Data Brokers - What They Know About You and How to Take Back Control of Your Privacy

· 6 min read
Data Brokers - What They Know About You and How to Take Back Control of Your Privacy
Photo by Claudio Schwarz / Unsplash

Data brokers operate in the shadows, amassing troves of personal information about individuals and families. But who are these unseen entities, and just how much do they know?

Understanding Data Brokers

Data brokers gather this information from a variety of public and private sources using methods like purchasing datasets, scraping social media, employing third-party trackers, and harnessing artificial intelligence to infer additional personal details.

Once collected, data brokers enhance and analyze this raw information using advanced profiling techniques. They organize it all into detailed digital dossiers containing both factual records and inferred attributes about each person. These detailed profiles are then resold for various purposes to other companies, government agencies, and other entities.

The Masters of Surveillance

One of the largest data brokers is LexisNexis, a division of Reed Elsevier. Through products like their Accurint database, LexisNexis compiles data on over 276 million Americans pulled from 84 billion records - an average of over 300 pieces of information for each individual.

But their databases don't just pull from public records. LexisNexis extracts information from an extensive web of both public and private sector sources. This includes government databases containing details such as vehicle ownership, firearm registrations, employment histories, accident/investigation reports, criminal records and more.

Using advanced analytics, LexisNexis constructs sprawling webs of relationships and attributes for each person. Their dossiers reveal intimate financial behaviors and extensive logs of addresses, phone numbers, email addresses - even social media accounts. Through partnership integration, they maintain surveillance ecosystems encompassing co-workers, friends, family networks and beyond.

Tools like Accurint grant users the power to excavate into people's entire existence - current residential addresses alongside every place they've ever lived cross-referenced with names, numbers and details of former/current neighbors, co-workers and extended circles of affiliation. Nothing seems off limits for inclusion in these digital panopticons portraying every facet of individuals' private lives.

Who Has Access to This Data

LexisNexis openly advertises access to Accurint for purposes like identity verification, fraud prevention, people search, and "risk assessment". However, this data is also readily available to a wide range of commercial and government entities who can search through our private lives with little oversight:

  • Law enforcement: Over 4,000 agencies rely on Accurint for warrantless surveillance and investigations.
  • Insurance companies: They use it for underwriting, customer screening, and more.
  • Banks and other financial institutions: For matters like loan approvals, account verification, and debt collection.
  • Private investigators and collection agencies: They leverage Accurint to locate people and assets.
  • Attorneys: For background checks on clients, witnesses, juries, etc.
  • Researchers and Marketing firms: They purchase personal data for profiling consumers.

There is little transparency into who exactly has access internationally and whether access is restricted for certain governments or if data is properly safeguarded from abuse. This creates scenarios where Constitutional protections against warrantless surveillance are easily circumvented.

How Data is Harvested

One pretext used by data brokers is that individuals voluntarily surrender some data, agreeing to opaque terms without understanding ensuing consequences. However, the reality is far more insidious. Companies systematically mislead consumers and obscure data practices that would be considered illegal if engaged in without meaningful consent.

Many businesses conceal their true harvesting scope within lengthy terms of service employing legalese that they know people will not read. Metadata is scraped and histories inferred without explicit permissions. Location data and relationship mapping harvests occur in the background during ordinary app use. Consumers remain mostly unaware of the extent and sensitivity of information being amassed due to deliberate obfuscation.

If ordinary individuals engaged in the same behavior of wide-scale collection from unwitting people, it would likely qualify as criminal hacking. Yet for data brokers and their commercial partners, these nonconsensual practices are normalized and face little regulation despite enabling a "tyranny" of invisible surveillance over everyday lives.

Data brokers try to claim that collecting our data is justified since we voluntarily provide information or agree to overly broad privacy policies. However, the realities of data harvesting are far more insidious:

  • Companies deliberately hide the extent of their data collection practices in long, complex legal documents.
  • Privacy policies are purposefully written to be incomprehensible to most users.
  • People are often unaware of secondary data use and sharing with third parties.
  • Important information is buried in multiple subpages or links designed to discourage readers.
  • "Consent" obtained through confusing or misleading disclosures is not valid consent.

Additionally, individuals have little ability to opt-out of data collection once their information exists in brokers' databases. Our data footprint grows daily from services and devices, often without transparency. If an ordinary person engaged in similar data collection behavior, it would likely constitute criminal hacking charges.

Enabling Unchecked Government Surveillance

Troublingly, LexisNexis provides access to this immense surveillance infrastructure to over 4,000 US law enforcement agencies who purchase millions of reports annually. Yet access to these commercial databases allows law enforcement to obtain information without subpoenas or warrants that would normally be required by Constitutional protections against unwarranted searches.

A recent class action lawsuit against LexisNexis argues their tools enable the government to bypass checks and balances meant to safeguard individuals from mass warrantless surveillance. With a few clicks, authorities can mine troves of sensitive financial, familial and locational records on any citizen completely unconstrained by typical legal procedures.

Opacity and a Lack of Safeguards

While government access to personal data presents clear civil liberties issues, data brokers also sell access widely with few constraints. LexisNexis markets their surveillance capabilities to insurers, banks, debt collectors, private investigators and more with opaque policies on access restrictions and audit procedures.

There is no transparency into whether access is limited based on geography or screened for potential misuse and human rights concerns. Individuals have no means to opt-out or right of erasure. The power these dossiers represent in malicious or incompetent hands is troubling given lack of safeguards around their dissemination and use.

Impact On Individual Privacy and Autonomy

The accumulation and sharing of such sensitive personally identifiable information without restraint enables serious privacy violations and risks of digital tracking, profiling, discrimination and more. It undermines individual autonomy by eroding citizens' ability to live freely without constant monitoring by unseen entities.

Moreover, data brokers exercise control and influence over how personal details are represented and used with little consumer recourse even as these digital profiles profoundly impact peoples' lives, liberties and life opportunities. Disputing inaccuracies is nearly impossible and individuals remain powerless passengers along for the ride of their own dossier's dissemination.

Case Study: Accurint's Disturbing Surveillance Powers

To illustrate just how deeply privacy is invaded through these commercial databases, consider Accurint, one of LexisNexis's flagship tools providing a salient case study.

According to old marketing, Accurint allows users to "instantly find people and their assets and associates and relatives and more" while boasting "the world's largest set of location data" searchable for pennies.

When research associate Meghan Koushik ran a search on herself in 2014, she was stunned by the results. Accurint exposed every address, phone number, email and purported relationship associated with Koushik stretching back over a decade - including specific details like her former college mailbox and the current names/numbers connected to family homes. It listed financial particulars such as sale prices and mortgage records for each residence despite her limited online presence and absence of a driver's license.

This level of intrusion occurred over half a lifetime ago and data collection has proliferated exponentially since. Tools like Accurint now paint disturbingly comprehensive portraits of individuals through omnipresent digital threads harvested without consent or oversight. They lay bare hidden ecosystems of links aggregating official identities with social networks, anonymous accounts and inferred extrapolations about relationships, activities and privacy-sensitive behaviors.

Recommendations and Tools for Taking Back Control

While legislation aims to curb data abuses, enforcement remains inconsistent and subjects of dossiers currently exercise little power over their proliferation and use. However, there are meaningful steps consumers can take to proactively protect privacy and assert more control in the digital realm:

  • Educate yourself and others. Raise awareness of surreptitious data collection and deceptive practices used to obscure harvesting.
  • Safeguard online interactions. Deploy privacy-focused browsers, search engines, and security plugins, encrypted messengers, use alterative platforms avoiding unnecessary data exchanges.
  • Limit sharing and opt-out when possible. Restrict permissions, use privacy-first services transparent about practices, remove inclusion from people databases.
  • Lobby for policy reform. Contact representatives advocating EU-style privacy protections, restricting law enforcement database access, and strengthening individual data rights like opt-out, amendment and erasure.
  • Support privacy non-profits. Donate time or funds to organizations pursuing policy solutions, auditing companies, and litigating to curb abuses while shifting public attitudes towards valuing online civil liberties.
  • File "right to be forgotten" requests to remove your data from brokers when possible.
  • Use End to End Encrypted technology whenever possible - From Encrypted Messaging Apps, Storage options and any other software you use. This reduces greatly the ability of data brokers to tap into and read your information.

While privacy issues stem from both corporate deception and government overreach, individuals have power to enact change through strategic choices:

Taking Back Our Privacy Rights

The normalization of constant commercial and agency surveillance — enabled through hidden information dissemination without consent — poses a grave societal challenge. While laws aim to curb excess, determined organizations still find covert means skirting rules when unrestricted data collection serves their perceived needs.

Individual efforts thus become essential to counter this threat. By making proactive choices aligned with privacy and limiting what we store online, we can push back against the erosion of our basic rights and freedoms facing the digital era. Our future remains unwritten, and determined public vigilance in protecting online autonomy may help steer toward a world valuing privacy as a human right rather than a convenience to disable.

The power ultimately resides with an informed public willing to join this fight by selectively adopting privacy-friendly technologies and raising awareness of deceptive practices eroding our agency over sensitive personal details. With widespread participation, the balance may yet swing back toward self-determination and away from a normalized surveillance state if we collectively reassert control over our digits imprints. Our most private aspects should remain ours to share — or not — by personal decision rather than business profit models or agencies' watchlists. This fight has only just begun.

## Convertkit Newsletter