Primary links

CBS 60 minutes: How to defend your privacy online

昨天(2014/03/09)的CBS 60 minutes讓我們瞭解到美國的資料蒐集者(data broker)每一分每一秒都無所不在的用他們的特殊工具來蒐集我們上網的個人資訊,在這個big data的時代,我們的個人隱私正面臨很大的挑戰:

0. WhiteHat Aviator( ),提供隱私與資料保護的瀏覽器 for MAC OS X. Disconnect的這個軟體是直接embed到這個browser之上。

1. Disconnect ( ) 可以用在browser plugin extension,瞭解到哪一些data brokers正在你連線的網頁上蒐集你的個人資料,你可以設定block這些data brokers,需要年費10元美金。

2. DuckDuckGo ( ),同樣的可以設定為你用browser的plugin extension,提供具有隱私保護的搜尋引擎功能,不需要付費,基本上DuckDuckGo是結合其它現有的搜尋引擎,提供具有隱私保護的功能,問題是這個搜尋引擎和Google不一樣,因為它號稱不蒐集與分析個人資料進行big data分析或提供給商業機構的data brokers,它如何來以為生?

3. MaskMe ( )產生假的個人email address讓寄spam mailers無法找到真正email address,因此可以隱藏我們的真正email address以避免我們因為email被蒐集,可以避免不斷的收到垃圾郵件。如果僅使用email address的隱藏,不用付費,如果要隱藏電話號碼和個人信用卡號碼等的資訊則需要每月付出美金5元.

這些軟體是補強或保護我們未來網路使用時個人資料的掌握和不被蒐集,因此我有一個疑問,我們過去已經被蒐集到個人資料,還是存在現有data brokers之處。因此我們要求他們刪除與銷毀還是不容易,這個問題在影片中有提到。

完整的故事內容可以參考受訪者Dragnet Nation的作者Julia的書:



Data Brokers: A Call For Transparency and Accountability

 上述美國CBS 60 minutes報導網路上data brokers無所不在蒐集我們在網路上活動big data的事實。比較深入的探討是5月份(2014)美國商務部的報告:Data Brokers: A Call for Transparency and Accountability。所謂Transparency指的是data broker必須要能夠提供透通性的平台提供我們,即是資料擁有者能夠清楚並且瞭解到我們的個人資料是如何被蒐集,傳播與利用。整個操作過程就像是一面透明的玻璃一樣能夠一目了然。而Accountability指的是data broker的系統平台在進行資料的蒐集,流通與使用時必須要能夠秉承誠信的原則加以處理我們的個人資料,並且做好適當的資料保護機制如匿名化等以符合個人資料保護法的法律準則。如此一來網路的眾多使用者才能夠對於這些為數不少的data brokers產生信任。詳細的內容請參考(含FTC的完整報告如附件)。



A new Federal Trade Commission report found that data brokers collect and store billions of data elements covering nearly every U.S. consumer and almost all of it without consumer awareness and consent. As a result, "The Commission recommends that Congress consider enacting legislation to make data broker practices more visible to consumers and to give consumers greater control over the immense amounts of personal information about them collected and shared by data brokers."

First, if you would like to read the entire report, it is titled "Data Brokers: A Call for Transparency and Accountability" and it is available online as a pdf, but here is the gist:

"The extent of consumer profiling today means that data brokers often know as much--or even more--about us than our family and friends, including our online and in-store purchases, our political and religious affiliations, our income and socioeconomic status, and more," said FTC Chairwoman Edith Ramirez in a statement to the press. "It's time to bring transparency and accountability to bear on this industry on behalf of consumers, many of whom are unaware that data brokers even exist."

The FTC studied nine data brokers from across the industry: Acxiom, CoreLogic, Datalogix, eBureau, ID Analytics, Intelius, PeekYou, Rapleaf and Recorded Future.

"The report finds that data brokers collect and store billions of data elements covering nearly every U.S. consumer. Just one of the data brokers studied holds information on more than 1.4 billion consumer transactions and 700 billion data elements and another adds more than 3 billion new data points to its database each month," according to the FTC press release.

Below are some of the specific legislative actions the FTC recommends to Congress.

For data brokers that provide marketing products, Congress should consider legislation to:

  • Centralized Portal. Require the creation of a centralized mechanism, such as an Internet portal, where data brokers can identify themselves, describe their information collection and use practices, and provide links to access tools and opt-outs.
  • Access. Require data brokers to give consumers access to their data, including any sensitive data, at a reasonable level of detail.
  • Opt-Outs. Require opt-out tools, that is, a way for consumers to suppress the use of their data.
  • Inferences. Require data brokers to tell consumers that they derive certain inferences from from raw data.
  • Data Sources. Require data brokers to disclose the names and/or categories of their data sources, to enable consumers to correct wrong information with an original source.
  • Notice and Choice. Require consumer-facing entities – such as retailers – to provide prominent notice to consumers when they share information with data brokers, along with the ability to opt-out of such sharing.
  • Sensitive Data. Further protect sensitive information, including health information, by requiring retailers and other consumer-facing entities to obtain affirmative express consent from consumers before such information is collected and shared with data brokers.

For brokers that provide "risk mitigation" products, legislation should:

  • When a company uses a data broker's risk mitigation product to limit a consumers' ability to complete a transaction, require the consumer-facing company to tell consumers which data broker's information the company relied on.
  • Require the data broker to allow consumer access to the information used and the ability to correct it, as appropriate.

For brokers that provide "people search" products, legislation should:

  • Require data brokers to allow consumers to access their own information, opt-out of having the information included in a people search product, disclose the original sources of the information so consumers can correct it, and disclose any limitations of an opt-out feature.    

If you are a data broker, your company purchases or leases data from brokers, or you collect data for internal use, you should stay abreast of progress in this area. I'll keep you updated on developments as they occur.  

For more:
- see the FTC report (pdf)
- see the FTC press release

Related Articles:
Privacy onus may shift from individual to data users
Public debate about data privacy bodes ill for companies in 2014
Big data used to beef up Antitrust enforcement in Britain

<p>DataBrokers-ACallForTransparencyAndAccountability.pdf</p>990.57 KB

Powered by Drupal 5.5 and copyright © 新趨勢網路科技實驗室 ( Emerging Network Technology Laboratory ), Some Rights Reserved
This work is licensed under a Creative Commons License.