HackerOne, Synack win DOD contracts to expand bug bounty program
October 20, 2016
The Department of Defense has awarded two contracts to expand its bug bounty program across a variety of its digital assets.
Jake Williams is a Staff Reporter for FedScoop and StateScoop. At StateScoop, he covers the information technology issues and events at state and l...
Data brokers collect information on billions of consumer transactions and build profiles of people largely without their knowledge or consent. The Federal Trade Commission wants to change that.
“The extent of consumer profiling today means that data brokers often know as much – or even more – about us than our family and friends, including our online and in-store purchases, our political and religious affiliations, our income and socioeconomic status, and more,” said FTC Chairwoman Edith Ramirez, as the commission released a report Tuesday on the industry.
“It’s time to bring transparency and accountability to bear on this industry on behalf of consumers, many of whom are unaware that data brokers even exist,” Ramirez said.
The FTC studied the practices of nine different data brokers and released its findings in a 110-page report, “Data Brokers: A Call for Transparency and Accountability.”
Data brokers collect "extensive" information from online and offline sources, according to the FTC report. But the problem is the individual consumer often does not know this type of data collection is occurring. In most cases, the data is not obtained directly from consumers, and data from a single source is mixed with data from other sources — commercial, government and others — in order to create a full portrait of a consumer.
For instance, in addition to raw data that doesn't need to be analyzed, such as a person's name and address, brokers also employ the use of derived data, which is data that is inferred about a consumer based on observed habits. The report said data brokers collect this information in order to create three main kinds of products for clients: marketing, risk mitigation and people search products.
The use of derived data places consumers into categories used primarily for marketing. Among those categories can be sensitive ones like ethnicity, income or health-related groups.
“While data brokers provide important benefits to consumers, and some data brokers have taken steps to improve their privacy practices, overall transparency in this industry continues to be lacking,” the report said.
Of the nine data brokers studied, seven provide data to each other. In fact, the report said most of the brokers studied get their data from other brokers.
One of the data brokers featured in the study reportedly has 3,000 data segments for nearly every U.S. consumer, while another database holds 1.4 billion consumer transactions and more than 700 billion aggregated data elements.
Benefits to this large amount of data collection do exist, though, the report said. With an increased amount of readily-available information, companies can cut down on fraud. Companies can also improve product offerings and deliver tailored ads to a consumer, making online shopping easier.
The risks, however, are the capacity for identity theft and the ability to predict a consumer’s habits like passwords, security question answers and log in credentials.
The FTC report said Congress should consider legislation to protect and educate the consumer on the data collection happening around them.
“The Commission unanimously renews its call for Congress to consider enacting legislation that would enable consumers to learn of the existence and activities of data brokers and provide consumers with reasonable access to information about them held by these entities,” the report said.
The report’s legislative recommendations features suggestions that would require data brokers to provide consumers access to their data in detail and provide the ability to opt out of having the data used for marketing purposes. The FTC also suggested Congress enact legislation that would require consumer-facing data collectors to get consent from consumers before collecting information.
“The Commission’s legislative recommendations, if enacted into law, would add transparency across the data broker industry, provide more information about the sources of data brokers’ information, help give consumers appropriate access and the ability to correct data used for marketing and risk mitigation products, and give consumers greater ability to correct data in their people search profiles,” FTC Commissioner Julie Brill said in a statement.Daniel Castro, director of the Center for Data Innovation, said in a statement that too much regulation on the data broker industry could have a negative impact on the economy.
"Requiring companies to provide consumers with a notice after every transaction would hinder, not help, commerce and do little to promote additional consumer trust," Castro said. "The FTC seems to be stuck in a notice-and-choice world while everyone else is trying to move on."