Who's Been Trafficking in Your Data?

In the movie Enemy of the State, John Voight, playing an NSA official who suspects Will Smith's character of wrongdoing, says: "Let's get into his life." Through satellite technologies, communications monitoring, and active tracking devices, he proceeds to do just that. 

Even if you haven't angered the NSA lately, rest assured: Someone at this very moment is getting into your life too. Not some security official in the U.S. government, but someone in a publicly traded company whose activities are equally opaque to you. Our love of smart phones, mobile devices, and apps puts high-value data about us into the hands of legions of consumer marketers, and they're making the most of the opportunity.

Consumers generally don't understand the risks of having their personal data floating around out there. A recent legal case filed in Ireland offers a hint of what some of the dangers are. In the lawsuit, Facebook was accused of creating "shadow profiles" of nonusers. Social media members who seek long-lost friends sometimes leave traces of their searches on the sites, including email addresses of nonmembers and the contents of messages to those individuals. The concern is that these data might include unverified information about nonmembers' "political opinions, religious or philosophical beliefs, sexual orientation, and so forth." Facebook categorically denies that it creates profiles of nonusers. But you can easily imagine who might be interested in such information: Insurance companies, health care providers, employment agencies, even the government.

Consumers should be asking some serious questions: "Why am I being tracked?" "Who is tracking me?" and "What is happening to my data?"

The first question has a simple answer: Don't take it personally, but you're not a customer anymore. You've become a commodity, one of 7 billion datapoints on the planet. Your every activity, tracked and logged, has a potential value.

As for the second question, chances are you're being tracked by a lot of organizations, including telecom companies, credit agencies, search engines, major software firms, and probably several government agencies.

The answer to the third question depends on what kind of data we're talking about. You generate different types when you interact digitally with different kinds of organizations, from supermarkets to telecoms. Each data type follows its own route from you to a database and out into the marketplace. Take, for example, the data you create when you use an app on your smart phone to look up information about a movie. Your mobile operator processes the information and augments it with your demographic data before "irreversibly" anonymizing the information and putting the "aggregated" version — what's known as "unified census plus demographic data" — up for sale. These highly detailed, low-level data are valuable to a number of companies because they allow for analysis of what device and features you used, what apps and web sites you visited and for how long, and where you were (physically) at the time.

The major data-collection foci have evolved rapidly in recent years and today center upon telecommunication industry associations such as GSMA, whose membership includes more than 800 mobile operators worldwide, representing more than 5 billion consumer connections. GSMA is capable of providing subscribers' app, web, voice, usage, and personal data to analytics firms such as comScore, which sell analyses to clients.

That's a lot of connections and a lot of data. All this selling and reselling and aggregating and 

merging contribute to making the amount of data in circulation truly immense. The Economist estimates that information is being created at a compound growth rate of 60%, and data storage firm EMC says information is expected to grow 44 times over the next 10 years. According to a McKinsey study, Tesco alone generates more than 1.5 billion new items of data every month. Walmart's data warehouse now includes 2.5 petabytes of information.

Is there anything that a datapoint can do about all this?

You can always do what Gene Hackman's character in Enemy of the State calls disappearing off the web: Set up a false consumer ID, complete with false email name and false account name (the NSA calls this creating a "legend"). Or you can go even further, using pay-as-you-go phones with multiple SIM cards and conducting all of your transactions in cash. (Remember cash?)

But if setting up a legend strikes you as a bit extreme and you don't like the thought of missing out on the convenience that smart phones and the internet offer, here are some other thoughts:

• You can make the subject of data privacy part of the national conversation. Although the U.S. Senate has created a subcommittee on Privacy, Technology, and the Law, chaired by Al Franken of Minnesota, too few candidates face questions about where they stand on data use and other privacy issues. In the coming electoral season, find out the views of the people who want your vote and your check.

• Don't delete or throw away those messages from wireless carriers labeled "Important Update About How We Use Information." Read them. When the company says it will not share individual information, what it means is it will anonymize and aggregate the data before sharing it. But it's likely that the company will have the individualized data in a server somewhere. You can try emailing the CEO to ask the company to create a binding bidirectional "customer contract" or policy statement, but it would probably be more effective to simply go viral — start a Facebook page identifying the company and sign up "customers against data trafficking," urging all your contacts to join and stir up debate. Alternatively, you could just publicly voice objections at the next shareholder meeting where the press is present.

• Strongly consider opting out. In online notifications, the link to do this is usually at the very end. Apple, for example, states in its privacy disclosure that it may need to collect information including U.S. users' Social Security numbers, but it provides a way to opt out (http://oo.apple.com). Unfortunately, Apple doesn't say whether this action blocks the collection of app data by third parties or mobile operators. If you do opt out, follow up with an email to all your contacts on every social media platform you use, as well as to your favorite senator on the privacy subcommittee, saying how and why you chose to opt out.

It's abundantly clear that companies have come to value even the most mundane information generated by consumers. It's time consumers woke up to the value of maintaining control over that data.