Anonymity online is becoming an increasingly desirable state for some consumers - and may even become a default position in coming years. Why are ever more people opting-out of providing their data and what can commercial companies that rely on using it do? David Reed finds out.
What do you think about the behaviour of the consumers in the following scenarios?
Aware that she might be watched, a shopper makes her way to the market via back streets and buys her groceries in cash.
Wanting to keep a gift secret, an individual uses a money exchange to hide the source of funds for a transaction.
Guilty about the emotions it contains, a lover sends a letter and asks its recipient to burn it after reading.
While all three activities have an element of the unusual, none of them is inherently dubious - every week, shoppers pay in cash for goods at their local market (and may share the ICO’s scepticism about the use of CCTV), while there are many reasons for wanting to hide a transaction, such as when buying your partner a birthday present. As for destroying messages - if you’ve never needed to ask a lover to do that, then you haven’t lived.
Behaviours in the physical world may be coming under increasing surveillance, but the principles of free passage and association are what underpin our society. So why is it that, when those same activities are carried out online, the desire to have the same level of anonymity is viewed with deep suspicion?
In the face of data breaches of the scale of eBay and Target, combined with revelations about state snooping, it is little surprise that some consumers are choosing to withhold their identities as much as possible. So is this a permanent behavioural shift? And even if it is temporary, what can commercial organisations that rely on data do to persuade those doubters to part with their personal information?
Future Foundation has identified sufficient numbers of consumers following this track to dub it “The Power of Anonymous”. In research last year, 70 per cent of consumers agreed that their movements online would be tracked. Perhaps as a consequence, 68 per cent said they would prefer to browse anonymously, while 81 per cent wanted more control over their personal information.
“There is a tendency to see creepiness and a lack of control,” confirms Josh McBain, account director at Future Foundation. “The more out of control consumers feel, the more critical they are.” The caveat is that broad attitudes get diluted in more specific situations - only 27 per cent of consumers are concerned about Facebook having their personal information, for example.
He believes that most consumers will not adopt anonymous online services as a result, but does see a rise in interest around the “consumer capital” argument. “It used to be that you used to have to be quite clued up about information sharing in order to demand a benefit for yourself - now that is moving more mainstream,” says McBain.
What that means for brands is a need to be very clear about the purpose of data and to offer benefits all along the line in return for data. By contrast, there are many situations in which consumers could - and should - be able to remain anonymous, such as when researching a sensitive medical condition or initiating a complaint, for example. “That behaviour spreads the demographic of anonymous online,” he points out.
Social media are also adding to this within a trend he calls Performative Personality. Says McBain: “People want to be more like the person they present on social media. It is not about toning down that online personality, but curating how you want to be perceived. Some are becoming more circumspect compared to the early days of Facebook where they put everything online. It is a changing social norm.”
For some consumers (or perhaps for all consumers in some situations), that will mean going anonymous on occasion. This behaviour is not limited to the West in the wake of revelations about state data gathering - it can be seen in India, China and even Brazil, whose government has proposed building its own internet infrastructure to protection citizens’ data.
One paradoxical outcome of the efforts made by national security agencies to ensure their access to as much personal information as possible has been to reduce the security of that data. Secret back-doors engineered into encryption systems, for example, risk being discovered by criminals and hackers. Consumers may also react by turning more towards services that keep them anonymous, from Tor browsing to Snapchat and its like.
“I see this as a permanent issue which may well start to accelerate,” warns Hugh Boyes, cyber-security lead at the Institute of Engineering and Technology. He points to the way some individuals are starting to experiment by finding the limits of anonymity by holding back their personal information, such as sociology professor Janet Vertesi who discovered just how hard it was to conceal her pregnancy from the Internet. So complex did her stratagems have to be that, at times, they made her feel like a criminal, she has said.
“We will see more of that as people get more worried about things like behavioural targeting with ads following you around,” argues Boyes. “But because of the way the internet works, it is extremely hard to remain anonymous. From a cyber-security perspective, there are lots of ways to make it difficult.”
Static IP addresses for home internet access are one of the common identifiers used where personal information is not available because of their persistence. He notes that any site which engages in trading will have to be able to identify individuals in order to reduce fraud, but adds: “There has to be a balance between the service provider’s data needs for legitimate purposes with the exploitation of data that gets collected beyond what is needed to do that job.”
This is one of the core principles of the Data Protection Directive and has been rolled forward into the proposed Data Protection Regulation, of course. Data minimisation is constantly preached by regulators, although this principle is probably the most regularly breached, especially with the current pursuit of big data.
At the same time, data collected online can become a route to its improper usage offline. “Getting to you in the physical world and causing harm is the end game for the bad guys,” says Tim “TK” Keanini, chief technology officer at Lancope. Companies need to link the identities they are given by customers online with their offline identities in order to combat fraud, which creates a potential risk that criminals can exploit.
“We need to develop systems on the internet that are a little more free of the constraints of the real world,” he argues. That could mean more use of solutions and intermediaries that enable e-commerce and e-service without the individual having to provide their personal information to the end point (think how PayPal is increasingly being adopted as a payment mechanism).
To Keanini, the desire to remain anonymous online should not be treated with suspicion. “If you look at social science studies, it can be therapeutic to some people to play in an environment where expression is not held back by the social mores of the real world,” he says. From early virtual worlds like Second Life to avatars in online gaming (plus leakage into social media and comments boxes), this behaviour has been much in evidence.
“The giants who make money on tracking you need to take another look at things like BitCoin and other crypto-currencies because those systems have no regard to who you are in the physical world. They need a different level of abstraction by just making sure that the authentication and integration between yourself and your pseudonymised self is held true,” he says.
An online social identity can be fully pseudonymised and the use of two-factor authentication can maintain that status while still guaranteeing the bone fides of the individual behind the identity. “The idea that you need to know who somebody is in the physical world is very old world thinking,” says Keanini.
Not surprisingly, some companies have spotted a commercial opportunity in upholding their customers’ anonymity. Sweden’s self-styled “free speech ISP” Bahnhof, for example, gleefully seized on the 8th April verdict of the European Court of Justice which struck down the data retention directive. “Just hours after the verdict I ordered our technicians to abort storing traffic data about our customers. Moreover, we erased existing data”, said CEO Jon Karlung.
Onthe business-to-business side, a Swiss data centre has been promoting itself on the basis that access to any data it holds can only be granted following a court order which proves guilt or liability of the data subject.
“Switzerland’s heritage in international banking has lent itself well to data storage. The country’s reputation is built on neutrality, privacy and independence, and Artmotion applies the same principles to maximise data security,” said director Mateo Meier. “Clients in the financial, oil and gas and retail sectors are relying on companies like us in Switzerland to store data such as financial records and sensitive business information.”
Not surprisingly, companies which rely on personal information have a more optimistic view about the trend for anonymity online, even as they recognise its impact. “I expect there will be a minority that are interested in remaining anonymous as much as possible,” accepts Matthew Keylock, chief data officer at dunnhumby. “Companies need to give people a choice - it is right that customers should be able to choose the extent to which they can stay anonymous.”
Pushback against being tracked and the amount of data being captured is likely to encourage more businesses to offer vanilla or entry-level services that do not require immediate identification or provision of personal information. But Keylock questions the perception that even in the physical world it is possible to stay anonymous. “If you walk into a store, you may be identified by the owner or shop assistant. You are only really anonymous if no data at all is being captured and there is no CCTV.”
“If consumers really start to want to remain anonymous, that is a clear sign that companies are not doing a good job in building trust,” says Keylock. In one recent survey, 32 per cent of US consumers said they did not trust Microsoft SkyDrive/OneDrive, while 22 per cent distrusted Apple - both major brands with a significant stake in ensuring consumers carry on providing personal information via devices and software.
“Sharing the value is really important. There are different levels at which companies need to have data in order to make their services better and to improve their business. It is not always obvious that data has been used to optimise things like a retailer’s range or product assortment,” argues Keylock. It is doubtful whether companies would want to show their hands to that extent, even if they are moving towards greater transparency.
Caroline Worboys, managing director, Wunderman Data and Insights, KBMG Group EMEA, agrees: “You have got to get the value exchange right, especially around how your customers can manage their data and their ability to change it. You need to spell out the preferences on what you want to know or how to contact them. That is really helpful in building trust.”
She believes that the “Power of Anonymous” trend has been fuelled by poor customer experience and excessive use of push marketing, as well as a failure to provide non-identified services. “If you don’t need a person’s data to interact with them, why take it?” she asks. Increasingly, that conversation is happening with clients of her agency early in the cycle, with the appropriate moment to start data capture one of the key points of the discussion. As Worboys considers: “When is the optimal point so an individual does not drop off and it does not become a barrier?”
From her experience, she argues that organisations are getting more savvy on this issue with less full-on data capture in the early stages. Phased collection online is steadily becoming the norm to reflect a deepening relationship. “Brand trust in the future is going to be much more important than ever to customers,” she says.
Further evidence of the concerns consumers have emerged in the DMA Customer Acquisition Barometer, produced in association with McDowell Media. A key finding was that 52 per cent of consumers were willing to give commercial organisations their personal information. Notably, the other 48 per cent thought they had not given out any data in the last 12 months - an indication that much of the data exchange remains hidden from its subjects. Andrew Colwell, marketing and commercial director at McDowell Media, says: “The trend towards anonymity means you have got to give consumers a compelling reason not to withhold their data. If you do that and gain their trust and use the data appropriately, there is no reason for them to remain anonymous.”
The research showed that consumers believe their consent has a shelf life, which makes re-acquisition of permission an emerging requirement. That is likely to be necessary in any case if the Data Protection Regulation gets adopted. In the short term, the risk is that organisations are hoarding data against that evil day.
“The danger is that, in arguing about this trend, like a lot of new trends the first reaction is one of fear. I think it has to be embraced. That might not seem a natural thing to say, but for people with an issue about their personal information, it may end up being the case anyway,” says Colwell.
At the moment, genuinely anonymous online services are still the preserve of a small minority. To many in the data industry they appear like a bizarre cult, obsessively removing cookies from their browsers, using Tor and Snapchat, buying a Black Phone and probably wrapping their rooms in foil. But it is a behaviour which is starting to cross into the mainstream and will have to be thought about very carefully. The days when it was reasonable to assume that data was for life are long gone - the game now is how to prove you need that data in the first place.