Consumer Digital Touchpoints Online: It's messy

I asked everyone from Facebook to data brokers to Stan for my information. It got messy

It is almost impossible to understand your full Facebook data footprint. (Credit: ABC) 

It is almost impossible to understand your full Facebook data footprint. (Credit: ABC) 

28 April 2018

By technology reporter Ariel Bogle

Brands I've never heard of have my details.

Deciphering your Facebook data can be like leafing through a corporate-owned teen diary.

In 2007, one of my first comments was telling a friend she had a "fashionable mullet", but my online data footprint has exploded since then.

I downloaded my data from Facebook in an effort to understand how brands target me with personalised advertising — an activity that accounted for 98 per cent of the social giant's 2017 revenue.

Your name, age and location are the least of it. Every like, link and interaction can add to your profile, whether it's an inferred political preference — are you liberal or conservative? — or an interest in board games.

But as Wired has detailed, Facebook's data download provides an incomplete picture.

To fix that, I asked for my personal data (you can too, thanks to the Privacy Act) from everyone from data brokers to advertisers.

What did I find? That understanding who knows what about you online is a sisyphean undertaking. One that takes dozens of emails and almost one month.

What do data brokers know?

Ever heard of a data broker? If you haven't, that's no mistake.

"They rarely have a public presence," said Sacha Molitorisz, a digital privacy researcher at the University of Technology Sydney.

"My guess is there is an intuition somewhere there, that what they're doing might not be palatable to customers."

Data brokers are companies that may gather online and offline information — census data, surveys and purchase histories, for example — to create consumer profiles that they serve to advertisers.

In the market for a new car? An expectant mother? These are the types of insights they look for.

If advertisers want to reach these people, they can source special audience information from data brokers and target ads to them on Facebook.

This is allowed under Facebook's Partner Categories program, but after the Cambridge Analytica scandal, the company said it would be winding the option down.

A Facebook spokesperson said ad campaigns run this way would end by October 1, 2018.

For now, though, Facebook works with three providers in Australia: Quantium, Axciom and Experian.

I contacted all three and asked for my personal data. All three said they had nothing — but that's not the whole story.

How am I targeted?

Earlier this year I was served a Facebook ad for 100% Pure New Zealand. Facebook told me it was based on a dataset provided by the data analytics firm Quantium.

But if Quantium doesn't have my personal details, how does it target me?

The tourism ad was sent to two consumer segments — "outdoor enthusiasts" and "travellers" — a Quantium spokesperson said.

The company received de-identified purchase data, likely from Woolworths Rewards program, which was then used to create anonymous groups likely to purchase something based on their past shopping behaviour.

My de-identified data was probably in there. Then, apparently, Quantium matched it up with my de-identified data from Facebook.

"Publishers like Facebook de-identify their users' personal data utilising the same encryption algorithm used by Quantium," the Quantium spokesperson said.

"The de-identified data from both parties is passed into a secured anonymisation zone for matching purposes. This allows the two datasets to be matched without using any personal information."

In some cases, it gets more mysterious.

In Settings, Facebook lists the advertisers it says are running ads, using contact lists they uploaded to the platform.

Experian said it had no personal information about me, but Experian Data Quality is listed as having uploaded my contact information to Facebook.

A company spokesperson said it could not confirm why I was connected to Experian Data Quality.

"Based on the information you provided to us, we again confirm that Experian's Data Quality and Targeting (Marketing Services) in A/NZ does not hold any personal information on you," she wrote in an email.

Who else has your email?

Brands are only meant to upload contact lists to Facebook for advertising if they have permission to do so.

In the case of the video streaming service Stan, seeing its ad on Facebook made sense — I'm a subscriber, and apparently, I've watched the TV show Billions.

A Stan spokesperson said the ad I saw was intended to remind people "who may be fans of the show" that a new season was available.

It does this to highlight content the company thinks subscribers are interested in, using its internal analytics.

"We matched your encrypted email to data held by Facebook to facilitate the surfacing of that content," she added.

(I also asked for all my personal data from Stan, and the hours of television I've watched makes for a terrifying spreadsheet, by the way.)

 

The contact list mystery

But Stan is not the only brand that has my information.

As I write this article, there are more than 300 brands that Facebook lists as having my contact information — the majority of which I've never heard of.

There's a sushi restaurant in Perth, for example, called Tao Café. I've never visited.

I got in touch, and Tao Café office manager Annette Sparks was equally baffled about its appearance on my list.

But she said that the food delivery company Deliveroo ran ads on behalf of the company, and suggested that's how my contact details may have been bound up with the sushi venue.

So, onto Deliveroo.

While they couldn't discuss my personal situation, a spokesperson said Deliveroo does provide "marketing support" to its restaurant partners — essentially, it runs ads promoting them as part of the delivery service.

Did Deliveroo then share my email with cafes from Perth to Singapore? The company said no.

"Under no circumstances does Deliveroo share any customer details with restaurants or other third parties as part of these marketing campaigns," the spokesperson said.

I'm left none the wiser about why Tao Café was on the list — and there are other mysteries too.

According to Facebook's list, various American political candidates have my contact information.

As does the official Facebook page of the actress Kate Hudson.

What can I do?

Mark Zuckerberg has said Facebook users own their data, but it's an unusual kind of ownership.

Ownership feels largely meaningless when your data is scattered around the internet.

There is no one company to blame. The architecture of online advertising is set up this way.

"The issue is that in the digital space … personal data is very much sought after, and there are all [kinds of] different players who stand to benefit from access to that data," Mr Molitorisz said.

"There needs to be greater transparency with how our data is used."

This is the reality of surveillance capitalism, according to Professor Katina Michael, a privacy expert at the University of Wollongong.

Our data is a valuable commodity, and time is not on our side when it comes to understanding who wants it and where it's going.

"We don't measure it, we don't write it down like we do calorie-controlled diets," Professor Michael said. 

"We don't realise how much we're giving away."

Ariel Bogle, April 28, 2018, "I asked everyone from Facebook to data brokers to Stan for my information. It got messy", ABC Radio Nationalhttp://www.radioaustralia.net.au/international/2018-04-28/i-asked-everyone-from-facebook-to-data-brokers-to-stan-for-my-information-it-got-messy/1752610

Is it the end of privacy?

east side.png

Citation: Katina Michael with Eric Gyors, March 28, 2018, "Is it the end of privacy?", EPISODE: Wednesday Drive – 4:00pm 28th Mar 2018https://eastsidefm.org/episodes/wednesday-drive-400pm-28th-mar-2018/

 

Now that Facebook have acknowledged "mistakes", what's next?

abcnews.png

Citation: Katina Michael with Joe O'Brien, "Now that Facebook have acknowledged "mistakes", what's next?" ABC 24 hrs: Mornings with Joe O'Brien, channel 24, 11am-11.12am.

obrien.jpg

Joe O'Brien is the host of ABC News 24's morning news program and was previously co-host on ABC News Breakfast. Joe has more than 20 years experience in journalism and has been with the ABC since 1995. He presented the 7pm ABC News programs in both Queensland and New South Wales, and regularly presented the national Midday Report on ABC TV. Joe's extensive reporting experience covers everything from drought and floods to sport and politics. He was first based for the ABC in Rockhampton, and then in Brisbane as a reporter and presenter. Follow @JoeABCNews

Psychometrics, big data, data-driven approaches, microtargetting, and you

The damning evidence is mounting on CA. Today it was announced that CEO Alexander Nix has been suspended from his position given a Channel 4, UK covert sting recording.

Citation: Katina Michael with Cassie McCullagh, March 21, 2018, "Psychometrics, big data, data-driven approaches, microtargetting, and you", ABC Sydney Radio: FOCUS: http://www.abc.net.au/radio/sydney/programs/focus/focus/9549448

Facial recognition: Feature creep may impose government's software in our lives, expert warns

It's known as 'The Capability' — government facial recognition software to match CCTV footage to passport photos. But new measures to give it access to drivers' licences have surveillance experts worried about what might come next.

Instant facial recognition software used for counter-terrorism could be used on the general public one day if the rules around the use of the software keep changing, a surveillance expert warns.

The ACT Government had this same concern with — though it has still signed on to the changes.

The territory's Attorney-General, Gordon Ramsay, said the ACT Government would continue negotiations on the biometric capability of the facial recognition software, known as The Capability, which matches faces from CCTV footage to passports — and with them, all of a person's associated data.

COAG has agreed to add drivers' licences to that system, and to speed up the week-long process, making The Capability instant.

But the ACT has asked for assurances that data will only be used outside of counter-terrorism when the Capability returns a perfect match.

It was the only jurisdiction that raised privacy concerns .

"One of the things that we would always be looking to is the access and the way that information can be used, they will be part of the ongoing negotiations," Mr Ramsay said.

'Before we know it…': worries over feature creep

But surveillance expert Professor Katina Michael pointed to an established trend of technology creeping up in scope and said The Capability would be no exception.

She expected the system to slide down a slippery slope of privacy erosion, eventually being used for petty crime, civil cases and a whole range of purposes unrelated to terrorism.

"It's a farce," she said.

"Before we know it'll be used for breath tests and speeding, it will be used to open a bank account … licences are our primary ID — so does that mean everywhere we've been using them for identity, all the clubs and pubs, will have access to it?

"Even car insurance — [people will think] 'we are using it for drivers' licences, maybe we should also use it for third-party compulsory insurance. And then we need it for health insurance'."

Your face 'may end up on some third-party selling list'

Ms Michael was equally concerned about systematic errors causing potential mistaken identities and leading to people being wrongly accused or suspected of crime.

"It's not going to take long for these systems to be hacked, no matter what security you have in place and once it's hacked, that's it — everyone's facial images will end up on some third-party selling list and possibly on the internet for accessibility."

"Yeah, people put photos on Facebook, but not in that kind of systematic, calculated way.

"Some Australian citizens are going to be completely freaked out."

Fergus Hanson, head of cyber policy at the Australian Strategic Policy Institute, said Australians needed to think about where the "guard rails" around privacy should be.

"I think we can all agree that it's useful to use systems like this to track down terrorists or to track down murderers, [but] what happens when we start having more minor crimes being prosecuted and people arrested using this same technology?" Mr Hanson said.

"Would we be OK for example with the Government using that technology to track down someone who hadn't paid a parking fine?

"DNA testing, originally that was a very niche capability that developed, and now it's run of the mill technology that you would run for lots of different crime types."

Mr Hanson said the public needs to consider who ought to own personal data, and how it might be used in the future.

"You don't have to go very far back in history to appreciate why privacy is important, and the constraints that need to be there around states in terms of how they exercise their authority," he said.At the COAG National Security Summit, .

ACT Chief Minister Andrew Barr said "it is more perhaps in sorrow than in anger" that the heightened terrorism threats facing Australia had sparked the need for harsher measures.

"Nonetheless, all jurisdictions have signed up today and it reflects the need for a joined up and collective response to difficult issues," Mr Barr said.

"But to do so within the framework of a Human Rights Act that we have in the ACT has required us to work closely with the Commonwealth to achieve the outcome.

"And I want to acknowledge that that has been achieved, and that's an important thing for residents in the ACT."

Citation: Jake Evans and Clare Sibthorpe, October 5, 2017, "Facial recognition: Feature creep may impose government's software in our lives, expert warns", Australian Broadcasting Corporation News.