Incognito April 2024 — Latest Updates on Data Brokers and Your Privacy

Welcome to the April 2024 issue of Incognito, the monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.

Here’s what we’re talking about this month: 

• Data brokers. They’ve been in the news lately, and (mostly) not for good reasons. 
• Recommended reads, including “Google Chrome to Detect Phishing Sites In Real-Time.”
• Q&A: How can I remove my information from the dark web?

We’ve covered data brokers before, but last month, companies making a living out of our personal data got a lot of media coverage. 

Here’s everything you might have missed.

First, a Quick Recap 

Data brokers are companies that collect people’s personal information from a variety of sources (public records, social media, etc.), compile individual profiles, and sell them to more or less anyone (in some cases, for as little as $1). 

They’re the reason that anyone (nosy neighbors, potential dates, advertisers, government agencies, politicians, criminals… the list goes on) can look you up online and find out details like your phone number, home address, family information, employment history, and much, much more. 

Many people still don’t know data brokers exist or that they can opt out of their databases. But as the media continues to put a spotlight on them, we hope that’ll soon change. 

Passed! Bill to Stop Your Data from Going to US Adversaries 

Last month, the US House of Representatives unanimously passed the Protecting Americans’ Data from Foreign Adversaries Act (HR 7520).

If it becomes law, the bill will make it illegal for data brokers to sell Americans’ sensitive information (like health diagnoses and treatments and precise geolocation) to foreign adversaries, including Russia, China, North Korea, and Iran. 

Previous research has shown that by accessing Americans’ personal information, foreign adversaries can do an awful lot of damage – everything from blackmailing US military personnel and their family members to interfering with elections. 

Good news: The bill is a step in the right direction and shows an interest in protecting consumers’ information from data broker misuse. 

Not-so-good news: Privacy advocates (rightly) say the bill is not enough to address the out-of-control data broker industry. 

US Spies, Plus Pretty Much Everyone Else, Still Have Access to Your Info

US intelligence agencies, the military, and law enforcement (among other parties) are still free to buy our personal details from brokers as they please. As former deputy director of the Central Intelligence Agency Michael Morell said, if you knew what kind of personal information was for sale commercially, “it would knock your socks off.” 

(Not So) Mysterious Ways Your Data Trickles Into the Hands of Data Brokers

From driving to purchasing flights, everything you do puts you at risk of having your personal information shared with data brokers. 

• Automakers like General Motors are sharing your driving behavior with data brokers who create individual “risk” scores that are then used by insurers for setting (and often increasing) premiums. 
• The US Department of Transportation will investigate 10 major airlines to see how they handle consumer data, including whether they share it with data brokers. 

Don’t worry – you’ve actually agreed to this data sharing and sale. You read the terms and privacy policies for everything you do, right? 

All jokes aside, these policies are usually incredibly difficult to understand due to their confusing legal language. 

Opt-Out Revenge 

Opting out isn’t always easy. 

Some data brokers might even retaliate against you if you try to remove your name from their databases.

• In February, 20,000 New Jersey law enforcement officials filed a lawsuit against data brokers, and in particular, one major broker, for ignoring their removal requests and thus failing to comply with Daniel’s Law (a New Jersey law that makes it illegal to disclose current and former law enforcement officials’ private information). 
• Apparently, when asked to remove their names from their database, the data broker instead embarked on a campaign to freeze the law enforcement officials’ credit reports. 

Cases like this are disheartening, but you shouldn’t let that stop you from seeking better privacy. 

We’d Love to Hear Your Privacy Stories, Advice and Requests

Do you have any privacy stories you’d like to share or ideas on what you’d like to see in Incognito going forward? 

Don’t keep them private!

We’d really love to hear from you this year. Drop me a line at laura.martisiute@joindeleteme.com.  

I’m also keen to hear any feedback you have about this newsletter.

Recommended Reads

Our recent favorites to keep you up to date in today’s digital privacy landscape. 

New Hampshire Gets Comprehensive Privacy Law

Governor of the State of New Hampshire, Chris Sununu, signed SB 255, a comprehensive consumer privacy bill, into law, which will come into effect on January 1, 2025. The law will give consumers in the state the right to see what personal information companies collect and hold about them and request to have this data deleted. 

Meta to Collect Anonymized Data from Its Quest Headsets 

Meta will start collecting anonymized data from Meta Quest headset users. Currently, the company collects data necessary for Meta Quest to work. After the next software update, it will start collecting usage data that might include information about users’ physical environments, audio data, and information about eye, hand, and body tracking. 

Google Chrome to Detect Phishing Sites In Real-Time

Since 2005, Google Chrome’s Safe Browsing feature has protected users against web phishing attacks and sites that host malware. Safe Browsing compares sites, extensions, and downloads against a list of known sites every 30-60 minutes. Google is now switching its checks to real-time to keep up with the speed with which malicious sites appear and disappear. 

Middle Schoolers Arrested for Deepfakes 

Two Florida teenagers were charged with creating and sharing AI-generated nudes of their classmates. Though this isn’t the first time minors have created AI-generated nudes, there have been no previous (publicly disclosed) arrests. The teenagers were charged under a 2022 Florida law targeting images made with AI-powered tools. 

You Asked, We Answered

Here are some of the questions our readers asked us last month.

Q: Is there a way to put a stop to political mail or at least minimize the amount of it I get? 

A: There are a few things you can do to stop getting political junk mail (depending on whether the mail is physical or digital): 

• Contact the organization directly and ask them to be removed from their mailing list. The easiest way to find their contact details is to look for the organization’s privacy policy. Search for “organization’s name + privacy policy.”
• Write “Refused: Return to sender” on any unopened and unwanted mail with a return address and put it back in the mail. 
• Unsubscribe from political emails by clicking on the “Unsubscribe” link in the email. If that doesn’t work, you can block the sender’s address or set up a filter that automatically sends emails to the junk or spam folder. 
• Vote early. No one wants to spend money on people who’ve already made up their minds. Note that there is pretty much always a lag between when you vote and when the county’s list is updated, so you might still receive political junk mail for a time after you vote. 
• Opt out from data brokers. That’s where many campaigns (and scammers, cybercriminals, marketers, and other people and groups you don’t have any connection to) get your details from. 

Q: How can I remove my information from the dark web?

Unfortunately, you can’t. Once your information is on the dark web, it’s there for good.

The most you can do is monitor the dark web for personal information exposure (which sounds like you’re doing) and then take appropriate action based on the information out there. 

For example, in the case of credentials, you’d change your password for the compromised account and anywhere else you might be reusing it. If your phone number was exposed, you’d be extra wary of scam calls and texts. And so on.  

Q: Can I see the personal information that government agencies have on me? 

A: Great question! And yes, it is possible.

Thanks to the Privacy Act of 1974, consumers can ask government agencies for access to the personally identifiable information (PII) they have on them. 

If any of this information is incorrect, incomplete, or irrelevant, you can also ask the agency to amend it. 

So, how do you see this information? Well, you first need to figure out which government agencies have your information and then follow their process. Each agency has its own process. Here’s the process for the Department of Justice, for example. 

If you’re struggling to find information about this on a government agency’s site, search for “agency name + submit privacy request” on your preferred search engine.  

Back to You

We’d love to hear your thoughts about all things data privacy.

Get in touch with us. We love getting emails from our readers (or tweet us @DeleteMe).

Don’t forget to share! If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. If you’d like to subscribe to the newsletter, use this link.

Let us know. Are there any specific data privacy topics you’d like us to explore in the upcoming issues of Incognito? 

That’s it for this issue of Incognito. Stay safe, and we’ll see you in your inbox next month.