“They did not foresee what in fact has happened … the development of a vast mass communications industry, concerned in the main neither with the true nor the false, but with the unreal, the more or less totally irrelevant.” – Aldous Huxley, Brave New World Revisited (1958)
For many, the name “Cambridge Analytica” was a first introduction into the nefarious world of data mining. While Cambridge Analytica made their name based on a sophisticated form of data slice-and-dice to assist in influencing and altering the 2016 Presidential election, there are a surprising number of organizations that have been doing this same type of information scouring for years. The problem with this form of data gathering is that consumers are unaware that their personal information is being gathered, stored, and sold, and there aren’t any laws established to protect them.
Under the more eloquent name of “business intelligence,” the organizations that are involved in data mining have refined their approaches to formulating smooth methods of gleaning anything and everything that they can about you as a consumer, including some of the most intimate of information. These companies use every innocent point of contact involved in an individual’s life to gather golden nuggets of information from internet surfing, websites, store purchases, publicly available data, loyalty programs, online purchases, and even contributions made to your favorite charities. Access to these consumer profiles is big business, and companies will dig into your deepest darkest secrets to find out everything that they can about people.
In other words, there is a dollar value associated with getting inside people’s heads to influence their decisions.
This approach is called “psychographic profiling” and “is a qualitative methodology used to describe consumers on psychological attributes. Psychographics have been applied to the study of personality, values, opinions, attitudes, interests, and lifestyles.”
Attitudes about data sharing differ based on generation. Older people still retain a level of suspicion and are less likely to trust sharing their data, with even less trust for the companies that are collecting it. Younger individuals have never known an existence without the internet and due to social media exchange, feel more open to having their data “out there.” Like a variation on the show “Black Mirror,” the question remains: is there a tipping point for the quantity of information that is being shared to move towards objection? When the data that is contained can keep you from a new job, getting a loan, or possibly buying a home, the control-factor moves from being informational to dangerous.
Add to this the fact that some of the biggest tech companies such as Google have been not only selling your Gmail address, but also the contents of your emails and it has now entered the realm of creepy.
The Faces of Data Mining
We have become a society accustomed to sharing our information. With the likes of Apple’s Siri and Amazon’s Alexa, we look to our technologies as a form of personalization; and that is indeed one of the ultimate goals of these companies. While Apple and Amazon have a more transparent approach, with Apple offering consumers the ability to delete anything that may be associated with their account, other companies are not as upfront. Using attractive marketing terms such as “intuitive” and “perceptive,” they tap into the emotional need of consumers.
The development of data mining has been evolving from what was once only found by the major credit reporting bureaus. Much of this information is often used for background checks and credit applications, and the 1970 Fair Credit Reporting Act ensures that consumers have access to their information with the ability to correct anything that is wrongly reported. The law has specific requirements for written legal consent for employers to have access as well as full disclosure regarding how the information will be used. HIPAA laws have been created to protect the privacy of patients so that their information/data cannot be shared, but since this is highly valued, cybercriminals have turned to medical institutions during ransomware and other cyber attacks.
However, data brokers are not held to any legal standards; and this leaves the doors wide open for them to collect your personal information, trade it and sell it in any way they wish. While there was a 2014 Federal Trade Commission report on data brokers for a call for transparency and accountability, there was not any legislative follow through to establish standards, requirements, sources, sharing/selling data, or liabilities.
Data brokers are typically one of the three main categories:
People search sites that gather basic information including name, address, birthdays, affiliations, education, etc., with the data available for a small fee. Some of these companies include PeekYou, Spokeo, Pipl, and PeopleSmart. These are often the first level of access for anyone interested in using the information for malicious intent (also known as “doxing”).
Marketing based data brokers such as Datalogix (a division of Oracle), and other subdivisions of the credit reporting bureaus of Equifax and Experian, are deeply entrenched in data mining. These companies create detailed dossiers on people that include information useful for tailored marketing strategies. Other companies can purchase data that can include such details as education, ethnicity, age, interests, income, etc. and craft custom marketing blasts.
Risk mitigation data brokers such as ID Analytics can be used to assist in fraud detection and ID verification. They validate all of the pertinent information, including social security number, and is often used by credit card companies, law enforcement, and even the government.
At this point, you might be assuming that much of this looks and sounds harmless; but when you add into this mix the fact that identity theft is now a multi-billion dollar business, the value of your personal information just skyrocketed.
The Companies that Know Your Intimate Information
Most of the names of the data brokers that are in control of your information are probably not known to the average individual. These are well-established brokerage houses that buy and sell you like a commodity on the stock market. Some of the “players” in this game of intrigue include Epsilon, Acxiom, Live Ramp, IPG, and DSL Direct, LLC. Oracle makes use of their BlueKai Registry to track online users. It should be noted that in 2018, IPG purchased Acxiom for $2.3 billion.
If you’ve ever wondered how you get those ads on Facebook, email spam, or those sideline ads that match what you were recently searching for, these companies are probably behind them. However, what you don’t know is that only a few give you the ability to access this information and it requires an intense amount of hoop-jumping, snail mail, and validation. As you might guess, most people simply don’t bother, and any data that they have that is incorrect will continue to be sold and shared through to an endless rabbit hole.
Data management platforms (DMP’s) are the central core of each of these organizations. An example of DMP is Acxiom’s Live Ramp Connect that manipulates information, slices/dices, and hones it down so that it can spit out a final data list to their affiliates and partners for whatever purposes are needed. Cambridge Analytica accomplished this through a narrowing of the lens to find those that might be most vulnerable for political propaganda; with suspicion that each of these data mining companies is using this ability for similar influence. While you might think some of the players are indeed competitors, they also work together in connecting the dots for profit.
The rule of thumb to remember in the universe of data mining is that there are no rules and there are no limits. Any failure, weakness, or problem can be bought from these companies for a price.
Take a Trip Down Your Data Road
One of the interesting approaches that Acxiom has taken is to create a website of data transparency for the average consumer. Their launch of aboutthedata.com is an opportunity to view everything that they have on you with the ability to correct and change it. The website may be a response to public outrage over the use of personal data by such entities as Facebook, but it also may be a carrot to entice the public to refine the information to a more truthful (and valuable) dataset.
Under the guise of “personalizing your data,” you too can make sure that the contents have each of your interests, your political preference, your favorite purchases, and even hobbies listed clearly and alphabetically.
Acxiom also offers the ability to retrieve information from their partner organizations. A report request confirmation will be sent to your email address within 30 days. It’s important to recognize that although Acxiom will supply the report, consumers can’t change any of the data, even if it’s incorrect. The Acxiom response to this is: “Acxiom sources data from a number of trusted partners. To preserve the accuracy of their data, these partners protect their databases, which includes not allowing others to change the information.”
Data Mining Companies on the Defense
Although much smaller than many of the bigger data mining players, Cambridge Analytica crossed the line and took full advantage of their software abilities. The exposure of their existence displayed the dark direction that they took to try to influence political choices through propaganda and psychographic profiling. These data mining companies, who have historically remained behind the scenes, are now under a detailed microscope. Cambridge Analytica made use of the profile information, supplying it to Russian and Macedonian purveyors of fake news so that they could craft memes and articles for political influence. Since there aren’t any laws dictating that this type of mining can’t be done, it goes without saying that the doors are open for others to play the same game.
Cybercriminals are intensely interested in these data mining companies and have devoted time and effort to constant and often successful attacks. Theft of your personal information takes this to a whole new level as the criminals can buy and sell on the dark web, and this intensifies the ability for identity theft.
A Vice Motherboard article offers just a hint of some of the thefts that have occurred:
“companies scooping up tons of data on individuals are vulnerable to security breaches, so the information they’re collecting has ended up in the wrong hands. In addition to the Equifax breach, which affected more than 145 million people, Acxiom was hacked in 2003, and over 1.6 billion records (including names, addresses, and email addresses) were stolen, and some were sold to spammers. Epsilon was hacked in 2011, exposing names and email addresses of millions of people on email marketing lists who were then subject to spam as well as spear phishing attempts. LexisNexis’ parent company RELX has been breached [sic] multipletimes, exposing social security numbers, mailing addresses, and driver’s license data. In 2015, 15 million records belonging to T-Mobile but stored on Experian’s servers were accessed.”
Data mining has gone beyond just collecting information to create a cause-and-effect change for product purchases and has now entered the corrupt arena of brainwashing propaganda that visionaries predicted. Our reliance on the internet has produced a condition where outside organizations can influence our thoughts and decisions.
We are losing the ability to tell the truth from fiction and with enhanced cybercrime, even to be able to validate who we are versus the identity theft criminals. These situations have reached a boiling point that requires a new approach to net access with enhanced software that can differentiate fact from fiction while protecting the very personal nature of our information.