Future Crimes
Page 9
Google introduced “shared endorsements” after a highly controversial similar program called Sponsored Stories was established by Facebook in which the company used your Likes to endorse its true customers—advertisers and the products they represented. After a class-action lawsuit was filed against Facebook, the social network ended the controversial feature, but not before earning $230 million in the eighteen months that the program ran. In the end, Facebook settled the lawsuit for $20 million, or about two cents for each of its users. Right about now you may be asking yourself, “But how can they get away with this?” The answer is simple: you said they could.
Terms and Conditions Apply (Against You)
“I have read and agree to the Terms of Service” is the biggest lie on the Web.
TERMS OF SERVICE: DIDN’T READ, HTTP://TOSDR.ORG
We’ve all seen them. Those impossibly long, fifty-page disclaimers written in four-point font, single-spaced, with one-eighth-of-an-inch margins. They are designed to be impossible to read—so we don’t. We don’t read them, we don’t understand them, and for this we pay a heavy price. In today’s world, terms of service (ToS) are attached to every Internet site, mobile phone contract, cable TV subscription, and credit card. They delineate how all your private data can be sucked away from you and used in ways unimaginable—including many that we would object to, if only we could actually understand the agreement we were making.
According to a study at Carnegie Mellon University, the average American encounters 1,462 privacy policies a year, each with an average length of 2,518 words. If one were to read each and every one of those policies, it would take seventy-six full workdays, at eight hours a day, from our lives. In the aggregate, that works out to 53.8 billion hours for all Americans, at an estimated national opportunity cost of $781 billion of lost productivity every year because of the nightmare and disgrace that are the ToS.
Of course if this were just a story about lost productivity, it might not be so egregious, but these policies directly affect your wallet as well. A study in the Wall Street Journal estimated that the completely one-sided language in the ToS policies costs each American household $2,000 a year—for a total of $250 billion annually—money that we are cheated out of as a result of a deck of cards that is entirely stacked against us. Though companies call these policies terms of service, for consumers they would be much more aptly described as “terms of abuse.”
Let’s just take one example of what it is costing you to use a social media site, in this case, LinkedIn, whose privacy policy states,
You grant LinkedIn a nonexclusive, irrevocable, worldwide, perpetual, unlimited, assignable, sublicenseable, fully paid up and royalty-free right to us to copy, prepare derivative works of, improve, distribute, publish, remove, retain, add, process, analyze, use and commercialize, in any way now known or in the future discovered, any information you provide, directly or indirectly to LinkedIn, including, but not limited to, any user generated content, ideas, concepts, techniques and/or data to the services, you submit to LinkedIn, without any further consent, notice and/or compensation to you or to any third parties. Any information you submit to us is at your own risk of loss.
So by using LinkedIn, you are granting it irrevocable and perpetual access (for free) to any information you have ever listed on the site; there’s no take backs, no do overs. Once it has your data, social network graph, work history, skills, and education, it can sell them now or in the future in anyway it desires, including in ways not yet discovered (for example, to own perpetual holographic rights to use your images in advertising?). To demonstrate how ridiculous privacy policies have become of late, the British retailer GameStation ran an experiment to see if anybody ever read its ToS. The company amended its privacy policy to read,
By placing an order via this GameStation Web site on the first day of the fourth month of the year 2010 Anno Domini, you agree to grant us a non transferable option to claim, for now and for ever more, your immortal soul. Should We wish to exercise this option, you agree to surrender your immortal soul, and any claim you may have on it, within 5 (five) working days of receiving written notification from gamesation.co.uk or one of its duly authorised minions.
That’s right, seventy-five hundred GameStation customers who purchased something on its site for the one day it ran the experiment irrevocably granted their immortal souls to the U.K. online retailer. While the point was irreverently made, ToS are no laughing matter, and courts around the world have found your click to be legally binding, with significant financial, privacy, and security implications for you.
Nearly all Internet companies have similarly draconian policies that work against you. While most stop just short of claiming rights to your immortal soul, many come pretty close, and the more words they use, the worse it is for you. Facebook’s privacy policy has grown from 1,004 words in 2005 to 9,300 words by 2014 (not counting links to various sub-policies, terms, and conditions). To put that in perspective, Facebook’s privacy policy is more than twice as long as the U.S. Constitution. Meanwhile, PayPal’s privacy policy and amendments are the longest in the industry at 36,275 words. By comparison, Shakespeare’s “Hamlet has 30,066 words, including the famous ‘To be, or not to be’ soliloquy and the moving ‘Good night, sweet prince’ speech at the end.” Complicating matters further, Facebook and others grant themselves full rights to change their privacy policies at will and do so frequently.
Worse, many companies make the privacy settings nearly impossible to access and understand—Facebook alone has fifty different privacy settings with 170 options, well beyond the understanding of the average human being—and that’s the point. Moreover, even if you did spend the hours it might take to customize the privacy options to your liking, any updates by Facebook to its ToS automatically put all users back to the default settings, which are the maximum level of openness (so it can sell more of its product—you—to its actual customers, advertisers). Unless you frequently check the settings—as you should—you will find that Facebook has en masse disregarded your explicit previously established privacy wishes. As a result, Facebook reserves for itself the power to monetize you without interference or cacophony from its assembly line of noisy human products.
Three months after it was purchased by Facebook, Instagram outraged its users when it announced it would sell their names, images, and photographs to advertisers. According to its updated ToS, Instagram argued that parents who had uploaded photographs of their minor children had implicitly consented to the use of the images in advertisements. The picture of your infant you uploaded to share with your parents could now be used to sell baby food because Instagram had granted itself those rights. Your brilliant shot of the sun setting over Manhattan? It could be sold as stock imagery for newspapers and magazines. As a result of its change in ToS, sixteen billion user photographs now became Instagram’s intellectual property, explaining why Facebook paid $1 billion for a company with thirteen employees.
Google too has demonstrated its penchant for ridiculous ToS. For example, anybody who uses Google Docs or happens to upload a spreadsheet, PDF, or Word document to Google Drive automatically grants ownership of the document to Google. According to Google’s ToS,
When you upload or otherwise submit content to our services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify and create derivative works, such as those resulting from translations, adaptations or other changes and license to communicate, publish, publicly perform, publicly display and distribute such content.
Think about that. If J. K. Rowling had written Harry Potter in Google Docs instead of Microsoft Word, she would have granted Google the worldwide rights to her work, the right to adapt or dramatize all the Muggles as Google saw fit, to say nothing of the Hogwarts School of Witchcraft and Wizardry. Google would have retained the rights to sell her stories to Hollywood studios and to have them performed on stages around the world, as well as own all the translation
rights. Had Rowling written her epic novel in Google Docs, she would have granted Google the rights to her $15 billion Harry Potter empire—all because the ToS say so.
That Facebook, Google, Twitter, and others all store your online data and monetize it to the fullest extent possible should be of little surprise by now. What might surprise, however, is the growing number of platforms from which advertisers can collect and process this information, including the formerly humble telephone. Alexander Graham Bell would be shocked to see how his invention had been transformed into the smart phones and apps of today, each reaching deeper and deeper into our lives, with notable risks to both our privacy and liberties.
Mobile Me
Right, my phone. When these things first appeared, they were so cool. Only when it was too late did people realize they are as cool as electronic tags on remand prisoners.
DAVID MITCHELL, GHOSTWRITTEN
There are currently more mobile phones on the planet than there are people, and as a result an omnipresent digital skin has begun to envelop the earth, with consequences for all. Today’s smart phones are powerful miniature computers that we carry with us 24/7 and have become an indispensable part of our lives. Sixty-three percent of Americans admit to checking their phones every hour, and nearly 10 percent check every five minutes. These devices are taken to the bathroom, to the gym, and to our beds. Mobile phones and tablets have replaced our cameras, computers, calculators, calendars, address books, radios, televisions, and games. In fact, making calls is only the fifth most common activity for which people use their smart phones, after Web browsing, social networking, playing games, and listening to music. These gadgets form an integral part of our lives, and 84 percent of us admit that we could not go a single day without our mobiles. Smart phones serve as our trusted companions and as such have unlimited access to our day-to-day lives. But has this access been granted without sufficient consideration of what it means to be virtually conjoined with a computer we carry on our person round the clock?
For as ubiquitous and useful as mobile phones are, they are also veritable snitches in our pockets, digital spies tracking our every move. That device in your purse or jeans that you think is a cell phone is in reality a beacon, constantly signaling the world and providing an incessant stream of data about you, your location, and your life’s activities. In the United States alone, mobile phones generate about 600 billion unique data events every day, including where you were, whom you texted, and the photographs you uploaded. The volume of data we leak via our home and work computers pales in comparison with what we’re leaking through our digital pals in our pockets. Mobile phones provide the clearest picture into any one person’s habits and preferences, and indeed into his or her life. So who has access to all these data? Many more people than you realize. Knowing your physical location, where you spend your time and money and with whom, provides greater opportunities to mine you ever more deeply for monetizable information. Data brokers, spies, and criminals too have come to view the cell phone as a rich fountain of intelligence for their targeting purposes. As a result, they, like others, are all going after the smart phone with a vengeance.
The opportunity to own all your mobile data was the reason Google created its Android mobile phone operating system and gave it away to developers and users for free. But as we’ve seen previously, free can be a very expensive proposition. The Android mobile phone software provides Google with your mobile phone number, network information, device storage data, call logs, and contacts lists, plus access to a bevy of new sensors that can detect your motion, location, and even ambient temperatures, humidity, and sound levels.
Given all these new technological hooks into your life, Google lost no time in filing a patent application for what it called “Advertising based on environmental conditions.” Ka-ching! Now Google can detect if you are in a hot location and accordingly serve up an ad for air-conditioning or ice cream. Using its ambient sound technology, Google could also listen in on your phone calls for background noise and then serve up ads based on those preferences. So if you listen to Usher in the background while talking to Aunt Margaret on your Android phone, Google has the ability to detect that and show you ads for his upcoming concerts the next time you check your Gmail or search the Web.
Facebook too has now added the ability to use your phone’s microphone to listen in on you and the ambient sounds nearby—all agreed to in the updated ToS and part of its big push for mobile users. When Facebook revealed in the fourth quarter of 2013 that it had reached 945 million monthly mobile users and that 53 percent of its revenue was now coming from mobile ads, the market showered its love on the company, adding billions of dollars to its valuation in the days following the announcement. By finally creating its own mobile app for users, Facebook devised not only a better user experience but also a new tool for grabbing voluminous amounts of data from a user’s mobile device.
Pilfering Your Data? There’s an App for That
An Apple iPhone commercial in 2009 famously introduced us to the phrase “there’s an app for that” as a means of demonstrating there is an iPhone application for every possible human need. A bold statement at the time, but perhaps Steve Jobs was right. Since its launch in 2008, there have been more than sixty-five billion downloads from Apple’s App Store, generating revenues of over $10 billion in 2013 alone. To compete with Apple, Google launched its own app store known as Google Play, and each company hosts more than a million separate applications available for download. The growth rate of these small software programs known as apps has been phenomenal, but what motivates tens of thousands of developers around the world to create apps? Money of course, but how do they make money when the majority of apps are free? Well, as we’ve seen before, free is a great business model, as long as you are monetizing people by commandeering their personal data in volumes. As it turns out, apps are a brilliant ecosystem for doing just that. It also helps to explain why companies like Rovio (maker of the wildly popular game Angry Birds) have grown from near obscurity to a $9 billion valuation in just a few years.
In the same way that cigarettes are nothing more than efficient nicotine-delivery systems, apps are nothing more than highly efficient and streamlined tools for the transmission of your private data to advertisers (though cigarettes are at least regulated). The amount of information siphoned off your mobile phone by apps is staggering. For example, the mere act of downloading the Facebook app to an Android phone automatically shares the phone’s number with the social network—even before a user has signed into the service for the first time or even agreed to the ToS. Once Facebook has been downloaded, users agree in the ToS to grant it permission to “take pictures and videos with the camera,” a setting that allows Facebook to turn on your mobile phone’s camera at any time without your confirmation. The social network’s ToS also allows it to read your text messages. More recently, Facebook began to ask hundreds of millions of users of its mobile app to allow its new Photo Syncing option to automatically upload every image taken with your phone to the social network’s vast data servers.
Though Facebook maintains it isn’t really turning on your camera or reading your texts, it has reserved for itself the right to do so. But frankly, how does any user actually know what data are being taken from the phone: it’s all done in the background, hidden in the underbelly of the app, and not meant to be seen by those Facebook is productizing.
The appropriation of your personally identifiable information (PII) occurs the moment you agree to download an app. For example, when you buy an Android app in the Google Play store, Google provides the app company with your complete name, your e-mail address, and where you live. This occurs without any clear warning every single time you download an app. But who exactly are these app companies—thousands of them located around the world—who now have your name, address, and phone number? What are their privacy policies, and what do they do with this information? How securely do they store it, and to whom are they selling it? The f
act is, it’s the Wild, Wild West out there, and there is little or no regulation that effectively protects you and your data from these third-party information hawkers. By sharing millions of names and contact details with its app vendors, Google increases the likelihood that your data will leak, be stolen, or be misused.
As you probably now suspect, Zynga’s wildly popular Facebook games FarmVille, Texas Hold ’Em Poker, and Mafia Wars are free of charge because they, too, have been tapping into your PII, including the names of all your Facebook friends. This information is sold to dozens of advertising and Internet-tracking companies, even if you have your privacy settings set to maximum protection. While putting birds in slingshots and shooting them at egg-thieving pigs can certainly be fun, as attested to by the one billion people who have downloaded the Angry Birds app, the game has a ravenous ability to collect its users’ personal information, including all locations they travel with their mobile phones. And yet, a study by Carnegie Mellon’s Human-Computer Interaction Institute revealed that only 5 percent of Angry Birds users knew that the company was storing their locational data in order to track them in the real world for targeted advertising purposes. But Angry Birds is far from the only offender. McAfee reported that 82 percent of Android apps track your online activities and an astounding 80 percent collect location information.
Location, Location, Location
For advertisers, there are three key questions: Who will buy their products, what are customers looking for, and where are they? In the online world, Google won the “what” question long ago with its powerful search algorithms. Google knows what you are looking for and will even fill out the search box at the top of your screen before you’ve finished typing your own query. Facebook owns “who”—it knows you and your social network in greater depth than any other firm. But “where”—where is not yet owned by any single company, and a battle is brewing among existing titans and a breed of new start-ups looking to definitively own where. Serving you up an ad or coupon for frozen yogurt just as you are approaching a Pinkberry is akin to advertising nirvana. Until now, the technology to do this was lacking, but that has changed because of the mobile phone revolution, and thus the gold rush for your locational data is on. McKinsey has estimated the market value of your personal location data to be more than $100 billion to the retail, media, and telecommunications industries over the next ten years.