Safeway Club Card Leads to Bogus Arson Arrest

Richard M. Smith writes "Tukwila, Washington firefighter, Philip Scott Lyons found out the hard way that supermarket loyalty cards come with a huge price. Lyons was arrested last August and charged with attempted arson. Police alleged at the time that Lyons tried to set fire to his own house while his wife and children were inside. According to KOMO-TV and the Seattle Times, a major piece of evidence used against Lyons in his arrest was the record of his supermarket purchases that he made with his Safeway Club Card. Police investigators had discovered that his Club Card was used to buy fire starters of the same type used in the arson attempt. For Lyons, the story did have a happy ending. All charges were dropped against him in January 2005 because another person stepped forward saying he or she set the fire and not Lyons."

A recent story from the UK

[pg133]

Magistrate fined for keeping lost Rolex [telegraph.co.uk]

A magistrate who found a £3,250 Rolex watch in a supermarket and gave it to his wife as a 60th birthday present was fined £600 after being found guilty of theft.

Rowlett, a building surveyor, was caught almost two years later after taking the watch for repair at a jewellers near his home in Poole.

It was identified from its serial number as having been lost or stolen.

Inquiries with Tesco, through its Club Card loyalty scheme records, and receipts of purchases showed Rowlett had been in the shop within two hours of Mrs Scott

Ob Privacy reminder

[Anonymous Coward]

From the CASPIAN FAQ [nocards.org]:

Q. Can club card records be seized by law enforcement agencies?

Absolutely. In fact, law enforcement has already been digging around in people's food purchase files -- which is part of why these records scare me. I personally don't feel like it is a supermarket's place to get involved in catching criminals, and even if I did, I couldn't support the collection of this sort of detailed, intimate information on tens of millions of Americans on the off chance one or two of them might have committed a crime.

Constitutional protections against unlawful search and seizure have (somewhat and so far) succeeded in keeping the government from digging around in the affairs of innocent citizens. But when private companies (like supermarkets) do the digging for them, law enforcement doesn't have to worry about that pesky Constitution. Let the private sector do the privacy violation and all you need is a search warrant to access what you wouldn't have been authorized to collect yourself.

Bear in mind, too, that someday the "crime catching" tables may be turned on you. Say down the road you get involved in a lawsuit and the opposition subpoenas your shopping record. Or an ex-spouse uses your file to show that you're not a fit parent. (After all, what fit parent buys condoms? Or beer? Or cholesterol-laden mocha fudge ripple ice cream?) Once information about your shopping habits is stored somewhere it will hang like ripe fruit; anyone who can get a warrant or a subpoena will have a wealth of information that can be distorted to make you look bad.

The only way to prevent these abuses of your shopping information is to make sure it is never collected in the first place.

Anonymous card

[reflx]

A couple of months ago i visited the US for a few weeks. At a Safeway store i asked for a club card and got one without filling in any form. She didn't even ask, perhaps because she knew i was a foreigner. In my home country all my discount cards are anonymous. I just refuse to give my personal data. Works all the time.

Re:Still thinking?

[Johnny Fusion]

To engage in pure speculation: A possible situation could be that the fire was started by one of his kids. They would've had access to his card

For Safeway, you don't even need the card -- just the phone number the card is associated with. I lost my card ages ago, but just put in the phone number I had when I got the card, and I get my discounts and my purchases tracked. It works all over the U.S. as I have done this in many states.

Re:Your Rights Online??

[ManxStef]

Heh, hit the nail on the head with that one ;) It seems a lot of people here don't realise this - you only need to charge a credit card against it once and the link is made.

Re:Still thinking?

[Skapare]

Most stores will let you provide the phone number in lieu of the actual card. Security is not generally much of a concern, as each usage only benefits the card owner ... it doesn't cost them anything (except when the data is misinterpreted by law enforcement, as was in this case, or other parties, such as your health or life insurance provider who thinks you are buying ... and eating ... too much cholesterol laden, heart artery clogging, foods).

I've never applied for, nor received, any of these cards. I do, however, have a few, obtained from relatives and friends. In other cases I've used their phone numbers, as well as phone numbers of complete strangers. If the phone number I pick out of the blue doesn't have a card (I've gotten about 50/50 on this), the clerk usually lets me use theirs when I act like I'm upset that their computer has lost the data.

FYI, I read the conditions and terms on the application for one of these cards, once. They made it clear they would never sell your name or data for any marketing purposes. But what about others ... like health insurance companies (who might want to know your eating habits)?

Re:Happy ending?

[thomasa]

Sorry, just being charged can ruin your reputation.

I know DBA's in the industry - Just so you know...

[DeanFox]

The only way to make bogus data work, name address, etc. is to use cash 100% of the time.

The moment you tie a member card to a transaction paid by cheque, debit card or whatever, there is now a link between you and the card. From that moment on, that card, bogus data or not, will be linked to you.

That's why many stores don't care if you fill out the application using the name Micky Mouse then you turn around and pay by debit card or cheque. Or a store manager upon asking will give you a card without filling out an application and then you turn around and pay by cheque. The minute the transaction is processed, your profile, the cards data, is updated with the new information.

There's not just one name linked to a card either. Swap with friends and all that does is link another name to the card. They still have records of this person bought this and this other person bought that.

My local store, if all you tell them is you forgot your card, they say no problem and the cashier scans a store card kept at the register. So what? As long as you pay by anything other than cash, a new transaction is created that can be cross referenced back to you. You don't think for a minute that debit card numbers, bank account numbers etc. are *not* part of the member card transaction record?

Member cards were a solution to group transactions by cross reference. One household may have 6-7 methods of paying. One couple has seperate checking accounts, their own credit/debit cards, that's four methods right there. Add different credit cards and now a household may have 7 ways to pay. Member cards were introduced only to help group these transactions into a larger household picture. Household demographics is what they're after, "household" is the holy grail of demographics.

They lost this household demographic when they started to accepted plastic as payment. Ever notice member cards were not introduced until stores started taking CC/Debit cards for payments? They've been tracking purchases for 30 years. Back then, joint checking accounts were common and paying by cheque was the only method other than cash. Back then household demographics was a simplier excerise. It's worth a few cents off an inflated price to incurage you to help them group these new plastic transactions by household.

So, except that the government has caught on that this can be a wealth of information, this is nothing new. Unless you use cash 100% of the time you're not beating the system the way you think you are by filling out the application with false data.

Re:Close call?

[Rinikusu]

I know you might have more faith in the system, but I live right across the river from where the infamous "West Memphis Three" incident happened. Hell, all they had were some dark poems, a couple Metallica albums, and they sent 3 kids up the river, one is still on death row.

It might be "circumstantial" evidence, but never put it past the power of a jury to do the most fucked up stupid things imaginable.

Re:I dont get it

[mbessey]

"If they can get all the info they need from your credit card and check then why do they need the member card to idnetify you anyhow?"

Well, for one thing, the member card provides a link between credit card purchases (which have your personal info) and cash purchases (which would normally be anonymous). If you even once use a credit/debit card with your member card all of your previous and future purchases with that member card are then related to your name & address.

"All I can think of is that somehow the act of getting a member card is an authorization for them to collect that information."

Yes, among other things. Not that anybody ever reads these agreements, but it also gives them the right to sell your name and address, usually.

Re:How did they get the safeway info??

[dwdyer]

According to the Safeway Privacy Statement for their card, all the cops have to do is ask nicely for some specific question:

Safeway may disclose personally-identifying information in response to a subpoena, court order or a specific request by a law enforcement agency, or as required by law.

Re:Very Close Call IMHO

[Vox Humana]

Here in Illinois, 50% of those on death row were proven by genetic analysis to be innocent of the crimes of which they had been convicted.

That's an incredible number. Do you have references to back it up? The only numbers I can find online are for around 12-16 exonerated, with about 150-160 on death row ( CNN [cnn.com], BBC [bbc.co.uk] .) Of these, it would appear several of the exonerations were not due to DNA evidence, but by evidence being brought to light by outsiders. That being said, even a 10% erroneous conviction rate is unnacceptable. If you can demonstrate a 50% error rate, I can't imagine anyone maintaining a pro-death penalty stance. It would certainly be a slam dunk for me.

Re:Close call?

[linuxtelephony]

If someone knew his phone number, they could have punched it into the system and voila, his safeway card was used for the purchases!

A smart defense attorney should have been able to point that out.

Now, if Safeway had video surveilance of everyeone that purchased something, and could link the picture to the transaction, then there'd be evidence. Lacking that, the use of a discount card, especially at safeway, is useless as proof that someone did something.

Re:Very Close Call IMHO

[zsazsa]

The 50% on death row exonerated figure is indeed incorrect. Instead, the figure is that in a period of 12 years, more people on death row in Illinois were exonerated than put to death. From the CNN article you linked to: In the last dozen years in Illinois, 12 men have been executed, but 12 others once condemned to die have been exonerated -- three this year.

The number exonerated went to 13 when Gov. Ryan put a moratorium on the death penalty, and ultimately commuted the sentences of everyone on death row to life without parole (source [cnn.com]).