Re: Best Buy and Privacy?

[Jeffrey Walton <noloader () gmail com>]

On Fri, Feb 4, 2011 at 11:24 AM, Wesley Kerfoot <wjak56 () gmail com> wrote:
> I think the fact that they have that info in their systems is pretty awful.
> I wouldn't trust them with my personal information. How do you know some
> disgruntled employee won't take it all and sell it? Or that their database
> servers are insecure? BB have shown that they have incompetent employees and
> no ethics whatsoever.
http://dsandler.org/wp/archives/2002/05/01/it-seems-that-best-buy-uses-unencrypted-wireless-to-transfer-in-store-data-including-register-transactions-credit-card-info

> On Fri, Feb 4, 2011 at 11:16 AM, Thor (Hammer of God) <thor () hammerofgod com>
> wrote:
> > I found this interesting, so I thought I would share it.
> >
> >
> >
> > Over the last few years I had amassed quite a number of various gaming
> > system games that I never used anymore (if at all) so I decided to trade
> > them in at Best Buy (they do this for store credit).  Though $3 for a $50
> > game wasn’t exactly attractive, I figured I could get a free Blue Ray out of
> > it, so why not.
> >
> >
> >
> > I showed up with a stack of games, and sat at the counter for about 30
> > minutes while the guy individually entered each title, catalog number, etc
> > for each game.  After all that, he finally said that he needed to see my
> > driver’s license in order to give me my $73 credit.  I always question this
> > type of thing, so asked him why.  “In case these were stolen” he says, going
> > on to say it is store policy.  Whatever, I think, so I give it to him.  He
> > doesn’t just look at it, but starts entering my info into the system – I
> > didn’t care because it was an out-of-state license, but didn’t like that he
> > was actually entering it into the system.
> >
> >
> >
> > He then notices that my license had expired a month earlier.  I actually
> > knew this, but wasn’t going to offer it up.  He says he can’t take it, and I
> > give the obligatory “I’m not driving in the store, I’m just giving you
> > games” bit and the “it was me a month ago, so what difference does it make
> > now” pitch.  He goes asks the manager, and sure enough, they can’t take it
> > because it is expired.
> >
> >
> >
> > So this is the point where I really start to wonder and ask more questions
> > about what difference it makes.  He then tells me that the reason he has to
> > enter so much information, including each individual title and UPC, is
> > because they have to send all this information to the Seattle police in case
> > any of the titles I turned in were reported stolen by someone.  I asked how
> > they expected to match up a stolen title with a redeemed one short of
> > putting 5 “Pimp My Ride” games in a line-up for identification, and of
> > course the kid didn’t know and didn’t care.  I then pointed out that even if
> > I did steal it, if the cops came around looking for it, I wouldn’t have it
> > anymore anyway because it would be in the Best Buy warehouse.  More not
> > caring.
> >
> >
> >
> > While the overall process of wasting police resources on tracking games
> > that might have been stolen seems like a complete waste of time and money,
> > what really concerned me is that Best Buy was going to send my personal
> > information over to the police without disclosing anything to me.  There was
> > no mention of it anywhere, no fine print, nothing.  Had my license not been
> > expired, that info (which they would not have had) would be put into the
> > public system, and there would be no way I could control the information or
> > what they did with it.  This would have been particularly bad if I had to
> > explain why I had a copy of “Barbie’s Horse Adventure” at some point.
> >
> >
> >
> > As far as profiling is concerned, you would think they would be more
> > interested in the fact that I was going to use the $73 credit towards the
> > purchase of a couple of seasons of Dexter, but I have no way of knowing that
> > they wouldn’t have sent this information anyway.  It begs the question as to
> > what other information Best Buy is sending to whom, and what kind of privacy
> > rights I am implicitly giving up by shopping there.  If they can report
> > personal information to government agencies without my knowledge, approval,
> > or any sort of notification, and in this case collected the information for
> > the explicit purpose of doing so, why else are they collecting?
> >
> >
> >
> > AFAIAC, there is something seriously wrong with this.  Anyway, I thought I
> > would share this in case anyone found it interesting.
> >
> > [SNIP]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/