Mar 272010
 

Jeremy Wolf reports:

It can list your address, a picture of your home, how much it cost, how long you have lived there, your approximate age and income, your relationship status and more. And it is online for anyone to see.

Spokeo.com takes information from social networking sites like Facebook and Twitter, and from phone books, marketing surveys and real estate listings to create a profile on you without asking.

“Some of the info that’s here on Spokeo is essentially public info and there’s no getting around it. Real estate sales for example,” Steave Beaty, a computer science professor at Metro State College, said.

[..]

In the lower right corner of the page there is a link labeled “Privacy.” Click on “Privacy” and paste the URL in the URL field. Then you need to enter your valid e-mail address and the code listed. Then click “Remove Listing.”

You should then get an e-mail and when you get the e-mail confirmation, you should follow the instructions to complete the removal of your name from the site.

Read more on 9News.

Dec 142009
 

Over on AVG Blogs, Roger Thompson blogged about what happened when he was traveling and his credit card was declined because he hadn’t alerted his bank he’d be traveling. In order to get his card un-suspended, he had to answer some security questions for the bank’s Fraud department. And that’s when it got scary. Roger writes:

Ok, so that’s a pain, but at least they’re looking out for me, so I answered all the questions… “Last four of social, please”… “What accounts do you have with us?”… “Mother’s maiden name?” etc.

Here’s the scary bit… The guy says, “And now, sir, just a couple more questions, please. This is from publically available information. What age-range would best describe this person?”, and he proceeded to ask me about my _daughter-in-law_…. Using her maiden name, and she’s been married for nine years!!!!!

Now I answered the question correctly, and they un-suspended the card. I paid the bill, and headed for the airport.

I had one question thundering through my mind.

How did the bank associate me with her??????????????????????

I _refuse_ to believe it was “publically available information”.

We have no connection on _any_ bank accounts, or legal documents.

She hasn’t used her maiden name for nine years. I’d have been less suspicious if they’d asked me about her married name.

She’s _not_ a big computer user.

The _only_ place we connect as far as I’m _aware_ is that she’s a friend on Facebook!!!!!!!!!!

Now, I’m not accusing Facebook of _anything_, but one wonders…. I can’t believe Facebook would sell our data, so … is someone “harvesting” it?

Read more on Roger Thompson’s blog.

Oct 182009
 

Natasha Singer writes:

Time to revisit the always compelling — and often disconcerting — debate over digital privacy. So, what might your movie picks and your medical records have in common?

How about a potentially false sense of control over who can see your user history?

While Netflix and some health care concerns say they have been able to offer study data to researchers stripped of specific personal details like your name, phone number and e-mail address, in some cases researchers may be able to re-identify you by correlating anonymous information with the digital trail that you’ve left on blogs, chat rooms and Twitter.

Read more in The New York Times. Singer makes the point that many people would be surprised to learn that their patient data is also being sold — allegedly after being “scrubbed” or “de-identified.” Those who are aware of studies showing that it is relatively easy to re-identify data sets may be suitably alarmed by the notion that their data is being sold without their express knowledge or consent.

But the problem is not just confined to businesses that sell our data. As the recent UNC-Chapel Hill hack involving a mammorgraphy study reminds us, many patients may have their data sent to research studies without their express knowledge or direct consent, only to find out years later that their sensitive personal and/or medical information was hacked or acquired.

Sep 232009
 

Ryan Singel reports:

A fast-growing FBI data-mining system billed as a tool for hunting terrorists is being used in hacker and domestic criminal investigations, and now contains tens of thousands of records from private corporate databases, including car-rental companies, large hotel chains and at least one national department store, declassified documents obtained by Wired.com show.

Headquartered in Crystal City, Virginia, just outside Washington, the FBI’s National Security Branch Analysis Center (NSAC) maintains a hodgepodge of data sets packed with more than 1.5 billion government and private-sector records about citizens and foreigners, the documents show, bringing the government closer than ever to implementing the “Total Information Awareness” system first dreamed up by the Pentagon in the days following the Sept. 11 attacks.

[…]

Among the data in its coffers, the NSAC houses more than 55,000 entries on customers of the Cendant Hotel chain, now known as Wyndham Worldwide, which includes Ramada Inn, Days Inn, Super 8, Howard Johnson and Hawthorn Suites. The entries are for hotel customers whose names matched those on a long list the FBI provided to the company. Like much of the data used by NSAC, the records were likely retained at the conclusion of an investigation, and added to NSAC for future data mining.

Another 730 records come from the rental car company Avis, which used to be owned by Cendant. Those records were derived from a one-time search of Avis’s database against the State Department’s old terrorist watch list. An additional 165 entries are credit card transaction histories from the Sears department store chain.

Read more on Threat Level.

Sep 032009
 

Ken Boehm reports that the:

NLPC [National Legal and Policy Center] has uncovered a plan by the White House New Media operation to hire a technology vendor to conduct a massive, secret effort to harvest personal information on millions of Americans from social networking websites.

The information to be captured includes comments, tag lines, emails, audio, and video. The targeted sites include Facebook, Twitter, MySpace, YouTube, Flickr and others – any space where the White House “maintains a presence.”

In the course of investigating procurement by the White House New Media office, NLPC discovered a 51-page solicitation of bids that was filed on Friday, August 21, 2009. Filed as Solicitation # WHO-S-09-0003, it is posted at FedBizzOps.com. Click here to download a 51-page pdf of the solicitation.

While the solicitation specifies a 12-month contract, it allows for seven one-year extensions. It specifies no dollar cap. Other troubling issues include:

  • extremely broad secrecy terms preventing the vendor from disclosing to the public or the media what information is being captured and archived (page 7, “Restriction Against Disclosure”)
  • wholesale capturing of comments by non-White House staff on publicly accessible sites
  • capturing of content of any type (text, graphics, audio, or video)
  • capturing of comments by both Obama critics and supporters, with no restriction as to how the White House would use the information.

Read more on NLPC

Updated 9-06-09: See David Gewitz’s column on CNN claiming to “debunk” the NLPC claims and NLPC’s response.

Jul 312009
 

For all the concern and uproar over online privacy, marketers and data companies have always known much more about consumers’ offline lives, like income, credit score, home ownership, even what car they drive and whether they have a hunting license. Recently, some of these companies have started connecting this mountain of information to consumers’ browsers.

[…]

Companies like Acxiom and a competitor, Datran Media, make the connection between online and offline data when a person registers on a Web site or clicks through on an e-mail message from a marketer.

Datran’s cookies include 50 to 100 pieces of information. Both companies say cookie data is anonymous and generalized. Datran and Acxiom then sell advertising on Web sites like NBC.com, Facebook and Yahoo to companies that use their data.

Read more in The New York Times.