The Age of Surveillance Capitalism, written by Shoshana Zuboff, is a comprehensive overview of the new ‘personal information’ economy, published last year to much critical praise. It is an imposing 704 pages. Luckily, you can get a quick representation of her arguments in an interview, ‘Beyond Surveillance Capitalism‘, released yesterday online by the Centre for Digital Rights. The interview is worth the time.
In her view, our private information has become the new raw resource which is being ‘mined’ by large technology companies for them to profit from. It has become the new frontier. But even beyond that, our data is being mobilized as an instrument of social control and political power in ways we can scarcely conceive of, because the tools are just being invented.
As I listened to her I realised that this new online universe is an expansion on the customer rewards strategies deployed in the late twentieth century. By way of Air Miles, rewards cards, and similar tricks we agreed to share our shopping habits with merchants. Only now the arrangement is ‘not voluntary’ and a lot more information is collected.
Zuboff itemises many of the excesses of ‘information’ capitalism over the last two decades, including the integration with the state’s security establishment. Huge datasets have been aggregated and turned into proprietary treasures – at Google, Facebook, Amazon, etc.. And then she notes that analysis within these ubiquitous but private spheres is ‘sold’ to advertisers and political campaigners. Increasingly our data – transaction data, search data, travel data, contact data, etc. – is being used to change what comes up on our screens, what is included in our feeds, and what is recommended to view/listen to next. All this to manage our behaviour as consumers and as citizens. Meanwhile, we are told that the information you disclose, or that they track, simply helps them “serve you better”.
Spoiler: Basic elements of a democracy are undermined – one’s right to privacy, one’s ownership of one’s own personal information, the liberty/autonomy of the citizen, and the right to free, open, democratic decision-making.
The one big question is how can ‘we’ curtail the growing abuses of this emerging technology. Zuboff observes that government regulation models of the twentieth century may not be adequate, but she is optimistic that a regulatory model will be developed. She appears confident that there is, or soon will be, the political will. Others may not be as assured.
The political picture is grim. Targeted advertising on the Internet has grown immense. New data is being collected (like facial recognition) and added to the earlier piles. And the tech giants are now huge corporate and capital markets players. Incumbency, accumulated reserves and capital, and millions of ‘devoted’ users make these companies a political force.
So where do credit unions fit in? Do credit unions simply line up and pay to use these privatised data troves, the algorithms, and marketing resources? Or do credit unions play a role in pushing for more effective regulation. Do credit unions model the best corporate practices and transparency with respect to use of their members information?
To date there has been no real critical discussion among credit unions that I know of. The Canadian Credit Union Association did champion members’ ownership of members’ personal information within a submission on Open Banking in Canada.
Unfortunately, it appears that many credit union marketing teams are doing just what banks, retailers, and other purveyors of services do ‘to make a sale’ and grow market share. They have been seduced by contemporary ‘data-driven’ marketing and the surveillance apparatus behind it. But the member relationship at a credit union is not just about closing deals. It includes looking out for the best interests of that member. Does that not extend to how we use, abuse, or share ‘their’ information?
Note: You can read this comment on my blog. It includes embedded links. http://www.governancewatch.ca/blog/index.php/2020/06/19/marketing-at-the-expense-of-members/
Unfortunately I don’t know any examples of credit unions doing anything better than the banks when it comes to marketing to their members or curtailing the growing abuses of emerging technology.
Coast Capital Savings never used to engage in email marketing. I never received emails from them except if it was from an employee whom I had been dealing with personally. I always assumed this was a good thing because email is an insecure medium.
This changed on Nov. 23, 2016 with a mass email from CEO Don Coulter encouraging members to vote in the 2016 vote to become a federal credit union. The CEO should not have been meddling in the governance issues of the members, but that’s another matter.
The marketing department got involved in January 2018 when members received the first mass marketing email, offering $10000 in prizes to members who would be willing to chat with them about retirement. The fine print was meant to be reassuring:
“Your privacy is important to us. … Coast Capital Savings email or text messages do not contain links or non-secure web access requiring them to enter their personal or confidential information.”
Perhaps you can guess what was attention-grabbing about this email. At the top was a link to “Sign in,” which took the reader to a web page that invited them to enter their card number and PIN. It should go without saying that members should be trained not to click on email links and then enter their banking information.
This continued for five more marketing emails until members received an email in November (still 2018) with the following worrisome notice:
“We’re sharing this important message to make you aware of a fraudulent email and text that are currently circulating claiming to be from Coast Capital Savings.
Please be advised that Coast Capital Savings would NEVER send you a link via text or email to request your account number, password, …”
Nevertheless, a mere six days later, another marketing email message invited members to click a link to “Sign in”. Of course, we must assume that the email was from Coast Capital. It looked legit…
On December 10, 2018, members received a “Fraud Alert Update” email that perhaps a child would have found reassuring. In language that seems more like it was written by marketing communications than by technical auditors, they said:
“We want to assure you that Coast Capital’s systems are safe and secure.”
Perhaps they were trying to get ahead of the news cycle. It wasn’t until February 4, 2019 that this story broke:
Cyber criminals target local bank customers and wipe out savings
Logan Hill, 14, was devastated to recently find his savings account wiped out – $1,400 of his hard earned money collected from delivering the North Shore News. He was one of more than 140 Coast Capital Savings customers whose accounts were breached after attacks by cyber thieves.
A Coast Capital spokesman said: “The cyberattacks occurred in late 2018 and targeted customers through phishing emails and a brute force attack…”
Also see this article: Cyber thieves make off with hundreds of thousands of dollars in attack targeting Coast Capital Savings
The point of my chronicle is that Coast Capital engaged in their email marketing campaign with no regard for the insecure nature of email, and with no effort to educate members about what it’s like to be on the receiving end of a phishing attack. It will look authentic, and yet the reader must learn to resist clicking! Perhaps it was an easier threat to brush off back in the day when phishing emails would be full of bad grammar and spelling. Times are changing. Coast Capital’s only initiative on this matter was to insert the lawyerly fine-print that I quoted above.
Coast Capital is not unique in this regard.
Vancity started using unsolicited email in December 2017 to notify members that the member’s monthly statement was now available. These emails were different because they contained only plain text (no links to click on), which is a good thing. However, they nevertheless still contained various instructions to members. The problem remained: If you teach members to trust what they read in an email that purports to be from their financial institution, they’re going fall for the next phishing scam that they encounter.
Then in September 2019, Vancity, too, adopted the full-colour HTML marketing mass-email, with lots of links to click on. And if you clicked on the Vancity logo that appeared at the top of the email, you could enter your card number and PIN to log in. And to remind you, this is NOT recommended practice!
So I don’t see anything commendable about how these credit unions have responded to the availability and allure of corporate marketing tools. They have engaged in the type of work that presumably justifies the departmental budget.
Does the marketing department have a role to play at credit unions? Certainly yes, but the messages to their members should surely be different that what the banks would want to say to their clients.
Of course, the problem at Coast Capital is that the Board wants to marginalize the members’ involvement in their credit union–to treat them like customers. The credit union is being cultivated as an asset of the management, the Board, and the eventual new owners who will be the Class D equity shareholders (outside investors).
The broader issue is about how credit unions respond to the changing technological landscape. Let me remind you about my previous blog post in which I described how, in their desire to bring new online banking functionality to their members, Coast Capital did not think it was worth discussing that they would now be storing members’ financial information on US soil, subject to US law.
So in the age of surveillance capitalism, there’s currently no reason to think that credit unions will model the best corporate practices with respect to use of their members information.