Transparency in Propriety Info Databases, or Did the Pizza Place Sell Your Cell Phone Number?

i-d0c19448f0ebe31e63ffc0d7a458bf53-merlin_pizza_full.jpg

Have you ever forgotten to pay a bill and received a call about it on your cell phone? Ever wonder how they got your number? Well, you may have given it to them, but if you didn’t, they probably bought it from a commercial data broker, a company that sells personal information to businesses and law enforcement. Many of these companies exist, the most prominent are Choicepoint, Lexisnexis, Merlin, Tracersinfo, and Experian. They essentially operate search engines with proprietary information, and for a small charge, will sell all sorts of information about you.

i-81066790d6afd0c21c368ceea75089ea-experian_fileone.jpg

But how did the data broker get your number? One hears rumors here and there about how they obtain and sell wireless phone numbers. One persistent rumor is that pizza delivery companies sell wireless number to commercial data brokers. Think about it–everyone orders pizza, and in doing so, provides an address and at least a first name.

i-fc0aa37f5770c83676d4d20eaedce29b-merlinphone.jpg

I remember seeing that one of Lexis’ people finder databases advertised having a directory of wireless numbers, and that one source for them was pizza delivery services. But in going to their webpage, I couldn’t find mention of pizza delivery companies anymore. A trip to the Internet Archive’s Wayback Machine shows what happened with one product–Batchtrace, a popular search tool for debt collectors.

Back in 2002, Lexis advertised that pizza delivery companies, along with a whole bunch of other businesses, were providing phone numbers and other information to Lexis.

i-f7b5602025419e28a3edc7807320f882-oct02.jpg

But in 2003, Lexis began to pare back some of these disclosures. This coincided with more regulatory and legislative attention on data brokers.

i-56becb87679ecc6da9bf781ffa14949f-feb03.jpg

And by 2004, Lexis didn’t disclose any of their sources. This is too bad. Without information about the sources of personal information in proprietary databases, they just become back holes, and individuals do not make the connection between providing information at one business, and it being sold to another.

i-2415e68c4b7a57e6168d18b5f0d55b78-oct04.jpg


Comments

  1. When I want pizza to come over, I invite her over the land-line phone. I use the cell phone only for trusted numbers.

  2. Pete Dunkelberg

    OT: Open Lab 2007

    http://pandasthumb.org/archives/2007/11/openlab-2007-su.html

    Follow the url. Nominations are being taken for OpenLab 2007. I would like to see something about Denialism included, but I don’t know what to pick.

    Note: in this situation it is fine for a blogger to submit his or her own best. Who else knows your whole work?

    p.s. you still have a month to write the greatest.

  3. You are right, I want transparency in Propietary info databases

  4. I submitted some of my favorite stuff from the year (Crank HOWTO, History of artificial erections, what would you design better about the human body etc.). Thanks Pete.

  5. Matt Penfold

    Within the EU any company that was to sell on telephone numbers, or any other personal data, without the express consent of the individual concerned would be facing some largish fines and in cases of repeated offences may even be told to destroy all the data they hold.

    But then it seems the EU has stronger data protection laws than the US.

  6. I agree with the EU policy on this issue. Some years back my mother questioned a direct marketer about where they received her information, she was told it was from her Gas Co. Being a fairly basic utility, one doesn’t really have an option of selecting another provider, that coupled with the fact that they seldom disclose the specifics about how and with whom your info is sold.

    One can only imagine the marketing potential of the tracking technologies that are now mandatory in new cell phones for example. Like Verizon’s recent memo buried in their letters to their consumers, the US has an “opt out” policy, however often their is little or no substantive disclosure to inform consumers about the scope of how their information will be traded. Most simply add “with affiliates” in the contract or EULA but, the affiliates are members of affiliate networks that virtually every major corporation is a member of by proxy, hell, even the US gov subscribes to these aggregate databases.

    The following is a very insightful look into Choicepoint http://www.epic.org/privacy/choicepoint/

    Also worth noting is that when Choicepoint, whose data includes “‘claims history data, motor vehicle records, police records, credit information and modeling services…employment background screenings and drug testing administration services, public record searches, vital record services, credential verification, due diligence information, Uniform Commercial Code searches and filings, DNA identification services, authentication services and people and shareholder locator information searches…print fulfillment, teleservices, database and campaign management services…” Had their data compromised they only notified Californians, this because they had no legal obligation to do so elsewhere.

  7. There is some discussion of emerging standards being pushed by Google (standards which I interpret to be designed for their financial benefit).

    Proactively, people (EPIC actually) are pushing back. I like Google, but anytime someone pushes for “global privacy standards” we should be very, very, weary. Paranoid even.

    …Google has called for the establishment of global privacy standards. This is an interesting proposal, since countries from America, Europe and Asia announced global privacy standards more than 25 years ago. In fact, EPIC’s complaint to the FTC alleged specifically that Google failed to follow these widely recognised standards and recommended that the Commission condition the merger on compliance with these standards.

    The original OECD Privacy Guidelines are based on a simple approach to privacy protection. Individuals should have the right to limit the use of the personal information they disclose to others and businesses should have a duty to safeguard the data they collect. It is a sensible approach that anticipates the modern internet economy. For example, companies such as Google should not retain personal informal associated with search histories, nor should they track the activities of internet users. The challenge, of course, is to ensure that companies comply with these standards instead of trying to rewrite the rule.

    Mr Schmidt would prefer a “notice and choice” approach that would allow global companies to post vague privacy policies (always subject to change) and leave it to individuals to sort out the complexities of new business practices. He would also place on internet users the burden of showing how and where harm occurred, which is particularly unfair since so little is known about how companies that collect personal data make use of the information. This is also the approach that has contributed to the dramatic increase in identity theft and security breaches in the US.

    Remarkably, Mr Schmidt writes that neither the internet protocol address nor the cookie that his company collects for every search query identifies individuals. This is an incredible claim since the IP address is essentially the same as a phone number for a user’s computer and the cookie is a unique identifier created by Google specifically to track individual internet users.

  8. In a related incident, what’s this all about:

    “HIPAA is adversely affecting our ability to conduct biomedical research,” said Dr. Ness, who is chair of the department of epidemiology at the University of Pittsburgh Graduate School of Public Health (GSPH) and an advisor to the Institute of Medicine committee studying the issue. “The privacy rule has made research more costly and time consuming. As a result, some possibly important studies are just not being done.”

    My tinfoil hat started buzzing loudly, and the brothers H, each with a privacy/sciencey background may shed light.

    “Public opinion polls show that over 90 percent of the public thinks it’s a priority for us to proceed expeditiously in uncovering new causes of and treatments for disease,” said Dr. Ness. “Without any question, this survey suggests that the HIPAA legislation is impeding the progress of such research. And for those institutions that may have a breakthrough in the offing, it’s going to add months to years to discovery.”

    So you say if I was to forswear medical privacy biotech could accelerate its profits. Why yes! Where do I sign?

  9. Just a few days ago I received a call on my cell phone from an 800 number. I let it go to voice mail. I was surprised when I checked the message because it was from Pizza Hut. I’ve never given my cell number to Pizza Hut.

    But recently I have given my cell phone number out to a car rental company (because I was renting the car out of town) and a body shop. In some cases it’s just better because I need to receive a message during the day and I can’t if they call my home number.

    I wonder which one of those suckers sold my number off. I thought solicitation to cell phones wasn’t legal because phone plans aren’t fixed rates, but based on usage.

Leave a Reply

Your email address will not be published. Required fields are marked *