How Your Digital Purchases Could Serve the Perfect Surveillance Network

You may be surprised how many different companies know whenever you use your credit card.


If you were a KGB agent in the heyday of Cold War surveillance, how would you design the perfect snooping system?

This system should gather good dirt on all people within the Soviet Union. We want to identify people and their habits to build behavioral profiles and keep tabs on their comings and goings. And it should it be as unobtrusive as possible; we wouldn't want the masses to start making a fuss about our valiant civic undertaking. What would you do?

This was the question posed to a group of academics attending a 1971 conference at the Center for Strategic and International Studies at Georgetown University. They had two days to dream up a perfectly evil surveillance architecture.

Their answer? "This group decided that if you wanted to build an unobtrusive system for surveillance, you couldn't do much better than an electronic funds transfer system."

So told former RAND analyst and self-described "computer-nik" Paul Armer to the Senate in a 1975 testimony. He elaborates:

The system not only collects and files a great deal of data about your financial transactions—and that means a great deal of data about your life—but the system knows where you are every time you make such a transaction. [emphasis original]

It's genius, really. No spies, clunky camera and microphone equipment, or random checkpoints are needed. All you have to do to get a detailed surveillance picture of a population is to hand them a payment card and send them on their way.

Armer was prescient. At the time he wrote, our modern payments system was still being built. "National BankAmericard" and "Master Charge"—now known as Visa and Mastercard—were young pups and only served a tiny portion of the population. But Armer and his colleagues quickly intuited how the structures these new ventures were building could be exploited for ill ends.

The problem is that such technologies could only work if users entrusted lots of sensitive information to service providers. The bank would need to know your personal identity and financial information. This would be shared with the payments network. The retailer would report what you bought and when to the network and bank. It would be trivial to build a detailed profile on your known locations and consumption habits. And since the whole operation would be digitized, this information would be quickly updated and easy to obtain.

It's not that financial institutions set out to build a super snooper for Uncle Sam. It's just that the infrastructure needed to operate a third party-provided payment system is coincidentally the same architecture that allows for constant spying. And all we see is convenience!

The happy accident of surveillance as a by-product of modern payments technology quickly attracted government interest. Peter van Valkenburgh of Coin Center describes how case law and legislation like the Bank Secrecy Act targeted third-party financial providers as holders of coveted personal information. Financial institutions can and do turn over information on certain exchanges to governments every day.

But really, Armer was a bit of an optimist. While he was spot on in articulating the surveillance dangers of a pervasive third party-based payment network, his article didn't foresee how advertisers and data brokers could get looped in and make an even bigger mess of things. Our payments system poses a greater surveillance risk because advertising is how most platforms make money online.

Consider this recent feature from the Washington Post, which traces how companies share transaction data when you make a card purchase. The columnist, Geoffrey Fowler, tried to track down exactly how many firms got his information when he purchased a humble banana. While companies are tight-lipped on how they share data, he was able to get a general picture of the records life of a card-based transaction.

Each time you swipe your card to buy a piece of fruit, at least six categories of corporations can receive your data, depending on how you pay: your bank, the payments network, the store itself, the point-of-sale system, mobile wallets like Google Pay, and financial apps like Mint.

And all of these groups love to share. Take your bank. The Gramm-Leach-Bliley Act of 1999 empowers banks to share customer data with "affiliates" for marketing purposes—so long as your bank tells you in the fine print of one of the many junk letters you toss out without reading and gives you the ability to opt out.

And share they do—ever wonder why you get Facebook ads for a product that you just purchased? Nonaffiliate marketing may be the culprit.

Fowler discovered that payment networks, too, will share information with businesses like Google, packaged as "data insights." Mastercard says it scrubs any identifiable information from the data. Does that make you feel any better?

Even if these groups didn't decide to share, they can do creepy things with the data we give them. I've written before about how Target—coincidentally Fowler's banana-peddler of choice—builds behavioral profiles of their customers to more effectively market to them. In one incident, Target flagged a teen mother-to-be's pregnancy based on her activities before her family even knew. The barrage of advertisements for diapers and formula tipped the poor girl's father off.

The insidious thing about this kind of private surveillance system is that it's just so convenient. Most people—yours truly included—regularly swipe away without thought to the trail of breadcrumbs that our transaction graph reveals each day. Marketing is annoying, sure. And everyone knows that if we do something illegal, our transactions can be evidence in court.

But we rarely, if ever, consider just what a perfect surveillance system our payments network could be, as those Cold War theoreticians first brilliantly surmised in 1971.

The nice thing about this kind of private surveillance system is that we don't need to participate. The KGB does not force us to use Visa. We have the freedom to use cash or even cryptocurrency to preserve our privacy if we choose. Most people don't, of course. But we still have that right, and cryptocurrency transactions, while still maturing, are becoming more accessible and private all the time.

The freedom to use physical and digital cash is precious, but it is unfortunately not guaranteed. As Jerry Brito of Coin Center has pointed out, there is a movement to do away with cash altogether. Many commentators see it primarily as a way to facilitate crime or thwart central bank plans. Others attack cryptocurrency for similar reasons.

But as the recent protests in Hong Kong demonstrate, doing away with cash would leave us at the mercy of governments and financial institutions that do not always have our best interests in mind. Even if you don't use cash or cryptocurrency in your day-to-day life, it's an important exit option to appreciate and defend.

Maybe this Cold War thought experiment won't convince you to cut your cards altogether. But it should give us all food for thought of what we have to lose if the alternatives to our payments infrastructure are taken away from us.