The NSA has a bit of a problem with people poking their noses into data they shouldnâ€™t be poking their noses into. Sometimes, itâ€™s their loversâ€”or their ex-lovers. Itâ€™s common enough that the intelligence service employees have a term for it: LOVEINT. Think about it: if you had access to the communications data for every American, wouldnâ€™t you see what you could dredge up? Especially if youâ€™re a jilted ex. LOVEINT, fortunately, carries consequences if itâ€™s caughtâ€”well, sometimes.
Of course, the NSA isnâ€™t the only people collecting data on our every move. The data stockpiles owned by Google and Facebook, as well as older-school data brokers like Axiom, are massive enough to rival the NSA in size. The key difference between the NSA and the data we fed to tech companies however, is that we give our data up to technology companies willingly. Perhaps unwittingly, but thereâ€™s a key sense of apathy every time Facebook and Google sink their claws deeper into our data. Though it looks like that might be changing.
But another aspect of all that data collection is whether we trust who has access to it. Iâ€™m not talking about malicious hackers getting access into the Facebook database and finding out everything it knows about everyone. Iâ€™m more concerned about the stereotypical jilted ex who uses their access to do a deep dive into what their company knows about their former partner. No matter how well you lock down what other people can see on Facebook, someoneâ€”likely multiple someonesâ€”at the company have access into the database.
Data Facebook and Google sell to advertisers is anonymized, but we donâ€™t know where that anonyimization happens. Someone buying targeted advertising through DoubleClick might not know theyâ€™re targeting 32-year-old male, Richard J. Anderson of Briarwood, New Yorkâ€”just a male between the ages of 18â€“35 who lives in the Northeast, and likes Apple products and 80â€™s music. The full profile that connects to me has to exists somewhere, thoughâ€”as does the full profile that connects to you.
I would not be surprised if Facebook, Google, et. al. have procedures, plans, and security audits in place to prevent unauthorized access. I would also not be surprised if they didnâ€™t, or if those plans existed only on paper. The truth is that we donâ€™t know. There have been data leaks from Facebook, but only their shadow profiles, due to a bug, but thatâ€™s a large-scale issue.
LOVEINT is smaller scale: sneaking a peek at data for a few people, often just one. A leak that small could fall through the cracks of any sort of protection system. Without transparency into the data collection and protection policies of Internet data brokers, however, we donâ€™t know how unsafe we are. Weâ€™re not just putting our trust in these companies to use our data responsibly. Weâ€™re trusting that every employee with database access will do the same. Thatâ€™s asking a lot, and if the NSA canâ€™t avoid it, what makes any of us think Facebook and Google can?