There is a false sense of anonymity online. The Internet has dramatically altered how much personal information is available to interested parties. The NSA’s collection of phone records, Internet data and other digital information captured worldwide attention, but the spy agency’s activities are only a small part of a rapidly growing effort to take advantage of Big Data.
This article series on the debate over privacy and security has weighed how the NSA accesses troves of personal data in its effort to track and stop terrorists. Secret stolen documents released by former NSA systems analyst Edward Snowden have given the world new insight into how the spy agency uses Big Data to promote national security. Yet the NSA is not the only organization that relies on personal information to achieve its goals.
Monitoring the Public Square
Last year, the Department of Homeland Security (DHS) released a reference document detailing steps for media monitoring at DHS’ National Operations Center. The Electronic Privacy Information Center (EPIC) filed a Freedom of Information Act (FOIA) request, and subsequently sued, to have the document – “Analyst’s Desktop Binder 2011” – released to the public.
The document was widely characterized as ominous evidence that DHS monitors citizen criticism of the Department.
The resulting media coverage and public debate focused largely on a list of keywords analysts target when combing through open-source digital content, including news articles, blogs and posts on social media sites. The document was widely characterized as ominous evidence that DHS monitors citizen criticism of the Department. One news article warned:
“As we head into the summer season, you may want to think twice before tweeting about barbeque ‘pork’ or how the ‘cloud’ is ruining the weather – a thoughtless comment that could end up with your Twitter account being monitored.”
Media reports that framed this reference document as a how-to guide for identifying disapproving citizens and watching their online activities were misleading. DHS does indeed monitor discussions in the public square, but it is not to identify and silence critics. Rather, it informs the department’s situational awareness.
Open source digital content is one of many information streams that contribute to a wider picture of the environment in which DHS is operating. Citizen perspectives are valuable because they tell DHS how programs are being received, whether the public has a clear understanding of them and their intent, and if there are specific problems or experiences on which DHS needs to act.
While Internet users willingly release opinions and personal information into the public arena, DHS nevertheless specifically strips this data out of its media monitoring and reporting. The Analyst’s Desktop Binder contains a section on what to do with “Personally Identifiable Information” (PII). Any information that could be used to “identify, contact or locate a single person…must be removed, due to privacy issues!” Fairly cut and dry, and DHS even used an exclamation mark. The guidance received a 2011 update, which allowed PII to be collected and disseminated within narrow categories, none of which include the general public. Those who DHS will not report on are: private citizens, “no matter if they are witnesses, victims, observers or some other way connected to an event;” high profile people; people suspected or accused of committing crimes of National or Homeland Security interest, if captured.”
When a crisis occurs, when the media is discussing an issue relevant to DHS’ mandate, when a vulnerability is introduced into the public debate, DHS needs to know so it can take steps to better protect the country. Online chatter is one source of information. It makes a lot of sense that DHS would do this to better inform its efforts.
For social media users concerned about how their information is being used, one might better direct concern at some of the world’s major Internet companies, who, unlike DHS, are collecting personal information, holding it in their databases and even selling it to other companies.
Private Sector with Private Data
This reflects the sentiments of many Americans, but the same major tech companies are some of the biggest collectors of personal information. It is remarkable that the public expresses such outrage and concern when learning of government activities monitoring digital communication but are less vocal when businesses openly discuss their expansive data collection.
In December, eight major tech companies (including Google, Microsoft, and Facebook) banded together, calling on the President and Congress to set new limits on government digital surveillance. The companies argued that “the balance in many countries has tipped too far in favor of the state and away from the rights of the individual — rights that are enshrined in our Constitution. This undermines the freedoms we all cherish.”
This reflects the sentiments of many Americans, but the same major tech companies are some of the biggest collectors of personal information. It is remarkable that the public expresses such outrage and concern when learning of government activities monitoring digital communication but are less vocal when businesses openly discuss their expansive data collection. Take the data-brokering company Acxiom as an example. It brought in $1.1 billion last year by collecting, analyzing and selling data on 144 million households. The firm tracks online data to paint detailed pictures of consumers, gathering information like phone numbers, residences, purchasing habits, news interests and a range of other data that is revealed when people use the Internet.
This data is sold to advertisers and other businesses, allowing companies to better target consumers and boost sales. Beyond fostering online commerce, this kind of data also influences credit scores and insurance rates. This kind of data gathering makes the government’s activities look rather benign. The NSA knows when you make a phone call; data companies know what you buy, where you live, what times you tend to use the Internet and a host of other personal information.
In some cases, businesses step over the privacy line, misleading consumers about just how much information they are collecting. Brightest Flashlight Free, for example, is a free mobile application downloaded on more than 50 million devices. It turns a camera flash into a flashlight. It also collected users’ exact location and mobile device identifiers, something that was not revealed to app users, though the Federal Trade Commission (FTC) recently forced the app developer to change its practices. The developer’s data collection was far more extensive than the NSA’s recently disclosed “incidental” collection of U.S. cellphone geo-location. The NSA did it inadvertently; Brightest Flashlight did it on purpose. And yet, it is the NSA that makes the national news and is condemned for invading privacy.
For private sector data collection, the goal is targeting consumers, tailoring advertisements and product outreach to interested buyers. Government data collection is focused on national security. Does the greater concern for government data collection mean the American public is prepared to sacrifice more privacy for ease of shopping than it is for security?
The more important factor, however, could be whether the American public understands what they are getting in return for their personal information.
To be sure, there are special considerations for government invasion of privacy. Governments make laws, control a military and set the direction of the country, and data could be used in a way that disrupts individual freedom. There is a unique threat from government abuse of personal data. That could account for the louder public outcry against government (rather than private sector) data gathering. The more important factor, however, could be whether the American public understands what they are getting in return for their personal information.