It's a daily ritual that's best performed over an open trash can -- murdering the mail. You have to cull through reams of unrequested catalogs, brochures, fliers and other solicitations to rescue the mail you actually want before committing the left-over marketing literature to the circular file.
There's no "opt-in" for snail-mail marketing; here, your address is fair game for anyone who can get hold of it, unless you care to waste more time demanding to be taken off mailing lists. What's worse, the United States Postal Service, and its national database of permanent address changes, is actually a quiet contributor to the proliferation of physical spam.
This year the USPS estimates it will earn $5.2 million by licensing change of address data to private sector companies, keeping junk mailers' address books up-to-date. And that doesn't include the fees the USPS collects -- at 50 cents a pop -- from every piece of mail it forwards that's labeled "Address Correction Requested"; the post office alerts the senders to the new address. In doing so, it plays a role in making sure that all the marketing literature you never wanted in the first place, follows you wherever you go, whether you want it to or not.
"We do not sell mailing lists!" says Postal Service spokesman Gerald Kreienkamp, emphatically. Sell lists? No ... well, not exactly. The post office won't directly sell your address to junk mailers the way spammers might harvest and sell e-mail addresses on CD -- but, if you fill out a change of address card when you move, the USPS will make money making your new address available to anyone who had the old one.
In the last four years, the General Accounting Office has twice investigated the Postal Service's methods of handling change of address and found that the USPS is not being as careful with our personal data as it could be. But while 18 states and the federal government have enacted or are considering legislation to contain junk e-mail, there's been no public outcry, much less legislation, about the USPS change of address database. It's all the more surprising since what's at issue is how a government organization -- remember, "We, the people" are supposed to control those? -- is handling or potentially mishandling our personal information.
It would seem that we just don't get as up in arms about physical junk mail as we do about spam. Maybe we're so used to the snail-mail form, that we don't register it. Or, perhaps junk mail is just not as annoying as e-mail spam, since unlike the electronic kind which pops frenetically into our e-mail in boxes in a disturbing cacophony of interruptions, we only have to deal with the postal kind once a day.
Tom Geller of Suespammers.org says it's the cost of e-mail spam that galls: aside from the time sink, we pay in hiked up ISP prices, hotel phone charges, wireless modem charges. With junk mail, the financial cost is borne by the sender.
Nick Nicholas, director of policy and communications for the Mail Abuse Prevention System, a California non-profit, thinks that it's the invasiveness of e-mail spam that's sparked the outrage about it.
"Spam invades the inner sanctum. People have their computers in their bedrooms or their offices. This is definitely a private space. It's not just a box hanging outside your house," he says. But he believes that the fight against e-mail spam has caused a new awareness of other forms of invasive direct marketing; he predicts a "backlash" against other forms of direct marketing when all the spam legislation gets hammered out. "People are becoming mobilized over this issue."
"Direct marketers have been invading people's privacy for years, but it hasn't been very visible," says Jason Catlett, the privacy advocate behind Junkbusters. "Now, since spam and cookies and the other means of data gathering have been put literally in front of people's faces, they're becoming more aware of the machinery working against them."
And the United States Postal Service is certainly part of the machinery that delivers your daily junk mail. Imagine the outcry if every time you changed e-mail addresses, your ISP handed out your new address to anyone who had the old one. That's kind of what the USPS does with your home or work address. "If you have a reason for not wanting anyone to know where you are, the post office is not your friend," says Bob Gellman, a Washington privacy consultant.
Here's how the change of address process works: You go to your neighborhood post office to fill out a change of address form. A notice on the black-and-white "Official Mail Forwarding Change of Address Form" reads: "Privacy Act: Filing this form is voluntary, but your mail cannot be forwarded without an order." Translation: File this form or your old mail will end up in the dead letter office. But the next sentence of this disclaimer is where it gets tricky: "If filed, your new permanent address will be provided to individuals and companies who request it. This will occur only when the requester is already in possession of your name and old mailing address."
So in order to get your mail forwarded you're effectively agreeing that anyone who ever had your old address can have access to your new one. Your name and new address will be added to the massive National Change of Address database, containing some 117 million entries (about 44 million changes of address are added annually). There your name and address will sit for three years. The National Association of Realtors reports that the median number of years U.S. homeowners stay in a house is six. If you move every six years, you'll be in the USPS database half your life; if you're the transient type, your data might be available through the USPS pretty much all the time.
But the USPS isn't selling that data, right? No. But around 300 companies pay $10,000 a year to the USPS for a product called FastForward -- essentially a database kept in an encrypted drive that contains the last eight months of the National Change of Address data within it. Customers of FastForward can't actual see the USPS data; they can just compare names they already have on mailing lists, and pull out the new addresses of matching names.
More disturbing is the system that allows 22 commercial licensees, essentially list cleaners, to take a mailing list, check it against the National Change of Address Database and serve up the new addresses for a fee. Each of these licensees pays $100,000 a year to the post office for access to the full database.
Finally, there's the most direct approach; any mailer can print under the return address on a piece of mail: "Address Correction Requested" and pay 50 cents to be notified of your new address. Ever noticed those little yellow stickers that display the forwarding address on forwarded mail? The company requesting such a correction, gets a card with the same kind of sticker on it.
The post office says it saves millions by expediting mail through the National Change of Address program; it saved an estimated $1.2 billion in "rehandling costs" associated with forwarding mail in fiscal 1998 alone.
And who can argue with a government agency saving that many tax dollars? But where the ethics of the whole National Change of Address program get blurry is in the handling of the sensitive address information itself.
The licensees of the NCOA address database are explicitly forbidden from doing anything with the lists besides updating old mailing lists; they're not allowed to market valuable lists of new movers -- the folks who have yet to bond with a local dry cleaner, pet supply store, etc. And the USPS does take steps to enforce this, by "seeding" its database with fake names to tip it off if the information is being resold.
But, that doesn't stop "new mover" lists from appearing. "How the National Change of Address program works is perfectly clear," says privacy consultant Gellman. "If you file a change of address card with the Postal Service, your name will end up on commercial lists of new movers as a direct result of that action. The NCOA is one of the biggest generators of junk mail in America, and the postal service is co-conspirator with junk mail America in this endeavor."
Because the Postal Service itself admits that it has no way to control what the customers of those licensees -- the companies interested in getting your new address, who pay to have their lists updated -- do with the information. So, a direct marketer could easily take a list to be "cleaned" and then turn around and sell all the names on it as a "new movers" list.
It's illegal, under the Privacy Act of 1974, for the government or its licensees to market the names of "new movers," but the post office washes its hands of what the customers of its licensees do with this data that's been collected by the government for the purpose of forwarding mail.
"On the issue of whether the Postal Service should explicitly prohibit the creation of new movers lists by the customers of our licensees, we continue to hold the opinion that the Postal Service has neither the legal authority nor the practical ability to regulate how the owners of mailing lists may use those lists once they have been matched against the NCOA database," wrote Postmaster General William J. Henderson, in a 1999 letter to the director of Government Business Operations Issues, responding to a General Accounting Office report looking at the matter. Not only privacy advocates but the government's own audit of the program disagree.
Two reports from the United States General Accounting Office -- "U.S. Postal Service: Improved Oversight Needed to Protect Privacy of Address Changes" (1996) and "U.S. Postal Service: Status of Efforts to Protect Privacy of Address Changes" (1999) -- found that the post office did not adequately seed or enforce the terms of its contracts by terminating contracts with licenses found to be abusing the data. A spokesman for the Postal Service says that it has terminated one licensee for misusing National Change of Address data.
Basically, the Postal Service has a Kathie Lee Gifford problem. Like a sneaker company that contracts with companies that then contract with sweatshops to sew its shoes, the post office claims it can't be held responsible for what happens to the data entrusted to it, beyond one degree of separation. Apparently, it's happy to do whatever it takes to keep the flow of mail moving, as long as it saves money -- and it doesn't appear to be taking concern about its data-handling practices too seriously.
"Everybody has a paranoia about the government keeping any sort of database," says spokesman Kreienkamp. "There are always people out there who think the government is keeping tabs on us." He adds that railing against the post office for what ends up in your mailbox is simply a case of "blaming the messenger for the message."
But why should information that is given to a government agency be resold without consent of the addressee? Couldn't the Postal Service make the NCOA database an opt-in part of changing your address? Why can't the snail-mail postal world learn something from the Net marketers who let you choose whether to receive mail from them?
Until it does, we might want to take the advice of Bob Bulmash, founder of Private Citizen. He suggests telling the post office its a temporary change of address -- even if it's permanent -- as a hack to avoid the government's leaky system. Indicate that your return date is 364 days later -- the USPS only forwards mail for a year anyway -- so you'll get all the benefits of having your mail forwarded without potentially compromising the privacy or your address. "The post office is not anxious to tell people how to prevent junk mail," he says. "The post office is not here to protect your privacy."
Alternatively, couldn't the NCOA database and FastForward simply alert mailing list owners that addresses are no longer valid -- but not give up the new address?
At the very least, the post office could do more to inform consumers about what happens to their new address when they fill out a change of address form. "The Postal Service needs to make better disclosure of what theyre doing," says Gellman.
Imagine the outcry if spammers could consult a central government database to find the new e-mail addresses of anyone whose old address they already had. Whitehouse.gov would surely be mail-bombed in protest. Maybe the new awareness about privacy online will make us more aware of the privacy issues around our old-fashioned mailboxes.