The article “Online Age Quiz Is a Window for Drug Makers” notes that RealAge, a popular online quiz meant to determine ones “real age” based how well you treat your body, makes its money by supplying the data, in various forms, to pharmaceutical companies. According to the Times:

Pharmaceutical companies pay RealAge to compile test results of RealAge members and send them marketing messages by e-mail. The drug companies can even use RealAge answers to find people who show symptoms of a disease — and begin sending them messages about it even before the people have received a diagnosis from their doctors.

…

RealAge allows drug companies to send e-mail messages based on those test results. It acts as a clearinghouse for drug companies, including Pfizer, Novartis and GlaxoSmithKline, allowing them to use almost any combination of answers from the test to find people to market to, including whether someone is taking antidepressants, how sexually active they are and even if their marriage is happy.

RealAge sends the selected recipients a series of e-mail messages about a condition they might have, usually sponsored by a drug company that sells a medication for that condition.

This doesn’t come as a surprise to those of us who study and advocate for privacy rights, but I’m guessing the majority of users who complete these — and similar — online quizes think they’re just for fun, and don’t expect their data to be shared with third parties. Or, again as the Times puts it,

While few people would fill out a detailed questionnaire about their health and hand it over to a drug company looking for suggestions for new medications, that is essentially what RealAge is doing.

RealAge’s privacy policy notes the personal data it collects, as well as the use of Web bugs to track usage on the site, and includes the standard language about when it will share your personal data with 3rd parties: “to fulfill the services that you have asked us to provide to you, including but not limited to sending you free newsletters and promotional e-mails.”

RealAge can provide a valuable service, and it seems to make good-faith efforts to control what personal health information lands in the hands of drug makers, but it is important for consumers to recognize that these kinds of quizzes are rarely just play.

::

The Times‘ other article, “Your Online Clicks Have Value, for Someone Who Has Something to Sell,” reveals the sizable industry focused on tracking and compiling users’ clickstream data. These so-called “behavioral exchanges” focus on creating customized tracking cookies based on a user’s specific browsing behavior, and then “selling” that cookie to advertisers to target their online ads.

While similar to Google’s (and others’) attempts at behavioral targeting, Google’s product is only able to profile users based on their interactions with websites that feature Google (nee DoubleClick) ads. The behavioral exchanges described in the NYT are trying to cast a broader net, and provide this kind of targeting to advertisers who might not be participating in large scale advertising networks. One of the companies profiles also attempts to include user registration data from websites in the user profiles they compile and sell.

The two companies profiled in the article, however, are attempting to address user privacy concerns:

Both BlueKai and eXelate have made a surprising decision on privacy. They not only provide a page where consumers can refuse all targeting, but they are allowing consumers to see what information has been collected about them, at exelate.com/new/consumers-optoutpreferencemanager.html for eXelate, and tags.bluekai.com/registry for BlueKai.

To see how this works, visitors can look at that BlueKai page, which might list some categories they are interested in, or might list nothing. Then, they could go to Kayak.com, which works with BlueKai, and perform a flight search.

Now, when they return to the BlueKai page, they should see a number of categories have been added within travel, like “first class,” or “Friday departures,” depending on what they searched for.

I checked out my profile on both sites, but they didn’t have anything on me, probably becuase I’ve installed Chris Soghoian’s Targeted Advertising Cookie Opt-Out plugin.

Lindell is one of a community of researchers studying ways to share this sort of information without exposing private details. Cryptographers have been working on solutions since the 1980s, and as more data is collected about individuals, Lindell says that it becomes increasingly important to find ways to protect data while also allowing it to be compared. Recently, he presented a cryptographic protocol that uses smart cards to solve the problem.

To use Lindell’s new protocol, the first party (“Alice” in cryptography speak) would create a key with which both parties could encrypt their data. The key would be stored on a special kind of secure smart card. Alice would then hand over the smart card to the second party in the scenario (known as “Bob”), and both parties would use the key to encrypt their respective databases. Next Alice sends her encrypted database to Bob.

The contents of Alice’s encrypted database cannot be read by Bob, but he can see where it matches entries in the encrypted version of his own database. In this way, Bob can see what information both he and Alice share. For extra protection, Bob would only have a limited amount of time to use the secret key on the smart card because it is deleted remotely by Alice, using a special messaging protocol.

The reporter of this article contacted me, asking for my perspective on the “societal implications” of this research. My quote:

Michael Zimmer, an assistant professor at the University of Wisconsin-Milwaukee who studies privacy and surveillance, says that Lindell is working on an important problem: “There can be some great benefits to data mining and the comparison of databases, and if we can arrive at methods to do this in privacy-protecting ways, that’s a good thing.” But he believes that developing secure ways of sharing information might encourage organizations to share even more data, raising new privacy concerns.

This is an active, and important, research area. (When I was at NYU, I participated in the PORTIA Project which did quite a bit of work trying to create similar solutions for privacy-protecting data mining.) But I hadn’t really thought about the concern expressed above until reflecting on it for this story. As I told the reporter, if new information-sharing activies emerge as a result of this kind of research, there will be great pressure on ensuring any new protocol has been sufficiently tested to ensure that re-identification is truly impossible.

And, as we’ve seen, that’s a large and difficult task.

Information is leverage. Information is power. Information is Maltego.

These are the catch-phrases for a South African company that recently released an affordable, user-friendly data mining tool called Maltego, bringing powerful data-mining technology to the masses.

While targeted mostly to forensics and information security professionals, it is not hard to see how such a tool could be easily deployed to mine the vast amounts of personal and identifiable data people are increasingly sharing in the Web 2.0 world. No longer is it necessary to have the computational power or singular repository of data of Google or Amazon. With Maltego, anyone can scan “open data repositories” on the Web and compare the results with their own data.

Some examples of possible uses of Maltego is provided by a recent Forbes article:

Worried about information leaks your company? Input lists of employees from your rival companies, and Maltego can graphically depict how they might be related to your employees. It can also provide likely e-mail address, phone numbers and personal Web sites–and then use this information to add a new layers to the investigation.

…Curious what’s being written about your company on blogs? Try the Technorati.com transform, and parse out all the most common related tags and keywords. Or try the Spock.com transform, which queries a database billed as “the world’s leading people search engine.” Search yourself or your neighbors; Maltego’s approach is agnostic.

Agnostic, indeed. About the only restrictions placed on the use of Maltego is to refrain from performing illegal acts with the software, and to not use it for generating spam. Other than that, we are encouraged to use Maltego to collect and mine “information posted all over the internet” and uncover “hidden” information and relationships, whether “it’s the current configuration of a router poised on the edge of your network or the current whereabouts of your Vice President on his international visits.”

While some recognize the potential privacy and surveillance concerns with the fact anyone can download a free version of such a powerful tool (and the full-featured version is only $430), others make that old argument that there’s no need to worry since “Maltego doesn’t snoop into closed data repositories, but instead mines publicly available data.”

Another potentially privacy-invading tool cast aside becuase it merely is using data that is already public in the first place. Sigh.

This recent NY Times story, however, casts a cloud over any claim she might be able to make as an advocate for privacy rights. It appears that both Bill and Hillary Clinton have benefited from their close relationship to Vinod Gupta, founder of infoUSA, one of the largest brokers of personal information. You might recall that infoUSA was recently implicated in an investigation that found they had, perhaps knowingly, sold consumer data to telemarketing criminals who used it to steal money from elderly Americans.

I’m sure this story will get a lot of play due to the potential ethical violations of taking gifts during a campaign, but equally important is the nature of who the Clintons appear to be benefiting from – a privacy-violating information broker. This part of the story deserves additional attention.

…a wave of sophisticated computing and mathematical analytics that is moving into the mainstream. Fueling the trend are the digitization of information, ever faster and cheaper computing, and the explosion of online networks and data collection.

Sorry, Gray Lady, this isn’t some new thang. This has been going on or quite a while.

This is probably best argued in James Beniger’s The Control Revolution: Technological and Economic Origins of the Information Society. In this detailed history of the rise of technologies of communication and information processing, Beniger argues that modern information technologies, and with them the “information society,” began to take shape as long ago as the 1830s with the introduction of railroads, and fully materialized after 1880 with the onset of widespread industrialization. Because industrialization involved the large and fast flows of goods, it could not be managed without a high level of information technology (in which Beniger includes things like product standardization, bureaucracy and advertising, as well as the usual mechanical devices); and without proper management, it simply could not work. This need for large-scale management brought about the “Control Revolution”:

The Control Revolution developed in response to problems arising out of advanced industrialization: a mounting crisis of control at the most aggregate level of national and international systems, levels that had had little practical relevance before the mass production, distribution, and consumption of factory goods. (Beniger, 1986, p. 278)

Resolution of the problems created by advanced industrialization demanded new means of information processing and communication to control an economy shifting from local segmented markets to increasingly higher levels of organization – what Beniger labels the growing “systemness of society” (p. 278).

The growing “systemness of society” meant information began to replace industrial capital as the material base for our modern economy, and, well before the 20th century and digital computing, brought about our Information Society. According to Beniger, mass industrial processes and technology began to coalesce in the mid to late 1800s, beginning with landmark inventions such as the telegraph, typewriter, and telephone, extending into the early 1900s with the radio and, eventually, television. More recent developments such as computers, telecommunications, and presumably, the Internet, Beniger would likely argue, are not the radical milestones or emblems of the Information Society that the New York Times might suggest, but merely examples of the smooth continuation of the Control Revolution which began a century earlier. In other words, we have been submerged in this Information Society – replete with advanced information processing and data-mining – for quite a while now.

UPDATE: While the NYTimes seems to be celebrating the rise of data-mining in this article, they simultaneously publish an article warning that companies are selling vast these databases of personal information to thieves, despite evidence their services are used for fraud:

Vast databases of names and personal information, sold to thieves by large publicly traded companies, have put almost anyone within reach of fraudulent telemarketers. And major banks have made it possible for criminals to dip into victims’ accounts without their authorization, according to court records.

The banks and companies that sell such services often confront evidence that they are used for fraud, according to thousands of banking documents, court filings and e-mail messages reviewed by The New York Times.

Although some companies, including Wachovia, have made refunds to victims who have complained, neither that bank nor infoUSA stopped working with criminals even after executives were warned that they were aiding continuing crimes, according to government investigators. Instead, those companies collected millions of dollars in fees from scam artists.

This is criminal.

Jetera would start with an airline’s information on individual passengers on board a given flight, drawing the name, address, credit card number and loyalty club status from reservations data. Through a process, for which it seeks a patent, the company would match the passenger’s identification data with the mountains of information about him or her available at one of the mammoth credit bureaus, which maintain separately managed marketing as well as credit information. Jetera would tap into the marketing side, showing consumer demographics, purchases, interests, attitudes and the like.Jetera’s data manipulation would shape the entertainment made available to each passenger during a flight. The passenger who subscribes to a do-it-yourself magazine might be offered a video on woodworking. Catalog purchase records would boost some offerings and downplay others. Sports fans, known through their subscriptions, credit card ticket-buying or booster club memberships, would get “The Natural” instead of “Pretty Woman.”

Privacy is (sort of) dealt with at the end of the article:

Jetera sees two legal issues regarding privacy and resolves both in its favor. Nothing Jetera intends to do would violate federal law or airline privacy policies as expressed on their websites. In terms of customer perceptions, Jetera doesn’t intend to abuse anyone’s privacy and will have an “opt-out” opportunity at the point where passengers make inflight entertainment choices.If an airline wants an opt-out feature at some other point in the process, Jetera will work to provide one, McChesney says. Privacy and customer service will be an issue for each airline, and Jetera will adapt specifically to each.

Unbelievable.

I look around my desktop and I see Google Reader, Google Mail, Google Talk, Google Toolbar, Google Maps, Google Calendar, Google News, Google Analytics, Google Earth, and of course Google Google. Google WiFi was a pleasant surprise when I was in Mt View a few weeks ago, and last night I found pizza…using mobile Google on my phone. All of these things are becoming indispensable tools for me, and I really like using them because they work well and play well, and every few weeks they magically get better.

However, Gene is starting to worry:

I’m feeling increasingly uneasy about my dependence on Google services.

…

I think I need a new Google product to drop into beta. That would be, let’s see, Google Data Privacy. GDP would allow me to review all of the information that Google retains on me across all services, from all devices, and from all sources. GDP would allow me to determine the maximum data retention period for each of my services. GDP would allow me to selectively opt out of cross-service data mining & correlation, even if it reduced the quality of the services I receive. GDP would allow me to correct any inaccurate data in my profile. And GDP would log and alert me when my data was queried by other services.

I want my Google Data Privacy.

Gene is right – we need Google Data Privacy.

Now, some commenters at Lifehacker think this concern is silly. RickyF, for example, says:

We all use banks who have our financial information. Our doctors have our health records. Telephone companies know what numbers you called and called you. Our credit information is out there… So being paranoid about just Google is pointless.

RickyF is wrong.

Correcting this view is the goal of my dissertation. Yes, my bank knows some of my financial information, and my library knows some of the books I check out, and my grocer knows some of the products I buy, and the NYTimes.com knows some of the articles I read online, and so on. But within each of these contexts there are norms/laws that dictacte what information they can know about me, and to whom they can share it.

But if I start using Google’s tantalizing suite of products to engage in these various personal and intellectual activities, all such activities, and the information flows they entail, become centralized with one provider. One entity – Google – has access to all these disparate bits of data about my everyday activities. That is the concern. That is the problem. That is why Google should take a leadership role and give users the control of their data that Gene suggests.
A large part of my talk at the Web 2.0 conference at Aalborg last week summarizes this concern: “The Panoptic Gaze of Web 2.0: How Web 2.0 Platforms Act as Infrastructures of Dataveillance” (PDF). Much more to come….

(fake logo via Lifehacker)

I certainly don’t have the training to analyze this decision from a legal perspective, but one commenter illuminates concerns with such a ruling:

This ruling is very troubling for the following reasons:

* The 4th amendment only applies to the government. According to this ruling, if a commercial entity collects information about you without a warrant the government may then search that information without any judicial review. Completely circumventing the 4th amendment. It is like saying to the police, “Well, you can’t look at the phone records of someone without a warrant—unless you pay someone to impersonate said person and get them for you and then query their database.”

I can just imagine the advertisements now: “4th Amendment getting in the way? We’ll get around it for you! http://privacy-schmivacy.us”

* Surrendering information to any given entity should not be the same thing as surrendering personal information to the government. Just because I’m willing to fill out some company’s form doesn’t mean that I would do so if I expected the government to gain free access to that info without just cause and judicial oversight.

* Information contained in commercial databases is often inaccurate. If law enforcement starts using credit histories, employer databases, and other data stores to query information no one will be held accountable if that information is not correct. At least with a government-run database the citizen can petition to have information about them disclosed and/or corrected.

* An innocent person that is wrongfully accused of a crime may never know the true source of incorrect data in any given non-government database. In a government-run database, all data comes from cited public sources (such as court documents, police reports, DOT records, etc).

[via Slashdot]]