A. Methods of Data Collection

¶11	In "commercial spaces" such as physical or "virtual" stores, banks, and post offices, the "merchant" who owns the space can benefit from collection of transactional information even if the consumer's name is not collected and/or connected with it.

¶12

First, whether or not visitors actually consummate a transaction, merchants can use video-cameras in brick-and-mortar stores, or "cookies" in "virtual" commercial Web sites, to amass information regarding their patterns of traffic: What areas of the store do they visit, in what sequence, at what time of day, and how long do they spend there? This data is invaluable in reconfiguring the layouts of stores to encourage more visitors, more efficient shopping and increased sales.18

¶13

Second, by keeping track of which items are purchased together, in which geographic areas, and at which times of the day, week, month, or year, a merchant could also determine which products to place near each other on its shelves and how to restock inventory.¶13

Second, by keeping track of which items are purchased together, in which geographic areas, and at which times of the day, week, month, or year, a merchant could also determine which products to place near each other on its shelves and how to restock inventory.19

¶14

Third, as noted above, merchants using "collaborative filtering" techniques don't need to know--or to reveal--the identities of its previous customers to encourage business by indicating to potential of existing customers that, for instance, many people who bought Novel X (or Wine A) through their Web site or supermarket also bought Novel Y (or Wine B) from it.

¶15

Of course, if merchants attached the names of browsers or purchasers to these records, the merchants could target individuals for mailings. Someone who bought diapers, for instance, might find himself receiving specialized flyers concerning the sale of baby-related items.20 The merchant could also sell to other merchants the names and personal information of her existing customers.

 

B. Recommended Disclosures to Consumer

¶16

Because the information supplied by the consumer to the merchant directly benefits the merchant and only indirectly benefits the consumer, the merchant should be required to disclose, or to offer to disclose, the following information to the consumer before the transaction is consummated (or before a consumer begins to browse the merchant's Web site):

that merchant is gathering data on the transaction or (real or virtual) browsing; what information the merchant is collecting;21 whether that information includes the customer's identity; whether the merchant will convey the transactional and/or identity components of the information to third parties;22 and whether and to what degree the consumer will be able to "opt out" of the data-gathering and data-conveying process (for instance, by paying cash or by requesting that her identity or details of the transaction not be added to the merchant's database).

Although it might appear to be a cumbersome process to supply all of this information, not only Web sites but physical stores might develop and display standardized logos to indicate various packages of answers to these questions.23

¶17

In the case of video surveillance for customer-satisfaction purposes, a conspicuous sign that "This store [or section of the store] is being monitored by closed-circuit cameras for security and customer-satisfaction purposes" should suffice if it is placed outside the area of surveillance, thereby allowing the consumer the choice of "opting out" by not entering the surveilled area.

¶18

To induce consumers to surrender their data, merchants might then make more use of special promotions to those willing to be named. For instance, Safeway supermarkets offer a much lower price on many items to those consumers who will supply their "Safeway card" number at the cash register."24 As the membership application for this card indicates, card users allow Safeway not only to direct targeted mailings to them but to make their transactional information (minus "personally-identifying information") available to "other companies."25

¶19	"Club members" can opt out of receiving Safeway's mailings, but apparently cannot prevent their anonymized transactional information from becoming part of the supermarket's commercial profiles, which it may sell or otherwise supply to other companies.26

 

II. Detecting Fraud Upon the Consumer

BACK TO TOP | CLOSE THIS DOCUMENT | TABLE OF CONTENTS

¶20

Both the consumer and the merchant benefit if the merchant uses profiles of transactions to prevent impersonation of the consumer by someone who, for example, attempts to submit orders and/or charge purchases to a consumer's credit card without authorization. Such fraud may be initiated by an individual who has found or stolen a consumer's credit card, or who has penetrated the security of a Web site to which a consumer has previously provided her credit card information to in order to set up an ongoing "account."27

 

A. Methods of Data Collection

¶21

The prevention and detection of such activity generally does not involve profiles created through the use of videotaping--that is, videotapes of transactions themselves will not be used to compile a dossier of an individual consumer's transactions or of the transactions of consumers as a whole. However, videotapes may be used to identify the alleged miscreant and perhaps lead to his apprehension and conviction.

¶22

These profiles can be constructed and implemented both system-wide (i.e., taking into account the average activities of all users) and with regard to a specific individual's use. For instance, specialized software allows credit card companies to identify unusual activity on a credit card account28 and alerts them to contact the card-holder to make sure that the activity is authorized. Similarly, an extremely large order of books submitted from a credit-card-linked account that had previously only ordered one book at a time might prompt a follow-up call from the merchant.

 

B. Recommended Disclosures to the Consumer

¶23

In addition to the disclosures proposed in Section I.A above, would it make sense to require merchants to allow the consumer to "opt out" of a default policy of retaining specified transactional data, while warning the consumer that the merchant might then not be able to intervene in situations involving unusually large orders?

¶24	Probably not. Not only is much of this data kept by the merchant and the credit card company as a matter of course, but they are the ones who stand to suffer much of the loss from fraudulent credit card orders: the consumer's liability is generally capped at $50.29

 

III. Preventing Civil or Criminal Wrongs By the Consumer

BACK TO TOP | CLOSE THIS DOCUMENT | TABLE OF CONTENTS

¶25

Profiles may also be used to identify the customers who may, rather than being victims of fraud, themselves be committing civil or criminal wrongs. For instance, a domestic customer might place an unusually large order for sophisticated computer equipment subject to export regulation, or an individual unaffiliated with a recognized laboratory or medical office might order chemicals that could be combined to form a powerful explosive or pharmaceuticals that could profitably be resold to narcotics addicts. It would seem, though, that just as travelers implicitly submit to drug courier or airline terrorist profiles, so would consumers engaged in this type of transaction realize that they were entering an area of greater government interest and potential surveillance.

¶26

In December 1998, controversy erupted over the "know your customer" rules30 proposed for financial institutions by the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, the Office of Third Supervision, and the Office of the Comptroller of the Currency.31 The regulation would clearly involve the development and implementation of profiles, as it would "require each nonmember bank to develop a program designed to determine the identity of its customers; determine its customers' sources of funds; determine the normal and expected transactions of its customers; monitor account activity for transactions that are inconsistent with those normal and expected transactions; and report any transactions of its customers that are determined to be suspicious, in accordance with . . . existing suspicious activity reporting regulation."32

¶27

Recognizing that different banks would have different requirements the agencies proposed that each "design a program that is appropriate given its size and complexity, the nature and extent of its activities, its customer base and the levels of risk associated with its various customers and their transactions."33 The agencies also warned that they expected banks to "obtain only that information that is necessary to comply with the regulation[, to] limit the use of this information to complying with the regulation[, to] safeguard and handle responsibly the information gathered in connection with complying with these obligations, and [to] integrate comprehensive privacy practices into their Know Your Customer programs."34

¶28

The debates over this Know Your Customer proposal will undoubtedly involve heated disputes over the appropriateness of profiling. On one level, the monitoring by financial institutions of their customers' deposit and withdrawal transactions does not threaten to expose directly an individual's involvement with a specific product or service: the money involved is divorced from the underlying transactions. Yet it is precisely this question that makes the proposal so unnerving: when a bank's suspicions are aroused by activity in a given account, it will be called to investigate, and perhaps to prompt a government investigation, of an entire underlying pattern of activity. In this context, full disclosure of the existence of such programs and of their consequences should certainly be made to banking customers.

Comments regarding this material may be sent via e-mail to STLR.

Copyright © 1999 Stanford Technology Law Review. All Rights Reserved.

 

ENDNOTES

BACK TO TOP | CLOSE THIS DOCUMENT | TABLE OF CONTENTS

*   © 1998 Walter A. Effross. Associate Professor, Washington College of Law, American University and Chair, American Bar Association Subcommittee on Electronic Commerce. The author wishes to thank the Washington College of Law for research grants that aided in the completion of this Article.

1   See, e.g., A. Michael Froomkin, Flood Control on the Information Ocean: Living with Anonymity, Digital Cash, and Distributed Databases, 15 J.L. & COM. 395, 483 (1996) (predicting that "[d]ata collection will grow in at least five areas: medical history, government records, personal movements, transactions, and reading and viewing habits").

2   See, e.g., United States v. Sokolow, 490 U.S. 1, 10 (1989) (holding that "[a] court sitting to determine the existence of reasonable suspicion [of drug trafficking] must require the agent to articulate the factors leading to that conclusion, but the fact that these factors may be set forth in a 'profile' does not somehow detract from their evidentiary significance as seen by a trained agent"); Reid v. Georgia, 448 U.S. 438, 440-41 (concluding that narcotics enforcement agent "could not as a matter of law, have reasonably suspected the petitioner of criminal activity on the basis of [certain] observed circumstances" matching those on a criminal profile, and observing that "[t]he other circumstances describe a very large category of presumably innocent travelers, who would be subject to virtually random seizures were the Court to conclude that as little foundation as there was in this case could justify a seizure"); United States v. Whitehead, 849 F.2d 849, 858 (4th Cir. 1988) (finding that "numerous objective facts, considered together with [narcotics] officers' experience," reasonably led the officers to suspect that the defendant was engaged in the transport of narcotics); United States v. Smith, 799 F.2d 704, 707 (11th Cir. 1986) (finding that probably cause did not exist for a traffic stop made "because the appellants matched a few non-distinguishing characteristics contained on a drug courier profile and, additionally, because [the trooper] was bothered by the way the driver of the car chose not to look at him"); Grant. v. State, 461 A.2d 524 (Md. Spec. App. 1983) (upholding use of drug courier profile in connection with airport travelers).

3   See United States v. Sanford, 658 F.2d 342, 347 (5th Cir.1981) (noting that "[a] review of cases in which this court has examined airport stops by DEA agents fails to disclose any where the court held that suspicion of an airline passenger based solely on that passenger's having some (or all) of the characteristics contained in the "drug courier's profile" constituted reasonable suspicion to support a seizure of the person. This Court has only affirmed seizures when there was more than the profile as a basis for the seizure.").

4   See, e.g., Bruce Lambert, Rise of Secret Surveillance Cameras Criticized, N.Y. TIMES (Wash. ed.), Dec. 13, 1998, at 55 (observing that a block-by-block survey conducted by the New York Civil Liberties Union had found "2,380 [government- or privately-owned] surveillance cameras trained on public spaces, and the group says its total is undoubtedly conservative").

5   See, e.g., Robert D. Hof, Now It's Your Web, BUS. WK., Oct. 5, 1998, at 164, 166 (noting that "rising concerns about privacy . . . could prove the Achilles' heel for personalization [of Web sites]. To build customer profiles, Web merchants often monitor an electronic trail that reveals all sorts of things about users-say, that you're a 28-year-old female Los Angeles office worker who likes vegetarian food, Jackie Chan movies, and mystery novels."); Paul C. Judge, Fending Off Those Pesky Snoops, BUS. WK., Oct. 5, 1998, at 174 (indicating that "powerful software, called "tracking cookies," follow you everywhere [and] let marketers combine data from the cookies on you hard drive with the personal information you volunteer when filling out registration forms. Armed with such profiles, cybersalesmen may be able to get at your credit information, salary, and lifestyle.").

6   See Joseph P. Fried, Columbia Law Student and Major Criminal, N.Y. TIMES (Wash. ed.), Dec. 21, 1998, at A28 (noting that, according to law enforcement authorities, "in moonlighting as a cocaine trafficker while in law school, [the article's subject] used his legal skills in an effort to avoid detection, by showing another conspirator how to do research in a computerized legal data base to determine the 'profiles' customs agents use to stop and search airline passengers suspected of carrying drugs.")

According to United States v. Elmore, 595 F.2d 1036, 1039 n.3 (5th Cir. 1979), the primary factors of the drug courier profile are: (1) arrival from or departure to an identified source city; (2) carrying little or no luggage, or large quantities of empty suitcases; (3) unusual itinerary, such as rapid turnaround time for a very lengthy airplane trip; (4) use of an alias; (5) carrying unusually large amounts of currency in the many thousands of dollars, usually on their person, in briefcases or bags; (6) purchasing airline tickets with a large amount of small denomination currency; and (7) unusual nervousness beyond that ordinarily exhibited by passengers. The secondary characteristics are (1) the almost exclusive use of public transportation, particularly taxicabs, in departing from the airport; (2) immediately making a telephone call after deplaning; (3) leaving a false or fictitious callback telephone number with the airline being utilized; and (4) excessively frequent travel to source or distribution cities. The airline terrorist profile, however, has remained more tightly held. See infra note 13.

7   See Marlene Blanshay, Students Wonder: How Smart?, WIRED NEWS (online), Nov. 2, 1998 (discussing privacy issues raised by "a coalition of University of Toronto students" in response to the introduction of "T-cards" for their use).

8   See Peter Wayner, Closed-Door Policy, N.Y. TIMES (Wash. ed.), Nov. 12, 1998, at E1 (identifying privacy concerns of Princeton University students in the wake of the introduction of "prox cards").

9   Cf. Walter A. Effross, Putting the Cards Before the Purse?: Distinctions, Differences, and Dilemmas in the Regulation of Stored Value Card Systems, 65 UMKC L. REV. 319, 325-26 (1997) (observing that although stored value cards, of which "smart cards" are one type, "provide to the consumer a convenient and efficient method of payment. . . . [t]he benefits to [banks issuing and merchants accepting such cards] are even greater").

10   See LAWRENCE TRIBE, AMERICAN CONSTITUTIONAL LAW 1391 (2d ed. 1988) (commenting, in reviewing the Fourth Amendment generally, that the Supreme Court's "counter-intuitive understanding of 'assumed risks' generates a terribly crabbed sense of the contemporary possibilities for privacy").

11   The default terms may be either contractual, as in the provisions of a Web site's "Privacy Policy" or "Terms and Conditions" page, or technological, as in the consumer's choice of whether to configure his Internet browser (such as Netscape Navigator or Microsoft Internet Explorer) to accept "cookies." See Hof, supra note 5, at 166; Judge, supra note 5, at 174.

12   See Walter A. Effross, The Legal Architecture of Virtual Stores: World Wide Web Sites and the Uniform Commercial Code, 34 SAN DIEGO L. REV. 1376 (1997) (reporting that "in spite of the apparent shield from liability that conspicuous disclaimers [of warranties] would provide site owners, they appear to be the exception to Web practice"); id. at 1377-79 (discussing inconspicuousness of many hyperlinks to a site's "legal terms and conditions" page); Privacy From Whom? (editorial), WASH. POST, Jun. 29, 1998, at A14 (observing that "[p]ut simply, companies collect information about their customers because they can make a lot of money from it. . . . The trouble with urging companies to self-regulate is that the real incentives all lie in the other direction.").

13   See, e.g., Unites States v. Al Jibori, 90 F.3d 22, 27 (2d Cir.1996) (determining that "we should not require the government to release its terrorist profile or its policy on investigating or prosecuting fraud at Kennedy Airport."); Unites States v. Cianfrani, 573 F.2d 835, 858 n.12 (3d Cir. 1978) (discussing limited protection extended by the Second Circuit to the federal government's secret "airplane hijacker profile"); Unites States v. Bell, 464 F.2d 667, 670 (2d Cir. 1972) (noting that "this court is fully persuaded that it would not only be possible but relatively simple for a prospective hijacker to avoid the initial designation were any of the norms employed to become generally known. It is not only highly desirable but essential, if the profile system is to continue, that it be kept confidential."); Unites States v. Lopez, 328 F. Supp. 1077, 1086 (E.D.N.Y. 1971) (finding that "[w]ere even one characteristic of the 'profile' generally revealed, the system could be seriously undermined by hijackers fabricating an acceptable profile. . . . The profile is a highly effective procedure for isolating potential hijackers. After studying known hijackers, the task force complied twenty-five to thirty characteristics in which hijackers differed significantly from the air traveling public. By putting only a few of them together they could obtain a reliable combination sharply differentiating potential hijackers from non hijackers.").

14   See United States v. Elmore, 595 F.2d 1036, 1039 n.3 (5th Cir. 1979) (enunciating primary and secondary factors of drug courier profile).

15   <http://www.amazon.com/exec/obidos/bookmatcher/enter/00231057531696225> (visited Nov. 15, 1998). It should be noted that although the software involved "use[s] mathematical formulas to determine which books or films or CD's ha[ve] the greatest probability of matching either a consumer's stated preferences or actual record of purchases," it can be tweaked by site-owners: "Although not all retailers choose to do so, they can have the software adjusted to put extra emphasis on particular titles." See Samuel G. Freedman, What to Read? Ask a Computer, N.Y. TIMES (Wash. ed.), Jun. 20, 1998, at A15, A17. Indeed, three different authors asked by a newspaper to complete an online "Bookmatcher" questionnaire all found Don DeLillo's Underworld and one or more works by Jane Austen among the recommendations generated for them by the software. See Jane Austen? Love Her! Don DeLillo? Love Him! But No Poets?, N.Y TIMES (Wash. ed.), Jun. 20, 1998, at A17 (detailing responses of Melissa Fay Greene, Stanley Crouch and Elmore Leonard).

16   James Gleick, Like Mozart? You'll Love Madonna!, N.Y. TIMES MAG., Oct. 25, 1998, 32, 33.

17   See ERIK LARSON, THE NAKED CONSUMER: HOW OUR PUBLIC LIVES BECOME PUBLIC COMMODITIES 12 (1992) [hereinafter LARSON].

18   See, e.g., Privacy Policy, <http://www.safeway.com> (visited Dec. 28, 1998). This supermarket chain's Web site provides a page stating its privacy policy, which in relevant part provides that:

We use the information we collect when you log on and visit different sections of our site to help make our site, products, and services more useful to you. We also use this information to offer savings awards and other promotions to you. Safeway may use this information to give you personally-tailored coupons, offers or other information which may be provided to Safeway by other companies. Safeway may create compilations of information that is not personally-identifying and provide this data to other companies to help them understand the demographics of our customers.

Safeway does not sell or lease personally-identifying information to any other company, person or agency. "Personally-identifying information" means your name, address, social security number, bank account, credit card number, telephone number or other information by which you can be personally identified. Safeway does not disclose personally identifying information to other non-affiliated companies or persons for commercial purposes. Safeway may disclose personally-identifying information in response to a subpoena, court order or a specific request by a law enforcement agency, or as required by law.

19   For example, the Catalina Marketing Corp. employs for this purpose "a vast database of personal shopping histories gleaned from its thousands of supermarket [cash-register] scanners across the country." See Paulette Thomas, 'Clicking' Coupons On-Line Has a Cost: Privacy, WALL ST. J., Jun. 18, 1998, at B1 (indicating company's plan to make personalized coupons for supermarket goods available online). The Wal-Mart chain of supermarkets has also been described as possessing "an information trove so vast and detailed that it far exceeds what many manufacturers know about their own products [and is allegedly] second in size only to that of the U.S. government." See Emily Nelson, Why Wal-Mart Sings, 'Yes, We Have Bananas!', WALL ST. J., Oct. 6, 1998, at B1 (discussing the company's uses, including identifying "purchase patterns," of this data).

20   See, e.g., LARSON, supra note 17, at 3-4 (the author discovers, after receiving a commercial mailing "deliberately timed to arrive for my daughter's initial birthday," that "[s]omewhere a company not only had noticed the fact of my daughter's birth, but had made itself a little note to check back again in a year with a birthday letter chock full of consumer offerings"); Buyer, Beware, TIME DIGITAL, Nov. 30, 1998, at 8 (observing that "[m]ore than a quarter of U.S. supermarkets use discount cards to track people's buying choices and then send them customized mailers. . . . Most stores keep customer information confidential, but some sell the data to companies like Procter & Gamble to help them target their audience.").

21   In this regard, a distinction might be made in both the online and off-line contexts between information that the customer supplies to the merchant "passively," through video surveillance or software "cookies," and the information supplied "actively," through making a transaction or filling out a customer survey form. See Walter A. Effross, Logos, Links, and Lending: Towards Standardized Privacy and Use Policies for Banking Web Sites, 24 OHIO N.U. L. REV. 747, Appendix 2 (1998) [hereinafter Logos] (supplying such provisions as part of a "Proposed Uniform Privacy Policy" for banking Web sites).

22   A model of such a Web-mounted disclosure policy (including the recommendation that the page link to a instructions for disabling the "cookies" feature on the customer's Web browser program) is provided in Walter A. Effross, Logos, Links, Lending, and Liability: Standardizing the Boilerplate of Web-Based Banking, 25 OHIO N.U. L. REV. (forthcoming 1999).

A topic of special interest in the context of information-sharing is the reliance admitted by the Treasury Department's Financial Crimes Enforcement Network (FinCEN), in pursuing its mission to detect and apprehend money-launderers, on "access to a variety of commercially maintained databases which are valuable in locating individuals, determining asset ownership, and establishing links between individuals, businesses and assets. These commercial sources of information, coupled with the data from the law enforcement and financial databases, form the foundation of information sources for FinCEN analyses."FINCEN OVERVIEW AND MISSION, Oct. 1996, at 3.

23   See Logos, supra note 21 (proposing a profession-wide adoption among banks of "a set of conspicuously-located 'universal icons,' each representing and linking to a 'package' of standard terms, or 'virtual boilerplate'" with regard to privacy policies and "terms and conditions" of use of Web sites).

24   See Safeway Club Card: Now the Savings Are In the Card, (visited Dec. 21, 1998) <http://www.safeway.com> (promising that "[m]embers receive special savings on hundreds of items all over the store" and instructing visitors to "[p]resent your card at check out. Your savings are automatically deducted from the total and appear on your reciept [sic]." Significantly, a visitor to the Safeway Web site can reach this page only by supplying her name and e-mail address through an online registration form. See, e.g., Steven E. Brier, Smart Devices Peep Into Your Grocery Cart, N.Y.TIMES (Wash. ed.), Jul. 16, 1998, at D3. (discussing grocery stores' adoption of "a combination of so-called loyalty cards, radio frequency identification, smart cards, and smart shopping carts . . . to personalize the shopping experience while providing more information to the shopper and, the stores hope, increasing sales").

25   Become a Safeway Club Member Today! [membership form], (visited Dec. 21, 1998) <http://www.safeway.com>. This page of the Safeway site provides that:

Purchases made using the Safeway Club Card will be automatically recorded, which allows us to provide you with special offers and information about Safeway or other items that may be of interest to you. Safeway does not sell or disclose personally-identifying information (i.e., your name, address, telephone number, and bank and credit card account numbers) to other companies. However, Safeway may use this information to provide you with personally tailored coupons, offers, or other information which may be provided to Safeway by other companies.

26   The "membership form" advises that "[i]f you do not wish to receive coupons, offers or other information, please check the box below." Id. Cf. DAVID BRIN, THE TRANSPARENT SOCIETY 66 (1998) (noting that such "cards prove increasingly popular, indicating that most people simply don't care [about the privacy aspects involved]," perhaps because "even if strangers know which brand of dog food I purchase, it is hard to imagine how they could possibly use the data to harm me" and because "we can always stop using the club card [and] fall back on cash, which is safely anonymous").

27   Typically, when such accounts are created the consumer is asked to choose a password to protect access to her name, address, and credit card information, which are then retained by the operator of the Web site. Subsequent transactions are more efficient because the consumer has only to provide the password in order to charge purchases to her credit card; however, there remains some risk that the password protection could be breached.

28   See Lisa Bransten, On-Line Larceny Prompts Venture To Develop Lucrative New Business, WALL ST. J., Aug. 4, 1997, at B7 (describing the genesis of "a sophisticated fraudscreening [software] program" to prevent credit card fraud by "look[ing] at the characteristics of past fraudulent activity and flags transactions that match the profile: for example, when the same credit card number is used by customers with different email addresses, or an order is placed from a location far from the creditcard billing address").

29   See 15 U.S.C. ¤ 1643(a)(1)(B) (1994) (limiting to $50 the consumer's liability for the unauthorized use of her credit card).

30   Proposed Rules: Minimum Security Devices and Procedures and Bank Secrecy Act Compliance, 63 Fed. Reg. 67529-67536 (Dec. 7, 1998). The comment period ends on Mar. 8, 1999.

31   See, e.g., Michael Allen, Privacy Concerns Spark Criticism of Bank Rule, WALL ST. J., Dec. 10, 1998, at B1 (noting that the proposal had "drawn nearly 3,000 complaints" in the three days since it had been released); Proposed Banking Rules Anger Some Customers, USA TODAY, Dec. 11, 1998, at 10B (stating that "[t]he torrent of e-mail [comments] reflects growing anxiety among consumers about banks' use of personal financial data").

32   63 Fed. Reg. 67529-67530 (1998) (paraphrasing Proposed 12 CFR ¤ 326.9(d)(2), id. at 67535). The commentary to these regulations explains that the profile to be used is both system-wide and customer-specific: It "should be based on information obtained both when an account is opened and during a reasonable period of time thereafter [as well as on] normal transactions for similarly situated customers. Without this information, [the] bank is unable to identify suspicious transactions." Id. at 67532.

33   Id. at 67530.

34   Id. at 67530.

Comments regarding this material may be sent via e-mail to STLR.

Copyright © 1999 Stanford Technology Law Review. All Rights Reserved.