Government Surveillance

Resources for Consumer Concerns about Privacy

This document provides links to surveys, news articles, reports, and other resources that touch on a variety of issues involving consumer concerns about privacy. Each link includes one or two highlights from that resource. The links are broken up into the following categories:

Privacy

[expand title=”(1) ADVERTISING”]

Study: Consumers Don’t Know What AdChoices Privacy Icon Is, Advertising Age, January 2014

  • Research from Parks Associates shows that only 6% of respondents were aware of what the Digital Advertising Alliance’s AdChoices icon was, up 1% over a two-year period
  • 27 % of those who noticed the icon, clicked on it, and did not opt-out, said they did not know they could opt-out of targeted advertising through the icon

http://adage.com/article/privacy-and-regulation/study-consumers-adchoices-privacy-icon/291374/

Consumers to online advertisers: No Tracking for Any Reason, Consumer Action, June 2013

  • More than half of respondents want the automatic default for their browsers to be “do not track.”

http://www.consumer-action.org/press/articles/no_tracking_for_any_reason

Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising, CMU CyLab Security and Privacy Institute, May 2012

  • Nine tools to limit online behavioral advertising were tested by forty-five participants.
  • The results show that users can’t distinguish between trackers, default settings were inappropriate for users interested in protecting their privacy, tools were ineffective in communicating their purpose and configuration, and most of the tools suffered from major usability flaws.

http://www.cylab.cmu.edu/research/techreports/2011/tr_cylab11017.html

How Companies Learn Your Secrets, the New York Times, February 2012

  • By tracking purchases of about twenty-five products via Guest ID numbers, Target’s Guest Marketing Analytics department was able to successfully target pregnant women.

http://www.nytimes.com/2012/02/19/magazine/shopping-habits.html?ref=general&src=me&pagewanted=all&_r=1

A Guide to the Digital Advertising Industry That’s Watching Your Every Click, the Atlantic, February 2012

  • Advertising strategies have moved away from reaching audiences via mass media to new strategies that aim to profile individuals based on clicks, swipes, etc., in order to deliver particular types of individuals, and increasingly particular individuals.
  • Individualized advertisements and discounts act as status signals; they alert people as to their social position. If you consistently get ads for low-priced cars, regional vacations, fast-food restaurants, and other products that reflect a lower-class status, your sense of the world’s opportunities may be narrower than that of someone who is feted with ads for national or international trips and luxury products.

http://www.theatlantic.com/technology/archive/2012/02/a-guide-to-the-digital-advertising-industry-thats-watching-your-every-click/252667/

 [/expand]

[expand title=”(2) ATTITUDES TOWARDS PRIVACY”]

Privacy and Information Sharing, Pew Research Center, January 2016

  • 54% of respondents found it acceptable for an employer to install surveillance cameras with facial recognition technology after a series of thefts; however, 55% found it unacceptable for a smart thermostat to monitor their movements around their home in exchange for savings on their energy bill.

http://www.pewinternet.org/files/2016/01/PI_2016.01.14_Privacy-and-Info-Sharing_FINAL.pdf

Survey: More Americans Worried About Data Privacy than Income, CBS News, January 2016

  • 89% of respondents avoid companies that they believe don’t protect their privacy.

http://www.cbsnews.com/news/truste-survey-more-americans-concerned-about-data-privacy-than-losing-income/

The Trade-Off Fallacy, the Annenberg School for Communication, June 2015

  • 91% of respondents disagree (77% of them strongly) that “If companies give me a discount, it is a fair exchange for them to collect information about me without my knowing.”
  • 65% of respondents do not know that the statement “When a website has a privacy policy, it means the site will not share my information with other websites and companies without my permission” is false.

https://www.asc.upenn.edu/sites/default/files/TradeoffFallacy_1.pdf

Privacy and Cybersecurity: Key Findings from Pew Research, Pew Research Center, January 2015

  • 64% of Americans believe that the government should do more to regulate advertisers.
  • 91% of Americans say that consumers have lost control over how personal information is collected and used by companies.

http://www.pewresearch.org/key-data-points/privacy/

Data Privacy is a Major Concern for Consumers, TRUSTe, January 2015

  • 45% of Americans and Brits say they think online privacy is more important than national security.
  • 92% of Americans worry to some degree about their privacy online.

http://www.truste.com/blog/2015/01/28/data-privacy-concern-consumers/

Online Holiday Shopping Survey, National Cyber Security Alliance, November 2016

  • 74% of respondents think it is “important” to “extremely important” that websites they use have easy to understand and accessible information about how their personal information is collected, how it is used, and with whom it is shared.
  • 25% have abandoned an online purchase because of a security or privacy concern, and the two top reasons were because too much information was being asked for in relationship to the transaction (47%) and the person couldn’t determine if the information was being handled securely (36%).
  • In the last month, 27% of respondents had updated their privacy settings on a social network and 21% had thoroughly read the terms and conditions of an app before downloading.
  • 22% were not confident that devices connected to the internet are safe and secure; only 12% were completely confident that they are.
  • The top two security or privacy measures that respondents would adopt around the “Internet of Things” were to change the password on the device before using it (47%) and try to understand what personal information the device collects, how it’s used and how it’s stored (45%).

https://staysafeonline.org/stay-safe-online/resources/ncsa-online-holiday-shopping-survey-results

[/expand]

[expand title=”(3) BIG DATA”]

How Apple Learns About You without Identifying You Using “Differential Privacy”, Digital Trends, June 2016

  • Apple’s iOS 10 will use on-device intelligence to accomplish many of the tasks that involve data analysis, and differential privacy to improve its services.

http://www.digitaltrends.com/mobile/apple-differential-privacy/

Concerns About What the Uber App Mines from Phones, KOB 4 News, May 2016

  • A complaint filed with the FTC urges an investigation into Uber’s use of customers’ location data.
  • In Uber’s privacy statement, users agree to allow Uber access to their location at all times, all phone contacts, payment methods, phone web history, and all text messages.

http://www.kob.com/investigative-news/concerns-about-what-the-uber-app-mines-from-phones/4150443/?cat=500#.V2QZwbnbLIV

Big Data is Watching: Growing Digital Data Surveillance of Consumers by ISPs and Other Leading Video Providers, Center for Digital Democracy, March 2016

  • With the acquisition of Millennial Media, Verizon gained access to customer data gathered by over sixty thousand apps that include location, social, interest, and contextual information.

https://www.democraticmedia.org/article/big-data-watching-growing-digital-data-surveillance-consumers-isps-and-other-leading-video

Big Data: Tool for Inclusion or Exclusion?, Federal Trade Commission, January 2016

  • When using big data, companies should consider how representative their data set is, if the data model accounts for biases, how accurate the predictions are, and if there are ethical or fairness concerns raised by relying on big data.

https://www.ftc.gov/system/files/documents/reports/big-data-tool-inclusion-or-exclusion-understanding-issues/160106big-data-rpt.pdf

Apps Permissions in the Google Play Store, Pew Research Center, November 2015

  • The average app asks for five permissions.

http://www.pewinternet.org/2015/11/10/apps-permissions-in-the-google-play-store/

Big Data Means Big Opportunities and Big Challenges, Center for Digital Democracy, March 2014

  • The shift to a digital and mobile services financial system could pose a threat to privacy as devices can collect both transactional and locational information.

http://www.centerfordigitaldemocracy.org/sites/default/files/USPIRGEFandCDDBigDataReportMar14_1.3web.pdf

Civil Rights Principles for the Era of Big Data, the Leadership Conference, 2014

  • Civil rights groups offer five principles to ensure the collection of data respects the values of equal opportunity and equal justice.

http://www.civilrights.org/press/2014/civil-rights-principles-big-data.html

[/expand]

[expand title=”(4) DATA BROKERS”]

Online Lead Generation: What You Need to Know to Protect Yourself from Companies in the Business of Secretly Selling You to Predatory Payday and Other Short-term Loan Companies, Center for Digital Democracy, May 2015

  • Lead generators earn profits by identifying “hot prospects” or those “in-market” for a loan, insurance, or credit product. Once identified, the “lead” is sold to one or more companies that will target that person for a payday loan, mortgage refinancing, college tuition loan, etc.
  • Lead companies rely on data brokers to provide “lead verification” services to determine your phone number and email address, as well as match where your online device is with your zip code.

https://www.democraticmedia.org/sites/default/files/field/public-files/2015/onlineleadgenreport_may2015_uspirgef_cdd.pdf

Big Data: A Big Disappointment for Scoring Consumer Credit Risk, National Consumer Law Center, March 2014

  • Fifteen employees at NCLC requested their consumer reports from eBureau, ID Analytics, Intelius, Spokeo, and Acxiom in an attempt to better understand the type of data collected, the accuracy of the data, and the ease in obtaining a consumer report. Reports were generally hard to obtain, contained a range of inaccuracies, and most contained very little information.

http://www.nclc.org/images/pdf/pr-reports/report-big-data.pdf

Privacy Tools: Opting Out from Data Brokers, ProPublica, January 2014

  • Of the 212 data brokers the author was able to identify, only 92 accepted opt-outs. Of those 92, 65 required submission of some form of identification in order to opt-out, and 24 required the opt-out forms to be sent by mail or fax.

https://www.propublica.org/article/privacy-tools-opting-out-from-data-brokers?utm_source=et&utm_medium=email&utm_campaign=dailynewsletter

A Review of the Data Broker Industry: Collection, Use, and Sale of Consumer Data for Marketing Purposes, United States Senate Committee on Commerce, Science, and Transportation, December 2013

  • The Committee found that some of the targeting products brokers offer identify financially vulnerable populations, including: “Living on Loans: Young Urban Single Parents”, “Rough Retirement: Small Town and Rural Seniors”, and “Rural and Barely Making It.”

https://www.commerce.senate.gov/public/_cache/files/0d2b3642-6221-4888-a631-08f2f255b577/AE5D72CBE7F44F5BFC846BECE22C875B.12.18.13-senate-commerce-committee-report-on-data-broker-industry.pdf

Acxiom Lets Consumers See Data it Collects, the New York Times, September 2013

  • In an attempt to be more transparent, major data broker Acxiom launched Aboutthedata.com to allow consumers to see some of the data the company has collected about them.
  • However, critics say that the new site omits major details about their data analysis practices, and does not offer a complete picture to consumers.

http://www.nytimes.com/2013/09/05/technology/acxiom-lets-consumers-see-data-it-collects.html?_r=0

[/expand]

[expand title=”(5) DATA SECURITY”]

Lack of Trust in Internet Privacy and Security May Deter Economic and Other Online Activities, National Telecommunications & Information Administration, May 2016

  • According to data collected by the U.S. Census Bureau, 63% of online households chose identity theft when asked if they had any online privacy and security concerns.

https://www.ntia.doc.gov/blog/2016/lack-trust-internet-privacy-and-security-may-deter-economic-and-other-online-activities

 Experian Sold Consumer Data to ID Theft Service, Krebs on Security, October 2013

  • An underground ID theft service acquired or sold more than half a million “fullz” by obtaining USInfoSearch.com records via third-party Court Ventures. Court Ventures was purchased by Experian in 2012.
  • “Fullz”, a slang term cybercrooks use, is a package of personally identifiable information that typically includes an individual’s name, address, Social Security number, date of birth, place of work, duration of work, state driver’s license number, mother’s maiden name, bank account number(s), bank routing number(s), email account(s) and other account passwords.

http://krebsonsecurity.com/2013/10/experian-sold-consumer-data-to-id-theft-service/

Privacy and Data Management on Mobile Devices, Pew Research Center, September 2012

  • 19% of cell owners have turned off the location tracking feature on their cell phone because they were concerned that other individuals or companies could access that information.
  • 32% of cell owners have cleared the browsing history or search history on their phone.

http://www.pewinternet.org/2012/09/05/privacy-and-data-management-on-mobile-devices/

[/expand]

[expand title=”(6) FACIAL RECOGNITION”]

The Danger of Corporate Facial Recognition Tech, Electronic Frontier Foundation, June 2016

  • Author of the proposed revision to the Illinois Biometric Privacy Law, one of the strongest privacy protections in the country, withdrew the bill in the face of opposition. The revision would have significantly reduced the protections afforded by the original bill.

https://www.eff.org/deeplinks/2016/06/danger-corporate-facial-recognition-tech

Facial Recognition Technology: Commercial Uses, Privacy Issues, and Applicable Federal Law, U.S. Government Accountability Office, July 2015

  • At present, use of facial recognition for customer service and marketing in the United States seems to be primarily for detecting characteristics (such as age or gender) to tailor digital advertising, rather than identifying unique individuals.

http://www.gao.gov/products/GAO-15-621

Who Owns Your Face?, the Atlantic, July 2015

  • Companies ability to use facial recognition online far exceeds their capabilities to use it offline, or “in the wild.”
  • Facebook’s algorithm can detect whether two images depict the same person accurately 97.25% of the time, while humans on average can do the same 97.5% of the time.

http://www.theatlantic.com/technology/archive/2015/07/how-good-facial-recognition-technology-government-regulation/397289/

Face Recognition and Privacy in the Age of Augmented Reality, Journal of Privacy and Confidentiality, 2014

  • In a series of experiments, researchers used facial recognition to re-identify individuals online and offline, and in some cases make sensitive inferences about the individuals including social security numbers and interests.

http://repository.cmu.edu/cgi/viewcontent.cgi?article=1122&context=jpc

[/expand]

[expand title=”(7) HEALTH CARE”]

Health Wearable Devices in the Big Data Era: Ensuring Privacy, Security, and Consumer Protection, Center for Digital Democracy, December 2016

  • Personal health wearable devices that consumers are using to monitor their heart rates, sleep patterns, calories, and even stress levels raise new privacy and security risks.
  • But while consumers may think that federal laws will protect their personal health information collected by wearables, the report found that the weak and fragmented health-privacy regulatory system fails to provide adequate safeguards.

→ https://www.democraticmedia.org/sites/default/files/field/public/2016/aucdd_wearablesreport_final121516.pdf

Health Care Apps Often Offer Little Privacy Protection: Study, HealthDay, March 2016

  • Researchers looked at 211 diabetes-specific apps available on Google Play and found that 80% did not have declared privacy policies, and permissions included tracking location, remotely activating a user’s microphone or camera, and modifying or deleting stored information.
  • There is no federal legal protections currently protecting the disclosure of health information from most medical apps, yet one-fifth of American smartphone users have medical apps.

https://consumer.healthday.com/health-technology-information-18/cellphone-health-news-729/healthcare-apps-offer-little-privacy-protection-708807.html

Your Prescription History is Their Business, Los Angeles Times, October 2013

  • Forty-eight states maintain databases that monitor prescription-drug use.
  • The service ScriptCheck provides profiles that not only includes a five-year history with detailed drug and insurance eligibility information, treating physicians, drug indications and pharmacy information, but often provides best guesses as to the person’s underlying medical condition.

http://www.latimes.com/business/la-fi-lazarus-20131022-column.html

When Your Data Wanders to Places You’ve Never Been, the New York Times, April 2013

  • A woman received a flyer for event for people with multiple sclerosis, yet did not have the disease.
  • In investigating how this woman was profiled as a MS patient, the reporter discovers that the woman’s information ended up in the hands of at least two companies who the woman never directly interacted with.

http://www.nytimes.com/2013/04/28/technology/personal-data-takes-a-winding-path-into-marketers-hands.html

[/expand]

[expand title=”(8) THE INTERNET OF THINGS”]

Self-driving Cars: Overlooking Data Privacy is a Car Crash Waiting to Happen, the Guardian, June 2016

  • Seven states plus the District of Columbia have enacted laws that address autonomous vehicles, but these laws focus on physical safety, and do not adequately address the privacy issues implicated with the constant real-time communication between users and the car, which could reveal details about users’ geolocation and driving habits.

https://www.theguardian.com/technology/2016/jun/08/self-driving-car-legislation-drones-data-security

Connection and Protection in the Digital Age, Consumers International, April 2016

  • The Internet of Things exacerbates existing issues such as lack of transparency and clarity, complex liability and responsibility, data collection and use, and security.
  • The Internet of Things also presents new issues involving hybrid products, the erosion of ownership, software licensing and digital rights management, and consumers being locked-in or locked-out of goods and services.

http://www.consumersinternational.org/media/1657273/connection-and-protection-the-internet-of-things-and-challenges-for-consumer-protection.pdf

Internet of Things: Privacy and Security in a Connected World, Federal Trade Commission, January 2015

  • Experts estimate that by the year 2020 there will be fifty billion connected devices.

https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

Online Holiday Shopping Survey, National Cyber Security Alliance, November 2016

  • 74% of respondents think it is “important” to “extremely important” that websites they use have easy to understand and accessible information about how their personal information is collected, how it is used, and with whom it is shared.
  • 25% have abandoned an online purchase because of a security or privacy concern, and the two top reasons were because too much information was being asked for in relationship to the transaction (47%) and the person couldn’t determine if the information was being handled securely (36%).
  • In the last month, 27% of respondents had updated their privacy settings on a social network and 21% had thoroughly read the terms and conditions of an app before downloading.
  • 22% were not confident that devices connected to the internet are safe and secure; only 12% were completely confident that they are.
  • The top two security or privacy measures that respondents would adopt around the “Internet of Things” were to change the password on the device before using it (47%) and try to understand what personal information the device collects, how it’s used and how it’s stored (45%).

https://staysafeonline.org/stay-safe-online/resources/ncsa-online-holiday-shopping-survey-results

[/expand]

[expand title=”(9) PERSONALIZED PRICING & DISCRIMINATION”]

Big Data is Coming for Your Purchase History:  to Charge You More Money, the Guardian, May 2015

  • Just having basic demographic information alone to charge different prices, Netflix increased profits by 0.14%. Adding data from web browsing history increased profits by 1.4%, with some customers paying twice as much as others for the exact same product.

http://www.theguardian.com/commentisfree/2015/may/29/big-data-purchase-history-charge-you-more-money

Big Data and Differential Pricing, Executive Office of the President of the United States, February 2015

  • Steering and differential pricing are common practices across websites, but for a relatively limited set of products, and little evidence of personalized pricing has been found.

Civil Rights, Big Data, and Our Algorithmic Future, Robinson + Yu, September 2014

  • Big data allows for a new level of specificity in underwriting, changing how risk is allocated. For example, when driving habits can be tracked via device by insurance companies to offer safe drivers discounts, they may end up increasing the cost for low-income drivers who consistently drive late at night for graveyard shifts because they are placed in the same smaller category of drivers as late-night party-goers and potential drunk drivers.

https://bigdata.fairness.io/wp-content/uploads/2014/11/Civil_Rights_Big_Data_and_Our_Algorithmic-Future_v1.1.pdf

The Scoring of America: How Secret Consumer Scores Threaten Your Privacy and Your Future, World Privacy Forum, April 2014

  • The use of consumer scores, often consisting of thousands of factors or consumer attributes, is increasing, and remains unregulated, making score secrecy and accuracy major issues.

https://www.worldprivacyforum.org/2014/04/wpf-report-the-scoring-of-america-how-secret-consumer-scores-threaten-your-privacy-and-your-future/

In the Digital Bullseye: Online Marketers Take Aim at Multicultural Consumers, Center for Digital Democracy, February 2013

  • While obesity among white children declines the higher their parents’ education and income levels, the same is not true for black and Hispanic children. A big contributing factor to this disparity is both higher media consumption by African-American and Hispanic children and their greater responsiveness to the advertising shown.

https://www.democraticmedia.org/sites/default/files/CDDDigitalBullseyeFeb2013.pdf

Websites Vary Prices, Deals Based on Users’ Information, the Wall Street Journal, December 2012

  • In testing Staples’ pricing, the Journal found that items often had more than one price online that varied by location.
  • ZIP Codes that mostly received discounted prices had an average weighted income of $59,900, while ZIP Codes that mostly received high prices had an average weighted income of $48,700.

http://www.wsj.com/news/articles/SB10001424127887323777204578189391813881534

[/expand]