Consumer Digital Touchpoints Online: It's messy

I asked everyone from Facebook to data brokers to Stan for my information. It got messy

It is almost impossible to understand your full Facebook data footprint. (Credit: ABC) 

It is almost impossible to understand your full Facebook data footprint. (Credit: ABC) 

28 April 2018

By technology reporter Ariel Bogle

Brands I've never heard of have my details.

Deciphering your Facebook data can be like leafing through a corporate-owned teen diary.

In 2007, one of my first comments was telling a friend she had a "fashionable mullet", but my online data footprint has exploded since then.

I downloaded my data from Facebook in an effort to understand how brands target me with personalised advertising — an activity that accounted for 98 per cent of the social giant's 2017 revenue.

Your name, age and location are the least of it. Every like, link and interaction can add to your profile, whether it's an inferred political preference — are you liberal or conservative? — or an interest in board games.

But as Wired has detailed, Facebook's data download provides an incomplete picture.

To fix that, I asked for my personal data (you can too, thanks to the Privacy Act) from everyone from data brokers to advertisers.

What did I find? That understanding who knows what about you online is a sisyphean undertaking. One that takes dozens of emails and almost one month.

What do data brokers know?

Ever heard of a data broker? If you haven't, that's no mistake.

"They rarely have a public presence," said Sacha Molitorisz, a digital privacy researcher at the University of Technology Sydney.

"My guess is there is an intuition somewhere there, that what they're doing might not be palatable to customers."

Data brokers are companies that may gather online and offline information — census data, surveys and purchase histories, for example — to create consumer profiles that they serve to advertisers.

In the market for a new car? An expectant mother? These are the types of insights they look for.

If advertisers want to reach these people, they can source special audience information from data brokers and target ads to them on Facebook.

This is allowed under Facebook's Partner Categories program, but after the Cambridge Analytica scandal, the company said it would be winding the option down.

A Facebook spokesperson said ad campaigns run this way would end by October 1, 2018.

For now, though, Facebook works with three providers in Australia: Quantium, Axciom and Experian.

I contacted all three and asked for my personal data. All three said they had nothing — but that's not the whole story.

How am I targeted?

Earlier this year I was served a Facebook ad for 100% Pure New Zealand. Facebook told me it was based on a dataset provided by the data analytics firm Quantium.

But if Quantium doesn't have my personal details, how does it target me?

The tourism ad was sent to two consumer segments — "outdoor enthusiasts" and "travellers" — a Quantium spokesperson said.

The company received de-identified purchase data, likely from Woolworths Rewards program, which was then used to create anonymous groups likely to purchase something based on their past shopping behaviour.

My de-identified data was probably in there. Then, apparently, Quantium matched it up with my de-identified data from Facebook.

"Publishers like Facebook de-identify their users' personal data utilising the same encryption algorithm used by Quantium," the Quantium spokesperson said.

"The de-identified data from both parties is passed into a secured anonymisation zone for matching purposes. This allows the two datasets to be matched without using any personal information."

In some cases, it gets more mysterious.

In Settings, Facebook lists the advertisers it says are running ads, using contact lists they uploaded to the platform.

Experian said it had no personal information about me, but Experian Data Quality is listed as having uploaded my contact information to Facebook.

A company spokesperson said it could not confirm why I was connected to Experian Data Quality.

"Based on the information you provided to us, we again confirm that Experian's Data Quality and Targeting (Marketing Services) in A/NZ does not hold any personal information on you," she wrote in an email.

Who else has your email?

Brands are only meant to upload contact lists to Facebook for advertising if they have permission to do so.

In the case of the video streaming service Stan, seeing its ad on Facebook made sense — I'm a subscriber, and apparently, I've watched the TV show Billions.

A Stan spokesperson said the ad I saw was intended to remind people "who may be fans of the show" that a new season was available.

It does this to highlight content the company thinks subscribers are interested in, using its internal analytics.

"We matched your encrypted email to data held by Facebook to facilitate the surfacing of that content," she added.

(I also asked for all my personal data from Stan, and the hours of television I've watched makes for a terrifying spreadsheet, by the way.)

 

The contact list mystery

But Stan is not the only brand that has my information.

As I write this article, there are more than 300 brands that Facebook lists as having my contact information — the majority of which I've never heard of.

There's a sushi restaurant in Perth, for example, called Tao Café. I've never visited.

I got in touch, and Tao Café office manager Annette Sparks was equally baffled about its appearance on my list.

But she said that the food delivery company Deliveroo ran ads on behalf of the company, and suggested that's how my contact details may have been bound up with the sushi venue.

So, onto Deliveroo.

While they couldn't discuss my personal situation, a spokesperson said Deliveroo does provide "marketing support" to its restaurant partners — essentially, it runs ads promoting them as part of the delivery service.

Did Deliveroo then share my email with cafes from Perth to Singapore? The company said no.

"Under no circumstances does Deliveroo share any customer details with restaurants or other third parties as part of these marketing campaigns," the spokesperson said.

I'm left none the wiser about why Tao Café was on the list — and there are other mysteries too.

According to Facebook's list, various American political candidates have my contact information.

As does the official Facebook page of the actress Kate Hudson.

What can I do?

Mark Zuckerberg has said Facebook users own their data, but it's an unusual kind of ownership.

Ownership feels largely meaningless when your data is scattered around the internet.

There is no one company to blame. The architecture of online advertising is set up this way.

"The issue is that in the digital space … personal data is very much sought after, and there are all [kinds of] different players who stand to benefit from access to that data," Mr Molitorisz said.

"There needs to be greater transparency with how our data is used."

This is the reality of surveillance capitalism, according to Professor Katina Michael, a privacy expert at the University of Wollongong.

Our data is a valuable commodity, and time is not on our side when it comes to understanding who wants it and where it's going.

"We don't measure it, we don't write it down like we do calorie-controlled diets," Professor Michael said. 

"We don't realise how much we're giving away."

Ariel Bogle, April 28, 2018, "I asked everyone from Facebook to data brokers to Stan for my information. It got messy", ABC Radio Nationalhttp://www.radioaustralia.net.au/international/2018-04-28/i-asked-everyone-from-facebook-to-data-brokers-to-stan-for-my-information-it-got-messy/1752610

Biometric data from driver's licences added to government database

your face used to track you by government.jpg

Your face is becoming the latest weapon in the world of digital surveillance, and the humble driver's licence looms as a game-changer in tracking individuals through both the real and virtual world.

Experts warn your biometric data may already be vulnerable to misuse by criminals and terrorists, as the proliferation of mobile cameras combined with social media and ubiquitous CCTV feeds mean we're caught on screen more than ever before.

Key points

  • Biometric data builds an online profile using your photo, age and address
  • This can then be matched against photos gathered from the internet or CCTV
  • The data can be used by government agencies, along with companies and criminals

Driver's licences will be added to the Commonwealth Government's already vast biometric databases after it struck an agreement with the states and territories, handing authorities access to an unprecedented level of information about citizens.

A system known as "the interoperability Hub" is already in place in Australia, allowing agencies to take an image from CCTV and other media and run it against a national database of passport pictures of Australian citizens — a process known as "The Capability".

But soon driver's licences will be added to the system, allowing both government and private entities to access your photo, age and address.

It is a $21 million system being sold as a way to tackle terrorism and make commercial services more secure.

But experts warn people now risk losing control of their biometric identity entirely as commercial interests, governments and organised crime gangs all move to capture more personal metadata for their own gain.

Driver's licences change the biometric game

Technology and legal expert Professor Katina Michael said about 50 per cent of the population already had some kind of visual biometric stored in a nationally-accessible database, but the inclusion of drivers licenses would see the proportion of Australians scooped up in the net swell to about 80 per cent.

She said one of the biggest risks of the collection of biometric data was not deliberate misuse by the AFP, ASIO or another government agency, but rather vulnerabilities in the way biometrics work.

Who can access your biometric data?

Document Verification Service (DVS) - government and private sector

  • Companies and government can run an identity document through a database to see if it matches information held on file, and that the document has not been revoked
  • Individual must consent before DVS used

Face Verification Service (FVS) - government and private sector

  • Enables a facial image of an individual to be compared against government records of that same individual, such as passports and drivers licences
  • Individual must consent or a legislative basis must be established to collect the information, and use must comply with the Privacy Act

Face Identification Service (FIS) - only law enforcement agencies can use

  • A facial image can be compared against multiple facial images held on a government database, including Australian citizens' passport photos and now driver's licences.
  • Multiple records of people who have a close match to the image are usually returned
  • An agency must have a legislative basis or authority to collect and use the information
  • Access is restricted to law enforcement agencies or those with national security related functions

"It's not like a one-on-one match, where you put (in) an individual's face and say: 'they're a suspect'," Professor Michael said.

"But rather what you get returned is a number of possibilities … you might get back 15, or 20, or 30, or 50 matches.

So you might have 50 innocent people being suspects, rather than the person that you're trying to catch

Professor Michael said this meant that while over time a person's name might be cleared, their data could remain in a database linked to a criminal investigation.

"And then I'm thinking, what happens to their level of innocence as time goes on, because they accidentally look like a minority group?" she said.

She said real criminals and terrorists would opt out of the system, choosing not to have passports and driver's licenses in a bid to escape the net.

"Of course, if you've done nothing wrong, the old adage says you're fine. But increasingly, we don't know if we're fine," she said.

The rise of 'uberveillance'

Professor Michael said modern surveillance methods employed by law enforcement were not just limited to CCTV — they now incorporated vast amounts of metadata and social media, leading to a concept known as "uberveillance" in which people were constantly monitored.

"What we have now are digital footprints that we all leave behind," she said.

"Phone call records, internet searches, credit cards and even the data on your electronic train or bus ticket can be used to track your movements and activity.

"It brings together all these various touchpoints, telecommunications records, travel data via tokens, facial recognition on federal databases, your tax file number … that's accessible depending on the level of crime and social media.

"You've got this very rich almost cradle-to-grave kind of data set that's following you."

We asked if you were concerned about driver's licenses being added to a biometric database.

 

Organised criminals want your identity

Stephen Wilson runs Lockstep Consulting, a Sydney-based firm which researches and tracks trends in biometrics in the corporate and government spheres, and advises clients on best-practice.

He said at the moment very secure biometric systems took quite a long time to process images accurately.

Problems arose when consumer convenience, such as being able to unlock a phone or access a bank account with a quick face or fingerprint scan, trumped security.

"No police force, no public service, no business is ever perfect, there is always going to be corrupt people," Mr Wilson said.

"The more exposure we have to electronic databases, the more exposure we have to biometric matching, it's only a matter of time before these bad actors succumb to temptation or they succumb to corruption and they wind up using these systems inappropriately."

Your biometric twin is out there

VIDEO: Professor says nothing to fear from federal driver's license database (ABC News)

Mr Wilson said biometrics were creeping into consumer services like bank accounts and online betting facilities, with customers asked to send a picture of their licence and a "selfie" that will be run through an identity matching service.

"The real risk is that bad actors will take people's photos, ask for a match, and get back a series of matches of people that are kind of like your biometric twin," he said.

"We've all got doppelgangers, we've all got people in public that look just like us.

"If you're trying to perpetrate a crime, if you're organised crime, and you're trying for example to produce a fake driver's licence, it's absolute gold for you to be able to come up with a list of photos that look like 'Steve Wilson'."

Technology companies like Apple and Samsung have championed the use of biometrics such as fingerprints, and this has taken a step further with facial recognition becoming more common thanks to the release of the iPhone X.

PHOTO: Apple's iPhone X has championed facial recognition technology. (Twitter: AppleEventos)

However Mr Wilson said a key difference was that information stayed on the phone, while banking and other commercial interests trying to use your biometrics to confirm your identity could be storing it on a server anywhere.

"Do you really want your photo, which is a pretty precious resource, sent off to a company perhaps on the other side of the world just so you can get a quick bank account or quick betting service set up?" he asked.

What will happen next?

An annual industry survey conducted by the Biometrics Institute, known as the Industry Trend Tracker, has nominated facial recognition as the biometric trend most likely to increase over the next few years.

Respondents believed privacy and data protection concerns were the biggest constraint on the market, followed by poor knowledge of decision makers, misinformation about biometrics and opposition from privacy advocates.

The Australian law reform commission says biometric systems increasingly are being used or contemplated by organisations, including in methadone programs, taxi booking services, ATMs and online banking, and access to buildings

Dr Michael said governments needed to be very cautious about how they applied this rich new source of data in the future.

She said governments were building these agreements between themselves and corporations in a bid to stamp out fraud, but that goal was not always achieved and the potential for mistakes was vast.

"What we have is this matching against datasets, trying to find the needle in the haystack," she said.

"Often what happens is we don't find the needle."

A statement from the Department of Home Affairs said the Australian Government was exploring making the Face Verification Service available to the private sector, but nothing had started at this point.

It said arrangements for private sector access would be informed by an independent privacy impact assessment and those using it would need to demonstrate their lawful basis to do so under the privacy act and where they had gained consent to use a person's image.

 

Source: Rebecca Trigger, January 15, 2018, "Experts sound alarm as biometric data from driver's licences added to government database", ABC News, http://www.abc.net.au/news/2018-01-15/alarm-raised-as-drivers-licences-added-to-government-database/9015484

Reprinted in The New Daily here: https://thenewdaily.com.au/news/national/2018/01/15/biometric-data-drivers-licences-government-database/

Furthermore, an interview with Professor Brian Lovell from the University of Queensland on the ABC further demystifies facial biometrics and the government's use of The Capability: http://www.abc.net.au/news/2018-01-15/professor-says-nothing-to-fear-from-federal/9330626

 

The Easy Hack To Boost Your Mental Health

"Cutting back on screen time can have mind-based benefits. “If Fitbits are the answer to improving our physical health, AntiSocial is the app for our mental health,” says online addiction expert Professor Katina Michael, from Wollongong University. “It exists to help people be mindful of their phone usage and hopefully it will encourage people to reflect on their personal goals and patterns of interaction with others in their physical surrounds.”

More here

Social Media Addiction: Unliking Facebook

"A wolf in sheep's clothing
Social media is presented as a fun, innovative and exciting technology we should give ourselves to because it's a major part of modern business and keeping up to date.
Social media addiction is a special area of interest for University of Wollongong technology lecturer Associate Professor Katina Michael.
She researches how emerging technology affects society and says we have created a 'look down' generation, where people are now obsessed with using social media on their smart phones.
But like anything that stimulates our brain to release feel-good chemicals, it needs to be kept in check, and when it doesn't, the consequences of this new technology are looking bad.
"Some of the implications are grave - some people have begun to link social media addiction with feelings of anxiety, depression and mental health issues," Associate Professor Michael says.
"It can trigger an obsessive compulsive disorder, but increasingly the social impacts on health have yet to be defined.
"We don't have names for the health implications yet because we're just starting to see the effects of it."
How to know when you're addicted?
You might be suffering from a social media addiction without even knowing it.
Katina Michael says you may be hooked if:
  • You get anxious when you wake up and feel pressure to access your social media accounts, and you do so while you're still in bed.
  • When you're not on Facebook, you're preoccupied with it even if you're not online.
  • You close the Facebook screen and instantaneously re-open it and not know why.
  • You hear social media notifications come through on your phone and act on them, even if you're in the middle of a conversation."

More here

Citation: Katina Michael with Justin Huntsdale, "Unliking Facebook - the social media addiction that has you by the throat", ABC Illawarrahttp://www.abc.net.au/local/stories/2015/01/23/4177043.htm

Secret criminal chat world of 'online underground'

Key Link

Authors

Katina MichaelUniversity of Wollongong
Rebecca BriceABC Radio
Dan DeFillipiWeb Designer
Glen McEwanAustralian Federal Police

Abstract

Fraudsters, hackers and other cyber criminals are taking to synchronous online messaging systems to communicate and even educate one another while evading police detection, according to an academic from the University of Wollongong.

MARK COLVIN: Law enforcement officials trying to crack cyber crime are increasingly focussing on what's known as the Deepnet, or the hidden web. That's the virtually untraceable level of the internet where many criminals communicate with each other.

An Australian academic says fraudsters, hackers and child pornographers don't just transact business on the Deepnet, they also use it as a sort of college of crime.

But there's an upside to the secrecy, as human rights organisations adopt similar approaches to expose abuses.

Rebecca Brice reports.

REBECCA BRICE: That online chatter is getting harder to police, according to Katina Michael, an associate professor from the University of Wollongong's School of Information Systems and Technology.

KATINA MICHAEL: Well since the mid 1990s, when the internet came about, criminals have sought new ways to communicate online. And they've done this using traditional things like newsgroups.

Some of the more way that they're getting to become undetected, however, is using things like internet relay chat. And internet relay chat allows for synchronous communications. That's communication which is not stored and you've got to be online to read and receive and send messages at any one point in time. So they're becoming increasingly elusive.

REBECCA BRICE: They use these methods, I presume, to avoid police?

KATINA MICHAEL: Yes they do. And because there's so much data out there, and because the communications are synchronous, it's very hard for police to actually detect these kinds of communications.

And the other thing is, they're actually not committing a particular crime sometimes by discussing certain elements of activities. They may not be saying that they've actually done it, but they are sharing details about, for example, ATM (automatic teller machine) machines or sharing information about skimming devices or technology.

REBECCA BRICE: Child pornographers use the same methods, she says.

Synchronous messaging is also being adopted by those reporting crimes.

Katina Michael.

KATINA MICHAEL: There are lots of human rights splinter organisations trying to use the same techniques to report on crimes against humanity.

REBECCA BRICE: And this is if they're going undercover to try to track human rights abuses, is that your understanding of how it's used?

KATINA MICHAEL: That's right. So they would necessarily go into an area of which they would wish to be undetected, perhaps do some first person interviewing, perhaps capture some video evidence or other proceeds and then go back and report on these in the first world.

MARK COLVIN: Associate professor Katina Michael from the University of Wollongong with Rebecca Brice.

Suggested Citation

Katina Michael, Rebecca Brice, Dan DeFillipi, and Glen McEwan. "Secret criminal chat world of 'online underground'" PM - News & Current Affairs Mar. 2013.

More here