EagleTribune.com, North Andover, MA

October 7, 2012

Who owns your identity?

Digital data mining spurs efforts to curb use without permission

By Aisha Sultan St. Louis Post-Dispatch
The Eagle-Tribune

---- — ST. LOUIS — Robert Cole helped a friend learn about his diabetes. Cole, of Ferguson, Mo., searched online, printed out some articles from his computer and passed along the information.

About six weeks later, Cole began receiving advertisements in the mail and online for diabetes testing supplies.

He was alarmed by the connection.

Cole, 65, who has no history of the disease, launched into a personal investigation several years ago about who owns his identity and personal information and began evangelizing to his family and friends about the way individual data is mined and potentially used.

He’s not alone in worrying about how his digital moves are being tracked. New efforts are under way to help individuals regain some control of how their information is collected and shared. And new research suggests people are beginning to take steps to protect their privacy online and on cellphones.

Cole called the firm that mailed him brochures to find out how it obtained his name and address, but he was unable to get an answer. Eventually, he filed a complaint with the Privacy Rights Clearinghouse in San Diego and tried to contact the American Civil Liberties Union to find out who had the right to access and sell information about him.

“Am I in somebody’s database as a diabetic? Because I’m not. I don’t even know how to correct that,” he said. What if he applies for life insurance and is rejected based on a faulty profile? he asked. Could he be charged higher premiums or be denied credit because of what he types in his emails or in Google searches?

Automated bots sweep the Web for consumer information, and websites use cookies and browser fingerprinting to follow users across the Web, while third-party data brokers sell users’ projected online behaviors in real time.

Laura McCarthy Jarman, 30, of St. Louis, said she noticed when she was planning her wedding in the spring that most of the ads she saw online were related to weddings. “It was just so bizarre,” she said. “You feel like your computer is reading your mind.”

She ended up installing an ad blocker, which struck her as ironic given her own job in public relations and marketing.

It made the time she spent online much more enjoyable, she said. While she was motivated by both convenience and privacy concerns, she said, she can appreciate why collecting the information is important to help businesses and can be useful for some consumers.

Cole has a more philosophical objection.

“I have an issue with how someone can sell my name without my acknowledgement or agreement,” Cole said. If someone is profiting from selling personal information about his behavior online, he wants a cut of it.

George Blake, a retired newspaper editor in Atlanta, is hoping to attract millions of consumers who share Cole’s logic. Last month, he launched two privacy-related websites based on what he believes is a pent-up public demand for taking back control of personal data.

One of his sites, Money For My Data, lets individuals sign up to allow companies to sell collected data and take periodic surveys about interests and future purchases. Individuals can decide which pieces of their consumer profile they want shared with companies interested in targeting them for ads, Blake explained. His company will package and sell the data or work with data accumulators on sales the users have permitted. His goal is to have individuals get a percentage of the profit from the sale when their name is included on such a list.

“Data is the new world currency,” he said. “People need to claim ownership of data in critical mass.” Blake believes that attaching a monetary value to an individual’s personal data will help bolster legal arguments protecting consumer privacy rights.

He’s also working on a registry to allow users to opt out of being tracked online, although an international body, the World Wide Web Consortium, also has been working on Do Not Track standards for nearly a year.

The consortium’s proposed Do Not Track option will let users choose in their browser preferences a setting that indicates that they do not want websites and ad networks to track their browsing behavior. What businesses will need to do to comply with these standards is still being negotiated.

Microsoft said recently that Internet Explorer 10 will include the anti-tracking setting as a default, but the Apache Web server, which powers 60 percent of websites worldwide, responded by declaring it would ignore the Do Not Track request from all Internet Explorer 10 browsers because it was set as a default and not expressly chosen and set by a person.

The Privacy Rights Clearinghouse, a nonprofit advocacy organization, has received 526 consumer complaints since the start of the year. The most common complaint topics relate to: medical privacy; workplace issues such as employment background checks and workplace surveillance; online data brokers and the availability of public records online; data sharing practices by small businesses; and unwanted phone calls that are difficult to stop, according to spokeswoman Amber Yoo. Most of the complaints have a technology element, she added.

Media coverage of high-profile, privacy-related news this year may also be raising awareness and concern about privacy issues, she said.

The White House issued its Consumer Privacy Bill of Rights, the Supreme Court limited police use of a GPS tracking device to track suspects and the Federal Trade Commission fined Google $22 million for violating the terms of Safari’s privacy protections.

Aleecia McDonald, a privacy researcher and fellow at the Center for Internet and Society at Stanford Law School, says her work on users’ understanding of digital behavior and privacy reveals a significant knowledge gap.

“They think they are protected by laws that don’t exist,” she said. Many people don’t realize that third parties can track them across the Internet and are invisible to them. Others don’t realize that ad content is influenced by what they write in emails.

But despite the perception that technology has somehow diminished the desire for privacy, McDonald found that different generations expressed different areas of concern. Those ages 18 to 25 wanted to protect their data from their parents and certain peers. An older demographic was more concerned about protecting data from employers, and those over 65 did not want their children to have access to all their information, especially on health-related issues.

“Privacy issues have been with us as long as we have been writing things down,” McDonald said. But sharing information and creating a sense of community is also something we value, she added.

Cole, who is especially concerned about insurance companies’ mining of health records, says the trade-off isn’t worth the price. He refuses to engage in Facebook or other social networks.

But that all-or-nothing approach doesn’t work for most people.

“Many of the potential harms with personal information being shared with third parties go unnoticed and are hard to track,” said Mary Madden, a senior researcher with the Pew Internet and American Life Project. “There is this black box of data, and consumers are not sure what’s inside.” And when there is a harm, she asked, how do you prove that it can be traced back to what was collected from a Facebook page, Google search or cellphone app?

A Pew study released earlier this month showed that among cellphone users who download apps on their phones, 57 percent said they had uninstalled or refused to install an app because of to privacy concerns.

An earlier Pew report found that more people were removing certain information from their Facebook profiles than two years ago. More users reported removing certain friends, deleting comments, untagging photos or restricting access to their profiles.

Online behavior profiling and data analysis have become sophisticated enough to prompt some people to wonder whether our machines know us better than we know ourselves.

McDonald, the privacy researcher, recalled a man she talked to during her research. He was concerned that he was getting ads for divorce lawyers on his browser.

“Do I have some risk factors I don’t know about?” he asked.