data security en-US Attempts to Escape the Clutches of Online Data Aggregators <div class="field field-type-filefield field-field-blog-image"> <div class="field-items"> <div class="field-item odd"> <a href="/attempts-to-escape-the-clutches-of-online-data-aggregators" class="imagecache imagecache-250w imagecache-linked imagecache-250w_linked"><img src="" alt="exit sign" title="exit sign" class="imagecache imagecache-250w" width="250" height="188" /></a> </div> </div> </div> <p>There's a new crowd of web sharks on the prowl: they are effective, they are legal, and they want your data. Not only that, but they want your data &mdash; including some very personal stuff &mdash; to be available to anyone who asks &mdash; or pays.</p> <p>They are called <em>data aggregators</em>. These web businesses, with names like Spokeo, Zabasearch, and Intelius, use a search protocol broadly known as deep web crawling to extract information about you from a wide variety of sources including: government census data, social network sites, personal web sites, directories, surveys, business lists and real estate data. All of this information is publicly available. Aggregators don't create data, they mine it.</p> <p>Their rise, which began around 2004, has more recently spawned a new data service niche to, supposedly, protect your online privacy. Companies like <a href="">Reputation Defender</a> have gone mainstream to advertise, &quot;Take Control of Your Online Identity.&quot;</p> <p>Reputation Defender does that in a couple of ways. First, they counter negative comments about you or your business with positive ones that they claim are optimized for SEO dominance in Google listings. The second way they claim to protect your privacy is to scrub the web of unwanted personal data references. This they propose to accomplish by providing you with a search engine dashboard to monitor personal data disclosures. (Yes, you have to do it yourself.) Once you find something, which presumably occurs with great regularity, you ask Reputation Defender to scrub the data for you.</p> <p>I was curious as to how they did this so I called Reputation Defender and asked the question: &quot;Do you remove primary source data from the web or do you just remove it from the aggregator sites?&quot;</p> <p>The call center representative responded, &quot;You know, that's a difficult question. Let me put you on hold for one second and I'll ask.&quot; He put me on hold for about two minutes before returning to answer, &quot;We don't necessarily remove it from the source, we remove from the aggregators like you mentioned, like Intelius and things like that. But we will continue to remove that information throughout the year, throughout the time you pay for. That's how it works.&quot;</p> <p>The cost? One hundred dollars a year.</p> <p>So I became curious as to just how difficult it was to remove this data myself and resolved to attempt the removal, cutting out the middleman and his hundred dollars a year in the process.</p> <p>Here are a few sites I selected for my experiment:</p> <ul> <li>Intelius</li> <li>MyLife</li> <li>PeopleFinders</li> <li>PeopleSearch Pro</li> <li>Pipl</li> <li>Rapleaf</li> <li>Spokeo</li> <li>Zabasearch</li> </ul> <p>The sites, it would seem, are proliferating like Milfoil in a Minnesota lake, so if I were to check back next quarter, I would not be surprised to find many more.</p> <p>I had heard that Spokeo was a particularly impressive site, so I went there first. The personal data is indeed impressive; we'll get to that in a minute. Another button caught my eye, right off. It read: &quot;Control Your Identity &mdash; Take Control Now.&quot; Upon clicking, I was taken to a page that read, &quot;Monitor and control your public information with IdentityForce&trade; protection.&quot;</p> <p>That's right. <em>The same site that was causing me all this angst was also selling the solution </em>&mdash; a solution just like Reputation Defender! I was immediately transported back to Econ 101. The way to riches in America is to create a perceived problem and solve it. Like yellow teeth and Pepsodent. Or wrinkled brows and Botox. But Spokeo has taken this one step further. They have created an <em>actual</em> problem and the simultaneous solution. This is like a spammer selling a no-spam solution.</p> <p>Reputation Defender, it should be said, approaches this level of perfidy by advertising on Spokeo's site. The relationship ensures that some portion of your fee goes to sustaining the entity that compromises your privacy. The privacy policy of one aggregator blithely informs you that it may share your data with foreign entities. Nigerian scammers, your ship has arrived!</p> <p>Interestingly, the data is not guaranteed to be 100% accurate. To your supposed benefit, however, according to Spokeo, &quot;The data provided to you by Spokeo may not be used as a factor in establishing a consumer's eligibility for credit, insurance, employment purposes, or for any other purpose authorized under the FCRA.&quot; But what's to stop someone from using this data for a prohibited purpose?</p> <h2>Opting Out</h2> <p>So what did I find? At Spokeo, I found the quantity of aggregated data about me was, well, startling. They had my address, my birth date, the names and ages of my kids, my home phone, my wife's name, photos, a photo of my house, a flattering assessment of my real estate worth, assorted photos, and <em>much, much, more</em>, as they say in the biz. Not only that, but for just $2.95 a month for a year, they promised far more detailed information including estimates of my net worth and who knows what else.</p> <p>I resolved to get rid of it all, just like Reputation Defender promised for only $100 a year. For MyLife, at least, the task was surprisingly easy &mdash; almost pleasant! The cheerful voice at the other end of the line asked a few questions to verify my stated identity (in truth, I could have been anybody, but then, why would anyone else care) and, <em>poof</em>, it was done.</p> <p>At <a href="">Spokeo</a>, it was a three-step <a href="">online procedure</a>. I went to the Spokeo site the following working day and I was gone! Not a trace, even when using variations on my first name and middle initial.</p> <p>But then, this is hardly surprising if you figure their business model is to list the information only to take it down &mdash; for a price.</p> <p>At MyLife, which encourages you to become a member so you can see who is searching you, the process was even better, over the phone, at 800-704-1900. Just like Spokeo, after one working day it was gone.</p> <p>After that, things got stickier. At <a href="">PeopleSearchPro</a>, I had to formally accept their <a href="">Opt-Out Policy</a>, which is rife with caveats and disclaimers, before I could <a href="a%20href=%22%20http:/">opt out online</a>. The additional information related to this policy was some seven pages long. The opt-out term is for only five years. They won't allow a company like Reputation Defenders to act on my behalf. And so far, my data is not gone.</p> <p>Here's what you have to do at <a href=""></a> (You'll never find it; here's the link to the privacy protection section of their <a href="">private policy</a>):</p> <blockquote><p>We value your privacy and, upon request, can block your records from being shown on from databases we control. We are unable to remove you from databases operated by third parties. To do so, you should contact us by writing a letter, signed by you (we do not accept any unsigned requests or substitute service), giving us your:</p> <p>First name<br /> Last name<br /> Middle initial<br /> Aliases and A.K.A.'s<br /> Complete current address<br /> Date of Birth - including month, day, and year<br /> Additionally, for best results, <em>please include the records that you wish to have suppressed by providing former addresses going back 20 years</em> [italics mine]</p> <p>Please send this letter to:</p> <p>Opt-Out/<br /> 1821 Q Street<br /> Sacramento, CA 95811</p> </blockquote> <p><a href="">Intelius</a> and <a href="">Zabasearch</a> share a unique, and onerous, process for data exclusion. In fact, they share the same fax number to which you must submit your request! And what a request it is. You must supply them with the variant forms of your name you want erased together with a photocopy of your driver's license with the photo and DL number blacked out. That still gives them your height, weight, eye color, current address, and signature. (If you don't have a driver's license you may substitute an official state ID card.) Fax this to 425-974-6194.</p> <p>At <a href=""></a>, which also offers the dreaded fax option:</p> <blockquote><p>You can scan your ID and email it to us along with your written request and your contact information to profile-remove @ Changes may take up to six weeks to implement and are only permanent if the information is also corrected (or deleted) at the original source. Without such a correction, Radaris cannot guarantee that a deletion or correction is permanent.</p> </blockquote> <p>Got that? It is not permanent &mdash; and that doesn't just apply to Radaris. Which is why this all works so well for the Reputation Defender business model of infinite scrubbing, as long as you keep paying your money every year &mdash; and as long as you continue to monitor your own freaking &quot;Dashboard.&quot;</p> <p>At <a href="">Pipl</a>, I never did find the Opt Out option, and so sent them an email at <a href=""></a>. After three days, I have not received an answer.</p> <h2>The Rankings</h2> <p>Finally, the rankings, using a five-point system, where one is the lowest, slowest, meanest, most anti-consumer mentality around, and five conveys ease and civility:</p> <p>MyLife: <strong>5</strong><br /> Spokeo: <strong>3</strong><br /> Intellius: <strong>2</strong><br /> PeopleSearchPro: <strong>2</strong><br /> Zabasearch: <strong>2</strong><br /> Peoplefinders: <strong>1</strong><br /> Pipl: <strong>1</strong></p> <p>Personally, I would bet that MyLife and Spokeo would be tempted to downgrade their consumer service upon viewing the results. Moreover, who knows how many other companies like this there are on the web &mdash; and how many will pop up tomorrow.</p> <p>To be sure, we are our own worst enemies when it comes to some of this stuff. If you put data about your kids on a Facebook page that is accessible to the public, expect it to turn up here, <em>with</em> photos. But the trend goes beyond that. I looked up the editor-in-chief of an online media company with a common name. It took me 15 seconds to locate her on Spokeo, and in a few more seconds I had her home address and phone number, a photo of her street, her husband's name, and the promise that for $2.95 I could get more info on her kids and who knows what else. And this is a person who regularly appears on television taking on controversial topics. Online aggregators allow hate mail to take a giant leap forward.</p> <p>Is this really how we want to live our data lives online?</p> <p>Feel free to take a shot at clearing your own data, but don't get your hopes up. And don't get your hopes up about services that promise to protect you for a fee. My advice? Play your cards a little closer to your chest and pray for regulation to ease removal of private data online.</p> <div class="field field-type-text field-field-guestpost-blurb"> <div class="field-label">Guest Post Blurb:&nbsp;</div> <div class="field-items"> <div class="field-item odd"> <p>This is a guest post by Steve Klingaman, a nonprofit development consultant and nonfiction writer living in Minneapolis. Read more by Steve:</p> <ul> <li><a href="">Four Things About Health Care Reform</a></li> <li><a href="">2010: Year of the Roth IRA Conversion</a></li> <li><a href="">Finally! Student Loan Debt Relief Arrives for Many</a></li> </ul> </div> </div> </div> <br /><div id="custom_wisebread_footer"><div id="rss_tagline">This article is from <a href="">Steve Klingaman</a> of <a href="">Wise Bread</a>, an award-winning personal finance and <a href="">credit card comparison</a> website. Read more great articles from Wise Bread:</div><div class="view view-similarterms view-id-similarterms view-display-id-block_2 view-dom-id-4"> <div class="view-content"> <div class="item-list"> <ul> <li class="views-row views-row-1 views-row-odd views-row-first"> <div class="views-field-title"> <span class="field-content"><a href="">$80 for an HDMI Cable? Give Me a Break!</a></span> </div> </li> <li class="views-row views-row-2 views-row-even"> <div class="views-field-title"> <span class="field-content"><a href="">Your SSN Can Now Be Accurately Guessed Using Date and Place of Birth</a></span> </div> </li> <li class="views-row views-row-3 views-row-odd"> <div class="views-field-title"> <span class="field-content"><a href="">18 Surprising Ways Your Identity Can Be Stolen</a></span> </div> </li> <li class="views-row views-row-4 views-row-even"> <div class="views-field-title"> <span class="field-content"><a href="">7 Ways Your Devices Are Spying on You</a></span> </div> </li> <li class="views-row views-row-5 views-row-odd views-row-last"> <div class="views-field-title"> <span class="field-content"><a href="">Stop Making These 8 Risky Password Mistakes</a></span> </div> </li> </ul> </div> </div> </div> </div><br/></br> Consumer Affairs Technology data security privacy Thu, 01 Jul 2010 13:00:22 +0000 Steve Klingaman 159270 at You did WHAT with my SSN? <div class="field field-type-filefield field-field-blog-image"> <div class="field-items"> <div class="field-item odd"> <a href="/you-did-what-with-my-ssn" class="imagecache imagecache-250w imagecache-linked imagecache-250w_linked"><img src="" alt="" title="Don&#039;t worry, they&#039;re always watching the stuff they wrote down about you." class="imagecache imagecache-250w" width="250" height="244" /></a> </div> </div> </div> <p>Like many idiots, I bought my house at the peak of the real estate bubble, locking in a 30-year fixed rate mortgage at 6.375%. With escrow and taxes going up every year, and income going down (and no sign of a seller's market on the horizon), I decided recently that I HAD to refinance.</p> <p>I looked at some online quotes and called my local credit union to see what kind of rates were being offered in general (nothing worth my time). Since I knew my combined credit and payment history put me in fairly&nbsp;good standing, I figured that my current mortgage holder, US Bank,&nbsp;would want a shot at keeping me as a customer. Besides, my local branch employees were known for their stellar service and since I already had a linked checking account set up with direct deposit and everything, staying with the same bank would save me the headache of rearranging everything with the HR department again.</p> <p>I called the local branch and got the number for their mortgage rep, someone who had been highly recommended by an assistant manager. The mortgage rep, who I will call &quot;Linda&quot; for the sake of this story, spent two days a week at my branch and serviced other branches on other days.</p> <p>I have to admit, when I first called Linda, I was impressed with her. She was efficient, calm, collected, and totally in control; she had the ultimate phone voice. She understood the bits and pieces of mortgages in a way that I will never hope to. She asked about my current rate, payments, goals, income; all of this was very standard, but her manner was so with-it that I felt like I was in good hands.</p> <p>And then she asked me what my mortgage number was.</p> <p>This was not an unreasonable question, and any person who is capable of reciting their own phone number without checking their address book would probably have had no problem providing this info. As for me, well, I can only remember the first three digits of my mortgage number on a good day. Scrambling, I tried to log into my online banking account to refer to the linked mortgage info, only to remember that I had managed to lock myself out of the online account the day before, entering the password incorrectly many times.</p> <p>&quot;I'm sorry, I don't have the number on me,&quot; I stammered.</p> <p>&quot;That's OK,&quot; said Linda, &quot;I can look it up using your social security number. The bank database has all of your account info.&quot;</p> <p>It should be noted that I have a very active imagination, so at this point, I'm picturing Linda sitting behind a large desk in her downtown office, wearing a headset, tapping my SSN into her sleek laptop, which is securely logged into the banking system via ultra-mega locked-down VPN. I also imagine that Linda&nbsp;is brunette. Please don't ask me why. These are details that I literally picture in my head, for no good reason at all.</p> <p>I&nbsp;half-whispered my social security number over the phone line, always nervous that someone <strong>bad </strong>will overhear. Linda explained that she would have to send away for a bunch of data from headquarters, but that the mortgage application is usually returned within 24 hours, and that she would call me back early in the next week to schedule an appointment to go over the various mortgage options. I felt relieved. The burden of my mortgage has really been getting to me, and I'm looking forward to the possibility of any financial relief.</p> <p>Early the next week, I&nbsp;found myself in the bank, making some deposits, and I noticed that Linda's usually-empty desk is occupied with someone who I assumed must be Linda herself. Having not heard back from her yet, I decided that, for once in my life, I was going to be proactive. I walked up to her desk, verified that her name tag read &quot;Linda&quot;, and waited for her to finish doing whatever it was she was doing on her (sleekish) laptop. She tapped away, glancing at me as though my presence was not appreciated.</p> <p>Linda is actually a&nbsp;bottle blond.</p> <p>&quot;Hi,&quot; I said, holding out my hand, &quot;I'm Andrea Dickson, and we spoke on the phone last week about refinancing my mortgage. I was wondering if you had a chance to look at your schedule? Maybe we can set something up while I am here.&quot; I am amazed that I say the entire sentence without tripping over my words, as is my tendency.</p> <p>&quot;Oh,&quot; replied Linda, definitely looking less-than-thrilled, &quot;I didn't get your mortgage number from you, so I was unable to retrieve your information. You said you were going to call back, but you never did.&quot;</p> <p>I felt my head tilting to the side in the confused manner used by puppies who are encountering other animals for the first time. I reached into my purse, as though my mortgage number is simply floating around in there.</p> <p>&quot;No,&quot; I said, remembering our conversation, &quot;I gave you my social security number, and you said that you were going to look up my mortgage info.&quot;</p> <p>&quot;Oh, I did say that, that's right.&quot; It was&nbsp;clear to me immediately that she hadn't even started the process. She reached into her bag, pulling out what, in my imagination, was surely going to be a leather-bound ledger book, with carefully written data about me and what I had told her thus far about my mortgage. Navy leather, is what I figured.</p> <p>Not... a lined spiral-bound notebook with... were those <em>doodles</em>?</p> <p>Linda turned to the back of the notebook, past pages and pages of notes written in large, blocky letters in purple ink, and there on the last page&nbsp;is &quot;my&quot; name, &quot;ANDREA&nbsp;DIXON&quot; along with my social security number, next to a drawing of what Linda apparently thinks a starfish looks like.</p> <p>It didn't actually occur to me that Linda was going to be writing down my social security information to use at a later time.&nbsp;But <strong>something </strong>about seeing my personal data in a Gregg Rule Stenobook, alongside the personal information of&nbsp;other customers, seemed galling.</p> <p>I didn't know what to say. While I&nbsp;hovered, Linda assured me that the information she was sending away for would be back within 24 hours. I contemplated making a scene, but because I am a wuss, I left the bank after pointing out that she had misspelled my name. Linda gave me a look that indicated that she didn't care how I spelled my name. I&nbsp;could tell that this was the beginning of a wonderful business relationship.</p> <p>Back at my desk, pondering the issue, I decided to call Linda and ask if I could have that piece of paper with my data on it.</p> <p><em>I hate confronting people. I hate confronting people. </em>This was my mantra as I waited for Linda to pick up her line.</p> <p>Linda answered the phone and I explained to her that I felt a little weird about my data, especially my full social security number, being written out in a notebook like that. I told her that I&nbsp;felt that the information was unsecure, and that if I had known that she was going to be writing it down, rather than entering it into a encrypted computer database, I would have called her back with my mortgage number once I located it.</p> <p>Linda's tone was distinctly irritated. Who was I to question her methods? &quot;I can assure you that your information is safe with me. I never leave my notebook lying around. That's illegal.&quot;</p> <p>&quot;Well,&quot; I said, struggling to be polite, &quot;That's good. But I'd still feel more comfortable if you could give me that sheet of paper so I could shred it.&quot;</p> <p>&quot;I have other customer data on the page besides yours,&quot; snapped Linda, &quot;Customer information that is <strong>as valuable and as important as yours is</strong>.&quot; This is clearly meant to comfort me; that Linda is being as&nbsp;irresponsible with her other customers' data as she is with mine, that all of us are at risk.</p> <p>&quot;I honestly don't know what to tell you to make you feel better. I've always kept records like this and I've never lost anyone's information. My briefcase has a lock.&quot;</p> <p>This is good news, because no one has EVER successfully stolen a locked briefcase. It's a well-known fact that all locked briefcases immediately detonate upon being fondled by sinister hands.</p> <p>&quot;I carry files all over the place that have more customer data than I have for you. I have mortgage application files on me at all times.&quot; This is where Linda wants me to know that my piddling little social security number is of no great importance compared to other customers, who have handed over addresses, phone number, spouse names.</p> <p>&quot;I'm really uncomfortable with this,&quot; I say.</p> <p>&quot;Well, I&nbsp;can't give you the piece of paper. I can't give <em><strong>you </strong></em>another customer's data. If it makes you <em>so uncomfortable</em>, I can always cross out your social security number with a black marker, so if I lose my notebook, no one can read it.&quot;</p> <p>This is a time-tested method of securing data that has NEVER failed. Now I can rest easy, knowing that should Linda misplace the notebook, which will not happen because it hasn't happened yet, no one will EVER be able to flip the page over and read the imprint of my social security number on the backside of the page.</p> <p>The thing is, I'm sure Linda is a trustworthy employee. I doubt she runs around scrawling my SSN and name on bathroom stalls, and she is doubtlessly fairly careful with her notebook. But Linda could be a trained CIA killer who would rather die than have her personal notebook stolen and still manage to have the darn thing stolen. A briefcase full of files? Easily stolen. A steno book? Much. More. Easily. Stolen.</p> <p>Wondering if perhaps I was overreacting, I called another branch of US Bank and inquired if it was common practice to write down customer's data in a notebook. Startled, the manager told me that while it was part of a mortgage professional's job to carry files that contained data, such data was not often stored in a notebook. When confonted with this information, my own branch's assistant manager assured me that he uses a notepad to write down all kinds of data from customers, from account numbers to social security numbers, and that he is <em>very careful with how that data is handled</em>. He didn't tell me how these notebooks are disposed of.</p> <p>This doesn't sit right with me, but I am uncertain as to what exactly it is about the situation that I find so upsetting. Is it that Linda is extremely unfriendly and I am overly sensitive? I'm not even sure if any laws are being broken by Linda as a bank employee. I imagine that if a bank teller at the same institution wrote down my social security number on a piece of paper for the purposes of helping me with something,&nbsp;and then took the paper home, they would be breaking more than one law.&nbsp;</p> <p>Truth be told, I can't find any specific laws relating to the banking sector and personal security. HIPAA might protect our personal data as it relates to our health, but the only federal law that might pertain to such activities isn't even a law yet, but still a <a href="">bill being reviewed in the Senate</a>. So much modern legislation deals with protecting our identities and information from digital breach, but what can we do to prevent employees from writing our social security numbers in giant purple in a notebook while running errands?&nbsp;I doubt Linda has a separate book with back-up notes that she can use to notify me if she DOES lose the notebook and my personal data falls into someone's less-trustworthy hands.</p> <p>Here's the thing: I don't really know the legal implications behind this. The way that Linda, and apparently the other employees at my bank, are treating customer data may be well within the legal confines of their profession. But it shouldn't be. So much of the laws that are passed in this country are reactive. They deal with how to let customers know once their data has been stolen, usually electronically. I'd like to know what my bank is doing to keep my data FROM being stolen, and &quot;we've never had a problem so far&quot; is not a good method for ensuring data security.</p> <p>The lesson, of course, is to never give out your social security number unless you absolutely have to, and even then, see if you can push back a bit. Because you simply never know.</p> <p><em>What would you do in my situation? Do you think the measures undertaken here are secure enough for YOUR data?</em></p> <br /><div id="custom_wisebread_footer"><div id="rss_tagline">This article is from <a href="">Andrea Karim</a> of <a href="">Wise Bread</a>, an award-winning personal finance and <a href="">credit card comparison</a> website. Read more great articles from Wise Bread:</div><div class="view view-similarterms view-id-similarterms view-display-id-block_2 view-dom-id-1"> <div class="view-content"> <div class="item-list"> <ul> <li class="views-row views-row-1 views-row-odd views-row-first"> <div class="views-field-title"> <span class="field-content"><a href="">The Overdraft Protection Racket: Why Banks Want You To Overdraw, And How You Can Get Your Money Back.</a></span> </div> </li> <li class="views-row views-row-2 views-row-even"> <div class="views-field-title"> <span class="field-content"><a href="">CitiMortgage Told Me to Default on My Loan</a></span> </div> </li> <li class="views-row views-row-3 views-row-odd"> <div class="views-field-title"> <span class="field-content"><a href="">8 Ways Retailers Use Big Data to Track You</a></span> </div> </li> <li class="views-row views-row-4 views-row-even"> <div class="views-field-title"> <span class="field-content"><a href="">Attempts to Escape the Clutches of Online Data Aggregators</a></span> </div> </li> <li class="views-row views-row-5 views-row-odd views-row-last"> <div class="views-field-title"> <span class="field-content"><a href="">How to check if your mortgage statement is correct</a></span> </div> </li> </ul> </div> </div> </div> </div><br/></br> Consumer Affairs banking security banks data security financial data security mortgage personal data Thu, 14 Jan 2010 14:00:32 +0000 Andrea Karim 4620 at