Why is Everyone Upset with RadioShack?

The following is a position paper that I wrote in April of 2015 To set the timeline, this was merely weeks if not days after RadioShack announced that it was selling it's customer information database, which came shortly after it's bankruptcy. You know, that database that was assembled with the information demanded of you at the register every time you stopped in to grab a pack of batteries. This is in spite of their policy that they would never sell that information without your consent (emphasis mine).

While not at all unprecedented, the sale of customer data in bankruptcy is still uncommon in the public eye. In 2011, Ann Arbor based Borders Group did the same in its bankruptcy, although the coverage of it wasn’t quite what it is today. Other similar sales were given even less coverage. However, when RadioShack recently announced that it was selling its customer information database in its bankruptcy proceedings, there was a huge outcry across the Internet. While the legality of this sale has yet to be decided in many courts of law, the ethical ramifications are clear. The American people are against the sale of personal information, and RadioShack’s recently published privacy policy clearly stating that they wouldn’t sell your information makes this all the worse.

The Pew Research Center recently posted a study titled “Public Perceptions of Privacy and Security in the Post-Snowden Era.” Among the startling statistics posted in the results, 91% of adults agree or strongly agree that they have lost control over their own personal information and how it is collected and used. 88% believe that it would be difficult if not impossible to remove incorrect data about them online. And only 36% of people agree with the statement “It is a good thing for society if people believe that someone is keeping an eye on the things that they do online.” There are dozens of other very clear points, and they all paint a very clear picture. The people want their privacy.

A little more than a month ago, the former technology heavyweight RadioShack, filed for bankruptcy after 94 years in business. Founded in Boston by brothers Theodore and Milton Deutshcmann, the company rose to fame along with the growing radio and hobby electronic scenes that they loved and fostered. In its lifetime, RadioShack sold over 73 million cellular phones, which people today probably know it best for. In addition to the impressive number cellular phones, they also were sales leaders in Walkman radios, CD players, beepers, satellite dishes, and do-it-yourself electronic kits. Those kits were no small part of my early love of technology, and helped lead to my first career in electronic repair, and my second career in IT.

Not too long after RadioShack filed for bankruptcy, it was announced that they would be auctioning off their customer database. RadioShack filed $1.2 million in assets against $1.38 million in liabilities between 50,000 and 100,000 creditors. Viewed by RadioShack as a very strong asset, this database contains information on 65 million customers. Every time that you shopped at RadioShack and were hassled for personal information in order to buy a cell phone charger or coax cable splitter, you have contributed yourself to this database. This information includes customer names, physical addresses, and email addresses at a minimum. The information may also contain phone numbers and information regarding shopping habits, but that is unclear at this point. In addition to the customer information database, Standard General will be acquiring up to 2,400 RadioShack stores.

 The company who was recently approved for purchase of this information database, Standard General, bills themselves as a “New York-based investment firm that manages event-driven opportunity funds.” The company was founded in 2007 and has been SEC-registered as an investment advisor since 2009. They claim to primarily focus on “public and private pension plans, endowments, foundations, and high net worth individuals.” The company is led by three partners and their Chief Financial Officer/Chief Compliance Officer. It is also worth noting that Standard General is RadioShack’s largest shareholder.

So the first question that comes to mind is whether this is a recent development, or is this something new? I was both surprised and unsurprised to see how often and how far back it has happened. As far back as 2000, CNET ran a story talking about some of the players in this game. At the time of the article, Boo.com, Toysmart, and CraftShop.com have all sold, or were attempting to sell, their customer databases in bankruptcy proceedings. The article also talks about a company called Truste, which specialized in Internet Privacy and was described as a “Good Housekeeping Seal of Approval” for the Internet, and how Boo.com and Toysmart had once earned Turste’s “seal” as a company in good moral standing.

The first time that the Federal Trade Commission (FTC) acted against a company was in 1998. At that time, the FTC forced GeoCities to post a notice regarding privacy after it decided that the site misled people by asking people to provide personal information that it shared with marketing companies later on. While it was not a bankruptcy fire sale, it did start to establish the precedent of the FTC acting. But in this instance, a legally mandated notice is hardly comforting to those who have had their data sold, and not at all punishment for a company that has already greatly profited from its actions.

In one case that did see significant public and legal scrutiny, the 2011 bankruptcy of Borders Group. When Borders Group filed for bankruptcy, the second largest chain of book stores at the time wished to sell its customer database. In this case, the FTC again sought protection of the personal information that was put on the auction block. Like RadioShack today, Borders promised its customers that it would not share the information that it collected without consent. The FTC insisted that the sale only be allowed to move forward with either the consent of Borders customers, or significant restrictions on the use of said information. These restrictions were that the purchaser of said data was in the same business, the information cannot be sold as a single asset, and that they honor the existing privacy policy of Borders Group, conditions consistent with the prior case law of FTC vs. Toysmart. The strong conditions placed on Toysmart made such a sale impossible at the time, and their database was ultimately destroyed.

So the sale of customer information through bankruptcy is obviously not without precedent, as many companies of different sizes and industries have already done so. But the backlash against RadioShack comes from their privacy policy. In their online privacy policy, RadioShack claims such things as “information about you specifically will not be used for any purpose other than to carry out the services you requested from RadioShack and its affiliates. All of our affiliates have agreed to maintain the security and confidentiality of the information we provide to them.” They further claim that “we will not sell or rent your personally identifiable information to anyone at any time,” and that “we will not use any personal information beyond what is necessary to assist us in delivering to you the services that you have requested.” Can an argument be made that selling your personal information to Standard General is necessary to carry out services paid for by all of its customers over the years?

How about their in store privacy policy, which the online policy goes to great lengths to differentiate itself from. Does this policy posted in stores under the title “We Value Our Relationship” open the door to this sale? It’s difficult to say today as I was unable to find a copy of said policy anywhere online, though the general consensus in the numerous articles that I read through is that it is indeed similar. But even if its language was more favorable to the sale of data, what would the value be if online and in store data were forced to be separated?

So is RadioShack being unfairly singled out this time around? An article published on the web site Ad Age says that it is “much ado about nothing.” The article quotes the founder of Retail Growth Fund, Justin Yoshimura, about the firm’s involvement in such cases. Retail Growth Fund is a private equity fund that has acquired assets from bankrupt companies such as Delia’s, Cache, Deb Shops, and Wet Seal. Yoshimura claims that customer lists were involved in the asset acquisition of all of these companies. The article also quotes Robert Braun, partner and co-chair of the privacy information management and data protection group of the Jeff Mangels Butler and Mitchell law firm. Braun says that “information is like any other asset that is owned by a company, and a bankruptcy court has the duty to maximize the recovery of assets by the creditors of a company,” and that bankruptcy courts have a lot of leeway in the pursuit of this goal.

As has been previously demonstrated, the FTC has acted against sales such as these, but this time it is not the only entity challenging the sale. Texas Attorney General Ken Paxon is on the record stating that Texas law prohibits the sale of “personal information in a way that violates their own privacy rules.” Paxon further states that the sale may affect as many as 117 million people, substantially larger than the 65 million stated elsewhere. Attorney General Paxon has not minced words and presents his stance in a way that is not arguable.

Joining in with his colleague in Texas, the Attorney General for New York has also stated that his office will take “appropriate action” if the sale goes through. Attorney General Eric Schneiderman has stated “my office will continue to monitor RadioShacks bankruptcy sale and whether it includes auctioning off private customer data. We are committed to taking appropriate action to protect New York consumers.” Attorney General Schneiderman is also very clear in his stance, though he does yet appear to state which, if any, New York laws that RadioShack is in violation of.

And finally, AT&T has challenged the sale of this data, stating that RadioShack is not entitled to the data collected through the sales of AT&T wireless devices in RadioShack stores. AT&T clarifies that RadioShack acted as an agent of AT&T and therefore does not own that data. AT&T is primarily concerned that such data will fall into the hands of its competitors, which is exactly what would happen if Standard General is able to proceed with reopening RadioShack branded locations with a competing carrier. Because of this, AT&T wants this data destroyed.

When RadioShack filed for bankruptcy and decided that it would try to sell its customer database, it couldn’t have imagined the backlash that it caused. If you search online for stories about this topic, you’ll certainly find dozens if not hundreds of stories about RadioShack. Interestingly, you’ll find very little about the many other companies who have done the very same thing over the years. The Internet, and society as a whole, often appears to be largely apathetic and more interested in celebrity gossip and professional sports than issues in the news, but then there are stories like this that come along. Whether it was the perception that RadioShack went above and beyond other companies in going back on it’s policies, if it was just one too many stories in the news detailing how our privacy is being whittled away, or another not so clear reason, RadioShack has been on an unappreciated receiving end of of the public’s anger.