America TonightMon-Fri 9:30pm ET/6:30pm PT
Are you Aspiring Affluence, childless with a penchant for high-ticket, insurable items like boats and furs? Or are you a Cash and Carry Urbanite, who can’t quote your bank account balance? Or a Middle Meddler, who “exemplify[ies] the price of divorce in America”?
If you’re not any of these, you likely fall into one of the other dozens of categories compiled by Acxiom, one of thousands of companies that collect your data, bundle it and sell it to marketers, who then use it to get you to buy even more.
Data brokers are almost as old as marketing. The junk mail that slips under your door was likely routed there by an address list compiled by one of these firms.
But in the digital era, data brokers are doing what they could have only dreamed of a few decades ago. They are now able to scrape up an extraordinary wealth of your private information – and of an increasingly sensitive kind. Data brokers know your politics, your weight and the age of your kids. And there's a good chance they know if you drink too much, battle depression or have ever been raped.
These new capabilities – almost entirely unregulated – have data brokers making big money and privacy activists warning about where that data could end up.
Just how much do data brokers know about you?
"They know more about you than you know about you," explained Brian Krebs, who reports on cybersecurity at his blog KrebsOnSecurity.com.
They collect data from retailers on what we buy, but that’s only the start. They also mine public records, monitor social media postings, slurp up the answers we give in online surveys and dating profiles, and, although they say it's anonymous, track the websites we visit.
Data brokering has ballooned into a multibillion-dollar industry, but regulation hasn't followed suit.
People are packaged by profile or characteristic into lists that other companies can then buy for cheap. Many companies sell your data to brokers or to other companies for a steady side profit. Walt Disney, for example, which has been transparent in how it shares data, sells the age and gender of your children to the yogurt company Dannon.
While the very idea of a rape sufferers list might disgust and highly specific ads might unnerve, advocates are most concerned about whether this information could end up being used for non-marketing purposes.
There are no laws stopping a major employer from buying a list of alcoholics, for example, and crosschecking potential hires against it.
Without asking why we needed them, the Chicago-based data broker ExactData offered to sell America Tonight all kinds of lists, such as the names, homes and email addresses of people who date online, people who gamble and people who suffer anxiety and erectile dysfunction. For $4,500, we could have purchased access to deeply intimate information of thousands of people. (We did not.)
The CEO of ExactData later guaranteed to America Tonight that we wouldn’t have been able to actually buy any of the lists; we just hadn't gotten far enough in the process to be denied. So we called his bluff, buying a $400 list of people suffering from incontinence, including their names, home addresses and emails – no questions asked.
“There are a lot of ‘what ifs’ that you could come up with in your mind, about what else could happen with that data,” explained Rachel Nyswander Thomas, the chief lobbyist for the Direct Marketing Association, the trade group that represents data brokers. “But a lot of what we do as an industry is work very hard to make sure that marketing data is only used for the purposes of marketing.”
She added that her trade association has had a self-regulatory code for more than 40 years.
When America Tonight told her about the lists ExactData offered to sell us, she said she couldn’t speak to the specifics of the situation, but that “there’s more to the story very likely.”
It is true that much of the scare factor of these data dossiers exists in the realm of hypotheticals, of an employer purchasing a list and discovering you have a history of anger management issues, or a health plan uncovering that you enjoy the occasional joint. But ultimately, as data brokers emphasize, the data is peddled in bulk lists, and isn’t about exposing individuals.
Yet the idea of this data getting into the wrong hands isn’t far-fetched; it’s happened.
In October 2013, Krebs uncovered an enormous security breach at Experian, one of the three major credit bureaus and the Fort Knox of consumer information. A 24-year-old in Vietnam, Hieu Minh Ngo, pretended to be a private investigator from Singapore and tricked an Experian subsidiary into giving him direct access to information on 200 million Americans. The database, owned by the firm U.S. Info Search, included dates of birth, Social Security numbers, bank account information and addresses. According to his guilty plea last month, the identity thief then sold this access to more than 1,300 customers, and in an 18-month period, 3.1 million queries were made.
“At this point, the government does not know how many U.S. citizens’ [personally identifiable information] was compromised,” U.S. Attorney Arnold Huftalen told the court.
Experian declined a request for an on-camera interview, but wrote in a statement:
Any implication that there was a breach of 200 million records is entirely false and misleading… While the size of the database may be 200 million, that does not mean those records were accessed. To be clear, no Experian credit card data was accessed.
The identity thief faces up to 45 years in prison, but as of yet, Experian has faced no penalties.
“That’s a recipe for disaster, when an organization that has almost no accountability collects some of the most sensitive and voluminous information on people,” Krebs said. “And when they have a security incident that jeopardizes the security of that information, there really aren’t any consequences.”
As criticism piles up, one data broker is making an attempt at transparency. In September, Acxiom launched the site Aboutthedata.com, which lets you see some of what the company knows about you, and gives you a chance to correct your data or opt out of collection.
More than half a million people have visited the portal, Acxiom’s CEO Scott Howe told AdWeek, and around 11 percent edited their information – primarily their political party, income and education. But while the company was bracing for double-digit opt-out rates, less than 2 percent asked to be removed. In fact, in the write-in comment spaces, Howe said most people were instead asking about how they can share more.
Error
Sorry, your comment was not saved due to a technical problem. Please try again later or using a different browser.