Saturday, 1 December 2012

How to Beat Shady Data Dealers: Selling Our Own Info

Data resellers should be thrown in jail. Or, at the very least, litigated out of existence. These are companies that track our every click online to build detailed profiles of our age, location, preferences, and proclivities, and they do it all without asking permission or offering payment. And since this industry has proved our personal data is worth money, it has also proved that these people are thieves.

That line of reasoning, presented by Shane Green, CEO of Washington, D.C.?based Personal, at the recent EmTech 2012 conference at MIT, certainly sounds radical. But what?s most surprising is that it is so hard to refute?and that it hasn?t been a rallying cry among the privacy-minded.

The feds have made early steps in attempting to rein in these resellers. In 2010 the Federal Trade Commission issued a report that urged online advertisers to get their houses in order. Specifically, the FTC pushed for a tool that would let users block various degrees of tracking. Advertisers and data collectors who circumvent that Do Not Track (DNT) mechanism could be penalized, such as being thrown out of an established group of trustworthy companies, and relegated to Big Data?s grayer market.

The problem is that the business of data reselling is already as unsavory as it gets. Aggregators turn a steady stream of data points into guesstimates about what variety of diabetes or herpes you might have, then bundle those up with other assumptions?suspicions of HIV or bipolar disorder, or sexual orientation?and sell them to third parties for limitless distribution and resale. Companies like Bluekai and Lotame Solutions freely boast about their unprecedented user profiling, and the ability to serve up hundreds of behavioral data points based on where we click and what we search for. Lotame primary user-tracking product is actually called Crowd Control, as though everyone online constitutes one rowdy, unwashed mob.

How, then, do you shame an industry so brazenly shameless?

User Power


Green?s plan is to ditch the big stick, the one vaguely referenced by the FTC, and provide data resellers with all the carrots they can devour. Personal wants to allow users to sell our own data?on our own terms.

"If I have control of my own data, then I have the ultimate carrot," Green says. "Ask me for it. If you ask me for it, I will give you access. Not to every piece of data about everything, but a lot of great data about whatever it is you?re interested in."

There?s an important distinction here that makes this approach so potentially powerful. What Green and Personal are advocating isn?t that you restrict your data and make it impossible (or more difficult) for digital scavengers to harvest it. Green is pushing for a market-driven shift in how data is gathered: from the inefficient process of companies tracking all our data and making guesses at its meaning to subjects directly handing over their own concise data. "It?s going to be cheaper and easier for them to come straight to the front door and ask for it," says Green. "By having the biggest carrot I can dry up the swamp of everyone else who?s trying to do it in unsanctioned ways."

How? Imagine your every move is tracked by an army of bumbling spies. Despite their high-tech tools, these are utter fools, Inspector Gadgets gone wrong, prone to pratfalls while peering in your window. They?re your own personal contingent of tireless paparazzi, only dumber.

One way to deal with these clowns is to bellow at them, to black out your windows and drive too fast, to fight them. In privacy terms, this means encrypting all of your communications, deleting every browser cookie you find, and generally living the besieged life of the paranoid. This is totally justifiable, yet about as effective as using a BB gun to deal with a termite infestation.

Instead of resisting, imagine you were to relent?on your own terms. You provide family portraits and vacation photos to the more respectable-looking spies, the ones who agree to buy them, and not resell them (without asking first). You hold auctions for details on the make, model and trim of car you?re thinking of buying next, the career and position you wish you had, or the full specs for the computer you own and the tablet you?re hoping to pick up. When one of them breaks his promise and distributes information entrusted to him, he?s banned from future data garage sales. Better yet, an industry of respectable go-betweens could spring up to manage and automate these interactions with the rogues who once tailed you in the shadows.

What was an unseemly, scattershot surveillance program gives way to a marketplace of personal information. And if the market works as we tend to think markets do, then the spies who play by its rules, and trade for our data instead of violating our privacy, will profit exponentially more than the uncooperative ones.

What would pave the way for this, or any major shift in how we protect and quantify privacy, is a full accounting of exactly what goes on in the current data resale market. "If I were asked by a regulator the one law they could pass that would be most important to me, it?s easy?transparency," says Green. "If people knew what was happening to their data, that changes everything, and that?s why companies are fighting so hard to not have to truly be transparent."

If users have the right tools, Green says, surely they could get more value out of sharing their data than a haphazard data reseller could. It could change the way advertising works. Considering that for every car sold, carmakers typically spend about $3000 in advertising, there?s money to be made by an enterprising customer?and saved by both advertisers and clients.

Cutting Out the Data Middleman


Personal isn?t alone in hoping to trick this legion of Peeping Toms into rehabilitating themselves. Also at MIT?s EmTech conference was Saikat Guha, a researcher at Microsoft Research India. In his presentation, Guha compared the issue of data collection to someone bundling up free food at an event and then reselling it to hungry students just one or two floors below. Sure, it?s legal, but clearly unethical and objectionable.

Guha?s solution is similar in some ways to Personal?s. It is to dissuade tracking by offering advertisers a buffet of more accurate, more useful data. Guha helped to create and deploy two systems: Koi, which focuses on location-based advertising, and Privad, which deals with more general, browser-based advertising. Both systems are appropriately complex (the best privacy-increasing software, with their double-blind data channels and intricate encryption and decryption protocols, are mathematics cloaked in the trappings of counter-espionage). But the resulting concept and apparent results are straightforward.

Instead of advertisers targeting ads based on data they?ve taken from you, Koi and Privad essentially act as your agent, analyzing a constant barrage of incoming ads and letting only the relevant ones through. But the advertisers don?t necessarily know why a particular ad made the grade, or exactly who is viewing it. In theory, if enough people were to sign up for services like Koi and Privad, then the online profiles of all of us that are built up, updated, and sold without our permission would become essentially useless. Why fumble and guess at a user?s interests and demographic identity, and bother creating an in-depth, mostly incorrect file on him or her, if there?s a way to reliably get the right ads in front of the right people?

Both Guha and Green know that the advertisers, who currently rely on their own tracking activities, are bound to cry foul, either condemning these efforts as bad for the ad-based Internet or bad for the user experience. "There are skeptics, of course. Especially those whose business models this threatens," Guha said in his presentation (he was unavailable for comment at the conference). "They said this would never be practical. So we built it. Piloted it. And let the data do the talking."

Specifically, Koi was tested among some 600 users, and Privad among 2000, meeting their research goals with real traffic and real ads. The data flowed more privately but just as quickly, and some users even received a tiny bit of cash (generally about $0.40 over an extended period). It was a proof-of-concept for the notion that when advertisers know their ads are hitting the right targets, there?s money to be made by those targets, even if they remain anonymous.

While there are no immediate plans for a wider deployment of Koi or Privad, Personal is partnering with companies to roll out its vision of a data ecosystem where the individual is part of the marketplace. For example, Personal is currently in talks to integrate its services with Car & Driver (which, like Popular Mechanics, is a Hearst publication), to help manage user data responsibly and effectively. And the company has launched a form-filling service that allows parents to fill out multiple FAFSA (Free Application for Federal Student Aid) forms with a single click. It?s an extension of Personal?s role as a kind of impenetrable yet highly accessible data vault, where even the company doesn?t know your password.

Personal?s initial offerings are limited in scope, but the company?s more ambitious, long-term plan is complicated, even by the standards of privacy experts. It amounts to a national or even global feat of social engineering, educating the population about the threats to privacy by providing a secure place to make their data more private, yet more accessible and financially valuable.

"I want more data to flow, where it?s trusted where it makes sense, where I know the rules," Green says. "Because I want my data to make my life better. And it will, it can, it should, it just has to be responsibly done. If your data is used irresponsibly, it will hurt you. Technology and data are neutral. They can be used for good or ill. We?re just trying to create more opportunities for it to be used for good reasons."

Source: http://www.popularmechanics.com/technology/how-to/computer-security/how-to-beat-shady-data-dealers-selling-our-own-info-14801794?src=rss

fantasy baseball jared sullinger jaleel white levi johnston 2013 srt viper scott walker recall fisker atlantic

No comments:

Post a Comment