‘I think someone has stolen our tent.’ –Sherlock Holmes
Facebook’s inventory of data and its revenue from advertising are small potatoes compared to some others. Google took in more than 10 times as much, with an estimated $36.5 billion in advertising revenue in 2011, by analyzing what people sent over Gmail and what they searched on the Web, and then using that data to sell ads. Hundreds of other companies have also staked claims on people’s online data by depositing software called cookies or other tracking mechanisms on people’s computers and in their browsers. If you’ve mentioned anxiety in an e-mail, done a Google search for “stress” or started using an online medical diary that lets you monitor your mood, expect ads for medications and services to treat your anxiety.
Ads that pop up on your screen might seem useful, or at worst, a nuisance. But they are much more than that. The bits and bytes about your life can easily be used against you. Whether you can obtain a job, credit or insurance can be based on your digital doppelgänger — and you may never know why you’ve been turned down.
Material mined online has been used against people battling for child custody or defending themselves in criminal cases. LexisNexis has a product called Accurint for Law Enforcement, which gives government agents information about what people do on social networks. The Internal Revenue Service searches Facebook and MySpace for evidence of tax evaders’ income and whereabouts, and United States Citizenship and Immigration Services has been known to scrutinize photos and posts to confirm family relationships or weed out sham marriages. Employers sometimes decide whether to hire people based on their online profiles, with one study indicating that 70 percent of recruiters and human resource professionals in the United States have rejected candidates based on data found online. A company called Spokeo gathers online data for employers, the public and anyone else who wants it. The company even posts ads urging “HR Recruiters — Click Here Now!” and asking women to submit their boyfriends’ e-mail addresses for an analysis of their online photos and activities to learn “Is He Cheating on You?”
Stereotyping is alive and well in data aggregation. Your application for credit could be declined not on the basis of your own finances or credit history, but on the basis of aggregate data — what other people whose likes and dislikes are similar to yours have done. If guitar players or divorcing couples are more likely to renege on their credit-card bills, then the fact that you’ve looked at guitar ads or sent an e-mail to a divorce lawyer might cause a data aggregator to classify you as less credit-worthy. When an Atlanta man returned from his honeymoon, he found that his credit limit had been lowered to $3,800 from $10,800. The switch was not based on anything he had done but on aggregate data. A letter from the company told him, “Other customers who have used their card at establishments where you recently shopped have a poor repayment history with American Express.” (…)
In 2007 and 2008, the online advertising company NebuAd contracted with six Internet service providers to install hardware on their networks that monitored users’ Internet activities and transmitted that data to NebuAd’s servers for analysis and use in marketing. For an average of six months, NebuAd copied every e-mail, Web search or purchase that some 400,000 people sent over the Internet.