privacy Information Center (EPIC). This not-for-profit privacy-oriented research group filed a legal complaint with the U.S. Federal Trade Commission (FTC) against Google’s program at the end of July 2017.
In its complaint (PDF), EPIC urges the U.S. government to evaluate the security of the mathematical formulas employed by Store Sales Measurement. It claims, for instance, that the program makes use of CryptDB, a system which is supposed to secure data on SQL databases. But CryptDB is laden with security flaws that attackers could abuse to steal personally identifiable information and (perhaps with the help of browsing habits) unmask ordinary users.
EPIC’s complaint also raises the issue that users don’t know how Google obtains their payment card details and don’t have a straightforward way of opting out of the Measurement framework. For those reasons, among others, Marc Rotenberg feels it’s necessary for the FTC to get involved. As he told The Washington Post:
“Google is seeking to extend its dominance from the online world to the real, offline world, and the FTC really needs to look at that.”
Interim Advice for the Ordinary User
The FTC has yet to respond to EPIC’s complaint. While the U.S. government formulates a response, users can try to protect their privacy against Google’s program by disabling “Web and App Activity” and “Location History” in their Activity Controls on their My Activity Page. It’s an incomplete fix, as there are several other options that also collect users’ information, and none of those say they collect payment details specifically. But disabling those controls could still help users retain their digital-physical divide in the face of intrusive online advertising techniques.