The curious thing to me about the Facebook apps ‘leaking data’ story is not that’s its happening, but rather the low levels of digital literacy (or the fact that this has been happening for years) by the public:
Many of the most popular applications, or “apps,” on the social-networking site Facebook Inc. have been transmitting identifying information—in effect, providing access to people’s names and, in some cases, their friends’ names—to dozens of advertising and Internet tracking companies, a Wall Street Journal investigation has found.
The issue affects tens of millions of Facebook app users, including people who set their profiles to Facebook’s strictest privacy settings. The practice breaks Facebook’s rules, and renews questions about its ability to keep identifiable information about its users’ activities secure.
The difference in the past was that the cost of acquiring this data was substantial enough to make it not worth the effort. The amount of data freely available and the decreased cost of computing power make it a trivial effort. This is only going to become more prevalent as online providers look to monetize the sale of data. The problem is that data is being used in ways that the average internet user cannot comprehend, and therefore cannot make an informed decision to opt-in or opt-out.
I wrote about RapLeaf, one of the companies included in this ‘leak’:
An individual may request information taken down for a given email address by emailing firstname.lastname@example.org.
Additional, individuals can elect to have their information opted-out from Rapleaf’s database by following these steps:
1. Email email@example.com from the email address requesting to opt-out. Rapleaf will then email back an opt-out form to confirm the email address.
2. Print out this customized opt-out form, fill it out, and mail it to the following postal address:
Attn: Opt-Out Request
657 Mission Street, Suite 600
San Francisco, CA 94105
Rapleaf will then quickly follow up with a confirmation email. All relevant information pertaining to this opted-out email address will also be removed.
Will there attempts at mollification be enough? Will Facebook, MySpace, LinkedIn and the other networks that Rapleaf uses close of their API (Application Programming Interface) to Rapleaf and Trustfuse, denying them access to the data that makes them run?
Here is what I wrote a while ago about my experience with marketing databases:
When I worked for Saturn (at a local retailer) I was dismayed by the Automobile Dealers’ idea of successful marketing. The typical ploy went like this – go to your marketing firm, pick a geographic area, set a range for desirable credit card scores, refine the population list by score, design and drop a mailing, and go. The typical mailing promised some kind of schmeeke, where you got some worthless trinkets or a chance at winning a car (which I’m sure was run in a fair and transparent manner) and maybe, maybe, some small percentage of the people walking through the front door would buy a car. See, the point of the advertising wasn’t to find people who want to buy a car – the point of the advertising was to increase floor traffic. The standard maxim is that you can close (get someone to agree to buy 33% of the time). So, if you get 300 people through the door, you should sell 99 cars. If you want to sell more cars, you need to get more people through the door. Supply side economics at its finest.
The whole arrangement seemed wasteful to me, and I was sure the better information was available that could be used in different ways. In my position as Financial Services Manager, I maintained my own databases, and often manipulated the data to reveal trends that might normally escape notice. In looking at these, comparing it with what I had observed in my interviews with customers, viewing credit reports, and aggregated loan and credit bureau information, an increasingly clear profile of our customers became clear.
For example, the way sales cluster around certain “hot spots”, or how certain cars ALWAYS were traded in (Taurus’, Luminas, Sentras, Pulsars, Tempos, Sundances, etc.). Surely there had to be some pattern that could be exploited. I then came across the Polk Dealer Marketing Manager (PDMM). It appears that PDMM is now the Polk Data Enhancement Service:
Polk’s Data Enhancement Services can help you understand your customers better—where they live, what they earn, what they enjoy doing and what their households look like. This will allow you to further segment your markets, and more directly target your marketing campaigns toward the people who most resemble your current client base.
R.L. Polk , for those who don’t know, is one of the originators of database marketing. If you’ve bought a product and it had a warranty card inside, odds are it went back to R.L. Polk. The data they collected included age, ethnicity, income, household size, whether you rented or owned your home, automobile ownership status, employment status, lifestyle indicators, responsiveness to direct mail campaigns, hobbies and interests, and other demographic indicators. R.L. Polk went a step further by merging this data with other data that they had access to (the dealer didn’t have access to this raw data) including credit reports, vehicle registrations, and bankruptcies. This in turn was appended to the dealerships own databases.
By using the appended database, one could see how cash, finance, and lease customers differed. You could see how many owners self-responded that they prefer to read books, play video games, watch movies, or play sports. You could see who had a computer, or a pet, or a second home. You could see who had adult children at home who may need a car in the near future. The possibilities were limited only by our imaginations and creativity.
In the end, we found the project to be minimally useful, primarily because the two dealerships did not have a significant owner-base to begin with, and secondly because Pennsylvania is a closed-records state for vehicle registration, meaning that one of the primary data-sources was unavailable. Had that been available, we could have profiled our customer demographic, selected people who were similar and had a high affinity for purchasing a Saturn, and further refined that based on where someone was in the automobile purchasing cycle (recent college grad, young adult, first time buyer, satisfied conventional finance loan, or lease expiration customers). The hope, which was not meant to be, was that we could refine the list to get the best leads and to count on a supply of an extra ten to twenty cars per month (with one sale more than covering the break-even for the service).
Also, here’s something I wrote on the Great Orange Satan (in 2005) about Choicepoint and data theft:
As we should all know by now, (hundreds?) of thousands of individuals may have had their personal information compromised via a theft from ChoicePoint. CP initially thought they got lucky, and disclosed the California thefts (as they are required by Californian law), however, it looks like the thefts are of a much greater scale.
So what? I don’t do business with Choicepoint. Have you flown anywhere since 9/11? Been arrested? Done anything that might arouse the suspicions of the Federal Government? Applied for a job? Cashed a personal check at a retailer? You may not realize it, but you HAVE done business with Checkpoint.
Their clients include law enforcement, Homeland Security, fraud prevention,credentialing information, and pre-employment screening. ChoicePoint is doing a lot of the data cruching that develops “actionable intelligence” for the FBI and other law enforcement agencies as well as administrating the “No-Fly List”. Never mind the interfaces with public life? Volunteered to work with the Boy Scouts? That’s the tip of the iceberg…there’s plenty more that they’ll be able to do. In this day and age of fear and loathing, the government has spent millions on greating dossiers on each and every one of us. There’s money to be made…my personal profile, if every single scrap of info that could be out there on me was calculated (interactive flash calculator here), it would be worth $138.75.
Further, here’s something I wrote about an ‘Oopsie’ statement from Colin Powell regarding Social Security numbers in the context of a search for rogue Russian scientists (tinfoil-hat alert for Rense.com link):
[Colin Powell] – “Finding the Russian scientists may be a problem being that Russia does not have a Social Security System, as here in America, that allows us to MONITOR, TRACK DOWN and CAPTURE an American citizen.”
Contemplate all the places your Social Security Number is used, both government and corporate. HR records. Driving history. Medical records. Credit applications. How about your email address? How about every single thing you could possible do online. Did you know there was a Federal database on prescription use? What else is out there?
I wrote this in 2008 about the alphabet soup of Federal databases:
Nothing is really unbelievable anymore, is it? And why is a glossy entertainment magazine – in this case, RADAR magazine – delivering reporting that was formerly the domain of the Fourth Estate?
“There exists a database of Americans, who, often for the slightest and most trivial reason, are considered unfriendly, and who, in a time of panic, might be incarcerated. The database can identify and locate perceived ‘enemies of the state’ almost instantaneously.“
They’ve been working on predictive large-scale behavioral modeling whole-world simulators, with the idea being that every person, industry, and organization existing in a Matrix-style world that they could then submit to famines, natural disaster, economic disruptions, pandemics, and terrorist attacks. I suspect this is a part of “Main Core”.
So many of the parts that would allow this monstrosity to roar into action have become enabled, short of Skynet becomes aware. We’ve seen internment camps. The definition for national emergency has been broadened. We’ve seen precedents established and reinforced for the seizing of public and private land. A web of databases has been exposed, from no-fly lists, domestic and international communications, descriptive statistics, financial records, domestic and international travel, and various commercial and private entities. For more discussion on the alphabet soup of programs, see this Metafilter post on the Pentagon’s CIFA, ICEWS, HCSB, the Human Terrain System, the likely‘collaboration’ between Telcos and the NSA in snooping rooms, TIA – which was defunded but then resumed as ADVISE, TANGRAM, and the expansion of already existing domestic NSA programs. Such a program would even round up our law-and-order and anti-tax conservatives. As always, we ultimately come down to no more than a number, as evident by this Colin Powell slip-up.
So, if some activist you know should suddenly stop coming to work, church, or school in case of a ‘national emergency’ – now you’ll know why.
Long story short? You’ve never had any real privacy, and the ability to do this predates the world-wide web. Marketers (or the Government via private contractors) can take various bits of publicly-available databases and generate a reasonable profile for you. The Great War on Terror has further monetized this as law enforcement and the military have outsourced these tasks to skirt the nasty restrictions found in the US Constitution.
So long as this ability results in fewer interruptions or better and more relevant advertising, then I suppose I’m happy. I get offers that I can use and advertisers don’t waste their money pitching tampon commercials at me. The downside? Information always gets abused. Profiteering corporations, malicious individuals, overzealous law enforcement, and fear mongering politicians will ensure that it occurs. It’s only a matter of time until we slide down the ‘Slippery Slope’ into ‘Minority Report’.
Tags: America, api, average internet user, California, choicepoint, Colin Powell, communication, Data privacy, eBay Inc, Facebook, Facebook Inc, Federal Bureau of Investigation, federal government, finance, Financial Services Manager, Identity management, law enforcement, law-and-order and anti-tax conservatives, LinkedIn Ltd, Marketing, Multistate Anti-Terrorism Information Exchange, MySpace Inc., online providers, Online Social Networking, overzealous law enforcement, Pennsylvania, Pentagon, Polk Data Enhancement Service, Polk Dealer Marketing Manager, Privacy, Rapleaf, RapLeaf Inc., Russia, Social Issues, social networking site, Technology/Internet, The Great War, The Wall Street Journal Online, time buyer, Trustfuse, USD, Wall Street Journal