Our Ongoing Refusal To Regulate Data Brokers Is Going To Bite Us On The Ass
from the we've-tried-nothing-and-we're-all-out-of-ideas dept
Every few weeks for the last fifteen years there’s been a massive scandal involving some company, telecom, data broker, or app maker over-collecting your detailed personal location data, failing to secure it, then selling access to that information to any nitwit with a nickel. And despite the added risks this creates in the post-Roe era, we’ve still done little to pass a real privacy law or rein in reckless data brokers.
The latest case in point: a new report by Rolling Stone shows how easy it is to buy location data (often down to the meter and millisecond) and track pretty much anyone. Including, apparently, visitors to Mar-a-Lago. The reporters simply paid some money to Near, a company that uses smartphone location data to closely track the behavior of more than 1.6 billion people across 70 million locations in 44 countries.
They were able to track the locations, everyday habits, and home addresses of Trump devotees down to the meter:
“Checking tabs conveniently labeled “Common Evening Location” and “Common Daytime Location,” we were able to identify the likely homes and workplaces of any given visitor, marked as dots over buildings on a map.”
And that’s of course just location data. Movement data is often fused with other data (income, race, gender, sexual orientation, energy consumption habits, shopping tendencies) to create detailed profiles of everyone that are shared internationally like popcorn.
Companies and data brokers spent years trying to claim that all of this rampant over-collection was no big deal because the data was “anonymized.” It apparently didn’t matter that study after study has shown that it’s trivial to identify folks in such data sets with just a little additional data. Rolling Stone reporters, unsurprisingly, found the same to be true here:
“Even though the data is technically “anonymized” (we can’t see the age, income, or ethnicity of a specific visitor, let alone their name), the pinpoint locations of where they spend their days and nights makes educated guesswork pretty easy.”
We do nothing about this problem for two reasons: one, the ongoing privacy nightmare is hugely profitable to a long line of companies (telecoms, app makers, hardware OEMs, marketing firms, insurance agencies, “Big Tech,” small tech, whoever), creating a massive lobbying firewall and stunting any and all incentive for meaningful reform. Creating empowered, informed citizens and healthy, competitive, competently regulated markets would cost companies billions, so we just… don’t bother.
Two, the government doesn’t really want anything to change because this barely accountable data-hoovering ecosystem we’ve created is a great way for them to bypass getting a fucking warrant.
But there’s not only the public privacy harms involved here, but the national security risk of this kind of reckless data trafficking at global scale. We’ve spent three straight years hyperventilating about the potential risk of Chinese intelligence having access to your TikTok likes, failing to realize (or care) that data brokers are tracking far more, at a much larger scale:
“We managed to spy on a sitting president in his own home from the comfort of our couches just by messing around with the free version of a single data broker’s web app. Now imagine what a dedicated forensic team could do, working 24/7, with access to the full paid services of every commercial data broker, in addition to all of the other data sources out there, from high-tech hacking to old-fashioned surveillance.”
We’ve seen so many scandals like this I’m just not sure what is needed to push the needle on reform. But I suspect it will need to be a scandal so massive that ignoring the problem is simply no longer politically tenable. What would that have to look like? Either the massive leak of embarrassing information on rich and powerful people at historic scale, or something involving a significant loss of life.
I don’t say that to be hyperbolic. It’s a natural extension of the chaos we’ve already seen, whether it’s the abuse of location data by stalkers or people pretending to be law enforcement, to the abuse of location data to ruin folks’ lives because of their sexual preferences. It couldn’t be any more obvious that the trajectory we’re on ends very badly, and at unprecedented scale.
Filed Under: anonymization, data brokers, location data, privacy, reform, security, surveillance
Comments on “Our Ongoing Refusal To Regulate Data Brokers Is Going To Bite Us On The Ass”
1984
Not a warning but a how-to book for dummies.
Added to such classics as Machiavelli and Suntzu.
Well, “if you’ve got nothing to hide…” as the good old argument against every possible privacy protection goes.
Soon, putting you’re phone in an aluminum bag as a Faraday cage to not be physically tracked will become an offense.
Re:
My response to “well, if you have nothing to hide” is always 2 questions:
“What’s your spouse’s favorite sexual position?”
and
“what’s your kids favorite candy?”
It’s amazing that after asking those two questions, suddenly privacy becomes very understandable and important to people 🙂
Re: Re:
And this is the usual fallacy promulgated by the privacy nuts. They seem to believe that not worrying about stupid privacy concerns is the same thing as being required to answer questions on demand. When it comes to personal questions like this, people are under no obligation to answer or to make finding the answers easy for the questioner. But also, if the investigator wants to do the work involved in finding out, that’s fine. Maybe I’ll start seeing ads for that candy, or for marital aids.
The notion that we must impose billions of dollars in cost and inconvenience and bureaucracy so that someone has to work a smidge harder to find out not terribly secret information is horrifying and should be stamped down as soon as it appears. “This site uses cookies.” Morons, every single time.
Re: Re: Re: Honestly it's almost as reliable as gravity at this point
Said the person commenting anonymously.
Re: Re: Re:
So, Hyman.
Knowing how you love to attach your name onto everything…
Why is it that you’re commenting anonymously, hmmm?
Re: Re: Re:2
I’ve said why many times. When I post while signed-in, the site owner sends my comments to moderation and they sometimes do not appear for days. Despite his false claims of supporting free speech, he likes to engage in this form of useless petty harassment presumably in the vain hope that I will go away. If he will stop doing that, I will resume posting while signed in.
Re: Re: Re:3
It seems you are unable to learn, not surprising considering how fanatic you are.
Re: Re: Re:4
Learn what, that the site owner and many of the commenters here do not like what I say? I know that already; that’s what makes commenting here fun – telling wrong people that they’re wrong.
Re: Re: Re:5
You are incapable of learning when you aren’t welcome. You tread where you aren’t wanted. You rationalize this with “I can still access the site” even though the owner has told you to fuck off.
If this was a physical establishment there would be a photo of you at the entrance saying: “Don’t let this person enter the premises under any circumstances”.
Your stupidity and entitlement is why you are still here, because for Mike to get rid of you he has to get rid of anonymous posting.
You are a freeloader, a stupid asshole, a sociopath, a fanatic and someone who behaves exactly like a rapist, plus you are odious as hell and that is why you aren’t welcome anywhere.
TL;DR: You are an extremely revolting person that no one want to associate with.
This comment has been flagged by the community. Click here to show it.
Karl Bode is retarded
How are you going to regulate “data brokers”, without violating the first amendment?
Re:
Equating mass surveillance, big data, international laundering, and intentionally backdooring laws meant to protect American citizens with the primary rights to free expression is quite a leap. If anything, this mass collection and sharing of data should be more obviously chilling, so that more people feel the need to speak up and fight back. Right now the immensity of data that could be used for targeting or outright blackmail is terrifying, and advancing AI takes more and more of the legwork out of leveling that data at an individual or small group. We’ve mostly been safe because we’re not personally worth the effort of collating all that data, but that’s quickly changing.
Re:
Bruh, have you not heard of HIPAA before? We regulate the collection and dissemination of personal data all the time.
This comment has been flagged by the community. Click here to show it.
Karl Bode is a liar
You can’t regulate “data brokers” without violating the first amendment
Re:
There already exists a baseline exception to 1A for privacy.
Laywers, doctors, and bankers are already restricted from discussing your business with even the government even when compelled to appear. HIPPA prevents the dissemination of medical records without explicit approval in many instances.
A law treating some records, like location data, as private data to be protected like my financial information could pass similar scrutiny. Im not a legal drafter, it needs a lot of detail work.
Ill note my similar complaint against “corporate lobbying” where I noted the target of that type of law, the ability for a corporatation to advocate for istelf, is undermined by the ways corporations already skirt lobbying restrictions by use of the directly granted right for individuals to lobby members of Congress. Given the recent history of SCOTUS curtailing restrictions on political speech, I don’t see a meaningful restriction on the private right which can solve the problems of corporate lobbying. While certainly possible SCOTUS will block attempts to secure privacy, its not as clear from the legislative history how the current court will see it, but the carpenter decision is certainly a bellwether away from a no privacy ruling.
This comment has been flagged by the community. Click here to show it.
Re: Re:
So you think that something like publishing classified information during time of war, or publishing someone’s diary can somehow be punished, because of the “privacy” law? Do you think Julian Assange can be thrown in jail, for publishing secrets?
Invasion of privacy can only be narrowly tailored towards “intrusion into seclusion”, i.e. breaking into someone’s car, trespassing in their home, wiretapping their phone, etc. Merely having lawfully collected information about a person, i.e. gossip, photographs, etc, and sharing that with others is protected by the first amendment.
Re: Re: Re:
The fact that HIPAA exists shows that you’re an imbecile who doesn’t understand how the world — or the First Amendement — works even a little bit.
Re: Re: Re:
The publisher can be safe, but whoever gave them the Information can be tried for offenses like espionage. If every shop you used handed you shopping list over to web site that published them, should the shops be protected by the first amendment? I ask, because that is how the data brokers gain the information about you.
Re: Re: Re:
There IS an exception to 1A for that
So, Jay, why are you on a fucking sex offender list then?
Why are you on a sex ofender list, then?
So, Jay, why did you attempt to use copyright law to sexually harass your ex-wife, then?
Re: Re:
Given Thomas’s and Alito’s recent and extremely embarrassing “little man behind the curtain” revelations, I’m pretty sure they understand all too well the lack of privacy protections. In upcoming cases, I like think that they’ll remember that they too are subject to scrutiny-by-data-broker, and act accordingly.
Re: Re:
You probably need to read up on revenge porn laws. I don’t know if you’ve heard of them.
Re: Re: Re:
I have. I’m curious where you think I skipped over revenge porn in my analysis.
Re: Re: Re:2
All of it.
Re: Re: Re:3
I’d really have preferred you explained what your issue was so I could reasonably address your claim. I understand a few way you might think my position is contradictory, Absent clear understanding of how you think revenge porn laws disprove existence of HIPPA, I’ll assume you are being Schrodingers Douchebag on purpose.
Re: Re: Re:2
When you started responding to Oregon Sex Offender and White Supremacist benjamin Jay Barber.
He is on the Sex Offender List for a very specific reason…
Re: Re: Re:3
COuld you perhaps elucidate what about my disagreement with the the sex offender renders me unaware of revenge porn?
Re:
And how did the first amendment work to protect your revenge porn business? Most of the data the brokers collect is not on public display, but information that should be limited to you and the party with whom you are doing business.
Is looking to regulate the wrong target. What should be regulated is the ability of organizations that people do business with to pass on information to the data brokers.
Re:
Kinda. By focusing on the businesses and not the brokers you’d miss out on the collection and aggregation of public information. This includes plat information, professional licenses, political contribution, court records, voter registration, vehicle licensing, etc. Some of these are required by law to be public.
It also misses on the concept that data, once combined, can present a significantly larger threat than each piece of data individually. US gov security practices explicitly identify this as a risk. We also know to protect it as a trade secret. from the DOJ:
A trade secret can include a combination of elements that are in the public domain if the trade secret constituted a unique, “effective, successful and valuable integration of the public domain elements.”
For example: if you combine plat information, with census information, professional licenses, marriage information, and birth information…you could get a pretty decent list of high earner/DINK addresses that are ripe for a smash and grab during the day.
One thing that’d get attention is to take this information and cross-reference it with who visits the homes of these people. I’d also look at other places they spend extended time at, and who spends time at those same places at the same time. See if there’s any embarrassing connections, and make them public. Because nothing short of the data actually being (ab)used like this to hit the people who matter will generate any change.
This comment has been flagged by the community. Click here to show it.
We don’t do anything about it because only a handful of privacy nuts care, in the same way that there are a handful of AI risk nuts claiming we should worry about being turned into paperclips. As is evident from this article, the privacy nuts are actually hoping for something terrible to happen so they can push their agenda. But it won’t, because tracking people isn’t going to cause mass harm. It might catch adulterers, and it should catch criminals, and that’s about it.
Re:
And if the GOP seizes power, anybody who is not a straight white male. Some that is not being used in a tyrannical fashion now, can become an instrument of tyranny very quickly.
This comment has been flagged by the community. Click here to show it.
Re: Re:
Fanatics always make up stories about the terrible things that could happen to try to get their way now. To the extent that I can, I will oppose privacy regulation and the people who press for it.
Re: Re: Re:
you did her about the lady who is being criminally charged for desecration of a corpse because she had a miscarriage while peeing and in her panic and devastated state, flushed the toilet(a REALLY common thing to do in these instances) and then, when the toilet was clogged with her 22 week old fetal corpse, used a plunger to try to clear the clog? ya know, probably hoping that it wouldn’t blow up into a huge thing and she could go an mourn her loss privately.
Oh wait.
Re: Re: Re:2
Your point is that criminals who hide their activities should be able to do so without being discovered? Good luck using that to sell your wrong ideas.
If your point is that this law is bad, a public prosecution is the way to encourage legislation to change it.
Re: Re: Re:
Okay then, so why are you anonymously posting?
And while you’re at it, tell us your Social Security Number, physical address and how many times you’ve went to the toilet, and why.
After all, since you don’t believe in privacy, you should be able to tell us all of that…
Re: Re: Re:2
I’ve said why many times. When I post while signed-in, the site owner sends my comments to moderation and they sometimes do not appear for days. Despite his false claims of supporting free speech, he likes to engage in this form of useless petty harassment presumably in the vain hope that I will go away. If he will stop doing that, I will resume posting while signed in.
And yours is the usual fallacy promulgated by the privacy nuts. They seem to believe that not worrying about stupid privacy concerns is the same thing as being required to answer questions on demand. When it comes to personal questions like yours, people are under no obligation to answer or to make finding the answers easy for the questioner. But also, if the investigator wants to do the work involved in finding out, that’s fine.
These two things are actually related. Just as the site owner claims to believe in freedom of speech but puts permeable barriers in the way of people exercising it, I can disbelieve in a right to privacy without requiring myself to answer the questions of arbitrary people. If you want to know, you will have to do the work yourself. Or, you know, just buy the information from a data broker.
Re: Re: Re:3
You want to force yourself into places where you aren’t welcome. Nobody wants you here but you are a fanatic so you are incapable of learning that, you behave exactly like a religious nutjob.
Interestingly enough, the questions can most likely be answered by mining the data connected to your online persona and other data sources. But considering the sheer stupidity you always put on display here, you don’t actually have a clue about how much of footprint you leave online and offline since you don’t seem to care one bit.
Re: Re: Re:4
Note that when I post while signed-in and get sent to moderation, my posts mostly do eventually show up. The site owner could delete the posts, but he doesn’t. What he wants is to get me to silence myself “voluntarily”. It’s his form of cancel culture. If I go away by myself, he still gets to think that he supports free speech.
Not caring about the online and offline footprint is the point. The privacy nuts care. Normal people don’t. I remember when privacy nuts pushed their agenda by telling people that they would be denied health insurance if their private information became known. But instead of passing stupid privacy laws (or in addition; HIPAA is the medical equivalent of “This site uses cookies”), we just passed a law forcing insurance coverage regardless of pre-existing conditions.
Re: Re: Re:5
As I said, you are incapable of learning. You are here against the express wishes of the site-owner. You are a fanatic because a reasonable person would have left soon after it was known they weren’t welcome.
Nobody here is interested in hearing your sickly fascination of what genitals people have which you bring up over and over again.
You do understand that there are different forms of health-insurance, yes? You can be denied disability insurance if you have a pre-existing condition. Look up pre-existing condition exclusion and perhaps you might learn something.
Good luck with the premiums on all other forms of insurance, or even being able to get them.
Re: Re: Re: Unless of course you've got some skeletons in your closet to hide...
As always seems to be the case with that sort of comment said the person posting anonymously.
Go on then, show how much of a hypocrite you aren’t and attach your real name to your call to oppose privacy legislation, surely you’re willing to practice what you preach, no?
Re:
China has entered the chat.
Re:
“only a handful of privacy nuts care, in the same way that there are a handful of AI risk nuts ”
Not that long ago:
Only a handful of doctors said cigarettes cause cancer, they were called nuts. Only a handful of doctors said lead causes health problems, they were nuts. The list goes on
Re:
Are you daft? Pointing out risks isn’t hoping for something to happen.
The US military is very, very worried about this. And that’s because they are one of the only organizations that has a research arm dedicated to making sure information can’t be weaponized. More people should be worried but aren’t, especially the people that are collecting the information and doing fuck all to contain it.
Five years ago publicly available Strava data could be used to easily locate military bases in Syria. And that’s just one vector of information. Compiling multiple sources can give you insights WAY beyond what a single source would tell you.
Re: Re:
Yes, and that’s good, and it’s called “science”. Trying to limit truths that can be discovered through available information is, and should be, a violation of the 1st Amendment.
That is what it will take
Yep, that is what it will take.
And, as one of the ACs pointed out, a decent privacy law would not just regulate data brokers, it would put them completely out of business. It would start at the top with those who collect the data in the first place. It would essentially eliminate the completely bogus “Third Party Doctrine.”
It would have to limit the data that anyone could collect to the absolute minimum needed to conduct affirmatively consensual business with that person, it would mandate that the data be stored in encrypted format only with strict limits on who could access the data, when they could access the data, and for what reason(s), and it would prohibit the dissemination of that data to anyone for any reason, without the express consent of the person the data concerns. This would serve to eliminate the problem of service or product providers refusing to do business with those who refused to provide excess data, or charging them higher prices for those who refused to provide the excess data. All of these provisions (and possibly more) would be needed to eliminate the data collection and privacy violation business entirely.
It would have penalties for anyone who steals or otherwise receives private data, including any and all government entities, particularly law enforcement. It would also need some serious teeth, with not just paltry fines for violations, but significant prison time for violators.
It might also have to mandate the use of encryption for all electronic communications, including but not limited to voice, data, email, and text messaging.
This is what would need to happen, but probably never will because of the mentioned massive money in the industry, and the government’s use of the data to get around both the Fourth Amendment warrant requirements and the Fifth Amendment prohibition on self incrimination.
True, pretty much the only way we ever get safety regulation of any sort is after multiple horrific tragedies. Of course, it isn’t always properly enforced, gets split among mutiple agencies that aren’t always attentive, and there are multiple exceptions and loopholes of the most egregiously idiotic sorts.
Still would be great to move in the right direction. Too bad about the necessary tragedies tho’.