August 14, 2012

Privacy, Identity, and Third-Party Service Providers

"We may share information with third party service providers."

Ever read that (or equivalent) in a privacy policy?

It means: "Access to your personal information by this site, including information that you have not provided directly to us, is restricted only by expense, and anything you do here may be linked to widely available databases tracking your behavior." This is also true offline, and has been true since before the 1990's. And about combining offline and online data: this was never effectively restricted. As soon as your address existed in the database of an online company that allowed "third party services", they could buy the results of your warranty cards, vehicle registrations and other public records, magazine subscriptions, credit card purchasing profiles, and more. Surprised?

Would you be more surprised if you found out that knowing how often your doctor prescribes types of medicines is also available. And that availability has been considered constitutionally protected as part of the corporate "freedom of speech" for the BUYING corporation? Imagine if we as individuals could demand information because it might change how we say something! (Yes, that's a power that corporations have claimed as part of their rights due to their "personhood".)

You may rightly wonder how all this is available. If you read the fine print on various contracts you'll see a lot of "may be shared with third party service providers" and "may be used for marketing purposes". Those two together are the glue for the corporate identity markets: the former is taken to mean "I can share all the data I have with a data aggregater to get the information about you that I don't have". And the latter: "and it can be shared with any other company that also wants to market to you or any of the characteristics that have been attributed to you."

What data links these databases together? Anything they can get. An address (shipping, billing, receive our packet, free gift, ...)? Great! A phone number? Great! A cell phone number? Even better: location, and more individual than a house phone! A credit card number? Not so great: we'll have to pay the credit card company to give us the name/address/phone of the people who bought from us, because the card data is protected by law. But rock solid reliability, since they have your billing address (and probably your primary email address, and a couple of phone numbers - after all, you have to "call from your home phone to activate", right? Even if you never gave them your home phone before that...). And then we'll have to pay again to link it to any other databases. An email? Okay... they're unreliable, but as long as you've bought from someone and given them that email, or given that email to someone you do business with (electronic billing, maybe?) we can probably link it to your "real" identity.

Yes, with school and other events, this blog has, alas, been neglected. On the upside, I am remembering it again, and have a bit of a backlog of draft posts, like the above. The topics may broaden a bit, as I explore a bit more about teaching and communicating scientific and technical skills.