On the website of InfoTrack Information Services Inc., you'll find a photo of five amiable-looking professionals, superimposed on a background made to resemble a police lineup.
"Can you pick out the criminal?" it asks, ominously.
You probably can't. But you know who can? InfoTrack Information Services. For the right price, its sleuths will plunge into the seas of personal data roiling about the Web and try to dredge up some dirty information on behalf of potential employers. It'll poke around in your credit history, see if you have a rap sheet, check if you're on a "terrorist watch list." It'll even find out if you're a sex offender.
Well, maybe not you exactly. Could be that someone with the same name as you is a sex offender. Probably close enough? I mean, double-checking that kind of thing is a hassle. And after all, "the return on investment for background screening programs is in excess of 900%," InfoTrack asserts, citing a website that seems to be run by viruses. What's a false-positive or two with that kind of return?
Sadly for InfoTrack, the sticklers over at the Federal Trade Commission argued that it was identifying possible child molesters a little too blithely. Now the company -- along with a fellow traveler in the "data brokerage" business -- has been ordered to pay a fine and be slightly less terrible.
These companies were a little lazier than their peers, but they aren't exactly outliers. The data-brokerage industry is only the sleaziest manifestation of a business model that actuates much of the Internet economy. And their general approach to personal data was representative: secretive and shady, indifferent to accuracy, untroubled by the consequences of deterministic models.
You might argue that this is the life we've chosen. We get lots of useful services on the Internet without directly paying for them. And most people only have a vague understanding that some of their information is being collected in return. They may suspect that advertisers know their browsing history (they do), that marketers seem to follow them from device to device (they can), that sometimes ads even seem to know what they want before they actually want it (I don't know, maybe?).
What most people don't understand, what they probably don't even suspect, is the comprehensiveness with which private companies can intrude on their online lives. They don't know that companies are usually lying when they claim to "anonymize" their data. They don't know that brokers compile personal dossiers on them, often including medical information, financial data, purchasing histories, hobbies, ethnicity, sexual orientation, religion, phone data and so on. And they almost certainly don't realize that they typically have no way of correcting inaccurate information about themselves or that opting out of this system is very close to impossible.
There are some limited technological options for redress. Mozilla Corp.'s Lightbeam add-on, which shows users who's tracking them from site to site, seems like a maybe-promising approach. Same with better encryption tools. And new services arise all the time that purport to protect your personal information, with variable seriousness.
But I suspect a broader reckoning is at hand. The FTC will probably get more aggressive on abusive data collection. The White House has convened a panel to look into the consequences of "big data," which is unlikely to look kindly on such practices. And it's been sitting on something called the Consumer Privacy Bill of Rights -- which would require a lot more transparency from data collectors and give consumers much more control over their information -- that civil-liberties advocates are clamoring for.
Some tech companies argue that such an approach could incapacitate their business models. They may be right. But when your business model is built on duplicity, you should probably be prepared to one day be exposed. And you should probably be thinking about how to change that model, before you no longer have a choice.
To contact the author on this story:
Timothy Lavin at firstname.lastname@example.org