Blog

Posts Tagged data brokers

Data brokers: a threat to your online privacy

Data brokers: a threat to your online privacy

By Don Dobson

Two facts have collided in the early days of this millennium: one, much of our lives has gone digital and two, digital security measures have not kept pace with technological advancements and adoption. This is a huge problem.

Our commerce, work, social life, entertainment, information consumption and personal communication have all become digitized. Much of everyday life has either moved online or is touched in some way by our online activity, creating a stream of data coined by Google as our “digital exhaust.”

Secondly, not just laws and regulations but even broad social consensus around issues of security and privacy are falling behind the technological curve and the ever increasing collection capabilities for our data.

Consumer advocates and organizations like the American Civil Liberties Union are sounding the alarm on an industry many consider out of control. Its new video, Invasion of the Data Snatchers, paints a scary, dystopian view of our personal lives under scrutiny by governments and corporations. The intro to the video on their YouTube channel notes New technologies are making it easier for private companies and the government to learn about everything we do – in our homes, in our cars, in stores, and within our communities. As they collect vast amounts of data about us, things are getting truly spooky!

So, who is vacuuming up this so-called digital exhaust? One set of players in that business that few people know about and fewer still understand are “data brokers.” Pam Dixon is the executive director of the World Privacy Forum and her December 18, 2013 testimony before the Senate Committee on Commerce, Science, and Transportation, titled What Information Do Data Brokers Have on Consumers, and How Do They Use It?, sheds full light on a growing industry with somewhere around 4,000 companies. Dixon asked:

What do a retired librarian in Wisconsin in the early stages of Alzheimer’s, a police officer, and a mother in Texas have in common? The answer is that all were victims of consumer data brokers. Data brokers collect, compile, buy and sell personally identifiable information about who we are, what we do, and much of our “digital exhaust.” 

We are their business models. The police officer was “uncovered” by a data broker who revealed his family information online, jeopardizing his safety. The mother was a victim of domestic violence who was deeply concerned about people finder web sites that published and sold her home address online. The librarian lost her life savings and retirement because a data broker put her on an eager elderly buyer and frequent donor list. She was deluged with predatory offers.

[Consumers] not able to escape from the activities of data brokers…until this Committee started its work, this entire industry largely escaped public scrutiny… Consumers have no effective rights because there is no legal framework that requires data brokers to offer consumers an opt-out or any other rights.

Frank Pasquale, a professor of law at the University of Maryland, is the author of the forthcoming book, “The Black Box Society: The Secret Algorithms That Control Money and Information.” He writes, Every day, corporations are connecting the dots about our personal behavior—silently scrutinizing clues left behind by our work habits and Internet use. The data compiled and portraits created are incredibly detailed, to the point of being invasive. 

In a October 16th, 2014 op-ed in the New York Times entitled, The Dark Market for Personal Data, Pasquale suggests, We need regulation to help consumers recognize the perils of the new information landscape without being overwhelmed with data.

Media investigators are starting to inform the public that the personal data being brokered can be very personal indeed. Reports from Bloomberg indicate Tapping social media, health-related phone apps and medical websites, data aggregators are scooping up bits and pieces of tens of millions of Americans’ medical histories. Even a purchase at the pharmacy can land a shopper on a health list…People would be shocked if they knew they were on some of these lists…yet millions are.

According to the Data-Driven Marketing Institute, the data-mining industry generated $156 billion in revenue in 2012. Technology CEO and Harvard professor Nathan Eagle offers up his insight on the matter … it is just the first step for the data economy. By 2020, the global Internet population will reach five billion; ten billion new machine-to-machine connections will be created; and mobile data traffic will rise 11-fold. Given the dramatic growth in the amount of data being generated, together with ever-expanding applications across industries, it is reasonable to expect that…within ten years, the data-capture industry can be expected to generate more than $500 billion annually.

The World Privacy Forum has compiled a list of 352 consumer-focused U.S. data broker sites. Check out the list and see if you’re on any of these sites. Many of the sites offer the ability for those included to opt-out; might be a good use of your time to go through that process and engage in more privacy-centric online practices in future.

With these nefarious, data grabbing institutions at large, the urgency to protect your online data, including through use of a tool like Dodoname, has never been more real.

(Image: Flickr, Simon Cunningham, link)

Posted in: Blog, Data breach

Leave a Comment (0) →

Top five online privacy concerns

Top five online privacy concerns

By Don Dobson

In epidemiology, the means for the transmission of disease is termed a “vector.” In the world of online privacy, your personal email address is one of the prime vectors by which your privacy can be compromised. If you’re not using a Dodoname to interact with merchants, you’re leaving yourself open to these top five privacy concerns (which can have some very scary repercussions!)

1. Phishing

Wikipedia defines phishing as the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

Although not the only means, email is one of the main vectors for phishing. At Dodoname, we like to keep up to date on the latest developments in cybercrime through email phishing scams. We see that the scammers are relentless and that anyone can be a victim: criminals shamelessly exploit the latest news, such as recent attempts linked to the Ebola scare gripping the world or even attack children. It also a big problem for businesses as employees can be fooled and surrender corporate information or provide a pathway for hacking of retailer systems.

Phishing still thrives because it remains a simple game and the power of easily sending millions of emails every day allows the bad guys to fill their quotas. Old scams are still making the rounds and claiming victims. And the fact is, email remains a very popular communication channel. Unfortunately, it’s true that real dangers can place themselves in your inbox. Here’s a start on some help to stay out of trouble and also some advice if you have taken the bait.

2. Data breaches

Retailers in particular have shown themselves to be vulnerable to hacker attacks which result in a “breach” of security measures protecting customer data, as have financial institutions.

You may think “that’s their problem” but it could also be a problem for you. Depending on the nature of the data breach, personal information you have shared with companies, including credit card information, may become available for use by criminals and/or be re-sold in criminal markets. Ironically, this can result in even more effective phishing emails as criminals use information already stolen to become more credible to email recipients in what is known as “spear-fishing.”

There is nothing you can do to prevent these breaches, but they are the top of the list of concerns for company executives. Customers are striking back. Many consumers will stop patronizing companies who have had a data breach while some victims of these attacks  have joined lawsuits against retailers like Home Depot.

3. Malware

Email phishing can have many consequences. One of those is the installation of malware on your device. There are many varieties of malware “in-the-wild,” some malicious, some not so much, but none have any business on your device. Among the types of malware that can impact you are “key-loggers,” which send back everything you type online to criminals. This information would include details of all your online activity including banking website passwords.

And the thing is, you don’t always even need to click on anything. Just visiting some sites exposes you to these sneaky downloads through “malvertising.” You might think that staying away from seedy corners of the Internet would protect you, but the truth is even reputable sites can be hacked in these ways through ad exchanges.

4. Identity theft

Identity thieves have many different ways to strike: over the phone or through something as low-tech as criminals sifting through your trash, or through email phishing attacks. Online theft of personal identity and it has become a major problem worldwide. Criminals can use your identity and credit card information to make purchases, take out loans or conduct any illicit financial transaction.

Identity thieves can be individuals at the local level or international organized criminal operations. Even using free wi-fi at a coffee shop can open you up to identity theft. It’s clear that these types of cybercrime enterprises are a growth business.

5. Data brokers

A much broader concern for personal privacy than the vector of phishing emails and malware criminals is an industry that operates “legitimately” but without much regulatory protection for consumers. Testimony by Pam Dixon, Executive Director, World Privacy Forum appearing before the Senate Committee on Commerce, Science, and Transportation, suggests that somewhere around 4,000 companies in the U.S. gather identity information left by the “digital exhaust” of your online activity. Dixon cites real harm to individuals resulting from these activities and notes “Despite the large and growing size of the industry, until this Committee started its work, this entire industry largely escaped public scrutiny. Privacy laws apply to credit bureaus and health care providers, but data broker activity generally falls outside these laws. Even a knowledgeable consumer lacks the tools to exercise any control over his or her data held by a data broker.” 

(Image: Flickr, Sebastien Wiertz, link)

 

 

 

 

 

 

 

 

Posted in: Blog, Data breach, Email, Fraud, Identity, Phishing, Privacy

Leave a Comment (0) →

This week in review: scary tales of data brokers, info snatchers, phishing scams and more

This week in review: scary tales of data brokers, info snatchers, phishing scams and more

By Don Dobson

In our weekly roundup, we want to draw your attention to news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data: problems that Dodoname can solve. Catching our attention this week were posts about the fight for your data, those pesky data brokers, spooky tales of data snatchers, privacy terror and phishing season.

The fight for data: yours

While conversation around the issue of privacy continues to get louder, use of the word “fight” is really a misnomer, as in many respects the fight appears to be lost. This was underlined in a book review we discovered this week of What Stays in Vegas by Adam Tanner, a Harvard University scholar and business writer. The book provides an inside look on how personal data from credit ratings, voter lists, marriage licenses, police records and online behaviours are combined and sold on the open market.

Going for (data) broke(rs)

Frank Pasquale, a professor of law at the University of Maryland, is the author of the forthcoming book “The Black Box Society: The Secret Algorithms That Control Money and Information.” He writes, Every day, corporations are connecting the dots about our personal behavior—silently scrutinizing clues left behind by our work habits and Internet use. The data compiled and portraits created are incredibly detailed, to the point of being invasive. His October 16 op-ed in the New York Times, The Dark Market for Personal Data, notes there are at least 4,000 U.S. “data brokers” selling your information without proper regulation and without the control that consumers deserve.

Tales of (privacy) terror

The alarm is being raised by many, including the American Civil Liberties Union. Although the group was founded in 1920, their concerns remain highly contemporary. Just in time for Halloween, they have released a new video Invasion of the Data Snatchers. The intro to the video on its YouTube channel notes, New technologies are making it easier for private companies and the government to learn about everything we do – in our homes, in our cars, in stores, and within our communities. As they collect vast amounts of data about us, things are getting truly spooky!

Giving up your data for the greater good?

Like any big issue, it isn’t always as simple as it might first appear. Dr. Jean Marmoreo, a physician in Toronto, writing in the Globe and Mail Debate section, notes that the collection of personal data can provide big community benefits while acknowledging the privacy concerns. Inspired by a recent Toronto lecture by Sandy Pentland from the MIT Media Lab, Dr. Marmoreo endorses Pentland’s call for a universal bill of rights for collecting and using Internet data.

Phishing Season: Always Open

Seems there is news every day about phishing scams and this week was no exception. Whether on a local scale, like a restaurant reservation scam in Chicago, the local credit union, much wider schemes like Dropbox users worldwide being targeted, spoofing PayPal or “spear phishing” targeting students, the assaults never stop.  Kaspersky Lab published its Spam in September report this week noting that financial phishing accounted for 36.97 percent of all (its) detections.

There are many ways for phishing to compromise your security including malware that can install itself on your computer without you knowing. Your own protection efforts might benefit by taking a look at the most common malware emails currently hitting inboxes. You can find out if your email has been leaked during a reported data breach using a utility provided by the makers of password manager RoboForm. And if you have taken the bait, Andy Davidson writing on the Rogers Connected site answers the burning question, I Fell for a Phishing Scheme… Now What?

Posted in: Blog, Fraud, Phishing, Privacy, This week in review

Leave a Comment (0) →

This week in review: lying to protect your online persona, data brokers, data breaches, tools and more

This week in review: lying to protect your online persona, data brokers, data breaches, tools and more

By Don Dobson

In our weekly roundup, we want to draw your attention to news and articles that highlight issues relating to invasions of your online privacy and threats to the security of your personal data: problems that Dodoname can solve. Catching our attention this week were posts about a wooden boy’s approach to online personas, the list you’re on that you didn’t know you were on, (settlement) money talks, data breaches and hackers and tools: oh my! 

Do you have to set your pants on fire to secure your online persona?

Privacy and data security is all over the news, from celebrity hacking to the retail sphere. It’s hard to know how to protect yourself these days but Adam Levine, writing for ABC News has some advice for protecting your personally identifiable information (PII). “Lie like you were in a nose-growing contest with Pinocchio.” Hmmm…isn’t there a better way?

Congratulations: you made the list! Oh, wait: that’s a bad thing. 

The capture and use of consumer data by so called “data brokers” is slowly starting to enter wider consumer awareness but it is clearly not yet widely understood. In an article for Bloomberg.com, Shannon Pettypiece and Jordan Robertson ask; Did You Know You Had Diabetes? It’s All Over the Internet.   “People would be shocked if they knew they were on some of these lists,” said Pam Dixon, president of the non-profit advocacy group World Privacy Forum, who has testified before Congress on the data broker industry. “Yet millions are.”

Dot those online marketing i’s or pony up the dough

Companies across sectors are struggling to keep up with privacy laws and consumer expectations for use of their data for marketing purposes. While the case did not involve any data breach or unauthorized disclosure, in September, the FTC announced Verizon Communications Inc. will pay $7.4 million to settle a U.S. investigation that found the company failed to notify properly some customers of their privacy rights before using their information for marketing.

IT professionals on data protection: meh?

Retailers are also clearly playing catch up on all aspects of data security, not just marketing data. Mila D’Antonio writing in the 1 to 1 Media Blog shines some light on retailer practices in the post, The Home Depot Data Breach Shines a Light on CIOs’ Lackadaisical Attitude Toward Data Defense. D’Antonio notes; “The mounting number of companies that have experienced data breaches seem to point to IT professionals taking data protection lightly.”

No such thing as bad publicity? These retailers might disagree

CNN Money has published an interesting tool you can use to discover how some major retailers have been impacted by hackers and note; “Every month, there’s another major data breach. Criminal hackers steal all sorts of information about you. Here’s what they have.”

The kids are alright (when it comes to online privacy tools)

While it seems to be a commonly held belief that privacy is disappearing and the younger set have no concerns with that, Molly Woods in the New York Times “Bits” blog suggests that teenagers and millennials “appear to be more likely to embrace the tools of privacy and protect their personal information.” She offered Pew Research Center data that suggested most Internet users have taken some kind of steps to avoid being identified or tracked online, while most also thought true online anonymity was impossible. Woods notes, “They might be right about anonymity, but others might still argue that keeping at least some privacy is worth a shot.” The Dodoname team agrees with that assessment!

 

Posted in: Blog, Data breach, Persona, Privacy, This week in review

Leave a Comment (0) →