Think the National Security Agency (NSA) is the greatest threat to American’s privacy?
The number of data brokers – companies that collect, categorize and sell information about each of us – is mindboggling.
The following story by CBS News 60 Minutes (Mar. 9) got my attention when I noticed that two of the sample sites they were browsing – The New York Times and The Washington Post – were sites that I visit regularly throughout any given day.
As the segment explains, when you are watching your favorite TV show we’re all aware that advertisers pay for time to try and sell us their products. However, when you are visiting websites on the Internet, most of us are very likely not aware that potential advertisers are secretly examining every single click we make, and the data brokers who supply and sell detailed information about us, are watching our every move.
“Today,” 60 Minutes reporter Steve Kroft explains, “we are giving up more and more private information online without knowing that it’s being harvested and personalized and sold to lots of different people… our likes and dislikes, our closest friends, our bad habits, even your daily movements, both on and offline. Federal Trade Commissioner Julie Brill says we have lost control of our most personal information.
Kroft: “Are people putting this together and making dossiers?”
Kroft: “With names attached to it? With personal identification?”
Brill: “The dossiers are about individuals. That’s the whole point of these dossiers. It is information that is individually identified to an individual or linked to an individual.”
Kroft: “Do you think most people know this information is being collected?”
Brill: “I think most people have no idea that it’s being collected and sold and that it is personally identifiable about them, and that the information is in basically a profile of them.”
When you visit a website, Kroft explains, “…you are, in effect, giving them permission to collect any information they want. That’s the standard for consent.”
“No one even knows how many companies there are trafficking in our data,” Brill says.
“But it’s certainly in the thousands,” Kroft points out, “and would include research firms, all sorts of Internet companies, advertisers, retailers and trade associations. The largest data broker is Acxiom, a marketing giant that brags it has, on average, 1,500 pieces of information on more than 200 million Americans.”
What kind of information about us is being collected?
The answer might shock you, as Tim Sparapani, a former privacy attorney and Facebook’s first director of public policy says. “It’s not about what we know we’re sharing,” Sparapani makes clear, “it’s about what we don’t know is being collected and sold about us.”
Kroft says, “Sparapani thinks people would be stunned to learn what’s being compiled about them and sold, and might end up in their profiles; religion, ethnicity, political affiliations, user names, income, and family medical history. And that’s just for openers.
Kroft: “What about medications?”
Sparapani: “Certainly. You can buy from any number of data brokers, by malady, the lists of individuals in America who are afflicted with a particular disease or condition.”
Sparapani: “Yes, absolutely.”
Kroft: “Psychiatric problems?”
Sparapani: “No question.”
Kroft: “History of genetic problems?”
Sparapani: “Yes. Cancer, heart disease, you name it, down to the most rare and, and most unexpected maladies.”
Kroft: “Sexual orientation?”
Sparapani: “Of course.”
Kroft: “How do they determine that?”
Sparapani: “Well, based on a series of other data points they bought and sold. What clubs you may be frequenting what bars and restaurants you’re making purchases at, what other products you may be buying online.”
Kroft: “And all of this can end up in a file somewhere that’s being sold maybe to a prospective employer.”
Sparapani: “Yeah, not only can it, it is, Steve.”
Kroft: “With all this information and your name attached to it?”
Sparapani: “Yes, exactly.”
“Sparapani says data brokers have been flying under the radar for years,” Kroft adds “preferring that people know as little as possible about the industry and the information that’s being collected and sold. But the evidence is there if you know where to look.
“We were able to go online and find all sorts of companies peddling sensitive personalized information. A Connecticut data broker called “Statlistics” advertises lists of gay and lesbian adults and “Response Solutions” – people suffering from bipolar disorder.
“Paramount Lists” operates out of this building in Erie, Pa.,” Kroft shows us “and offers lists of people with alcohol, sexual and gambling addictions and people desperate to get out of debt.”
Sparapani: “No one has ever looked into these lists. In fact, most of this has been completely opaque until just recently. The depths of this industry, the really darkest corners, have yet to be exposed to any light whatsoever.”
The more I watched, the more surprised I became. While the NSA and contractors who work for the government surveillance organization are subject to background checks and must sign a confidentially agreement, there is no known protocol in place regarding data brokers.
But the process of collection goes beyond the regular web sites we may visit. Seemingly innocuous web sites are created for the purpose of collecting specific details about us and our lives as digital privacy expert Ashkan Soltani demonstrates to Kroft.
Kroft: “Take 5 Solutions, a data broker in Boca Raton, Fla., runs 17 websites like GoodParentingToday.com and T5 HealthyLiving.Com, where people can share stories about their families and health. What web visitors don’t realize is that Take 5’s real business is collecting and selling the information.”
Disconnect is a software program created by a former Google engineer for the express purpose of showing who is online at the same time we are, collecting data.
Kroft: “There’s all sorts of people coming on now.”
Ashkan Soltani: “That’s right.”
Kroft: “What’s this stuff?”
Soltani: “So when you visit the New York Times homepage, there are a number of companies on the page that are essentially tracking your visits.”
“When we clicked on NewYorkTimes.com,” Kroft says, “the software revealed the presence of more than a dozen third parties that the website had allowed in to observe our movements.
Soltani: “These are all companies that either place ads or measure people’s behaviors on that site.”
Kroft: “So as you are going through the web, and doing your searching, you’ve got a whole crowd following you?”
Soltani: “That’s right.”
“There were ad networks and marketing and analytics companies,” Kroft says, “measuring traffic and page views and cataloging our interests.”
Kroft: “And some of this information, you think is going to data brokers?”
Soltani: “Oh, definitely.”
Kroft: “Wow, look at that.”
“We found the same thing going on at the 60 Minutes website,” Kroft says, watching a cloud of circles pop up like bugs. “They are everywhere.”
Kroft: “So, they’re really inside your computer?”
Soltani: “They’re inside your browser usually, or your mobile device. Yes.”
Kroft: “And you haven’t necessarily invited them in?”
Soltani: “You’ve not invited them in. And most computers or browsers allow them in by default is the way to think about it.”
Why should we be concerned and what can we do about it? I’ll talk about that on Wednesday.