First in a four-part series
Is privacy still possible? For a lot of people, the answer is no, as companies collect personal data in ever-increasing volumes.
Take a site like NextMark.com.
It's a sort of "Google" for mailing lists, where more than 1,400 data vendors offer lists of names — hundreds of thousands of names at a time — all sliced and diced and searchable. If you're looking for a list of people with heart disease, you can find it here. Heart disease plus Hispanic plus over 50? Also available.
This type of data has been for sale for a long time; even some public radio stations sell lists of their donors through the site.
What's changed is the speed with which information flows into databases like these. It used to come from sources such as magazine subscriptions and warranty cards. Now it's flowing from online sources — thousands of them — everything from gambling Web sites to dating services.
Data As Commodities
NextMark CEO Joe Pych says this information comes from us.
"I guess pretty much anyplace you put your name, address, phone number, e-mail address — those are all potential sources of mailing lists," Pych says.
Even medical data. Federal law prohibits doctors and hospitals from selling health records, but if people voluntarily answer questions on an online health survey, that information is fair game.
The law doesn't restrict what kind of information companies may ask for, and the data industry says more regulations aren't necessary. Industry officials say reputable companies are careful with the information. Companies going through NextMark will "rent" their data through trusted third parties to prevent uncontrolled copying of their lists.
Pych says people should remember that there are advantages to letting companies know more about consumers.
"I think when it's done right, just as with a good friend, sharing personal information makes for a much more relevant, meaningful relationship," Pych says. "Without that, you're just a number."
A Constant Exchange
People exchange personal information for convenience, discounts and other benefits.
"Those exchanges happen daily. Constantly," says Alessandro Acquisti, an economist at Carnegie Mellon University. He says personal information is almost a kind of currency — something people spend.
But there's a problem, he says.
"We don't have infinite cognitive power, processing power, to consider all the options. And we take shortcuts," Acquisti says.
Acquisti studies privacy through the lens of behavioral economics. He's interested in how people "spend" their personal information when they don't really know where it's going. He wants to uncover the mental shortcuts people use to judge how and when to disclose their data.
One influence, he says, is Web page design.
"People admit more sensitive, embarrassing and even illegal behaviors to a Web site that's been designed to look kind of cheesy," Acquisti says. Together with his colleagues at CMU, Leslie John and George Loewenstein, he's done experiments in which subjects were more willing to disclose potentially embarrassing information — such as whether they'd cheated on a girlfriend — to Web sites that looked informal and "fun."
Formal Web sites had the opposite effect. Acquisti theorizes that when Web sites prominently display privacy policies and make other mentions of security measures, it may actually cause people to hesitate and consider whether the questions they're being asked are sensitive..
Still, there are also plenty of people who do more than just rely on their gut instincts. They read the privacy policies and the fine print, and try to control who gets their information.
But Chris Hoofnagle says that may be futile. As the head of the privacy programs at the University of California, Berkeley School of Law, he's been tracking the information economy for some time, and he says it's getting harder to make informed decisions.
"As there's been growing awareness of how commercial data brokers operate, they've become more secretive," Hoofnagle says. He says big data brokers are telling the public less about the provenance of their data — where they're getting their information — and he's been tracking this change by saving screenshots of those companies' Web sites.
Data Companies Go Private
As an example, Hoofnagle pulls up screenshots of a big database called Batch Trace, now owned by LexisNexis. As recently as 2002, he says, the site listed the kinds of business that supplied it with data, such as call centers and pizza delivery companies.
"As time goes on, this gets thinner and thinner," Hoofnagle says. "By 2006, the provenance is gone."
A representative for LexisNexis, Nick Ludlum, says the company changed its provenance information for marketing reasons.
Hoofnagle says another reason may be politics.
"If consumers knew the extent to which this data was being collected and repackaged, there would be riots in streets," Hoofnagle says.
That may be something of an overstatement, since privacy researchers and activists are the ones who mostly miss this kind of provenance information.
But it's also true that privacy laws in the U.S. tend to be driven by scandals.
For instance, Americans' video rental records enjoy unusually strict federal privacy protection because of the controversy that erupted in the late 1980s, when a journalist published the video rental records of Supreme Court nominee Robert Bork.
U.S. data companies are relatively unregulated, especially in comparison with their counterparts in Europe.
So now, as they extend their reach to new sources of information, such as social networks and even blogs, it makes sense to keep those new sources of data out of public view.
Copyright 2022 NPR. To see more, visit https://www.npr.org. 9(MDAzMjM2NDYzMDEyMzc1Njk5NjAxNzY3OQ001))
