While the FTC never seems to be carrying a particularly big stick, it has been threatening hard knocks on Internet companies that play fast and loose with user data. Spokeo is the latest enterprise to be licking its wounds.
Late last year, Facebook reached a settlement with the FTC over user privacy, submitting to independent audits for the next 20 years. A similar audit regime was accepted by MySpace last month, following accusations that the site was sharing personally identifying information with advertisers, despite undertaking not to do so.
...marketing its consumer profiles without making sure that they would be used for legal purposes, failing to ensure their accuracy and neglecting to tell consumers of its own responsibilities under federal law.
Specifically, Spokeo, a social aggregator site, had been selling personal information to employers for the purpose of screening job applicants. No need to ask for a candidate's Facebook, Twitter, and Google+ passwords -- just have Spokeo gather any information that appears online, no matter how inaccurate.
I recall taking steps to have my profile removed from Spokeo a year or so ago, but I now see it's appeared again.
Spokeo's business model is to charge users a small monthly fee to access information including:
Emails, addresses, and phone numbers
Profiles from 80+ social networks
Hidden pictures and blogs
Info search engines can't find
Intrusive? Of course, but it claims that all the information it's selling is already in the public domain. It simply aggregates social network data and ties it to the kind of information you'd find in a phone directory. Indeed, Spokeo protests that:
We are a technology company organizing people-related data in innovative ways. We do not create our own content, we do not possess or have access to private financial information, and we do not offer consumer reports.
According to the Consent Decree, however, Spokeo is prohibited, among other things, from:
Furnishing a consumer report to any person who does not have a permissible purpose to receive the consumer report
Failing to maintain reasonable procedures to assure the maximum possible accuracy of the information concerning the individual about whom a consumer report relates
Failing to provide the notice to users of consumer reports required under Federal law
Just to ice the cake, as it were, Spokeo was also slapped for posting completely fictional endorsements of its services.
If there's a key provision in the decree, it's the insistence that Spokeo take measures to ensure the accuracy of the information it gathers -- and presumably will continue to disseminate, in the appropriate manner. That's going to be a tough condition to fulfill if it's grabbing data from social platforms or blogs where, happily, users are under no particular obligation to tell the truth about themselves.
It's important to note that what Spokeo set out to do is not illegal; there just happen to be (alleged) problems with the way they went about it. Further reason for us all to be wary about what we post online, and to undertake regular checks on sites that claim to have information about us. Chances are it's false -- and you can bet it's for sale.
Brian, you're absolutely right that even an $800,000 fine is no real hardship for Spokeo. Here in southern California, the Air Quality Management District fines businesses $200 a day for exceeding allowed pollutant levels. Considering the cost of retrofitting equipment to meet regulations, most businesses just pay the daily fine, and write it off their taxes as a cost of doing business. Until the fines become large enough to make it economically unfeasible to continue operations, they will be ineffective. Spokeo needs to have that fine applied DAILY until they clean up their act. I don't think much of "hactivist" organizations like Anonymous or LOLSec, but there are things to be said for that kind of "frontier justice" in this case. Where is their fine sense of moral outrage when you need it?
Yes, privacy is an ongoing concern, with multiple moving targets and many more moving parts. It will probably be a few years before a reasonable approach to consumer privacy is achieved. In the meantime, we'll all be stuck on Spokeo et al.
This is, indeed, creepy and upsetting. I feel that opting out of being listed on Spokeo should be as easy as opting out of being listed in the White Pages. It seems much more involved than that -- as Kim points out, he took himself off and then found himself back on there.
So if this is creepy but not legal, maybe we need more than FTC fines here. We may need regulations, even though I very rarely want to see government intervene more than it already does when it comes to the Web.
You would expect Spokeo to have run those disclaimers by some lawyers, but the FTC seems to be saying that it's necessary to maintain reasonable accuracy in reports of this kind, under 607(b) of the FCRA, 15 U.S.C. § 1681e(b). To simplify, the FTC has determined that Spokeo is supplying "consumer reports" and there are laws governing what consumer reports must be.
"Disclaimer: we may be sending you rubbish information" doesn't cut it.
Part of the problem here is that, like any form of medium, if people see it, they believe it. They have this disclaimer at the bottom:
† All data offered is derived from public sources. Spokeo does not verify or evaluate each piece of data, and makes no warranties or guarantees about any of the information offered. Spokeo does not possess or have access to secure or private financial information. Spokeo is not a credit reporting agency and does not offer consumer reports. None of the information offered by Spokeo is to be considered for purposes of determining any entity or person's eligibility for credit, insurance, employment, housing, or for any other purposes covered under the FCRA.
Now, regardless of this very light gray statement, people will still use it for these things anyway. I had opted out when I first heard of it, but apparently they changed their privacy policy and no longer honor it, because I am in there.
The other thing that's creepy is that the most popular searches, as shown on their home page, is for celebrities. Stalkers Unite! You have yet another tool in your arsenal for not just celebrities, but anyone who is trying to track down someone who may not want to be tracked down by them.
Absolutely, Scott. Legal but icky. I recommend anyone going on Spokeo and putting in your email to see what info they have about you -- although you'll have to pay a fee to review more than the basics.
One of the big turnoffs for me personally is the listing by some "people finder" sites of relatives, ages, hometowns. It's eerie. Several deceased friends and relatives are included, which I find disturbing.
And like you, I am resigned to the fact that this is public information. But it insults me and depresses me to see it put to use this way, popping up on someone's screen like a listing of livestock. Strictly a gut level reaction of aversion.
Now I don't feel alone in having a distaste for Spokeo and other sites like it. I don't use its information and have been able to live without it so far.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
When David E. Sanger of The New York Times broke the news that the United States was responsible for the Stuxnet malware exploit against Iran's nuclear program, Senator John McCain accused the administration of deliberately leaking the story to enhance President Obama's national security record.
The Gamma Group's business of supplying surveillance technology exclusively for use by government agencies may be legitimate. But not when it poses as the popular, free, open-source web browser Firefox.
Yesterday's hack of the official Associated Press Twitter feed demonstrated the enormous risk attached to the platform's lazy, single factor approach to security.
Cybercriminals don't hesitate when they see an opportunity to spread malware. Not even when it means exploiting as horrific an event as the Boston Marathon bombing.
Michael Brutsch, a.k.a. Reddit's Violentacrez, is a creep who posted borderline kiddie porn to the Internet anonymously, and got fired when outed by a media outlet. It's a cautionary tale even for people who aren't jerks and predators.
The Murdoch/News International scandal has all the elements of the digital age, from phone-hacking through embarrassing emails to agile digital reporting.
Companies are still getting their feet wet with social networking and what employees should and shouldn't broadcast. But they don't always involve HR and PR. Here's why they should, and what they risk when they don't.
The US government is funding controversial projects to collect daily Internet activity, including Web searches, Twitter messages, Facebook and blog posts, and the digital location trails generated by billions of cellphones. Its goal is to map these interactions to predict social behavior, such as protests.
President Obama may soon earn the badge as "Mayor" of the White House, thanks to his joining the mobile check-in service, FourSquare. Let's all sigh in unison, shall we?
Facebook has brought about a world where people manufacture their personalities and live inside of Facebook rather than inside their own minds. This is very bad.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Email This
