Identity Management, Privacy, and Price Discrimination

Identity Management, Privacy, and Price Discrimination

Identity Management Identity Management, Privacy, and Price Discrimination In economics, privacy is usually discussed in the context of consumer preferences and price discrimination. But what forms of personal data privacy are compatible with merchants’ interests in knowing more about their consumers, and how can identity management systems protect information privacy while enabling personalization and price discrimination? ALESSANDRO n the economics literature, privacy is usually dis­ or her purchas­ ACQUISTI cussed in the context of consumer preferences ing history. Carnegie and reservation prices: merchants are interested Identity management systems can support such Mellon in finding out a consumer’s preferences because selective information revelation strategies by giving University Ifrom those they can infer the consumer’s maximum consumers greater control over which identities are willingness to pay for a good (his reservation price). established, which attributes are associated with them, The ability to identify consumers and track their pur­ and under what circumstances they’re revealed to oth­ chase histories, therefore, lets merchants charge prices ers. Therefore, such systems allow for transactions in that extract as much surplus as possible from the sale, which some level of information sharing is accompa­ which is what economists call price discrimination.1–3 nied by some level of information hiding. At the same In this context, consumer privacy concerns reduce to time, economic views of privacy that are more granu­ individuals’ issues with their personal preferences be­ lar than the one formal micro models ordinarily focus ing known to merchants and exploited for profit. on—that is, privacy as the protection of a consumer’s However, economists also acknowledge that con­ set of preferences—show that there are both costs and sumer privacy is not just about hiding the price paid benefits when information other than a consumer’s for a good.4,5 During any economic transaction, a con­ preferences and reservation prices are protected or sumer might rationally wish to share with a merchant revealed. The issue becomes what dimensions of per­ certain types of personal data while keeping others sonal data privacy are compatible with merchants’ in­ private.6 Consumers can incur several costs (and, terests in knowing more about their consumers and also, gain several benefits) when revealing personal their valuations for goods or services. In this article, data during a purchase: costs associated with spam, I’ll examine several ways in which identity manage­ profiling, or financial fraud when addresses, names, ment systems can protect certain types of informa­ or financial data are revealed; and benefits associated tion privacy while simultaneously supporting various with targeted offers or personalized recommendations forms of personalization and price discrimination. when information about tastes and interests is shared. The personal data shared during a transaction does Identity management and privacy not need to be personally identifiable for those cost or Identity management systems make it possible for benefits to occur. For instance, a merchant can infer a individuals and organizations to engage in selective consumer’s preferences without knowing the consum­ information revelation strategies. 7–9 By offering con­ er’s name or other public identifiers (such as his or her sumers some control over how their identities and credit­card number); or, a consumer’s status (as a stu­ associated attributes are established and revealed to dent, a senior citizen, or member of the military) can others, they become tools for privacy protection and be shared with a merchant without also disclosing his for an efficient economic balancing of information 18 PUBLISHED BY THE IEEE COMPUTER SOCIETY ■ 1540-7993/08/$25.00 © 2008 IEEE ■ IEEE SECURITY & PRIVACY Identity Management hiding and sharing. degree price discrimination, prices are based on in­ Different types of personal information raise dif­ dividual preferences (in the extreme case, individual ferent privacy concerns. Merchants can use certain buyers could receive a customized price matching their data (such as a consumer’s preferences) for price dis­ maximum willingness to pay, or reservation price, for crimination. Other data (such as the consumer’s the good). In second­degree price discrimination, credit­card number or personal address) can lead to customers self­select into buying different versions or financial fraud or spam. Accordingly, different types quantities of the good; in other words, the seller offers of privacy­enhancing identity management strategies a menu of options for a product (for instance, standard protect different types of information. In the context and premium version), and consumers freely choose I’m considering here, it’s worthwhile to differenti­ the option they desire (and the associated price). In ate between privacy­enhancing strategies that aim third­degree price discrimination, differential prices to provide anonymity and those that aim to provide are assigned to different consumer segments based on pseudonymity. some observable group characteristics, such as age, Pseudonymizing technologies can link various trans­ student status, or geographical location. actions (payments, emails, HTTP requests) by the Each degree of price discrimination relies on dif­ same agent to the same pseudonym identity, although ferent types of personal information being available they aren’t traceable to her permanent public identi­ to the merchant, and therefore raises different privacy fiers (such as her name).Anonymizing technologies not issues. It’s generally believed that consumers don’t only make any transaction from a certain agent un­ accept price discrimination (the notorious “random­ traceable to that agent’s permanent, public identity, ized” price experiment that Amazon.com attempted but also ensure that adversaries can’t link together a few years ago provoked angry consumer reaction12). various transactions by the same agent. In the realm of However, customers don’t mind price discrimination privacy­enhancing electronic payments, for instance, when it implies lower prices than those charged to David Chaum’s eCash10 is an example of an anony­ other customers—that is, when they benefit from it. mizing technology, whereas Steven Low, Nicholas Economists usually regard price discrimination favor­ Maxemchuk, and Sanjoy Paul’s credit­card approach11 ably because it can be “welfare enhancing:”1,3,13,14 is better defined as a pseudonymizing technology. under certain conditions, it can increase aggregate eco­ A pseudonymizing technology can protect a pur­ nomic welfare—for instance, when a good wouldn’t chaser’s financial identity during a transaction. But an even be produced unless its producer could target a anonymizing technology, in addition to that, might segment of consumers willing to pay high prices for it. also protect the purchaser from having her purchase Price discrimination can also increase the welfare of history tracked or might offer the additional psycho­ consumers with lower evaluations for a certain good, logical comfort of complete anonymity. This tech­ who otherwise might not have been offered the good nological distinction is important from an economic at prices matching their willingness to pay. perspective because different combinations of transac­ Given that price discrimination often relies on tion linkability and traceability allow different types consumer identification, it might seem incompatible of information to be shared and different types of with privacy protection. This, in turn, would imply price discrimination to be implemented. that adopting privacy­enhancing technologies would come at the cost of the welfare enhancements that price Price discrimination, identity, and discriminative strategies otherwise provide.1 Andrew tracking Odlyzko14 observed that the current privacy debate in As noted earlier, price discrimination refers to a sell­ e­commerce is fueled by the clash between consumers er’s ability to provide the same commodity or service and merchants around the use of personal information at different prices to different consumers. This price for price discrimination, and that the movement to re­ is based on the seller’s estimation of the price a buyer duce privacy online might be motivated by the incen­ might be willing to pay for that good. tives to price discriminate. Consumers want privacy, Price discrimination is very common in all types which implies freedom from being tracked, yet mer­ of markets: at the cinema, in airline booking systems, chants want to track consumers, which implies their and, in fact, online, where increasingly sophisticated ability to charge prices that improve their profits (for tracking technologies let merchants adjust prices based a more recent view on this theme by the same author, on the visitor’s location (as revealed by his or her IP see Odlyzko’s other work15,16). address), time spent on the site, cookie information, Although such opposing interests are read­ history of previous purchases, and so on. ily observed in many transactions, consumers can Economists distinguish between three types of use identity management systems for selective price discrimination, which they call “degrees” for disclosure of identity and attribute information. technical reasons beyond this article’s scope. In first­ Previous works have hinted at using privacy tech­ www.computer.org/security/ ■ IEEE SECURITY

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    5 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us