White House report on big data and privacy: Too little, too late

White House report on big data and privacy: Too little, too late

Summary: With Facebook and Google cited by consumers as "worst abusers" of private data, is this week's White House report on big data and privacy -- and its discrimination concerns -- too little, too late?

White House big data

A review ordered by the Obama administration on big data and privacy, due this week, is expected to include warnings about data dealing's potential for abuse and discrimination, in issues from housing to hiring.

The report was assigned in January to White House counselor John Podesta in the blowback over government surveillance and NSA data collection practices.

Podesta wouldn't reveal details of his report to President Obama in yesterday's preliminary interview with the Associated Press, though Podesta told AP he had newfound "concern" over how big data "could be used to target consumers and lead to discriminatory practices."

But it may be too little, too late for millions of powerless consumers up against nonconsensual collection, use and sale of their personal information by online profiteers for decades.

Discrimination? You don't say.

As a current lawsuit illustrates, so-called "people search" website Spokeo’s data has been used for the very purposes Mr. Podesta suggests might be a "concern." A Virginia resident is suing Spokeo alleging that the company’s collection and for-profit peddling of erroneous personal information has harmed his attempt to find a job.

In 2011, an Associated Press investigation concluded that U.S. employers spend at least $2 billion a year on data dealers to check out their scraped, notoriously flawed profiles on potential employees.

Federal laws haven't caught up with the human data sales market, and the massive privacy and profiling problems it has created.

The White House is either late to the game -- or, as with exploit sales, a system with opportunistic holes hasn't been such a bad thing for defense.

Stalking victims, civil and privacy rights groups, targeted segments of the population, and even the Federal Trade Commission have been fighting sellers like Spokeo -- and losing the battle -- for years.

The FTC recently settled two cases with data brokers Checkmate and InfoTrack for selling consumer data to prospective employers and landlords in violation of the Fair Credit Reporting Act. In June 2012, Spokeo paid $800,000 to settle an FTC suit that alleged Spokeo illegally sold personal information.

Some privacy activists suggest we make public records less “public,” the way they were pre-Internet.

Others think that data dealers should be subjected to increased regulation, organization, oversight and accuracy checking.

These websites have typically inaccurate data about individuals and maintain public disclaimers against ensuring accuracy, in their self-immunization strategy stating that the Fair Credit Reporting Act doesn't apply to them.

As Justia wrote in February,

(...) data brokers are either unregulated, or claim that certain laws do not apply to them. If Spokeo were subject to the FCRA, as major data brokers such as Experian, Transunion, or Equifax are, then Spokeo would have to ensure that customers had notice if data that they furnished was used to make an adverse determination against a consumer in an employment or credit transaction.

In addition, consumers have certain statutory rights to see their data, and to correct that data if it is in error. Consumers get their credit report for free annually; Spokeo does not offer such a service.

You have to pay to see your own data.

These data dealers collect public information from social media websites, public records, advertising networks (ad trackers), as well as from companies and apps that sell, rent or trade "third party" data.

The difficulty in keeping personal information and events out of the hands of big data dealers can be seen in the lengths one woman just went through trying to hide her pregnancy from Facebook, Google and other online big data collectors.

Public perception: Facebook and Google seen as "worst abusers"

A recent survey of U.S. consumers Consumer Attitudes toward Transparency in Data Collection found that fewer than half considered their understanding of online data use as "good."

Yet consumers could definitely say who they don't trust when the survey asked respondents to pick winners and losers among major brands in terms of their protection and use of consumer data.

Adweek reported,

In both cases, the vast majority of people could not cite a single example, but among those who could, Amazon was listed as a positive role model and Facebook and Google were deemed the worst abusers.

It probably doesn't help that Google’s Eric Schmidt famously said, "If you have something you don’t want anyone to know, then maybe you shouldn’t be doing it in the first place."

Actor and tech investor Ashton Kutcher and Facebook's Mark Zuckerberg have each said that if you’re not doing anything “wrong” then you don’t have anything to worry about when it comes to losing your privacy.

That’s easy -- and profitable -- for them to say.

Read this

Google must review privacy policy, EU data regulators rule

Google must review privacy policy, EU data regulators rule

European regulators have warned that the scope of Google's new consolidated privacy policy is "too large" and users must be given greater control over their data.

Everyone making the decisions about collecting and selling our private data are more able than the rest of us to hide things they consider private or embarrassing. They can afford it.

Not only that, but they're the ones who are wrong.

While the U.S. government gets ready to state the obvious later this week, and privacy profiteers dive into swimming pools of our personal data like Scrooge McDuck, telling us to stop sharing isn't the answer.

No one has to give up Facebook or get off the internet.

We just need to be smarter about how we share, and who we share with. Look, it's like this now: You get in a car, you put on a seat belt.

If we think about it like this, I think we might be able to stop worrying and start loving the Internet again.

Disclosure: My new book is about getting removed from "people search" sites and reducing the privacy risks of big data.


Topics: Privacy, Big Data, Google, Government US

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • excellent article

    Violet,-- you have outdone yourself!!
    • Thank you!

      Thank you again!
  • excellent article

    Violet,-- you have outdone yourself!!
    • Great article.

      I would say the absolute worst offender in the area of data collection is the Federal Government. I found it ironic to hear the government warning us about others collecting our data. My cynical side tells me they're pointing out the data collection practices of corporations in an effort to direct our attention away from their own vast transgressions in that area.
      • Agreed

        Thank you for the compliment, and I agree with you. This piece started out as straight news, but then I started getting angry, so I switched my filing to Analysis/Opinion. Podesta told AP he came to the conclusion (of being "concerned") after talking to human rights reps, which is hard to believe after all the news, lawsuits and outcry over misuse of our personal data by companies ... and now government (see also: LOVEINT). It's a criminal act if they truly are that unaware of what's happening to us. And I doubt it. So like with exploit sales, of course the spies gotta spy, and they're probably just "getting theirs" while the getting's good.
      • I Don't Agree

        While the NSA may be collecting metadata of our phone calls, exactly what is the NSA doing with this information? Probably nothing unless you've been calling your local terrorist. They can't use the information for anything; they have no commercial enterprise that makes money. Online web services (Google, Dropbox, etc.) state that they read every damn thing that passes through their websites and services. They tell you this upfront if people would just read their terms of service and privacy policies. Considering people think that "free' Internet services are just great, nobody bothers to read that these companies hold the rights to publicly DISPLAY all of your private stuff and to give them to third-party enterprises. They tell you this.

        Maybe someone at the NSA is reading my telephone information and pointing and laughing but I seriously doubt they are actually using this to make money like all of the private companies who seem to give all their services free of charge but make billions of dollars doing so. At least they admit that they do this stuff.
        • "they have no commercial enterprise that makes money"

          Not directly...

          But indirectly they hire for profit companies to carry out operations that DO make money. And those companies do get access to the data so that they can carry out the operations.
  • Data collection has gone too far -- business can't be trusted

    As business pays billions for discrimination information the costs are passed on to consumers. Data collection is far too cheap, they need to fix that. People deserve a chance to get their lives together and computers are enabling permanent discrimination of the worst kind. Whether it is targeting best customers for free money, keeping people who were evicted out of housing, screening out political affiliation, color or social class it needs to be substantially reigned in. Most information collected is unnecessary and has only served to dehumanize trillions of people and strip them of their capital, rights to liberty with a host of information excuses. Liberty is the foremost primary need of people. Regulation should include making a large class of information perishable, to hell with the people that want to keep your data long enough to ruin your life.
    • Here is the Problem

      Many of these companies do not charge YOU for their services. I hate to just bring up Google as there are many others but, to me, they are the biggest. So, Google Earth: free. GMAIL: free. Search: Free. MAPS: free. Well, you get the idea. So, how does Google make money? Advertising. If you do not consider "free" services a real product, then the business is advertising. And, information. Both you do pay for. You pay for it in the price of what you, as a consumer buy and you pay for it with your privacy.

      Now, if you think these Internet giants can't be trusted, nor other businesses that rely on these giants, there isn't a lot you can do. Don't use the services? Maybe. How about laws to block businesses from collecting data? You could try that but I'm pretty sure the WWW will fall apart. You will have to PAY for every search you do. Mapping software? You will have to pay for every step in the directions of how to get from one place to another. Picture a whole different internet where you pay for everything. Don't like it? Well, then, you are going to deal with companies that offer you great free services, but there is a price you are going to pay. Your privacy is that price.

      Twitter is a great free service. But don't bother private tweeting about "destroying America" or "digging up Marilyn Monroe". You may find it really interesting dealing with the DHS or TSA after that. Don't bother complaining about the current administration. Most of what everyone complains about started with the Patriot Act and we all know who was president at that time. Just remember that running a website COSTS money, from the data lines to the hardware and/or hosting services. Very few people will run a website for free if they can't, at least, make back their costs or, at least, use the site for support services or marketing.

      So, if you think information is unnecessary, think about a law enforcement person who keeps crime scene information on a website. He might just start getting advertising for lawyers, butcher equipment, etc. Everything these sites collect can be used to increase revenue and advertising rates. It's all about the money.
      • :) "Mapping software? You will have to pay for every step in the directions

        Its funny.

        You didn't notice that you GAVE the company your private information to GET "every step in the directions". And you STILL indicate that you would have to pay for it...

        So even using "paid for" services you STILL have to give them your personal information.

        And the same applies to Google Earth and the other free services.

        No change.
  • Legitimate data collection

    There is legitimate data to collect but we can't trust programmers in the private sector to make that choice on their own. We need registration to provide transparency for data collection and use. A dummy box on the screen that offers content for privacy rights is a big no no....Creepy collection of data by unseen applications is exactly the same and there is no difference really.... The public wants to know who these people are and what they have because some data can't be allowed to carry on forever or be used at all.. These decisions should be made in a public forum, not privately... In the current system the individual is targeted and the corporation gets a free pass--- no surprise considering who has the power to pay congressmen. One application that keeps track of these data uses and then reports findings is indeed needed.
  • Two sides of a flawed argument

    First let me say whenever you see a privacy disclaimer that does not:

    1.) Identify and have explicit provisions for minors
    2.) Loosely defines 3rd parties and responsibilities
    3.) Grabs first and asks permission later

    You are dealing with a company/organization/individual with poor data handling practices.

    I run Ghostery, NoScript, and AdBlock and I'm amazed at the tracking widgets that I see on the web. To make matters worse I now see that banks have gotten into the game by tracking activity, and in some lurid cases offering there own security software for the banking customer that both claims to identify unsafe sites by tracking your activity. The speed at which dangerous sites come and go make this to my way of thinking a false promise of security and a naked grab of data. I have just recently explored VPN for anonymous web practices but know that that implies what a data collector would make of it. The recent and stated case of trying to hide a pregnancy, stated another way: a child taking anti-depressants what is the long term impact of that search?

    On the other hand: There is a point where data privacy is moot. I see where the UK has a voluntary program for sharing medical records and DNA similar to organ doner. The simple fact is that at the point of being diagnosed with an awful disease everyone becomes an advocate. Often we see high visibility celebrities get the religion of disease advocacy when they themselves are inflicted, well truth be told we all will become advocates of something sooner or later and the current laws to waive HIPA and tort address for the purposes of medical research are currently denied.

    I look at the data gathering of Android and know the opt-out options available, know the ability to disable search lenses in Ubuntu, see the applets in Windows 8 and the Bing integration as a grab first ask second approach to privacy. I have to laugh when I heard that Bing was going to provide a commercial free search for schools.

    Even knowing the world of big data, hadoop, sentiment analytic's and medical brokers, knowing that employers look to this information and that government does as well, the most disappointing perspective is that the special interests have made this an entirely one-sided affair and that the legislation reflects nothing of utilitarian value. As an example we have come miles in the ability to discriminate against potential liability and have made zero progress in addressing the medical conditions employers seek immunity from.

    The better one understands the technical perspective, watching the list of ghostery display upwards of 16 trackers on a single page, watching the wire for information sent by Microsoft, seeing the empty promises of security companies who are no more legitimate than a "google redirect virus" nor any less ethical than Google itself you anticipate big blowback.

    I think there will be eventual blow-back similar to target getting hacked where corporate branding will be damaged. I also think we will eventually see users and consumers late to the game being angry that legislators did nothing to balance the promise of big data to solve human challenges with the short sighted special interests that exploit it.

    Your child is not recognized as immune from online collection, and you cannot voluntarily make available your data as a matter of choice. What a strange world we live in with irrational actors. It is very much hooray for me and screw the consumer as things stand today with nothing in respect to public policy that would actually benefit the public.

    The difference between 3rd party software that banks provide to make your account safe that tracks you.. their ability to prevent zero day, prevent heartbleed, laughable... it is like walking a crowd of pickpockets. That is the world as it really is.
  • Two Faced Obama

    Good article. Good conclusions.

    But really?! Obama commissioning a report on how data brokers are unscrupulously collecting and profiting from user's data. Obama "Quick, look over there!! Those people are misusing your personal information!!"
    • Not Obama

      He didn't create the Patriot Act to allow government to avoid constitutional rights of the public. He's just the president and has to go along with it. If he openly opposed anything he'd wind up as a Jack Kennedy. Just because you are president, you are limited in what you can do, especially if the courts back up policies like the Patriot Act and the NSA and the concept of "National Security".
  • is this the same White House

    that (supposedly) runs the NSA? At least I get a product in return for my data from Google/FB/etc. With the govt, they take my data and then bill me for their efforts.
  • Great Article

    You raise important points in your article. Firms today often employ multiple approaches to revenue generation. They require that you pay for their product/service. They claim ownership of their users' data. They sell you add-on services/products. They re-package user data and sell it. The illusion of anonymity in a Big Data age requires that the public be sold on an idea that soothes them and provides no real impediment to the current business model. It would be nice to have a real discussion about de-identification and anonymization. http://www.tyronegrandison.org/1/post/2014/04/lets-have-a-honest-discussion-about-de-identification.html
  • Google discontinues scanning/mining students email


    April 30th Google will no longer scan student Gmail accounts for advertising purposes, the company said today.

    I think there are two areas EVERYONE agrees upon:

    Minors need more legislation protecting their data.

    We need to liberate medical data for research from Tort when it is voluntarily disclosed similar to organ donation.