Amazon Patent's Privacy Pratfall

Against a backdrop of years of vigilance in protecting consumer privacy, a newly public Amazon Patent application raises a wide range of privacy concerns. The Patent Pending envisions making gift recommendations to strangers, leveraging Amazon's legendary database of consumer data. It speaks of using third-party databases, in addition to its own, to suggest gift ideas for--in an example the Patent Pending actually uses--"single Protestant Asian women between the ages of 25 and 35 with disposable incomes greater than $50,000."

And because Amazon's new invention would make specific gift recommendations for anyone who asked, it raises the question of how easily crooks could go on private-data fishing expeditions, trying one gift after another to uncover personal details about their targets.

The system the Patent application describes represents a sharp departure from Amazon's previous approach of employing only user-approved data for gift recommendations. Less than two years ago, Amazon executive Michal Geller said that when it came to gift customization, "anything related to privacy is off the table," forcing Amazon to focus on "some creative ways [that are] not creepy."

But "unintentionally creepy" may be the best way to characterize Amazon's description of the automated gift registry (AGR) system the company is trying to patent. It's not hard to understand the need for collecting data on age, ethnic background, religion, marital status and disposable income to make gift suggestions. After all, no one would want the system to recommend either alcohol or a preschooler's toy for a 10-year-old recipient.

Exactly how does the Patent application make that point? Like so: "For example, the system may determine to eliminate male-specific items (e.g., men's underwear) from Sally123's recommendation list." (If you're trying to avoid "creepy," opting for an example of "men's cologne" or a "beard trimmer" may be a better choice. But if you're going for that "to Uncle Ernie from Tommy" feeling, it's ideal.)

Along with the personal information, the engine also is designed to know what gifts the customer has already received, expects to receive, plans to buy and has received but returned. It tracks which items it thinks customers wouldn't mind more of, such as silverware, as opposed to copies of a particular CD. And it draws its own conclusions about the customer's preferences.

But there's a troubling aspect to this possible future for Amazon recommendations. Today, Amazon makes recommendations to its customers on what to buy for themselves. In this Patent application, Amazon proposes using its own huge collection of customer data, along with data from third parties, to let almost anyone get recommendations of gifts for its customers.

And that opens the opportunity for some truly creepy games of "20 Questions." An identity thief or cyberstalker may glean large amounts of information about an Amazon customer by bouncing potential gift ideas off the recommendation engine.

Remember, the recommendation engine envisioned in this Patent knows practically everything about a customer. But it's also going to be devoid of human commonsense. Any human Amazon employee hearing questions like "Would a bong be appropriate? How about hollow-nosed bullets? " would immediately recognize that something strange was going on.Unless Amazon stitches in some safeguards and limits, a nosy neighbor or burglar could spend plenty of time nudging out nuggets of private information that Amazon never planned to reveal. In the wrong hands, that fact could make playing "20 Questions" really worth the trouble. There's gold in them thar gift suggestions.

And while the Patent application mentions privacy, it's not in the context of keeping a customer's purchases or other information secret. For this gift recommendation engine, it's all about keeping the gift a secret. As the Patent Pending says: "The AGR system will attempt to provide only the minimal amount of information necessary about purchases made by users in order to protect the privacy of those users and to maintain surprise about gifts to be received." (Yep. Depending on how much information is revealed through gift suggestion hints, the customer recipient may get more of a surprise than Amazon counted on.)

On the other hand, the system also reflects some good thinking on age issues. For example, let's say an Amazon customer has a 5-year-old niece. The system would remember that--nothing new--and recommend other 5-year-old girl gifts. But the system would also note the calendar and change its recommendations in a year to 6-year-old girl gifts. (This approach wouldn't always be appropriate; for example, a kindergarten teacher may perpetually want to know what 5-year-olds like. But it's a very good start.)

The system also wants to use the data about when a customer is about to get a gift from yet another person. In this case, Jane is having a birthday, you want to get her a gift and you ask Amazon if this particular Blu-Ray movie is a good choice. Amazon's system would know that someone else has already purchased that disc for Jane and that it's in transit. As a result, the system would say the gift was inappropriate.

In fairness, it should be pointed out that large companies will often have Patents--and certainly Patent Pendings--for things they never end up launching. Amazon itself has various Patents it has yet to turn into a product or a feature. Still, at some level of Amazon, this Patent Pending does reflect its executives' thinking.

Such a step should clearly have safeguards built in, including customer opt-in (or at least an opt-out) and various privacy restrictions. The Patent Pending doesn't mention these. But as a legal document, the absence of such limits does not necessarily mean Amazon isn't considering them.

From a business standpoint, though, this move is wonderfully strategic. By growing from making recommendations to current customers to being a source of data for lots of other purchases, Amazon could be well-positioned for major growth. It's also a deliciously non-vicious revenue cycle, as people go to Amazon to learn what gifts to buy and end up buying stuff for themselves while there.