Google, Facebook Ask NSA to Back OffChris Strohm and Jordan Robertson
Google Inc., Facebook Inc. and other Internet companies expressing outrage over the National Security Agency intercepting their users’ data pioneered mining information about customers, sometimes without their knowledge.
Whether it’s Google’s Android smartphone, Apple Inc.’s iPhone, Yahoo! Inc.’s Internet search engine or Facebook’s social-media website, Silicon Valley now relies on capturing and analyzing information about users’ Internet habits, locations and social media postings, some of the very information the NSA gathers. The companies profit by sending people information about products they’re most likely to buy.
Companies such as Yahoo have said the NSA programs will lead to country-by-country Internet rules and damage their prospects abroad. The indignation isn’t credible when the companies make money from their users’ data, said Jeffrey Chester, executive director of the Center for Digital Democracy in Washington.
“They’re the biggest bunch of hypocrites on the planet,” Chester said in a phone interview. “It’s a brilliant PR move on their part that they’ve been able to shift the focus away from themselves and point to the government as creating a privacy problem.”
Each piece of data a person shares online has measurable value to the companies that collect it and marketing firms that use it, helping to build an industry that generated $156 billion in revenue in 2012, according to the New York-based Direct Marketing Association. That’s more than twice the size of the budget for U.S. intelligence agencies.
Facebook, Google, Apple and Yahoo were among 15 technology companies that asked President Barack Obama Dec. 17 to restrain spy programs exposed by former NSA contractor Edward Snowden and let them disclose the extent of government prying into their data. The agency has defended its data gathering as essential to national security.
The NSA has tapped fiber-optic cables abroad to siphon data from Google and Yahoo, circumvented or cracked encryption, and covertly introduced weaknesses and back doors into coding, according to reports in the Washington Post, the New York Times and the U.K.’s Guardian newspaper based on documents leaked by Snowden.
The technology companies’ response to those reports revolves around a business calculation: information they receive for free from users has a tangible value, because targeted advertising sells more products. They risk receiving less information if users move elsewhere.
A presidential review panel agreed this week with the companies’ assertions that the secrecy may cost them business if users think their communications aren’t secure.
“Data is one of the most important assets that these companies have, and companies protect their assets zealously,” said Jim Brock, a former Yahoo executive and co-creator of PrivacyFix, a program that monitors Internet tracking, in a phone interview.
PrivacyFix users get real-time estimates of the monetary value of the personal data they share, derived from factors such as the number of searches they’ve performed on Google or the number of ’likes’ and photos they’ve posted on Facebook.
For users of Menlo Park, California-based Facebook, the least anyone can be worth is $1.65. That value may correspond to a male user outside the U.S., Asia or Europe, who has few friends and posts infrequently, according to PrivacyFix calculations.
The most a user could be worth is $27.62, which corresponds to a female user from the U.S. who has more than 250 friends and posts more than 150 times a month. Facebook has around 1.2 billion users.
“It’s very healthy for people to understand that their data has value and this value exchange is a two-way street,” Brock said.
The hundreds of millions of people who have accounts with Cupertino, California-based Apple generate $95 of free cash flow per person for the company, significantly more than users of Facebook, Amazon.com Inc. and eBay Inc., Morgan Stanley analyst Katy Huberty wrote in a research note in June.
Some data collection happens with users’ explicit awareness, given in such tasks as signing up for a Gmail account or clicking on an ad in Facebook.
It also occurs in indirect ways, such as viewing pages on websites that have no advertised connection to Internet companies, yet share data on users’ habits with them through profit-sharing marketing arrangements.
The use of tracking cookies -- small bits of computer code that are implanted in people’s Internet browsers when they visit a website -- allows companies to continuously update dossiers of users’ behavior, even when they’re not on the companies’ own websites or not logged in to the services.
While Mountain View, California-based Google makes more money from ads on its own sites -- because there’s no one to share the profits with -- ads on the Google Network of affiliate sites brought in $12.5 billion in 2012, 29 percent of the company’s ad revenue, according to its latest annual report.
The tracking is difficult to stop. While clearing all cookies from a browser is easy, they’re placed again the next time the user logs into a service such as Google or Facebook or visits sites affiliated with them.
Many websites require Internet users to have cookies enabled to access their pages. “One cannot really opt out,” Chester said. “Are you going to use the highway or rely on dirt roads?”
The companies say their privacy policies tell users what data is collected and how it’s used. They say they allow users to opt out from being tracked by disabling cookies that monitor websites viewed.
“Our privacy statements and principles demonstrate how we strive to use people’s data responsibly, be transparent about our privacy practices and offer meaningful privacy choices,” Adrienne Hall, general manager for trustworthy computing at Redmond, Washington-based Microsoft Corp., said in an e-mailed statement.
Uses for the information include customizing advertising and content, fulfilling requests for products and services, and providing “anonymous reporting for internal and external clients,” the policy states.
Sarah Meron, spokeswoman for Sunnyvale, California-based Yahoo, declined to comment other than to refer to the privacy statement.
Studies published this year and last year by researchers at Carnegie Mellon University in Pittsburgh found users may not be considering all privacy implications when they download applications on their smartphones.
“Alarmingly, we find that people are unaware of the security risks associated with mobile apps and believe that app marketplaces test and reject applications,” according to one of the studies. “In sum, users are not currently well prepared to make informed privacy and security decisions around installing applications.”
The value of the data transcends what the Internet companies by themselves can do with it.
Acxiom Corp., a data brokerage company based in Little Rock, Arkansas, works with companies including Facebook to match user data with offline information such as retail loyalty-card purchases, to analyze ads’ effectiveness.
“Large technology firms are a key client industry for Acxiom,” Jennifer Barrett Glasgow, global privacy and public policy executive for the company, said in an e-mail. “We sell them our products and services and partner to help advertisers place ads on their sites, but we don’t get any of their data for our own use.”
Glasgow said she takes issue with accusations that the technology companies erode privacy.
“Tech companies work very hard at offering consumers all kinds of choices to satisfy all views on privacy, not just the most conservative,” she said.
Consumers probably have little understanding about how their information is used by data brokerages like Acxiom, said Adi Kamdar, a privacy activist with the digital rights group Electronic Frontier Foundation in San Francisco.
“Data aggregators have large profiles of individuals and yet consumers have no idea they exist,” Kamdar said.
Data brokers segment Americans into categories based on their incomes, including categories labeled as “Rural and Barely Making It,” and “Ethnic Second-City Strugglers,” according to the findings of an investigation released Dec. 18 by the Senate Commerce Committee.
Google’s acquisition of flight-information firm ITA Software Inc. in 2011 gave it a trove of travel data to incorporate into users’ profiles. When Facebook more than $700 million for Instagram Inc. last year, it got access to 55 million posted images a day. That may allow it to sharpen facial-recognition technology for future use in developing personalized advertising.
Even Apple, while saying it doesn’t amass personal information about its customers, is intensifying its data-mining efforts. The company’s purchase of social-media analytics firm Topsy earlier this year gave the iPhone and iPad maker a trove of Twitter-feed information that can be used to improve the targeting of ads on mobile phones.
Kristin Huguet, an Apple spokeswoman, referred to a company report in November about government information requests. It said Apple considers privacy from the early stages of product design and one policy covers every product.
“Perhaps most important, our business does not depend on collecting personal data,” the report said. “We do not store location data, Maps searches, or Siri requests in any identifiable form.”
Spokeswomen Niki Fenwick of Google and Jodi Seth of Facebook said their companies had no comment for this story.
The NSA revelations have presented an opportunity for privacy watchdogs to push for changes in how consumers’ data is used, said Chris Jay Hoofnagle, director of information privacy programs at the Berkeley Center for Law and Technology.
The U.S. Federal Trade Commission should be more aggressive in monitoring whether companies are complying with their privacy policies, and fining or taking other action against those that don’t, said Kamdar, the privacy activist.
“Strategically, the privacy advocates can get a great deal done when consumer privacy interests align with the agenda of businesses,” Hoofnagle wrote in an e-mail. “That said, the underlying motivation of the Silicon Valley companies is to protect the Internet from feeling creepy.”