Slashdot Mirror
Casinos Hit the Data Jackpot
foldedspace writes: "CNN.com has a story about the information that casinos collect about their customers. They're even bragging about it. 6TB on 9 million customers at the Mirage!"
← Back to Stories (view on slashdot.org)
Years ago there was a guy who worked in the same computer lab as I did. He was a grad student from a different country and he lived in a house with lots of other guys from his country. Every year at spring break they would all go to vegas for the week. What would happen is they would all pool their money and despoit it in one of the casino's "banks" using a member card and then pull out 1/5th of it every day. To the casino it looked like one guy would come in and dump several thousand dollars every spring break so they would provide this member a free room. What the casino didn't know about was the large number of people involved in the deal.
700k might sound ridiculous at first, but the system I worked on recorded each transaction a customer made in as detailed a manner as possible. For example if you played a slot machine there would be a timestamp on each coin you insert, each handle pull, each win/loss, each rejected coin, plus other things that I'm probably forgetting...it's been several years. Also, each free perk or offer for the perk, dates you visited, which mailings you were sent, what time you entered/left the parking garage, etc, would be stored in the database. Some customers with credit with a casino also have their digitized signatures in the system. It adds up.
numb
Hi!
Okay--I'll confess. Although I've been working with computers and networks since 1983, I'm not a real geek. I've never read anything by Robert Heinlein. So I'm not familiar with the book "Farleyfile".
But I am very familiar with a very successful political strategy that combines two database methods to produce a very, very effective (and inexpensive) campaign. And it sounds very similar to what you describe. Here's how it works:
Every state requires some government entity (the county in Pennsylvania, New Jersey, and Illinois, don't know about other states) to maintain voter registration records. For purposes of purging records of inactive voters (and for double-checking when there are allegations of vote fraud) the county maintains records of which elections you have voted in during the past N years. So in Pennsylvania, for instance, the county keeps track of the past 8 elections (primary and general in each of the past 4 years). That data is a matter of public record: along with the voter's date of birth, residence, and political party. (Pennsylvania is a "closed primary" state: you have to register as a member of a political party, and you can only vote in that party's primary election. You can't "choose your ballot" as you can in some other states.)
When you review this data, it does not take you long to recognize some patterns (which, ex post facto, seem obvious): a lot of people only vote in the presidential general election. A lot of people only vote in the congressional general elections (1998, 2002, etc.). Relatively few vote in "off-year" general elections (1999, 2001, 2003), and practically nobody votes in off-year primaries. That much is reasonably obvious.
But oh--when you look at who votes in off-year primaries, the lightbulb comes on. These people--to a person--are the diehards. They vote in every single election, and they have voted in every single election since they were eligible to vote. (And they know what year it was that the voting age dropped from 21 to 18.) The ultimate test of political junkihood is this: "can you name the last three losing vice-presidential candidates?" Most of these voters can.
Key point:These voters are extremely influential. They like politics, they talk politics, and if they get excited about somebody they will shape voter opinions. With the slightest motivation/provocation they can bring half a dozen relatives and/or friends to the polls with them. When politicians prate about "grass-roots" support, these are the people they're talking about.
So step #1 is to identify the Super Voter. Step #2 is to send a dozen volunteers through the phone books (you can hire firms to do this as well) to associate a phone number with every single Super Voter (that is, Super Voters in your party) on the list. Step #3 is simple: sit the candidate down at the phone in front of a computer with a contact manager (like Act! or any similar tool). Have the candidate--personally--call every single voter. And have the candidate keep notes, in the contact manager, of every single conversation. Between the time you file petitions at the county registrar's office in February and the primary in May, the candidate should have spoken to every single Super Voter twice. Between the primary and the general election, the candidate should speak to every single Super Voter another 3 times. Each time, the candidate should make notes of the conversation. Whenever possible, the candidate should quickly respond to any need or problem the voter is having.
The results? The first time I saw this used, the candidate was a neophyte: he'd been on the school board, and was running for state representative. He did practically no advertising--but he called every Super Voter in the district two or three times before the primary: there were whole voting districts where he won 100% of the vote. In the general election he faced an 8-term incumbent--and spent essentially zero on advertising. His opponent strolled through the campaign, and was actually on TV (ostensibly to accept congratulations) when he discovered that he'd been beaten.
As a gimmick, this is terrific. But it's more than that: After the election my candidate kept right on calling. He called the super voter list to thank them for their support; he calls newly-registered voters to encourage them to come out to vote; and he calls his lists several times per year. It was so effective that he was unopposed in the next 3 or 4 elections.
Is using a database in this way a bad thing? I don't think so. The end result is that the voters got to recognize their state rep's voice on the phone--and the state rep talked to people across his district, one-on-one, several times a year.
A politician actually calling up his constituents and listening to them. Now that's a scary idea....
If you always walk in to your favorite restaurant, and the hostess knows you and greets you by name, you probably don't have a paranoid feeling of "She knows who I am. This is bad. I need to start randomly changing restaurants so no one ever recognizes me." In fact, if she remembers that you like to sit by the window, and she puts you by the window, you are likely to be happy.
So the casinos are doing this sort of thing, only on a vast scale. I find this interesting, but not too troubling. I'm sure there are possible abuses here, but I'm not sure that the casinos are any worse than Safeway and their stupid "keep track of everything I buy" card.
steveha
lf(1): it's like ls(1) but sorts filenames by extension, tersely
OK, so maybe I'm a completely naive, but I fail to see how this is an invasion of privacy...
You visit their casino, spend money on their games, eat in their restaurants and stay in their hotel rooms.
Why shouldn't they track that information? You chose to go and do the things you did on their property.
Now, if they were sharing that information with others with whom you had not chosen to do business, then that would be a problem, but the article clearly states that they aren't doing that.
Stand Fast,
Stand Fast,
tjg.
"Hey Ernie, these guys say that if you walk into the Showboat, they can tell right away that you like Margaritas, even though that's in a computer miles away!"
"Gee Bert, that's incredible! If anyone ever deserved a patent, it's them."
"We all say so, so it must be true!"
This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
If my numbers bear out, that's about 733KB per customer, and I can think of an awful lot that can fit in that amount of data.
What is important to ask is, can one opt out of this data collection? This is becoming a bigger and bigger issue, and privacy is important. I've been running the IE6 previews at work (familiarity with upcoming technology, or so I tell my boss), and I've let it notify me about third-party cookies. I had *no* idea it was this bad. Sites that don't even have banner ads have third-party cookies trying to plant themselves on my system. I don't mind first-party cookies, but the tracking issues on third-party....
In the same vein, I don't mind a hotel greeting me by name, but having them ask, "Will you be spending your normal $352.65 on the casino floor tonight?" would be downright spooky, not to mention who might be buying tapes of this data. Imagine a casino chain knowing you in Las Vegas, Atlantic City, and on the gambling cruises!
You can never go home again... but I guess you can shop there.
If you have any of the above, a great deal of information about you is already being trafficed through the corporate world, and the amount will only grow with every passing year. To take one seemingly harmless example, if you have a savings club card, you've already handed them on a silver platter to megabytes of data about yourself for your grocery store to sell. Then there's the magazines you subscribe to, the professional organizations you belong to, the ISP you use (don't think they don't mine logs for useful information). And don't forget your medical records. The databanks of the highest bidders certainly never will.
In the future, as storage gets cheaper, and transactions are increasingly done through electronic means, you can expect records to be kept of everything you buy, everywhere you go, everyone you correspond with.
While the government does present a danger to privacy*, the corporate world is clearly the largest threat. Corporations already manipulate us with slick marketing. Once highly targetted advertising arrives, we'll be so many fish in the corporate target barrel. We won't stand a chance. Get ready to drop any spare change you still have left.
Besides targetted advertising, blackmail is the other serious threat posed by corporate stockpiling of personal information. I could see a future where corporations solidify their control over our leaders by holding their past misdeeds over their heads. Campaign contributions and corporate political activism are bad enough. Just imagine when the corporations put themselves in a J-Edgar-like postion above the president.
*For example, I expect that within 5 years we'll see legislation forcing ISPs to verify the identities of users and log and store all traffic for a some minimum time frame; this minor step has already been taken over in the EU. I think it makes sense though, as a method to combat computer crime. The internet can't stay the wild-west forever.
If you have a problem with my views, REPLY, don't moderate!
I'd rather that none of the above had that information. If it only gets used for what they say they're using it for, it's probably okay. The problem is that information doesn't go away - much of what's been collected about people within the last few years is likely to be around for a lifetime.
Lots can happen within a lifetime. (Compare today's world with something pre-WW2, for example.) Assuming various privacy laws and data correlation restrictions (or what's left of them) don't lighten up in the future, and that's very unlikely, there's still the danger of information leaks.
For example, what would happen if someone were to steal MGM Mirage's database and post it on the net? Immediately millions of people's names and addresses would be available next to their estimated personal income, and potentially "interesting" information such as when they're likely to go on holiday.
The thing that most consumers don't realise is that when you're letting a company collect information about you, you're not just trusting the company. You're also trusting every one of their employees, and probably employees of related companies that you have no control or knowledge about.
In this case you're trusting their data security setup - not to mention the software engineers who wrote the software they're using. You're trusting every one of thousands or more casino workers who have direct access to some very personal information, and you're trusting the person who hired them not to make one mistake with that many chances.
I'm not sure if there's an obvious way to stop this, because people will always be collecting data about other people and in the computer age it's going to get easier and easier to store, mine and correlate to make new information. I'd at least like to see the following:
Important computer organisations (eg. ACM) really pressing their codes of ethics' seriously. There must be lots of people in ACM at the moment, for example, who have pirated software and don't have a second thought about it. I know lots of society doesn't take it seriously, but if the ACM isn't going to take it seriously then I don't think section 1.5 should be in the code of ethics.
General ethical standards in computer employees really suck at the moment. Information management ethics needs to be a more serious part of the education system. There are lots of IT workers who have essentially sold out to their management. There are some lines that I simply won't cross without resigning to find a better job, and when we're approaching them I let my boss know what I will and won't do. Doctors have professional codes of ethics - they don't go selling inforamtion about their patients - and IT professionals should, too.
Standard and well recognised privacy policies in place for organisations to use. They would include things such as properly destroying collected personal data after a certain timeframe (very important) or when the company ceases to exist, not correlating it or using it for unspecified purposes, and so on.
If marketed properly so that ordinary consumers understand it, organisations could stamp an approval label on their service, and people could decide based on that whether they want to trust the organisation or not.
===
Reading things like this scare the shit out of me.. mostly because I know that if one company is admitting to something, another company has probably done ten times worse.
A casino is just like any other business. They want to protect their market, they want to make sure the customers feel that they should spend their money, and they want to go after the almighty buck.
The reason they collect all the data is most likely for security, and for profit. It would be poor judgement for them to sell most of this data, but by having all of this data, the casino can give a gambler a more 'personalized experience'.
Everything in a casino is about making money. They make the ceiling and floor 'loud' so that you look forward, not up or down. When you look forwards you see slot machines and tables and other games. Bells, whistles and sirens are set to attract people to areas so that they will spend their money. The food is priced cheap, so that you'll spend more money gambling since you are saving so much eating.
Everything in a casino is highly advanced. You are under constant watch from floor bosses, security cameras, and the like. All the 'automatic' games are computer controlled. A casino is required to give back a certain % of their profits, so for example, if it's a busy night, you are more likely to make money off the slot machines. If the casino is fairly empty, maybe not. I have also heard stories from some guards who used to work at casinos that some of the games are timed so that if you are not playing them during an hour, you will not win. A casino is pretty advanced technology-wise.
So I am not surprised that they have so much market data on their customsers. Many casinos now even have cards that you can use with 'credits' that work the slot machines and other gambling sites. These cards allow the casino to track gambling habits of their patrons.
But in the end, security is probably the top reason for all the data on the customers. The casino wants to make money, and by keeping track of what you are doing, they can make sure your not cheating, and that the house remains in the black.
Just don't be surprised if they have a nice government- style database, complete with pictures of everyone who has ever entered the casino.
[Something witty and intelligent should have appeared here.]
[Something witty and intelligent should have appeared here.]
{Traicovn}
Well, seeing as this story is about physical casinos, here's how it actually works:
If you are a regular casino customer, you can apply for, and receive, a loyalty card (you don't even have to be a regular, all you have to do is apply. It doesn't even cost anything.)
Every time you use this card, the casino gathers data on what you are doing, and for how long (how much you are spending - or winning). They do this because this information is valuable to them, and you do it because they are willing to pay (comps) for that information.
Everybody using a card like this knows that the casino is tracking them, collecting information about their habits. That's why they use the card. If they didn't think that the casino was watching, then why would they use it in the first place?
If you care more about your privacy, then your path is fairly clear - don't apply for one of these cards! If you've already got one, then just stop using it. The casino is perfectly happy to let you walk in off of the street and lose as much money as you want - in cash if you prefer it that way!
This is about as opt-in a system as you could ever ask for. Not only that, but it's a fair trade - you actually get something valuable in return for your information. And, as the article says, they generally don't even sell your information, as most companies would.
This seems like the most responsible use of private information that I've ever seen.
Of course, if you're worried about privacy in casinos in the first place, then maybe you should just avoid them altogether. There're more cameras per square foot in those places than just about any public place on the planet...
Living better through chemicals
One of the casinos had larger than expected losses on their table games last year. They got some consultants (with loose lips) to run some statistical analysis on their database to find people who won an improbable amount. They had information on some of their big money customers down to a bet-by-bet record.
The consultants identified more than a few "lucky" individuals. I'm not sure what happened to them, but I'd bet that they're not welcome in that establishment anymore.
The truly troubling result of this is that those people, who were not conclusively found breaking any rules, are probably now indexed around the world as undesirable gamblers. Can you imagine having a string of good luck at the Taj and then walking into some casino in Paris and being asked to leave the premises?