It is no secret that many large tech corporations harvest the data of their users, whether to sell it to advertisers or to target their services more specifically. But how do they accomplish this? What privacy concerns can arise? What should we do to resolve these issues?
One of the most well-known and profitable reasons for data collection is targeted advertising. Everything from search results, links you click, your location, age, gender, sexual orientation, etc. are monitored by “Artificial Intelligences” in order to give you advertisements that you are most likely to be interested in. It is important to mention that this information is not generally reviewed by actual people, that would simply be inefficient.
Even so, some people have argued that corporations should not have access to this extremely sensitive information. On the other hand, the advertisements given to users are more likely to be relevant and interesting to said users.
The methods used to harvest this information is even more controversial. The “cookies” that many websites will request to use are a type of software used to gather information about that user. This can be used for anything from automatically logging in a user when they revisit a webpage to collecting data on what websites they visit to send to advertisers. If the user desires, they can always simply delete or opt out of their cookies if they would prefer not to have this information saved.
However, there are many types of cookies, one of which is known as the “zombie cookie” These cookies are designed to recreate themselves even after being deleted, and can also appear even when a particular person has opted out of cookies, due to their difference from regular cookies.
These cookies have been the subject of numerous controversies, one of which was a lawsuit in 2017 against Verizon. A company known as TURN had been hiding zombie cookies in Verizon mobile devices. However, TURN claims to have stopped using these zombie cookies. In 2011, a similar incident occurred involving Microsoft where they only ended their use of this type of cookie once it was made public. It is rather concerning that these companies only feel it is necessary to end the use of this software once they face public outcry.
Some people and organizations promote legislation to limit all forms of targeted advertising, and the data collection that comes with that. The charity Privacy International has been involved in legal action with the intent of promoting privacy rights for consumers. They believe that data collection should be solely consensual. A survey in 2012 also found that the majority of Americans are against targeted advertising.
Marie Kacmarek, an online security professional based in the Bay Area, said that she also supports legislation to ensure data privacy, but also has concerns about the implementation of such a system. Saying that corporations are “like hackers” in that they will always try and find ways to evade whatever protections are put in place. “Data is going to be collected.”
She also mentioned that limiting data collection too much could harm the consumer experience. She used the example of a bank using data collected from a customer to give them rewards and benefits based on factors like good credit and a history with the company.
What Kacmarek seemed more interested in in terms of legislation is ensuring that companies keep the data they collect private, and out of the hands of bad actors. “Companies need to have better security practices.” she said. “They need to be more accountable to laws and regulations to make sure that customer data is more protected.”
During the past year of lockdowns, some data tracking software has actually been used by governments to track the movements of people and adjust their lockdown rules accordingly. Here in California, the state government used tracking data to monitor beach traffic and increased restrictions after learning they were becoming too crowded. Kacmarek said that, in her opinion, this was “overreach” on the part of the government, though it was difficult to say due to the lives potentially saved by this decision.
Another, perhaps more insidious case of location tracking involving the US government was unearthed in November of last year. Allegedly, location tracking software in an app known as Muslim Pro, an app where Muslims had been selling location data to US Military Intelligence. Muslim Pro removed the software after a predictable public outcry.
The following month, the company behind the location tracking software, X-Mode Social, was forced by Apple and Google to remove the software from all applications involved with X-Mode. Once again we see a company happily selling users’ data without permission right up to the point they are forced to stop due to newfound public awareness.
We should live in a society where massive public outcry is not necessary to make corporations do the right thing. While it may not be possible, or even necessary to totally stop corporations from gathering the potentially sensitive information of their customers, it is at least achievable to ensure that these methods involve the informed consent of the user and the assurance of privacy on part of the company.