X

In the world of Big Data, privacy invasion is the business model

Apps snooping on your address book, sneaky ad cookies, and social networking are bad. But the real privacy demon is the shadowy data brokers slurping up every last byte about you.

Molly Wood Former Executive Editor
Molly Wood was an executive editor at CNET, author of the Molly Rants blog, and host of the tech show, Always On. When she's not enraging fanboys of all stripes, she can be found offering tech opinions on CBS and elsewhere, and offering opinions on everything else to anyone who will listen.
Molly Wood
4 min read
BeenVerified.com: data brokers like this are a much bigger privacy threat than Facebook.
Trust me: this is a much bigger privacy threat than Facebook. CNET,Screenshot, Molly Wood

Recent weeks have seen a lot of (overdue) talk about privacy and technology. There was the flap over Path and other mobile apps uploading your phone's address books to their servers without your permission. A follow-up story noted apps might be able to slurp up photos and their location data on iOS, too.

There was the discovery that Google overrode some cookie settings in Safari in order to track users for ad serving. And Congress is still figuring out a response to last fall's concerns over software on phones that could share your location or other data without your knowledge.

Just this week, there was news that Twitter sold a huge archive of tweets to a data broker recently, amounting to a treasure trove of behavioral, location, and social connection data that nearly 1,000 companies are lining up to license. That archive, by the way, probably includes tweets by you that you can't even access--they're not searchable, they're just salable.

 
DataSift.com: tracking your tweets, a billion at a time.
DataSift.com: tracking your tweets, a billion at a time. CNET,Screenshot, Molly Wood

Privacy invasion is the best business model in the information economy. Companies will increasingly stop at nothing to get your information and sell it to whomever is buying. And some of the worst offenders--data brokers you've never even heard of--seem to be inspiring the companies and apps we use every day to emulate their shadowy data-gathering behaviors.

Most people still don't even know data brokers exist--the hundreds of companies that are constantly hoovering up every last scrap of information about you, your friends, your habits, your health, your relationships, your home, and your money. They sell and trade your information all over the world, every day, and there's very little you can do to find out what data they have and how to stop them from collecting and selling it.

"It's like having a secret Facebook profile that you can't see and you can't do anything about, but it's way more detailed," says Sarah Downey, a privacy analyst at Abine Software.

These data brokers and "personal search" companies like Spokeo and BeenVerified collect publicly available information about you and sell it to other companies. Those other companies could include other data brokers, companies conducting background checks for employment or other reasons, private investigators, or marketers. Downey says their customers and their methods for collecting and sharing information are largely unknown. But more than 180 companies exist just to scrape and sell your data.

While social information on Facebook, a trove of tweets, or even ad cookies might be a privacy concern, says Downey, "a lot of their data is for marketing, but with data brokers, you're talking about people's core personal information. It's stuff that will directly lead a stalker to your front door, and that's why it's more important."

Or is it more important? Security expert and chief security technology officer at British Telecom Bruce Schneier thinks the marketing-based data push is just as big a problem. And I agree: the allure of all that irresistibly valuable information is pushing the entire information industry to act increasingly like shady data brokers. Google's cookie evasion techniques, for example, and mobile apps' wanton use of personal data (from address books to location information) look an awful lot like large-scale, surreptitious data-sucking.

In fact, at the RSA security conference in San Francisco this week, Schneier said he considers "big data" his No. 1 security concern.

"Threats to Internet freedom, privacy, and openness don't come from the bad guys [criminal hackers]," he said. They come from companies that collect, aggregate and use personal data of individuals, like ChoicePoint, Amazon, Google, Facebook and the "entire marketing ecosystem."

If data brokers emerged because they found they could make money selling personal information, marketing-based companies like Google, Facebook, and others are happily following in their footsteps.

That's why, despite the efforts of organizations like the GSMA, the concept of privacy by design in software and app development may be a doomed initiative. Privacy by regulation may be the only way.

Downey says President Obama's recently proposed Consumer Privacy Bill of Rights could be a step in the right direction--if it becomes law, and not just a set of murky guidelines. And passing an actual law allowing consumers to opt out of the moneymaking mojo of these big, job-creating business plans seems unlikely. (Meanwhile, let's be honest, our government is among the worst data brokers of them all.)

 
The Consumer Privacy Bill of Rights: can it help?
The Consumer Privacy Bill of Rights: can it save us? CNET,Screenshot, Molly Wood

Plus, as Schneier points out, "companies will use their lobbying force to resist any legislation." Google, Facebook, Apple, Amazon "are very powerful and using their muscle to fight changes that hurt their industry," which is advertising.

"We're going to see more of our data out of our control," he warns, and says it will only get worse as computing goes increasingly mobile, and cloud-based.

Downey, the privacy analyst, suggests the FTC could go a long way by setting up a one-stop shop for opting out of data collection by, at least, U.S.-based data brokers. That way, once people find out that data brokers even exist--something very few people realize, even now--they could at least take one simple step, as with the "Do Not Call" registry, to try to be removed from the grid. Yes, please!

Right now, opting out is a complicated maze that could involve visiting dozens, if not hundreds, of sites yourself and looking for opt-out choices. Plus, Downey reports that in many cases, the companies just put the information right back up a few months later.

Meanwhile, it's absolutely ludicrous that the U.S. can't provide us with privacy and data protection laws that are at least as strict as those in Europe. It's our job to keep the pressure on, as users, the media, and constituents, and try to get our voices through the din of the lobbyists. We're moving very quickly toward a very dangerous status quo--I just hope we're not too late to change it.