Here’s another reason to block digital surveillance: it might reduce financial fraud. That’s the upshot of a small but promising study published as a National Bureau of Economic Research (NBER) working paper, “Consumer Surveillance and Financial Fraud.
Authors Bo Bian, Michaela Pagel and Huan Tang investigated the relationship between the rollout of Apple’s App Tracking Transparency (ATT) and reports of consumer financial fraud. Many apps can track users across apps or websites owned by other companies. By default, Apple’s ATT opted all iPhone users out of tracking, which meant that apps and websites no longer received user identifiers unless they obtained user permission.
The highlight of the research is that Apple users were less likely to be victims of financial fraud after Apple implemented the App Tracking Transparency policy. The results showed a 10% increase in the share of Apple users in a particular ZIP code leads to roughly 3% reduction in financial fraud complaints.
The Methodology
The authors designed a complicated methodology for this study, but here are the basics for those who don’t have time to tackle the actual paper.
The authors primarily use the number of financial fraud complaints and the amount of money lost due to fraud to track how much fraud is happening. These figures are obtained from the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC). The researchers used machine learning and keyword searches to narrow the complaints down to those related to financial fraud that was caused by lax data privacy as opposed to other types of financial fraud. They concluded that complaints in certain product categories—like credit reporting and debt collection—are most likely to implicate the lack of data privacy.
The study used data acquired by a company called Safegraph to determine the share of iPhone users on ZIP code level. It then estimated the effect of Apple’s ATT,on the number of complaints of financial fraud in each ZIP code. They found a noticeable, measurable reduction in complaints for iPhone users after ATT was implemented. The researchers also investigated variation in this reduction across different demographic groups. They found that the effect is stronger for minorities, women, and younger people—suggesting that these groups, which may have been more vulnerable to fraud before, saw a greater increase in protection when Apple turned on ATT.
To test the accuracy and reliability of their results, the researchers employed many different methods typically used in a statistical analysis. These include placebo tests, robustness check, and Poisson regression. In lay terms, these methods test the results against assumptions, the potential effect of other factors and alternative specifications, and variable conditions.
These methods help establish causation (as opposed to mere correlation), in part by ruling out other possible causes. Although one can never be 100% sure that a result was caused by something in a regression analysis, these methods are popularly used to reasonably infer causation and the report meticulously applies them.
What This Means
While the scope of the data is small, this is the first significant research we’ve seen that connects increased privacy with decreased fraud. This should matter to all of us. It reinforces that when companies take steps to protect our privacy, they also help protect us from financial fraud. This is a point we made in our Privacy First whitepaper, which discusses the many harms that a robust privacy system can protect us from. Lawmakers and regulators should take note.
In implementing ATT, Apple has proven something EFF has long said: with over 75% of consumers as of May 2022 keeping all tracking off rather than opting in, it’s clear that most consumers want more privacy than they are currently getting through the surveillance business model. Now, with this research it seems that when they get more privacy, they also get some protection against fraud as well.
Of course, we are not done pushing Apple or anyone else on stepping up for our privacy. As Professor Zeynep Tufekci noted in a recent NY Times column, “I was happy to see Apple switch the defaults for tracking in 2021, but I’m not happy that it was because of a decision by one powerful company—what oligopoly giveth, oligopoly can taketh away. We didn’t elect Apple’s chief executive, Tim Cook, to be the sovereign of our digital world. He could change his mind.”
We appreciate Apple for implementing ATT. The initial research indicates that it may have a welcome additional effect for all of us who need both privacy and security against fraud. We’d like to see more research about this connection and, of course, more companies following Apple’s lead.
As a side note, it is important to mention that we are concerned about researchers using data from Safegraph, a company that EFF has criticized for unethical personal data collection and its PR efforts to “research wash” its practices by making that data available for free to academics. The use of this data in several academic research projects speaks to the reach of unethical data brokers as well as to the need to rein them in, both with technical measures like ATT and with robust consumer data privacy legislation.
However, the use of this data does not take away from the credibility of the research and its conclusions. The iOS share per ZIP code could have been determined by other legitimate sources, but that would have had no effect on the results determining the impact of ATT.
Thanks to EFF Intern Muhammad Essa for research and key drafting help with this blog post.
