CIO - Revelations about the National Security Agency's widespread surveillance of online activity has roused the ire of social media firms, but it also reveals the extent to which these companies are at least partially to blame. How much of this personal data would be available if these companies weren't collecting and mining it for profit in the first place?
It should come as no surprise that the pools of data amassed by Facebook, Google, Twitter and others are being used for financial gain. While these incredibly powerful and important sharing and collaboration tools come with a price, and advertising is the currency by which their money flows.
These massive, almost unavoidable and free platforms entice us to share as much as possible about ourselves in ways that inevitably push our privacy out the window. The trade-off is simple, albeit creepy at times. To make the creep factor even worse, your personal data isn't used only by the social media company you sign up for. Your information is often sold to nameless data brokers not bound by any terms of service or privacy agreement.
We mostly have ourselves to blame for any victimization that occurs, but that still doesn't necessarily shield these social companies and allow them to skirt all responsibilities to their users. Each of them is following the path of least resistance, simplifying the issue to government surveillance when it could just as easily focus on the inner workings of social advertising.
Indeed, our collective shock is primarily directed at the overreaches made by government agencies while the shadowy practices of data brokers that buy and sell that same personal data for targeted advertising go largely unchecked.
"The technology is interesting, and amazing, and new-fangled and crazy," says Seth Shafer, research analyst at SNL Kagan. "That battle has been going on for a long time between not wanting to be marketed to in certain ways but still wanting the benefits of the relationship."
Deflecting Criticism by Omission
Legal necessity requires social media companies to cooperate with the government, but their association with data brokers is entirely by choice and for profit. While almost every major technology company has taken President Barack Obama to task over the NSA's incursion into our privacy, they're saying little about the widening role of data brokers.
"When our engineers work tirelessly to improve security, we imagine we're protecting you against criminals, not our own government. The U.S. government should be the champion for the Internet, not a threat. They need to be much more transparent about what they're doing, or otherwise people will believe the worst," Facebook CEO Mark Zuckerberg wrote after calling President Obama to express his frustration.
Facebook also joined with AOL, Apple, Google, LinkedIn, Microsoft, Twitter and Yahoo to highlight the urgent need to reform government surveillance practices. "We urge the U.S. to take the lead and make reforms that ensure that government surveillance efforts are clearly restricted by law, proportionate to the risks, transparent and subject to independent oversight," the group writes in a letter to Obama and members of Congress.
Companies like Facebook are deflecting criticism by playing up the anti-government surveillance card while at the same time somehow managing to avoid any fallout over the collection, sale and use of personal data for advertising.
Much of that work is taking place behind the scenes without oversight and the Federal Trade Commission wants to change that. Following an in-depth study of the industry, the consumer protection agency issued a report concluding that data brokers "operate with a fundamental lack of transparency."
[Related Slideshow: 15 Ways to Make Sense of Calls for NSA Reform]
But to the chagrin of consumer-privacy advocates everywhere, most of their practices are legal. "Many data broker practices fall outside of any specific laws that require the industry to be more transparent, provide consumers with access to data, or take steps to ensure that the data that they maintain is accurate," FTC Commissioner Julie Brill writes in a statement that accompanied the report.
There's also the unfortunate and sometimes unfair categorizations that data brokers apply to consumers. Someone labeled a "biker enthusiast" by these firms may receive discounts on motorcycles, for example, but they could also be unfairly targeted by an insurance provider seeking signs of risky behavior.
The FTC is more bark than bite, however, so it shares the same burden as every American waiting for Congress to act. The commission hopes to reinvigorate discussion on Capitol Hill by encouraging Congress to consider legislation that would bring more transparency, consumer choice and controlled access to the data held by data brokers.
Ideas from the agency include a centralized portal, consumer access to data, opt-out mechanisms, data source disclosures, prominent notice and choice to consumers and further protection of sensitive health information. However, despite the FTC's best intentions and long-term efforts to rein in these practices, it's unclear if Congress will take up these measures in earnest.
Sen. Jay Rockefeller (D-W.V.) has led the charge in many respects, eventually introducing the Data Broker Accountability and Transparency Act in the Senate in February. A related bill in the House was last referred to subcommittee in April.
Where's the Rest of the Privacy Outrage?
Meanwhile the giants in social media have been almost eerily silent on the issue, letting ad industry groups fight a battle that is partially of their own making and one that affects its users. Facebook, Twitter and others are all too happy to keep a safe distance, holding tight to every degree of separation. Even though they are uniquely positioned to demand changes from the data brokers they work with, they are effectively sitting this one, while expressing outrage only at the government's collection of the same data.
Shafer of SNL Kagan says every user's data is fair game for use at any time by these companies because of the free utility they receive in return. However, he also understands why regulators and consumer privacy advocates are scrutinizing these practices.
"I think we have more of a sentimental attachment to the stuff we give up to Facebook and Google, which makes invasions of privacy seem more outrageous to us," he says.
Direct mail marketers know where people live and while Facebook doesn't necessarily need to know your physical address, it does have pictures of you, your kids and your vacations.
"With a lot of markets, you eventually find your way to what has the least amount of friction and right now to me that seems to be Facebook-style advertising. As annoying as ads are, both Facebook and Twitter at times it's hard to tell whether you're looking at an ad or a post from a friend or a news story. They've been pretty successful at blurring all those lines where it works," says Shafer.
"It lets them give you an ad that you're likely to click on. It's creepy, but when you think about other ways that you're going to pay for your operations that give you this platform, so far it's the least annoying," Shafer adds.
Read more about industry verticals in CIO's Industry Verticals Drilldown.
- Aberdeen Group: Marketing Analytics for Manufacturing: Forging Customer Insights There are no recalls for poor marketing. Manufacturers need to get their customer intelligence and messaging right the first time. Learn how.
- The Brave New World of Customer-Centric Manufacturing The Unique Opportunity for Manufacturers to Better Understand their Consumers
- See the Possibilities Utilizing Data Visualization Do you simply want to collect data, or do you want to derive business insights from it? What if you could quickly and...
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All IT Industry White Papers | Webcasts