#data brokers
Explore tagged Tumblr posts
Text
They were warned
Picks and Shovels is a new, standalone technothriller starring Marty Hench, my two-fisted, hard-fighting, tech-scam-busting forensic accountant. You can pre-order it on my latest Kickstarter, which features a brilliant audiobook read by Wil Wheaton.
Truth is provisional! Sometimes, the things we understand to be true about the world change, and stuff we've "always done" has to change, too. There comes a day when the evidence against using radium suppositories is overwhelming, and then you really must dig that radium out of your colon and safely dispose of it:
https://pluralistic.net/2024/09/19/just-stop-putting-that-up-your-ass/#harm-reduction
So it's natural and right that in the world, there will be people who want to revisit the received wisdom and best practices for how we live our lives, regulate our economy, and organize our society. But not a license to simply throw out the systems we rely on. Sure, maybe they're outdated or unnecessary, but maybe not. That's where "Chesterton's Fence" comes in:
Let us say, for the sake of simplicity, a fence or gate erected across a road. The more modern type of reformer goes gaily up to it and says, "I don't see the use of this; let us clear it away." To which the more intelligent type of reformer will do well to answer: "If you don't see the use of it, I certainly won't let you clear it away. Go away and think. Then, when you can come back and tell me that you do see the use of it, I may allow you to destroy it."
https://en.wikipedia.org/wiki/G._K._Chesterton#Chesterton's_fence
In other words, it's not enough to say, "This principle gets in the way of something I want to do, so let's throw it out because I'm pretty sure the inconvenience I'm experiencing is worse than the consequences of doing away with this principle." You need to have a theory of how you will prevent the harms the principle protects us from once you tear it down. That theory can be "the harms are imaginary" so it doesn't matter. Like, if you get rid of all the measures that defend us from hexes placed by evil witches, it's OK to say, "This is safe because evil witches aren't real and neither are hexes."
But you'd better be sure! After all, some preventative measures work so well that no living person has experienced the harms they guard us against. It's easy to mistake these for imaginary or exaggerated. Think of the antivaxers who are ideologically committed to a world in which human beings do not have a shared destiny, meaning that no one has a moral claim over the choices you make. Motivated reasoning lets those people rationalize their way into imagining that measles – a deadly and ferociously contagious disease that was a scourge for millennia until we all but extinguished it – was no big deal:
https://en.wikipedia.org/wiki/Measles:_A_Dangerous_Illness
There's nothing wrong with asking whether longstanding health measures need to be carried on, or whether they can be sunset. But antivaxers' sloppy, reckless reasoning about contagious disease is inexcusable. They were warned, repeatedly, about the mass death and widespread lifelong disability that would follow from their pursuit of an ideological commitment to living as though their decisions have no effect on others. They pressed ahead anyway, inventing ever-more fanciful reasons why health is a purely private matter, and why "public health" was either a myth or a Communist conspiracy:
https://www.conspirituality.net/episodes/brief-vinay-prasad-pick-me-campaign
When RFK Jr kills your kids with measles or permanently disables them with polio, he doesn't get to say "I was just inquiring as to the efficacy of a longstanding measure, as is right and proper." He was told why the vaccine fence was there, and he came up with objectively very stupid reasons why that didn't matter, and then he killed your kids. He was warned.
Fuck that guy.
Or take Bill Clinton. From 1933 until 1999, American banks were regulated under the Glass-Steagall Act, which "structurally separated" them. Under structural separation, a "retail bank" – the bank that holds your savings and mortgage and provides you with a checkbook – could not be "investment bank." That meant it couldn't own or invest in businesses that competed with the businesses its depositors and borrowers ran. It couldn't get into other lines of business, either, like insurance underwriting.
Glass-Steagall was a fence that stood between retail banks and the casino economy. It was there for a fucking great reason: the failure to structurally separate banks allowed them to act like casinos, inflating a giant market bubble that popped on Black Friday in October 1929, kicking off the Great Depression. Congress built the structural separation fence to keep banks from doing it again.
In the 1990s, Bill Clinton agitated for getting rid of Glass-Steagall. He argued that new economic controls would allow the government to prevent another giant bubble and crash. This time, the banks would behave themselves. After all, hadn't they demonstrated their prudence for seven decades?
In fact, they hadn't. Every time banks figured out how to slip out of regulatory constraints they inflated another huge bubble, leading to another massive crash that made the rich obscenely richer and destroyed ordinary savers' lives. Clinton took office just as one of these finance-sector bombs – the S&L Crisis – was detonating. Clinton had no basis – apart from wishful thinking – to believe that deregulating banks would lead to anything but another gigantic crash.
But Clinton let his self interest – in presiding over a sugar-high economic expansion driven by deregulation – overrule his prudence (about the crash that would follow). Sure enough, in the last months of Clinton's presidency, the stock market imploded with the March 2000 dot-bomb. And because Congress learned nothing from the dot-com crash and declined to restore the Glass-Steagall fence, the crash led to another bubble, this time in subprime mortgages, and then, inevitably, we suffered the Great Financial Crisis.
Look: there's no virtue in having bank regulations for the sake of having them. It is conceptually possible for bank regulations to be useless or even harmful. There's nothing wrong with investigating whether the 70-year old Glass-Steagall Act was still needed in 1999. But Clinton was provided with a mountain of evidence about why Glass-Steagall was the only thing standing between Americans and economic chaos, including the evidence of the S&L Crisis, which was still underway when he took office, and he ignored all of them. If you lost everything – your home, your savings, your pension – in the dot-bomb or the Great Financial Crisis, Bill Clinton is to blame. He was warned. he ignored the warnings.
Fuck that guy.
No, seriously, fuck Bill Clinton. Deregulating banks wasn't Clinton's only passion. He also wanted to ban working cryptography. The cornerstone of Clinton's tech policy was the "Clipper Chip," a backdoored encryption chip that, by law, every technology was supposed to use. If Clipper had gone into effect, then cops, spooks, and anyone who could suborn, bribe, or trick a cop or a spook could break into any computer, server, mobile device, or embedded system in America.
When Clinton was told – over and over, in small, easy-to-understand words – that there was no way to make a security system that only worked when "bad guys" tried to break into it, but collapsed immediately if a "good guy" wanted to bypass it. We explained to him – oh, how we explained to him! – that working encryption would be all that stood between your pacemaker's firmware and a malicious update that killed you where you stood; all that stood between your antilock brakes' firmware and a malicious update that sent you careening off a cliff; all that stood between businesses and corporate espionage, all that stood between America and foreign state adversaries wanting to learn its secrets.
In response, Clinton said the same thing that all of his successors in the Crypto Wars have said: NERD HARDER! Just figure it out. Cops need to look at bad guys' phones, so you need to figure out how to make encryption that keeps teenagers safe from sextortionists, but melts away the second a cop tries to unlock a suspect's phone. Take Malcolm Turnbull, the former Australian Prime Minister. When he was told that the laws of mathematics dictated that it was impossible to build selectively effective encryption of the sort he was demanding, he replied, "The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia":
https://www.eff.org/deeplinks/2017/07/australian-pm-calls-end-end-encryption-ban-says-laws-mathematics-dont-apply-down
Fuck that guy. Fuck Bill Clinton. Fuck a succession of UK Prime Ministers who have repeatedly attempted to ban working encryption. Fuck 'em all. The stakes here are obscenely high. They have been warned, and all they say in response is "NERD HARDER!"
https://pluralistic.net/2023/03/05/theyre-still-trying-to-ban-cryptography/
Now, of course, "crypto means cryptography," but the other crypto – cryptocurrency – deserves a look-in here. Cryptocurrency proponents advocate for a system of deregulated money creation, AKA "wildcat currencies." They say, variously, that central banks are no longer needed; or that we never needed central banks to regulate the money supply. Let's take away that fence. Why not? It's not fit for purpose today, and maybe it never was.
Why do we have central banks? The Fed – which is far from a perfect institution and could use substantial reform or even replacement – was created because the age of wildcat currencies was a nightmare. Wildcat currencies created wild economic swings, massive booms and even bigger busts. Wildcat currencies are the reason that abandoned haunted mansions feature so heavily in the American imagination: American towns and cities were dotted with giant mansions built by financiers who'd grown rich as bubbles expanded, then lost it all after the crash.
Prudent management of the money supply didn't end those booms and busts, but it substantially dampened them, ending the so-called "business cycle" that once terrorized Americans, destroying their towns and livelihoods and wiping out their savings.
It shouldn't surprise us that a new wildcat money sector, flogging "decentralized" cryptocurrencies (that they are nevertheless weirdly anxious to swap for your gross, boring old "fiat" money) has created a series of massive booms and busts, with insiders getting richer and richer, and retail investors losing everything.
If there was ever any doubt about whether wildcat currencies could be made safe by putting them on a blockchain, it is gone. Wildcat currencies are as dangerous today as they were in the 18th and 19th century – only moreso, since this new bad paper relies on the endless consumption of whole rainforests' worth of carbon, endangering not just our economy, but also the habitability of the planet Earth.
And nevertheless, the Trump administration is promising a new crypto golden age (or, ahem, a Gilded Age). And there are plenty of Democrats who continue to throw in with the rotten, corrupt crypto industry, which flushed billions into the 2024 election to bring Trump to office. The result is absolutely going to be more massive bubbles and life-destroying implosions. Fuck those guys. They were warned, and they did it anyway.
Speaking of the climate emergency: greetings from smoky Los Angeles! My city's on fire. This was not an unforeseeable disaster. Malibu is the most on-fire place in the world:
https://longreads.com/2018/12/04/the-case-for-letting-malibu-burn/
Since 1919, the region has been managed on the basis of "total fire suppression." This policy continued long after science showed that this creates "fire debt" in the form of accumulated fuel. The longer you go between fires, the hotter and more destructive those fires become, and the relationship is nonlinear. A 50-year fire isn't 250% more intense than a 20-year fire: it's 50,000% more intense.
Despite this, California has invested peanuts in regular controlled burns, which has created biennial uncontrolled burns – wildfires that cost thousands of times more than any controlled burn.
Speaking of underinvestment: PG&E has spent decades extracting dividends for its investors and bonuses for its execs, while engaging in near-total neglect of maintenance of its high-voltage transmission lines. Even with normal winds, these lines routinely fall down and start blazes.
But we don't have normal winds. The climate emergency has been steadily worsening for decades. LA is just the latest place to be on fire, or under water, or under ice, or baking in wet bulb temperatures. Last week in southern California, we were warned to expect gusts of 120mph.
They were warned. #ExxonKnew: in the early 1970s, Exxon's own scientists warned them that fossil fuel consumption would kick off climate change so drastic that it would endanger human civilzation. Exxon responded by burying the reports and investing in climate denial:
https://exxonknew.org/
They were warned! Warned about fire debt. Warned about transmission lines. Warned about climate change. And specific, named people, who individually had the power to heed these warnings and stave off disaster, ignored the warnings. They didn't make honest mistakes, either: they ignored the warnings because doing so made them extraordinarily, disgustingly rich. They used this money to create dynastic fortunes, and have created entire lineages of ultra-wealthy princelings in $900,000 watches who owe it all to our suffering and impending dooml
Fuck those guys. Fuck 'em all.
We've had so many missed opportunities, chances to make good policy or at least not make bad policy. The enshitternet didn't happen on its own. It was the foreseeable result of choices – again, choices made by named individuals who became very wealthy by ignoring the warnings all around them.
Let's go back to Bill Clinton, because more than anyone else, Clinton presided over some terrible technology regulations. In 1998, Clinton signed the Digital Millennium Copyright Act, a bill championed by Barney Frank (fuck that guy, too). Under Section 1201 of the Digital Millennium Copyright Act, it's a felony, punishable by a five year prison sentence, and a $500,000 fine, to tamper with a "digital lock."
That means that if HP uses a digital lock to prevent you from using third-party ink, it's a literal crime to bypass that lock. Which is why HP ink now costs $10,000/gallon, and why you print your shopping lists with colored water that costs more, ounce for ounce, than the sperm of a Kentucky Derby winner:
https://pluralistic.net/2024/09/30/life-finds-a-way/#ink-stained-wretches
Clinton was warned that DMCA 1201 would soon metastasize into every kind of device – not just the games consoles and DVD players where it was first used, but medical implants, tractors, cars, home appliances – anything you could put a microchip into (Jay Freeman calls this "felony contempt of business-model"):
https://pluralistic.net/2023/07/24/rent-to-pwn/#kitt-is-a-demon
He ignored those warnings and signed the DMCA anyway (fuck that guy). Then, under Bush (fuck that guy), the US Trade Representative went all around the world demanding that America's trading partners adopt versions of this law (fuck that guy). In 2001, the European Parliament capitulated, enacting the EU Copyright Directive, whose Article 6 is a copy-paste of DMCA 1201 (fuck all those people).
Fast forward 20 years, and boy is there a lot of shit with microchips that can be boobytrapped with rent-extracting logic bombs that are illegal to research, describe, or disable.
Like choo-choo trains.
Last year, the Polish hacking group Dragon Sector was contacted by a public sector train company whose Newag trains kept going out of service. The operator suspected that Newag had boobytrapped the trains to punish the train company for getting its maintenance from a third-party contractor. When Dragon Sector investigated, they discovered that Newag had indeed riddled the trains' firmware with boobytraps. Trains that were taken to locations known to have third-party maintenance workshops were immediately bricked (hilariously, this bomb would detonate if trains just passed through stations near to these workshops, which is why another train company had to remove all the GPSes from its trains – they kept slamming to a halt when they approached a station near a third-party workshop). But Newag's logic bombs would brick trains for all kinds of reasons – merely keeping a train stationary for too many days would result in its being bricked. Installing a third-party component in a locomotive would also trigger a bomb, bricking the train.
In their talk at last year's Chaos Communications Congress, the Dragon Sector folks describe how they have been legally terrorized by Newag, which has repeatedly sued them for violating its "intellectual property" by revealing its sleazy, corrupt business practices. They also note that Newag continues to sell lots of trains in Poland, despite the widespread knowledge of its dirty business model, because public train operators are bound by procurement rules, and as long as Newag is the cheapest bidder, they get the contract:
https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure
The laws that let Newag make millions off a nakedly corrupt enterprise – and put the individuals who blew the whistle on it at risk of losing everything – were passed by Members of the European Parliament who were warned that this would happen, and they ignored those warnings, and now it's happening. Fuck those people, every one of 'em.
It's not just European parliamentarians who ignored warnings and did the bidding of the US Trade Representative, enacting laws that banned tampering with digital locks. In 2010, two Canadian Conservative Party ministers in the Stephen Harper government brought forward similar legislation. These ministers, Tony Clement (now a disgraced sex-pest and PPE grifter) and James Moore (today, a sleazeball white-shoe corporate lawyer), held a consultation on this proposal.
6, 138 people wrote in to say, "Don't do this, it will be hugely destructive." 54 respondents wrote in support of it. Clement and Moore threw out the 6,138 opposing comments. Moore explained why: these were the "babyish" responses of "radical extremists." The law passed in 2012.
Last year, the Canadian Parliament passed bills guaranteeing Canadians the Right to Repair and the right to interoperability. But Canadians can't act on either of these laws, because they would have to tamper with a digital lock to do so, and that's illegal, thanks to Tony Clement and James Moore. Who were warned. And who ignored those warnings. Fuck those guys:
https://pluralistic.net/2024/11/15/radical-extremists/#sex-pest
Back in the 1990s, Bill Clinton had a ton of proposals for regulating the internet, but nowhere among those proposals will you find a consumer privacy law. The last time an American president signed a consumer privacy law was 1988, when Reagan signed the Video Privacy Protection Act and ensured that Americans would never have to worry that video-store clerks where telling the newspapers what VHS cassettes they took home.
In the years since, Congress has enacted exactly zero consumer privacy laws. None. This has allowed the out-of-control, unregulated data broker sector to metastasize into a cancer on the American people. This is an industry that fuels stalkers, discriminatory financial and hiring algorithms, and an ad-tech sector that lets advertisers target categories like "teenagers with depression," "seniors with dementia" and "armed service personnel with gambling addictions."
When the people cry out for privacy protections, Congress – and the surveillance industry shills that fund them – say we don't need a privacy law. The market will solve this problem. People are selling their privacy willingly, and it would be an "undue interference in the market" if we took away your "freedom to contract" by barring companies from spying on you after you clicked the "I agree" button.
These people have been repeatedly warned about the severe dangers to the American public – as workers, as citizens, as community members, and as consumers – from the national privacy free-for-all, and have done nothing. Fuck them, every one:
https://pluralistic.net/2023/12/06/privacy-first/#but-not-just-privacy
Now, even a stopped clock is right twice a day, and not every one of Bill Clinton's internet policies was terrible. He had exactly one great policy, and, ironically, that's the one there's the most energy for dismantling. That policy is Section 230 of the Communications Decency Act (a law that was otherwise such a dumpster fire that the courts struck it down). Chances are, you have been systematically misled about the history, use, and language of Section 230, which is wild, because it's exactly 26 words long and fits in a single tweet:
No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.
Section 230 was passed because when companies were held liable for their users' speech, they "solved" this problem by just blocking every controversial thing a user said. Without Section 230, there would be no Black Lives Matter, no #MeToo – no online spaces where the powerful were held to account. Meanwhile, rich and powerful people would continue to enjoy online platforms where they and their bootlickers could pump out the most grotesque nonsense imaginable, either because they owned those platforms (ahem, Twitter and Truth Social) or because rich and powerful people can afford the professional advice needed to navigate the content-moderation bureaucracies of large systems.
We know exactly what the internet looks like when platforms are civilly liable for their users' speech: it's an internet where marginalized and powerless people are silenced, and where the people who've got a boot on their throats are the only voices you can hear:
https://www.techdirt.com/2020/06/23/hello-youve-been-referred-here-because-youre-wrong-about-section-230-communications-decency-act/
The evidence for this isn't limited to the era of AOL and Prodigy. In 2018, Trump signed SESTA/FOSTA, a law that held platforms liable for "sex trafficking." Advocates for this law – like Ashton Kutcher, who campaigns against sexual assault unless it involves one of his friends, in which case he petitions the judge for leniency – were warned that it would be used to shut down all consensual sex work online, making sex workers's lives much more dangerous. This warnings were immediately borne out, and they have been repeatedly borne out every month since. Killing CDA 230 for sex work brought back pimping, exposed sex workers to grave threats to their personal safety, and made them much poorer:
https://decriminalizesex.work/advocacy/sesta-fosta/what-is-sesta-fosta/
It also pushed sex trafficking and other nonconsensual sex into privateforums that are much harder for law enforcement to monitor and intervene in, making it that much harder to catch sex traffickers:
https://cdt.org/insights/its-all-downsides-hybrid-fosta-sesta-hinders-law-enforcement-hurts-victims-and-speakers/
This is exactly what SESTA/FOSTA's advocates were warned of. They were warned. They did it anyway. Fuck those people.
Maybe you have a theory about how platforms can be held civilly liable for their users' speech without harming marginalized people in exactly the way that SESTA/FOSTA, it had better amount to more than "platforms are evil monopolists and CDA 230 makes their lives easier." Yes, they're evil monopolists. Yes, 230 makes their lives easier. But without 230, small forums – private message boards, Mastodon servers, Bluesky, etc – couldn't possibly operate.
There's a reason Mark Zuckerberg wants to kill CDA 230, and it's not because he wants to send Facebook to the digital graveyard. Zuck knows that FB can operate in a post-230 world by automating the deletion of all controversial speech, and he knows that small services that might "disrupt" Facebook's hegemony would be immediately extinguished by eliminating 230:
https://www.nbcnews.com/tech/tech-news/zuckerberg-calls-changes-techs-section-230-protections-rcna486
It's depressing to see so many comrades in the fight against Big Tech getting suckered into carrying water for Zuck, demanding the eradication of CDA 230. Please, I beg you: look at the evidence for what happens when you remove that fence. Heed the warnings. Don't be like Bill Clinton, or California fire suppression officials, or James Moore and Tony Clement, or the European Parliament, or the US Trade Rep, or cryptocurrency freaks, or Malcolm Turnbull.
Or Ashton fucking Kutcher.
Because, you know, fuck those guys.
Check out my Kickstarter to pre-order copies of my next novel, Picks and Shovels!
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
https://pluralistic.net/2025/01/13/wanting-it-badly/#is-not-enough
#pluralistic#we told you so#told you so#foreseeable outcomes#enshittification#crypto cars#cryto means cryptography#data brokers#cda 230#section 230#230#newag#drm#copyfight#section 1201#wildcat money#backdoors#wanting it badly is not enough#dragon sector#great financial crisis#structural separation#guillotine watch#nerd harder
319 notes
·
View notes
Text
Today, Mozilla Monitor (previously called Firefox Monitor), a free service that notifies you when your email has been part of a breach, announced its new paid subscription service offering: automatic data removal and continuous monitoring of your exposed personal information.
On your behalf, Mozilla Monitor will start with data removal requests, then scan every month to make sure your personal information stays off data broker sites. Monitor Plus will let you know once your personal information has been removed from more than 190+ data broker sites.
9 notes
·
View notes
Text
youtube
#Aperture#video essay#algorithm#algorithms#Eric Loomis#COMPAS#thought piece#computer#computer program#data#data brokers#targeted ads#data breach#terminal#the silver machine#AI#machine learning#healthcare#tech#technology#profit#Youtube
2 notes
·
View notes
Text
The FBI, CBP, and other agencies can track your location using WiFi and GPS data, but they rarely know how to do all of this and piece together enough of your location data to get a conviction without a confession. Most of this data is actually useless without other evidence or a confession, not to mention the easy method of making all of your digital behavior random and unpredictable to where their machines can’t make predictions on you, and any agents get a headache trying to understand what you’re doing. You can also have multiple phones logged into the same account running in different locations, faraday bags, and custom encrypted operating systems.
#social engineering#hacking#location data#GPS#WiFi#data spoofing#faraday bags#computers#programming#data#data brokers
3 notes
·
View notes
Text
Victory! California’s new data broker law will hold data brokers accountable and give us needed control over our data by making it easier to exercise our privacy rights.
Read more about what the new law does here:
#privacy #databrokers #CA
#privacy#data brokers#california#usa#america#law#humanrights#invasion of privacy#privacy rights#ausgov#politas#auspol#tasgov#taspol#australia#fuck neoliberals#neoliberal capitalism#anthony albanese#albanese government#native american#amerikkka#amerika#united states#unitedstateofamerica#class war#eat the rich#eat the fucking rich#fuck the gop#fuck the police#fuck the patriarchy
5 notes
·
View notes
Text
our anonymity, our right to privacy and therefor our right to PEACE is constantly being stripped away from us
"oh i dont care if google tracks and makes money off my data all they use it for is ads"
if thats you ^ you are FOOLISH to think this
maybe you have nothing to loose? youve never done anything wrong so you have nothing to hide?
but its never been about right and wrong doings. if the right kinds of oppressed people are considered wrong enough, then they will be prosecuted and their identity is more than enough to criminalize them
if you are not concerned its not about you.
the people who are concerned are not paranoid. they are likely one bad law or political movement away from becoming a victim of this terrible system.
and then our only saving grace is anonymity. your voice can and will be used against you if they know who it belongs to
the fingerprint data brokers have on us should be horrifying. the loophole that police dont need a warrant if the information is obtained via a data broker should be horrifying.
by normalizing it you do nothing but help big brother. we are living in 1984 and that is not a meme, its true.
whatever you can do within your own power to help prevent this is better than nothing. just switching browsers from chrome to Firefox is a big step.
learn to protect your privacy. not just for you but for all the rest of us too.
#we need to start caring about this collectively l#i can see how this is playing out and it give horrible precedent to policing to come#please protect yourself#please help protect others#data#online fingerprinting#police#data brokers#right to privacy#privacy#1984
4 notes
·
View notes
Text
Ah, data brokers, gathering info for the US government.
5 notes
·
View notes
Text
Data Brokers and the Sale of Americans’ Mental Health Data
The Exchange of Our Most Sensitive Data and What It Means for Personal Privacy
Authored by Joanne Kim,
Sanford School of Public Policy - Duke University
(Full report made available online)
Overview:
This report includes findings from a two-month-long study of data brokers and data on U.S. individuals’ mental health conditions. The report aims to make more transparent the data broker industry and its processes for selling and exchanging mental health data about depressed and anxious individuals. The research is critical as more depressed and anxious individuals utilize personal devices and software-based health-tracking applications (many of which are not protected by the Health Insurance Portability and Accountability Act), often unknowingly putting their sensitive mental health data at risk. This report finds that the industry appears to lack a set of best practices for handling individuals’ mental health data, particularly in the areas of privacy and buyer vetting. It finds that there are data brokers which advertise and are willing and able to sell data concerning Americans’ highly sensitive mental health information. It concludes by arguing that the largely unregulated and black-box nature of the data broker industry, its buying and selling of sensitive mental health data, and the lack of clear consumer privacy protections in the U.S. necessitate a comprehensive federal privacy law or, at the very least, an expansion of HIPAA’s privacy protections alongside bans on the sale of mental health data on the open market.
Key Findings:
Some data brokers are marketing highly sensitive data on individuals’ mental health conditions on the open market, with seemingly minimal vetting of customers and seemingly few controls on the use of purchased data.
26 of the 37 contacted data brokers responded to inquiries about mental health data, and 11 firms were ultimately willing and able to sell the requested mental health data.
Whether this data will be deidentified or aggregated is also often unclear, and many of the studied data brokers at least seem to imply that they have the capabilities to provide identifiable data.
The 10 most engaged data brokers asked about the purpose of the purchase and the intended use cases for the data; however, after receiving that information (verbally or in writing) from the author, those companies did not appear to have additional controls for client management, and there was no indication in emails and phone calls that they had conducted separate background checks to corroborate the author’s (non-deceptive) statements.
The 10 most engaged brokers advertised highly sensitive mental health data on Americans including data on those with depression, attention disorder, insomnia, anxiety, ADHD, and bipolar disorder as well as data on ethnicity, age, gender, zip code, religion, children in the home, marital status, net worth, credit score, date of birth, and single parent status.
Pricing for mental health information varied: one data broker charged $275 for 5,000 aggregated counts of Americans’ mental health records, while other firms charged upwards of $75,000 or $100,000 a year for subscription/licensing access to data that included information on individuals’ mental health conditions.
One company that the author was in contact with depicted their firm as an advertising tech firm. The sales representative offered to ask their manager about coordinating a data deal on information from organizations they advertise for on behalf of the author.
Data broker 1 emphasized that the requested data on individuals’ mental health conditions was “extremely restricted” and that their team would need more information on intended use cases—yet continued to send a sample of aggregated, deidentified data counts.
After data broker 1 confirmed that the author was not part of a marketing entity, the sales representative said that as long as the author did not contact the individuals in the dataset, the author could use the data freely.
Data broker 2 implied they may have fully identified patient data, but said they were unable to share this individual-level data due to HIPAA compliance concerns. Instead, the sales representative offered to aggregate the data of interest in a deidentified form.
Data broker 4 was the most willing to sell data on depressed and anxious individuals at the author’s budget price of $2,500 and stated no apparent, restrictive data-use limitations post-purchase.
Data broker 4 advertised highly sensitive mental health data to the author, including names and postal addresses of individuals with depression, bipolar disorder, anxiety issues, panic disorder, cancer, PTSD, OCD, and personality disorder, as well as individuals who have had strokes and data on those people’s races and ethnicities.
Two data brokers, data broker 6 and data broker 9, mentioned nondisclosure agreements (NDAs) in their communications, and data broker 9 indicated that signing an NDA was a prerequisite for obtaining access to information on the data it sells.
Data broker 8 often made unsolicited calls to the author’s personal cell. If the author was delayed in responding to an email from data broker 8, the frequency of calls seemed to increase.
Some brokers imposed data use limitations on the possible sale of people’s mental health information, ranging from “single-use” (which usually pertains to mailing purposes) to “multi-use” (which means the dataset is available for one year after purchase) based on the firm and the product purchased.
Based on an evaluation of privacy policies, data brokers seem collectively less willing to provide access and disclosure to their customers and users about the collection or correction of personal data.
#privacy#privacy rights#data brokers#mental health#personal data#consumer privacy#data resellers#information broker#digital privacy#online safety
1 note
·
View note
Text
Your car spies on you and rats you out to insurance companies
I'm on tour with my new, nationally bestselling novel The Bezzle! Catch me TOMORROW (Mar 13) in SAN FRANCISCO with ROBIN SLOAN, then Toronto, NYC, Anaheim, and more!
Another characteristically brilliant Kashmir Hill story for The New York Times reveals another characteristically terrible fact about modern life: your car secretly records fine-grained telemetry about your driving and sells it to data-brokers, who sell it to insurers, who use it as a pretext to gouge you on premiums:
https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html
Almost every car manufacturer does this: Hyundai, Nissan, Ford, Chrysler, etc etc:
https://www.repairerdrivennews.com/2020/09/09/ford-state-farm-ford-metromile-honda-verisk-among-insurer-oem-telematics-connections/
This is true whether you own or lease the car, and it's separate from the "black box" your insurer might have offered to you in exchange for a discount on your premiums. In other words, even if you say no to the insurer's carrot – a surveillance-based discount – they've got a stick in reserve: buying your nonconsensually harvested data on the open market.
I've always hated that saying, "If you're not paying for the product, you're the product," the reason being that it posits decent treatment as a customer reward program, like the little ramekin warm nuts first class passengers get before takeoff. Companies don't treat you well when you pay them. Companies treat you well when they fear the consequences of treating you badly.
Take Apple. The company offers Ios users a one-tap opt-out from commercial surveillance, and more than 96% of users opted out. Presumably, the other 4% were either confused or on Facebook's payroll. Apple – and its army of cultists – insist that this proves that our world's woes can be traced to cheapskate "consumers" who expected to get something for nothing by using advertising-supported products.
But here's the kicker: right after Apple blocked all its rivals from spying on its customers, it began secretly spying on those customers! Apple has a rival surveillance ad network, and even if you opt out of commercial surveillance on your Iphone, Apple still secretly spies on you and uses the data to target you for ads:
https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar
Even if you're paying for the product, you're still the product – provided the company can get away with treating you as the product. Apple can absolutely get away with treating you as the product, because it lacks the historical constraints that prevented Apple – and other companies – from treating you as the product.
As I described in my McLuhan lecture on enshittification, tech firms can be constrained by four forces:
I. Competition
II. Regulation
III. Self-help
IV. Labor
https://pluralistic.net/2024/01/30/go-nuts-meine-kerle/#ich-bin-ein-bratapfel
When companies have real competitors – when a sector is composed of dozens or hundreds of roughly evenly matched firms – they have to worry that a maltreated customer might move to a rival. 40 years of antitrust neglect means that corporations were able to buy their way to dominance with predatory mergers and pricing, producing today's inbred, Habsburg capitalism. Apple and Google are a mobile duopoly, Google is a search monopoly, etc. It's not just tech! Every sector looks like this:
https://www.openmarketsinstitute.org/learn/monopoly-by-the-numbers
Eliminating competition doesn't just deprive customers of alternatives, it also empowers corporations. Liberated from "wasteful competition," companies in concentrated industries can extract massive profits. Think of how both Apple and Google have "competitively" arrived at the same 30% app tax on app sales and transactions, a rate that's more than 1,000% higher than the transaction fees extracted by the (bloated, price-gouging) credit-card sector:
https://pluralistic.net/2023/06/07/curatorial-vig/#app-tax
But cartels' power goes beyond the size of their warchest. The real source of a cartel's power is the ease with which a small number of companies can arrive at – and stick to – a common lobbying position. That's where "regulatory capture" comes in: the mobile duopoly has an easier time of capturing its regulators because two companies have an easy time agreeing on how to spend their app-tax billions:
https://pluralistic.net/2022/06/05/regulatory-capture/
Apple – and Google, and Facebook, and your car company – can violate your privacy because they aren't constrained regulation, just as Uber can violate its drivers' labor rights and Amazon can violate your consumer rights. The tech cartels have captured their regulators and convinced them that the law doesn't apply if it's being broken via an app:
https://pluralistic.net/2023/04/18/cursed-are-the-sausagemakers/#how-the-parties-get-to-yes
In other words, Apple can spy on you because it's allowed to spy on you. America's last consumer privacy law was passed in 1988, and it bans video-store clerks from leaking your VHS rental history. Congress has taken no action on consumer privacy since the Reagan years:
https://www.eff.org/tags/video-privacy-protection-act
But tech has some special enshittification-resistant characteristics. The most important of these is interoperability: the fact that computers are universal digital machines that can run any program. HP can design a printer that rejects third-party ink and charge $10,000/gallon for its own colored water, but someone else can write a program that lets you jailbreak your printer so that it accepts any ink cartridge:
https://www.eff.org/deeplinks/2020/11/ink-stained-wretches-battle-soul-digital-freedom-taking-place-inside-your-printer
Tech companies that contemplated enshittifying their products always had to watch over their shoulders for a rival that might offer a disenshittification tool and use that as a wedge between the company and its customers. If you make your website's ads 20% more obnoxious in anticipation of a 2% increase in gross margins, you have to consider the possibility that 40% of your users will google "how do I block ads?" Because the revenue from a user who blocks ads doesn't stay at 100% of the current levels – it drops to zero, forever (no user ever googles "how do I stop blocking ads?").
The majority of web users are running an ad-blocker:
https://doc.searls.com/2023/11/11/how-is-the-worlds-biggest-boycott-doing/
Web operators made them an offer ("free website in exchange for unlimited surveillance and unfettered intrusions") and they made a counteroffer ("how about 'nah'?"):
https://www.eff.org/deeplinks/2019/07/adblocking-how-about-nah
Here's the thing: reverse-engineering an app – or any other IP-encumbered technology – is a legal minefield. Just decompiling an app exposes you to felony prosecution: a five year sentence and a $500k fine for violating Section 1201 of the DMCA. But it's not just the DMCA – modern products are surrounded with high-tech tripwires that allow companies to invoke IP law to prevent competitors from augmenting, recongifuring or adapting their products. When a business says it has "IP," it means that it has arranged its legal affairs to allow it to invoke the power of the state to control its customers, critics and competitors:
https://locusmag.com/2020/09/cory-doctorow-ip/
An "app" is just a web-page skinned in enough IP to make it a crime to add an ad-blocker to it. This is what Jay Freeman calls "felony contempt of business model" and it's everywhere. When companies don't have to worry about users deploying self-help measures to disenshittify their products, they are freed from the constraint that prevents them indulging the impulse to shift value from their customers to themselves.
Apple owes its existence to interoperability – its ability to clone Microsoft Office's file formats for Pages, Numbers and Keynote, which saved the company in the early 2000s – and ever since, it has devoted its existence to making sure no one ever does to Apple what Apple did to Microsoft:
https://www.eff.org/deeplinks/2019/06/adversarial-interoperability-reviving-elegant-weapon-more-civilized-age-slay
Regulatory capture cuts both ways: it's not just about powerful corporations being free to flout the law, it's also about their ability to enlist the law to punish competitors that might constrain their plans for exploiting their workers, customers, suppliers or other stakeholders.
The final historical constraint on tech companies was their own workers. Tech has very low union-density, but that's in part because individual tech workers enjoyed so much bargaining power due to their scarcity. This is why their bosses pampered them with whimsical campuses filled with gourmet cafeterias, fancy gyms and free massages: it allowed tech companies to convince tech workers to work like government mules by flattering them that they were partners on a mission to bring the world to its digital future:
https://pluralistic.net/2023/09/10/the-proletarianization-of-tech-workers/
For tech bosses, this gambit worked well, but failed badly. On the one hand, they were able to get otherwise powerful workers to consent to being "extremely hardcore" by invoking Fobazi Ettarh's spirit of "vocational awe":
https://www.inthelibrarywiththeleadpipe.org/2018/vocational-awe/
On the other hand, when you motivate your workers by appealing to their sense of mission, the downside is that they feel a sense of mission. That means that when you demand that a tech worker enshittifies something they missed their mother's funeral to deliver, they will experience a profound sense of moral injury and refuse, and that worker's bargaining power means that they can make it stick.
Or at least, it did. In this era of mass tech layoffs, when Google can fire 12,000 workers after a $80b stock buyback that would have paid their wages for the next 27 years, tech workers are learning that the answer to "I won't do this and you can't make me" is "don't let the door hit you in the ass on the way out" (AKA "sharpen your blades boys"):
https://techcrunch.com/2022/09/29/elon-musk-texts-discovery-twitter/
With competition, regulation, self-help and labor cleared away, tech firms – and firms that have wrapped their products around the pluripotently malleable core of digital tech, including automotive makers – are no longer constrained from enshittifying their products.
And that's why your car manufacturer has chosen to spy on you and sell your private information to data-brokers and anyone else who wants it. Not because you didn't pay for the product, so you're the product. It's because they can get away with it.
Cars are enshittified. The dozens of chips that auto makers have shoveled into their car design are only incidentally related to delivering a better product. The primary use for those chips is autoenshittification – access to legal strictures ("IP") that allows them to block modifications and repairs that would interfere with the unfettered abuse of their own customers:
https://pluralistic.net/2023/07/24/rent-to-pwn/#kitt-is-a-demon
The fact that it's a felony to reverse-engineer and modify a car's software opens the floodgates to all kinds of shitty scams. Remember when Bay Staters were voting on a ballot measure to impose right-to-repair obligations on automakers in Massachusetts? The only reason they needed to have the law intervene to make right-to-repair viable is that Big Car has figured out that if it encrypts its diagnostic messages, it can felonize third-party diagnosis of a car, because decrypting the messages violates the DMCA:
https://www.eff.org/deeplinks/2013/11/drm-cars-will-drive-consumers-crazy
Big Car figured out that VIN locking – DRM for engine components and subassemblies – can felonize the production and the installation of third-party spare parts:
https://pluralistic.net/2022/05/08/about-those-kill-switched-ukrainian-tractors/
The fact that you can't legally modify your car means that automakers can go back to their pre-2008 ways, when they transformed themselves into unregulated banks that incidentally manufactured the cars they sold subprime loans for. Subprime auto loans – over $1t worth! – absolutely relies on the fact that borrowers' cars can be remotely controlled by lenders. Miss a payment and your car's stereo turns itself on and blares threatening messages at top volume, which you can't turn off. Break the lease agreement that says you won't drive your car over the county line and it will immobilize itself. Try to change any of this software and you'll commit a felony under Section 1201 of the DMCA:
https://pluralistic.net/2021/04/02/innovation-unlocks-markets/#digital-arm-breakers
Tesla, naturally, has the most advanced anti-features. Long before BMW tried to rent you your seat-heater and Mercedes tried to sell you a monthly subscription to your accelerator pedal, Teslas were demon-haunted nightmare cars. Miss a Tesla payment and the car will immobilize itself and lock you out until the repo man arrives, then it will blare its horn and back itself out of its parking spot. If you "buy" the right to fully charge your car's battery or use the features it came with, you don't own them – they're repossessed when your car changes hands, meaning you get less money on the used market because your car's next owner has to buy these features all over again:
https://pluralistic.net/2023/07/28/edison-not-tesla/#demon-haunted-world
And all this DRM allows your car maker to install spyware that you're not allowed to remove. They really tipped their hand on this when the R2R ballot measure was steaming towards an 80% victory, with wall-to-wall scare ads that revealed that your car collects so much information about you that allowing third parties to access it could lead to your murder (no, really!):
https://pluralistic.net/2020/09/03/rip-david-graeber/#rolling-surveillance-platforms
That's why your car spies on you. Because it can. Because the company that made it lacks constraint, be it market-based, legal, technological or its own workforce's ethics.
One common critique of my enshittification hypothesis is that this is "kind of sensible and normal" because "there’s something off in the consumer mindset that we’ve come to believe that the internet should provide us with amazing products, which bring us joy and happiness and we spend hours of the day on, and should ask nothing back in return":
https://freakonomics.com/podcast/how-to-have-great-conversations/
What this criticism misses is that this isn't the companies bargaining to shift some value from us to them. Enshittification happens when a company can seize all that value, without having to bargain, exploiting law and technology and market power over buyers and sellers to unilaterally alter the way the products and services we rely on work.
A company that doesn't have to fear competitors, regulators, jailbreaking or workers' refusal to enshittify its products doesn't have to bargain, it can take. It's the first lesson they teach you in the Darth Vader MBA: "I am altering the deal. Pray I don't alter it any further":
https://pluralistic.net/2023/10/26/hit-with-a-brick/#graceful-failure
Your car spying on you isn't down to your belief that your carmaker "should provide you with amazing products, which brings your joy and happiness you spend hours of the day on, and should ask nothing back in return." It's not because you didn't pay for the product, so now you're the product. It's because they can get away with it.
The consequences of this spying go much further than mere insurance premium hikes, too. Car telemetry sits at the top of the funnel that the unbelievably sleazy data broker industry uses to collect and sell our data. These are the same companies that sell the fact that you visited an abortion clinic to marketers, bounty hunters, advertisers, or vengeful family members pretending to be one of those:
https://pluralistic.net/2022/05/07/safegraph-spies-and-lies/#theres-no-i-in-uterus
Decades of pro-monopoly policy led to widespread regulatory capture. Corporate cartels use the monopoly profits they extract from us to pay for regulatory inaction, allowing them to extract more profits.
But when it comes to privacy, that period of unchecked corporate power might be coming to an end. The lack of privacy regulation is at the root of so many problems that a pro-privacy movement has an unstoppable constituency working in its favor.
At EFF, we call this "privacy first." Whether you're worried about grifters targeting vulnerable people with conspiracy theories, or teens being targeted with media that harms their mental health, or Americans being spied on by foreign governments, or cops using commercial surveillance data to round up protesters, or your car selling your data to insurance companies, passing that long-overdue privacy legislation would turn off the taps for the data powering all these harms:
https://www.eff.org/wp/privacy-first-better-way-address-online-harms
Traditional economics fails because it thinks about markets without thinking about power. Monopolies lead to more than market power: they produce regulatory capture, power over workers, and state capture, which felonizes competition through IP law. The story that our problems stem from the fact that we just don't spend enough money, or buy the wrong products, only makes sense if you willfully ignore the power that corporations exert over our lives. It's nice to think that you can shop your way out of a monopoly, because that's a lot easier than voting your way out of a monopoly, but no matter how many times you vote with your wallet, the cartels that control the market will always win:
https://pluralistic.net/2024/03/05/the-map-is-not-the-territory/#apor-locksmith
Name your price for 18 of my DRM-free ebooks and support the Electronic Frontier Foundation with the Humble Cory Doctorow Bundle.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
https://pluralistic.net/2024/03/12/market-failure/#car-wars
Image: Cryteria (modified) https://commons.wikimedia.org/wiki/File:HAL9000.svg
CC BY 3.0 https://creativecommons.org/licenses/by/3.0/deed.en
#pluralistic#if you're not paying for the product you're the product#if you're paying for the product you're the product#cars#automotive#enshittification#technofeudalism#autoenshittification#antifeatures#felony contempt of business model#twiddling#right to repair#privacywashing#apple#lexisnexis#insuretech#surveillance#commercial surveillance#privacy first#data brokers#subprime#kash hill#kashmir hill
2K notes
·
View notes
Text
The context of the state of internet privacy laws (or lack thereof) make this “TikTok ban”even wilder.
Learn stuff the US govt doesn’t want you to know👇🏾^…^👇🏾
Congress is moving urgently to pass a TikTok ban that nobody asked for while 23 million homes are about to be priced out of affording the internet. 🔍 Affordable Connectivity Program
As a lil cherry on top, Congress has been dragging their feet to stop government surveillance. Our government is buying and selling our personal data from/to foreign adversaries. And yes, it is unconstitutional AF 🔍 Section-702 Foreign Intelligence Surveillance Act
This TikTok ban is the result of an wombo-combo of Sinophobia at the highest rungs of our government, bloated military spending, and excessive lobbying of right wing lawmakers by Facebook (Meta) to eliminate competition. 🔍Targeted Victory “Slap a Teacher” trend
So yeah fuck all this. We need to start demanding real data privacy from our government. Some helpful terms to know when you call your goons.
Data minimization: limit the kind of data collected and for how long
Net Neutrality: protection from Internet Providers selling our browsing information + blocking access to certain sites
Close the Digital Divide: establish affordable, readily available internet in public + private locations to stop internet/data monopolies + digital discrimination.
Regulate Data Brokers: Monitor data vendors and punish irresponsible/ illegal data purchases to protect privacy.
Trust, they don’t want you to know this stuff. Your call to your rep will be 10x spookier if you say any of this👆🏾
so the house of representatives just passed a bill that will now move to the senate to BAN tik tok completely in the united states and they are expected to argue that “national security risks” outweigh the freedom of speech and first amendment rights. biden has already said that if it gets to him, he will sign it. whether or not you use the app…….this is something to be worried about
#ray writes#tik tok#tik tok ban#us politics#ref#data privacy#tiktok#cyberpunk#hope punk#government surveillance#sec 702 fisa#702#ACP#affordable connectivity program#internet access#data brokers#data poisoning#call your reps folks#call your reps#call your senators#Congress#us senate
55K notes
·
View notes
Text
Weekly output: Arc Boats, data brokers, Mark Vena podcast, New Glenn, Starship, TikTok
Ideally, the week after CES would be a relaxing time with at least one day spent entirely disconnected from work. Because we don’t live in an ideal world, my week instead featured the Supreme Court blowing up TikTok and SpaceX blowing up the second stage of its giant Starship rocket. And on top of that, I wrote a post Wednesday for Patreon readers sharing further observations from CES. 1/13/2025:…
View On WordPress
#Arc Boats#Blue Origin#ces#data brokers#electric boat#First Amendment#Las Vegas#Mark Vena#New Glenn#Shmoocon#SpaceX#Starship#Supreme Court#TikTok#Yael Grauer
0 notes
Text
CFPB Takes Aim at Data Brokers in Proposed Rule Amending FCRA
On December 3, the CFPB announced a proposed rule to enhance oversight of data brokers that handle consumers’ sensitive personal and financial information. The proposed rule would amend Regulation V, which implements the Fair Credit Reporting Act (FCRA), to require data brokers to comply with credit bureau-style regulations under FCRA if they sell income data or certain other financial…
#AI#Artificial Intelligence#CFPB#consent#Consumer Financial Protection Bureau#CRA#credit history#credit score#data brokers#debt payments#Disclosure#Fair Credit Reporting Act#FCRA#financial information#personal information#privacy protection#Regulation V
1 note
·
View note
Text
SOCIAL SECURITY NUMBER RULES COULD BE CHANGED
In response to widespread data breaches exposing millions of Social Security numbers, the Consumer Financial Protection Bureau (CFPB) is proposing new regulations to strengthen consumer protections. These changes aim to classify certain data brokers as consumer reporting agencies, subjecting them to the same rules as credit bureaus under the Fair Credit Reporting Act (FCRA). This move seeks to…
0 notes
Text
Privacy Risks for Women Seeking Out-of-State Care
In this episode of Scam DamNation, host Lillian Cauldwell introduces an old type of scam still continuing in the United States targeted at women where personal information bought with a credit card tracks women who visit abortion clinics and tracks them back across state lines to their place of residence and nothing is being done about it. Senator Ron Wyden wrote an article in which he states…
#Abortion Clinics.#AI Scams.#Cell Phone#Credit Card Tracking&039;s#Data Breach#Data Brokers#Lillian Cauldwell#Privacy Risks#Scam DamNation#Scams#Senator Ron Wyden#women health#Women Rights
0 notes
Text
Loophole In Federal Law Enables Government Agencies To Buy data Gathered From Your Cellphone.
In recent years, local, state, and federal law enforcement agencies have turned to buying data about Americans directly from data brokers
View On WordPress
1 note
·
View note
Text
To add to the absolute disappointment towards companies that harvest your data for ad companies, my machine consistently gives me ads (for music services where I can ONLY HEAR the ad) in Spanish.
I do not speak Spanish
I mean I can cut some slack and say I have traveled to Spanish speaking countries about twice but still???
Like if you are going to try and track my every move through an online device shouldn't you be able to tell what languages I speak?
If they should be sending me Korean or Japanese ads since that is the majority of the music I listen to?? That might be reasonable.
Honestly if the Internet got better at using the information it gathers to give me ads of products I'd actually like, I'd probably buy it. Like "wow I didn't know about this product but, I can see myself really enjoying it. Let's get it" could be happening but, no it's "Spanish?! Again?!"
#youtube ads#data brokers#serious skill issue#data harvesting#Can't these guys figure out that any tea or fandom related things will be going into my cart?#if after I post this i get better ads I will not feel any privacy invasion only relief#disapointed
0 notes