Wednesday, November 19, 2008

How to Drop Off the Grid

How Secure Is Your Phone Privacy?

Your text and phone records can be seen in more ways than you might know. We'll divide the people who can see them into three categories:

1) Your phone company and affiliates– your service provider and their business partners.

2) Government agencies– federal agencies like the Federal Bureau of Intelligence (FBI) and the National Security Agency (NSA), local-level agencies like the police department.

3) Third party persons– anyone that accidentally or knowingly seeks your phone and text records. This includes family, friends, employers, and prospective thieves.

What does a phone record include? For clarity, a "record" in this section is the same thing as a "call log" or a "text log." A "phone record" typically includes: date, time, sender geographic location, recipient phone number, recipient geographic location, and duration of call. A "text record" includes: date, time, and recipient phone number.

Your Phone Company and affiliates—

Of course they have your phone and text records. The real issue here is: who are they sharing them with? Well, if it's an affiliate company, such as the paper printing company they outsourced your bill printing to, then that affiliate will have your information. Good news: that affiliate has to put the same protection standards on your information that the parent company does.

Generally speaking though, phone and text records are considered Consumer Proprietary Network Information (CPNI). This is essentially their "top shelf" data with the most safeguards. This is a highly regulated area of the industry.

Don't expect CPNI information to be sold by them with identifying information about you. That is, they may "sanitize" the data and remove any personally identifying information to sell it to a third party (for example, a market analysis firm). The good news here is, again, this is highly regulated by law—the phone company must always allow for the consumer to "opt-out" of this type of information transfer. Now this "opt-out" may be in the fine print of a user agreement: as simple as a box you check (or don't check), a verbal "yes," or no response to an approval announcement. Click here for more details.

So keep an eye out, if you tell your phone company or anyone that they cannot sell your information; then they absolutely can't. (Unless it's directory information or public information, then they might as well. But it can be unlisted.)

Historically, your phone company must submit all of your call and text records if subpoenaed by a government agency. Your phone company's cooperation is a must or else they get stiff fines and charges brought against them.

Government Agencies—

Historically, if you are involved in a lawsuit or if some lawsuit involves your phone and text records... then they will be handed over to the appropriate court. If you are part of an investigation, then a law agency can obtain your records.

The FBI and NSA can subpoena the phone company for phone records without a prior warrant or any obvious reason as a result of the 2001 Patriot Act . The pretense here is to "aide in the halting of terrorism." They can also wire tap, but that's covered in our eavesdropping section.

The reason the Patriot Act raises so many eyebrows is because it makes it illegal for any phone company that has delivered records to a security agency to make it publicly known or even discuss it. That is a big red flag for the potential abuse of civil liberties to a lot of people.

Third party persons–

Third parties—whether your family members, friends, or prospective thieves—aren't supposed to have access to your information. The only real exception is an employer who issued you a company phone; they have the right to make sure you are not abusing company resources.

SCANDAL!: Until just a year ago, many companies were supplying call and text records on anyone! For less than a hundred dollars, these companies would use illegal tactics to gain these records. Tactics included calling the phone companies impersonating the actual phone customer, and requesting phone records (under the pretense they had been lost in the mail).

The issue gained national attention when a Washington D.C. blogger bought former Supreme Allied Commander of NATO, former presidential candidate General Welsey Clark's phone records from www.celltolls.com for $89.95 USD. The only information required was "General Clark's cell phone number and our credit card."

Other scandals include international breaches of security. Basically, other countries don't have the privacy laws that we do in the U.S. Entire U.S. customer databases are speculated to have been sold by out-source companies in Israel, India, and other places.

In 2005, the Electronic Privacy Information Center (EPIC) counted 40 companies that were illegally selling phone records.

Some companies are still advertising call and text records online even though it is illegal! They are breaking the law.

How can another person access my text/call records?
Some very real considerations...

1) Spyware- They can plant spyware on your phone. Smartphone security is far from perfect. Smartphones or any phone with an operating system (e.g. BlackBerry, iPhone), really need to be considered as small PCs. This way even if they weren't receiving your bills or accessing your account, they could have a tracker summary of your calls and text sent to a third party computer. Some services can actually record all of your calls and store them as a file on some third party computer.

2) Paper trails- Don't forget about old fashioned paper in this new tech age. Please consider who has access to your phone bills. They deliver the same amount of information as if a person called the customer service center and asked questions. So do you trust your housemates? Does your mailbox have a lock on it or is it open to the public? Even if you are shredding your mail: mix it or use a "confetti" shredder.

3) At the workplace- Your employer has access to all the calls you make with a work phone. For a cellular, they will get the call record at the end of the month. Also, the can legally plant spyware to see who you're calling. They can even use a GPS system to track you.

Pen registers: For landlines on a phone network, your employer can use a pen register. A pen register allows the employer to see a list of phone numbers dialed by your extension and the length of each call. This information may be used to evaluate the amount of time spent by employees with clients.

Summary: Government security agencies and your phone company have lawful access to your phone and text records. Third party persons cannot obtain them legally but may do so with available tools in the marketplace, or through old fashioned snooping & stealing.

Know your rights

Phone Company: The security and dissemination of customer information is regulated by the Fair Credit Reporting Act (FCRA). To learn more, please follow this link: http://en.wikipedia.org/wiki/Fair_Credit_Reporting_Act

Government: U.S. security agencies and the police can tap with cooperation from the phone company under Communications Assistance for Law Enforcement Act 1994 (CALEA).

The National Security Agency can wiretap and seize records without warrant Patriot Act (Title II, Sections 200, 202, 206, 209) for lawful processes.

  • 200- Authority to intercept wire, oral, and electronic communications relating to terrorism.
  • 202- Authority to intercept wire, oral, and electronic communications relating to computer fraud and abuse offenses.
  • 206- Roving surveillance authority under The Foreign Intelligence Surveillance Act of 1978.
  • 209- Seizure of voice-mail messages pursuant to warrants.

Third party (person): A third party may not gain access to your phone and text records in a non-professional manner.

Solutions

  • Use the solutions under "Phone Companies"
  • You can minimize your paper trail for your monthly statements by switching to E-billing.
  • If you have a mailbox, make sure it has a lock on it (many mail boxes in residential areas still don't have locks on them).
  • Shred your mail with a confetti shredder.

Phone Companies and Your Information

Companies with your personal and non-personal information make them available to other companies everyday.

The Truth is: there are probably plenty of companies out there with your phone number. Entire companies make their living by continually collecting information on people. An extra name is an extra dollar. It sounds crazy, but that's how it is.

The second part the Truth is: there is too much money being made on the spread of people's information for it to ever change on a national scale. Billions of dollars are transferred each year in information brokering.

Just consider that information brokering—information on people, their purchasing, and their lifestyle habits—fuels the direct marketing industry, the purchasing trend analysis industry, the background check industry, health insurance underwriting... and the list just goes on and on.

The good news is that you—as the individual—can control to a great extent who uses or doesn't use your information. But on a national level, don't expect things to change drastically anytime soon.

And if you are reading this, you are a member of a small and intelligent part of the population that can see there is potential for abuse in the spread of all this information and you want to be informed of your options.

Some background: There are two main categories of information through telephone companies: Consumer Proprietary Network Information (CPNI) and directory information.

Included under the umbrella of CPNI are: destination, quantity, and duration of phone calls, product use, and calling patterns. Most phone companies are explicit about not selling CPNI information to third parties (although this data is used for in-house research and may be given to affiliate companies).

Most phone companies appear to sell directory information (by not explicitly stating that they don't—you must read between the lines to derive that). Directory information includes your name, address, and phone number. Remember, in a public directory, you may choose to have your information listed or unlisted.

Additionally, there may be other information sold about you (termed Personally Identifiable Information which may be a mixture of sanitized CPNI and directory information), but because of several laws, the company must always warn the customer, and allow them to "opt-out" of it.

Know your rights

  • You have the right to "opt-out" of a company selling your information under the Fair Credit Reporting Act and Gramm, Leach, Bliley Act.
  • You have the right to have your phone number listed or unlisted in public directories.

Solutions

If you are okay with your phone company selling your phone number and information: Sit back and enjoy life.

If you want to prevent your phone company from selling your phone number: Search for the "opt-out" box!

  • Be aware every time you sign up with a new company or service that they may sell your information to third parties. This includes non-phone companies for whom you fill out a profile. Always search for the "opt-out" box in everything you sign from every company. Each additional offer or service you add with the company may include another "opt-out" box, which if not checked, would over-rule the first.
  • Be aware. Here is an example of a large phone company's privacy policy:

    "[Company Name] will not disclose personal information other than in accordance with this Policy. In general, that means that you must consent to the disclosure in advance. Depending on the service, we may obtain your consent in a number of ways, including:

    * In writing;
    * Verbally;
    * Online by clicking a button;
    * Through the use of a dialing string or button on a wireless device or handset; or
    * At the time of initiation of a particular service offering, when your consent is part of the required terms and conditions to use that service.

    For example, your consent to disclose personal information can be implied simply by the nature of your request, such as when you ask us to deliver an email or short message to another person. Your return address is disclosed as part of the service and your consent to do so is implied by your use of the service. To determine how personal information may be disclosed as part of a particular service, you should review the terms and conditions of use for that service."


    So basically, what this is saying is that the phone company won't give out information unless you give consent: but you can give consent in all of these hard-to-stay-on-top-of ways!

    If you wish to address the currently circulating information about yourself, you need to contact the large data aggregators about the use.

Your Phone Number in Public Databases -- and How To Remove It

It's easy to feel like you have no control over your information when so many companies or people seemingly have it at their fingertips. With the digitization of records and technology, information can be transferred and stored with ease. This is a major concern for the future of privacy and civil liberties.

That said, it's a huge trend and it doesn't make sense to fight directly against any strong current. It does make sense to keep a good strategy; stay updated on information and technology to help make the best decisions. That's to say knowing the tide times and having a floatation device can really be very useful.

There are tons of companies out there with your information. Gathering information on people is a multi-billion dollar industry. Entire companies make their living by continually collecting information on people.

Let's just name a few of these data companies so you get an idea: Acxiom, Intelius, Ameridex, People Data, People Finders, SwitchBoard, Aristotle, U.S. Search, U.S.A. People Search, Zaba Tools, and PrivateEye.

You can control to a great extent who uses or doesn't use your information.

It's important to note that certain information typically called directory information—including your name, address, and phone number—will always be made available. With directory information you can keep it unlisted or listed in a public directory. Other forms of personally identifiable information may also be sold from company to company. The good news is that the customer (you!) must consent to these transactions. To learn more, click here.

Our strategy: Minimize your circulating information.

So do you want to remove your phone number and other information from record databases? It would take you hours to research all the companies that have your information and even more time to follow through with their "opt-out" policies.
Lucky for you, we've already done it...

Know your rights

  • You have the right to "opt-out" of a company selling your information under the Fair Credit Reporting Act and Gramm, Leach, Bliley Act.

Solutions

Please keep in mind that because of certain government rules, laws, and the sensitivity of some of your information, no third party including our company, can fully opt-you-out of all these companies' databases. The individual must opt themselves out.

We are aware of that some of the information on this site doesn't always pertain to you specifically removing your phone number. These methods help at getting to the root of the problem (and phone numbers just happen to be a big part of that root).

To view a list of the data brokers and public record aggregators, along with complete instructions for opting out, click here.

Eavesdropping -- An Invasion of Your Privacy

Purposely listening to another's private conversation is eavesdropping. Eavesdropping can be illegal. It is an invasion of privacy. That said, it might happen more often than you think. Also, there are a growing number of technologies that enable eavesdropping.

At worst people who eavesdrop may be paranoid, obsessed, or criminal. But it does happen, so we want to share what we know with you.

In this section we will consider third parties listening to landline phone conversations at home, in public, and in the workplace. A third party is anyone who is not the intended sender or recipient of a phone communication.

How might someone eavesdrop lawfully/unlawfully?

1.) Your Phone Company and affiliates. They don't have any purpose to eavesdrop on your conversations and it's against most companies' policies. It is important to note that the phone company is required by law to cooperate with government agencies who request to access your communications.

2.) Government agencies. This includes federal agencies like the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA), as well as local-level agencies like the police department.

Normally, before a wiretap can be placed by any agency, a court order must be issued by a judge who must conclude, based on an affidavit submitted by the government, that there is probable cause to believe that a crime has been, is being, or is about to be committed.

This authority is used to prevent as well as punish crimes. That is, the government can wiretap in advance of a crime being carried out, where the wiretap is used to identify planning and conspiratorial activities. It has been reported that judges almost never deny government requests for wiretap orders.

Government agencies are able to place roaming wiretaps without warrant under the Patriot Act. This essentially allows for a brief period of wiretaps without warrant. Sounds crazy, right? Well, it's true.

3.) Third party persons. This is anyone that accidentally or knowingly seeks to eavesdrop on your communications. This includes family, friends, employers, and prospective thieves. If the third party is not part of the conversation (neither sender nor intended recipient), then they cannot eavesdrop on a communication.

Laws regarding second party (one of the people talking on the phone) call recording or tapping consent vary from state to state. In some states, the tapping or recording party must get consent from the other person on the phone. In some states, you can record or tap without the other person's knowledge.

The Technology:

Radio Taps:

Radio taps include the traditional "bug" seen in the movies that fits on a telephone line: on the phone inside the house or outside on the phone line. It may produce noise (a slight signal feedback on the monitored line due to poorly made equipment). These devices tend to be low-powered because the drain on the line would become too great. As a result, the receiver is usually located within a radius of 1 mile (You know... in the movies, with the detectives sitting outside in a van eating donuts). Law agencies do not usually use this technique because they have access via the "telephone exchange" (at the actual telephone company).

Radio Scanners: Specifically a concern for cordless landlines. These devices pick up the full range of wireless transmissions from emergency and law enforcement agencies, aircraft, mobile systems, weather reports, utilities maintenance services, and more.

As a rule of thumb: the newer your wireless phone is, the harder it is to eavesdrop on. The older analog cordless phones can be picked up with something as simple as a baby monitor. Earlier digital phones that only use one channel for transmission can easily be eavesdropped on.

Newer digital cordless phones transmit over multiple channels and often use Digital Spread Spectrum (DSS). DSS typically uses frequency hopping to spread the audio signal over a much wider range of frequencies in a pseudo random way.

Direct Line Taps:

Direct line taps include tapping via the actual "telephone exchange" at the phone company. Another possibility is the splicing or tapping of the subscriber's phone line near the house. The tap can either involve a direct electrical connection to the line using a Butt set, a Beige box (phreaking), or an induction coil. An induction coil is typically placed underneath the base of a telephone or on the back of a telephone handset to pick up the signal inductively. Direct taps sometimes require regular maintenance—either to change tapes or replace batteries—which decrease their utility.

Speaker Taps:

Anywhere there is a speaker (active or inactive), a tap can be set up by using amplification devices to transmit a conversation. This includes speakers on answering machines as well as those on cell phones.

Did you know?: That up until fairly recently, cell phones were not allowed in any top secret government meetings because of speaker tapping possibilities.

Recording the conversation:

The traditional way: The person making/receiving the call records the conversation using a coil tap ('telephone pickup coil') attached to the ear-piece, or they fit an in-line tap with a recording output. Both of these are easily available through electrical shops.

Much more common now-a-days and increasingly popular is recording software. Typically these devices link the phone up to the computer and save the conversation as a sound file. Many journalists use this technique in their profession.

Did you know?: Under United States federal law and many state laws there is nothing illegal about one of the parties recording the conversation or giving permission for calls to be recorded without the other person's knowledge.

In public:

Don't forget about traditional eavesdropping techniques like lip reading if you're discussing information you consider to be extremely private.

Eavesdropping at work:

A recent study from the American Management Association (AMA ) found:

"The number of employers who monitor the amount of time employees spend on the phone and track the numbers called has jumped to 51%, up from 9% in 2001. The percentage of companies that tape phone conversations has also grown in the past four years. Far fewer employers monitor employees' voice mail messages, with 15% reporting that they tape or review voice mail. Employers are notifying employees that their phone conversations are being monitored. Of those organizations that engage in monitoring and surveillance activities, 78% notify employees when they monitor time spent and numbers called; 86% alert employees when their conversations are being taped; and among the 15% who tape and review voice mail, 76% notify employees that they are monitoring. To help manage employees' telephone use, employers apply a combination of policy and discipline."

So, in reality there is a good chance that you are being fairly closely-monitored while you are at work. The good news is that your employer most likely notified you of the surveillance techniques they do use.

Know your rights

Telecom Privacy Laws:

Title 18. Crimes and criminal procedure Part I—Crimes Chapter 119-Wire and Electronic Communications Interception and Interception of Oral Communications:

"one has a right of privacy for contents of telephone conversations, telegraph messages, or electronic data by wire." 18 USC § 2510 et seq.

Title 47. Unauthorized Publication or Use of Communications:

"one has a right of privacy for contents of radio messages." 47 USC §605

Wiretapping Laws:

(1) The Federal Wiretap Act, sometimes referred to as Title III, was adopted in 1968 and expanded in 1986. It sets procedures for court authorization of real-time surveillance of all kinds of electronic communications, including voice, e-mail, fax, and Internet, in criminal investigations. It normally requires, before a wiretap can commence, a court order issued by a judge who must conclude, based on an affidavit submitted by the government, that there is probable cause to believe that a crime has been, is being, or is about to be committed. Terrorist bombings, hijackings and other violent activities are crimes for which wiretaps can be ordered. (The PATRIOT Act expanded the list of criminal statutes for which wiretaps can be ordered.) This authority is used to prevent as well as punish crimes: government can wiretap in advance of a crime being carried out, where the wiretap is used to identify planning and conspiratorial activities. Judges almost never deny government requests for wiretap orders.

(2) The Foreign Intelligence Surveillance Act of 1978 allows wiretapping of aliens and citizens in the US based on a finding of probable cause to believe that the target is a member of a foreign terrorist group or an agent of a foreign power. For US citizens and permanent resident aliens, there must also be probable cause to believe that the person is engaged in activities that "may" involve a criminal violation.

(3) The Patriot Act – Allows for "roaming" taps. Under Title III, the government has "roving tap" authority, meaning that it can get a court order that does not name a specific telephone line or e-mail account but allows the government to tap any phone line, cell phone, or Internet account that a suspect uses. This authority was initially adopted in 1986 and was substantially broadened in 1999. The PATRIOT Act added roving tap authority to FISA. Roving taps are relatively rare.

The National Security Agency can wiretap and seize records without warrant Patriot Act (Title II, Sections 200, 202, 206, 209) for lawful processes.

  • 200- Authority to intercept wire, oral, and electronic communications relating to terrorism.
  • 202- Authority to intercept wire, oral, and electronic communications relating to computer fraud and abuse offenses.
  • 206- Roving surveillance authority under The Foreign Intelligence Surveillance Act of 1978.
  • 209- Seizure of voice-mail messages pursuant to warrants.

(4) U.S. security agencies and the police can tap with cooperation from the phone company under Communications Assistance for Law Enforcement Act 1994 (CALEA).

Important: State Second & Third Party Laws at: http://www.rcfp.org/taping/

Solutions

  1. If you are concerned with phone tapping, your phone should be regularly inspected for new joints, or small wires connected to the line.
  2. Update your cordless phone. Buy a phone that operates on multiple channels and read into the security features.
  3. Minimize private conversations in public places.
  4. Don't forget that if multiple phones exist connecting to the same line, a functional tap already exists.
  5. Be cognizant of who you're speaking to on the phone and consider if they would allow eavesdropping for any reason.
  6. Listing for EM "feedback" while on the phone. It is a sign of cheap tapping equipment.

Harassing Phone Calls

Harassing callers can be a real nuisance. These communications can originate from another person, a debt collector, or a telemarketer.

Phone harassment is generally any communication over a phone (land or cell) that is aggressive, unnecessary, disturbing, or vulgar in nature, which makes you feel uncomfortable or even in danger. For specific definitions, see the "Know your rights" section below.

As the severity of harassment increases, the level of penalty and crime increases.

Debt Collectors: operate with a well-established framework. For example:

  • A debt collector, by law cannot call "repeatedly or continuously with intent to annoy, abuse, or harass any person at the called number."
  • They must also respect a person's right to not be called by them. While this doesn't negate potential debt, it does stop them from contacting you.
  • Debt collectors also may not use abusive language including religious slurs, profanity, obscenity, calling the consumer a "liar" or a "deadbeat." The use of racial or sexual epithets is prohibited.

To read more about Debt Collector practices, click here.

Telemarketers: if you believe you are being harassed by a telemarketer, please view our "Telemarketers" section.

Caller-ID changing services: there are some services in the market that will mask a caller's source phone number, or even allow them to input a chosen fake source phone number. Sound kind of shady? Like the premise for a Scream 6 movie? You're right, it sure does.

The good news is that Congress is currently working on a law that would make it illegal to modify caller ID information with the intent to "defraud or harass another person, or to use another person's caller ID information without consent."

So basically, this law will not take ID changing technology off the market, but it will create criminal consequences for people who misuse the technology. The law would not make "joke" or "prank" calls illegal, as long as they don't include the caller assuming someone else's phone number.

Know your rights

  • Under the United States Code Title 18 Subsection 1514(c)1 harassment is defined as "a course of conduct directed at a specific person that causes substantial emotional distress in such a person and serves no legitimate purpose."
  • The Modern Penal Code section defines harassment as a petty misdemeanor if the purpose is to harass another, he: 1) makes a phone call without a legitimate purpose; or 2) insults, taunts or challenges another in a manner likely to provoke violent or disorderly response; or 3) calls at inconvenient hours or in offensive language; or 4) subjects another to offensive touching; or 5) engages in any other course of alarming conduct serving no legitimate purpose of the actor.
  • To learn more about the Act that makes masking your caller ID illegal, check out the Preventing Harassment Through Outbound Number Enforcement Act (H.R. 740 ) at: http://www.govtrack.us/congress/bill.xpd?bill=h109-5304

    There is another bill that is very similar H.R. 251 the Truth In Caller ID Act at: http://www.govtrack.us/congress/bill.xpd?bill=h110-251
  • There are many state anti-cell stalking and harassment laws:
    http://www.ncsl.org/programs/lis/cip/stalk99.htm
  • Debt collection: Most collection rules are established under the 1996 Fair Debt Collection Practices Act. If you would like to learn more, please visit:
    http://www.ftc.gov/bcp/conline/pubs/credit/fdc.shtm

Solutions

  • First thing's first: If you are getting calls from a harassing caller, ensure your safety.

    Nothing is more important than your safety. Don't hesitate to contact your local authorities if you feel seriously threatened, even if the harassing call is not recurring.* Provide as much information to law enforcement as you can:

    Indicate the gender of the caller and describe the caller's voice. Note the time and date of the call(s). What did the caller say? How old did he/she sound? Did the caller seem intoxicated? Did he/she have an accent or speech impediment? Was there any background noise?
  • Tools from your telephone company: Purchase a caller ID feature. Make note of your harasser's telephone number.

    If it's a blocked number, try setting up an "anonymous call rejection" feature. This doesn't allow blocked numbers to call without first identifying themselves.

    Other services offered by phone companies include running a "trap" (you keep track of the call times of harassing callers, the company tracks the number) or within local service areas many companies offer a "call trace" (e.g. *57 to call last caller).
  • In you own hands:
    • Is your number is in a public directory or "listed"? Take it off.
    • Reverse phone lookup: If it's an annoying caller rather than a threatening one, you can do a reverse phone lookup.

      If you don't think the harassing calls are malicious, try calling the number and discussing it with the owner. Perhaps it's a cell phone where the key locks off. Perhaps an annoying pre-teen game at a sleepover (who can say they didn't do that when they were a kid? Oh you? Okay.).

      A reverse phone look up will allow you to find out the owner of a phone number (perhaps some parents at that pre-teen sleepover!) or their phone company (often the case with cell phones).
    • Consider using developing technology against them. Numerous products will allow you to record telephone conversations as a digital file on your computer. Run a Google search query for "telephone conversation recording" or "phone call to PC" and plenty of these products will come up.
  • Telemarketers: If you believe you are being harassed by a telemarketer, please view our "Telemarketers" section.

Interrupting Telemarketers

Telemarketing is a huge industry and can be a huge interruption to you. If you've ever been bothered by a troublesome telemarketer, well... you're probably reading this right now.

A telemarketer is anyone who engages in direct marketing where a salesperson or automated voice uses the telephone to solicit prospective customers to buy products or services. Telemarketers may call landlines or cell phones, but are limited in their use of cell phones because they cannot lawfully use auto-dialers to call cell phones.

The good news is that there are ways to prevent telemarketers from calling you. The best tool is the Do Not Call Registry.

Solutions

  • The single most useful tool to prevent telemarketers from calling you is placing your number on the Do Not Call Registry. You can place your cell phone and/or landline number on the list in one of two ways:

    1) visit https://www.donotcall.gov/default.aspx and be sure to acknowledge the confirmation email

    2) call (888) 382-1222 and follow their directions

    All persons with a U.S. phone account are allowed to have their phone numbers placed on the Do Not Call Registry. Please allow 31 days from registration confirmation before telemarketers to cease calling. Registry enrollment is valid for 5 years.
  • Did you know?: the Do Not Call Registry applies to telemarketers but not to pollsters, politicians, and nonprofit organizations.
  • What if I only want to limit calls from some companies?
    If you generally want to receive telemarketing calls, but not from some specific companies, you can write those companies or verbally indicate when they call that you do not wish to hear from them. They must respect your request.

    The Federal Communication Commission (FCC) requires a person or entity placing voice telephone solicitations to your home to maintain a record of your direct request not to receive future telephone solicitations from that person or entity. A record of your do-not-call request must be maintained for 5 years at the calling company.
  • What if I only want calls from a handful of companies?
    You can add yourself to the registry, and then specifically write the companies that you wish to hear from. They will be able to call with product opportunities legally.
  • To make a complaint: If your number has been on the National Do Not Call Registry for at least 31 days and you receive a call from a telemarketer, you can file a complaint at the registry's website or by calling the registry's toll-free number at 1-888-382-1222 (for TTY, call 1-866-290-4236).

    Remember: To file a complaint, you must know either the name or telephone number of the company that called you, and the date the company called you.

    Did you know?: If you are on the Do Not Call Registry, and purchase something from a company, their telemarketers can call you...
  • One last very helpful option: Get a caller ID. Don't pick up calls from anonymous callers.

Know your rights

The Do Not Call Registry is run by the Federal Trade Commission (FTC). To read more about it as well as the Telephone Consumer Protection Act of 1991 (TCPA), please visit: http://www.fcc.gov/cgb/consumerfacts/tcpa.html

Cell Phone Tracking?

Can someone track you from your cell phone? Absolutely.

Cell phone networks have been designed to identify locations of cellular users since the late 1990's. This was part of a federal mandate to help find citizens in emergency situations and has already saved many lives. At the same time, it introduces a potential tool for invasion of privacy.

More importantly, Global Positioning System (GPS) technology has flooded the market in recent years creating a much more realistic concern. These GPS Trackers (uLocate Trackem, Whereify Wireless) allow a third party to physically install software or a chip on your cell phone and then monitor your geographic location from any PC with complimentary software. More specifically, some programs will not only allow for mapping of location, but will create a real time map or a summary of your movement including stop duration, etc...

The GPS Tracker feature is becoming increasingly common in the market, as a safety feature for individuals wishing to know the whereabouts of their children, partner, or family members.

Again, as a safety feature or as a tool of convenience GPS technology is truly useful. However, it introduces a real tool for the invasion of privacy.

Because technology often develops faster than government legislation and laws that protect a population, many of these concerns realistically lie in a "gray" area with little judicial precedent.

Privacy and Employers:

In a recent American Management Association (AMA) study, employers have been slow to adopt emerging monitoring/surveillance technologies to help track employee productivity and movement. Employers who use Assisted Global Positioning or Global Positioning Systems satellite technology are in the minority, with only 5% using GPS to monitor cell phones; 8% using GPS to track company vehicles; and 8% using GPS to monitor employee ID/Smartcards.

Did you know? If you have a company-issued telephone, it is possible there is GPS Tracker software pre-installed. They could be monitoring your locations during and after work. Your consent would be implicit in you working for them and accepting a company issued phone.

A future source of concern: Radio Frequency Identification (RFID) technology is an emerging tool in the market. The technology allows for a second device, an RFID reader, to read an RFID chip. This chip may contain different types of information.

For example, many manufacturers are currently using RFID technology to keep track of vast amounts of inventory. They use it to help ensure they are never under-stocked and packages are sent to customers.

A more concerning example: The U.S. government is currently researching RFID-embedded passports and driver's licenses. Information regarding your citizenship or your DMV information would presumably be included and readable. The largest current obstacle with use of RFID technology is ensuring security of information. That is, minimizing the likelihood of an ID thief being able to use a RFID reader to steal your personal information.

The good news: realistically, RFID’s aren't of real concern yet. Use on government issued identifications appears to be a few years away. Also, current RFID scanners only have a range of a few feet. The most powerful commercially available is about 300 feet (100 meters).

Know your rights

The law that enables cellular tracking for emergency situations is called: "E911" or Enhanced 911 Wireless Services. It was created by the FCC.

For more information, please visit:

Solutions

Realistically, there is little you can do avoid the Enhanced 911 Wireless Service law. You always have the option of turning off or not carrying your cell phone with you.

You can minimize the threat of a third-party using your cellular phone to track you by:

  1. Monitoring any new or unknown software on your phone. If there's something new or unknown, research it. Although some spyware will not show up as a program on the phone, some still will.
  2. Monitoring any new or unknown hardware on your computer. If it's a physical GPS tracker, check under the battery cover or in the "nooks and crannies" of the phone.
  3. Check with your phone service provider if your account is set up with a tracker/monitor feature. Perhaps a spouse who has access to the account (or manages the finances) set it up, or a third party impersonated you to add the feature to the account.
  4. If you think someone is interested in tracking you, don't physically leave your phone for too long. These programs need arm's reach installation to get onto your phone.
  5. If you think a loved one or friend is interested in tracking you: try talking to them about whatever issues pertain to them possibly wishing to track you! Good communication = peace of mind.
  6. In regards to a work phone, leave the phone at home when you're not "on-call."
  7. Turn your phone off (This will not work for GPS hardware, only software!).

Opt Out -- An Intro

Opting out of all the databases in which your private information is stored will take about half an hour. Following the guidelines provided on the Opt Out pages, you will have the opportunity to opt yourself out of up to 44 databases (your information may not be in all of them).

These are the databases you can be opted out of through our site:

DATA BROKER (26 total)

1) Acxiom
2) Ameridex
3) People Data
4) Zoominfo
5) Address.com
6) FoneCart (also InfoUSA)
7) Super Pages by Verizon
8) Phone Number (also Whitepages.com)
9) Instant People Finders
10) PeopleFinders
11) PrivateEye
12) Public Records Now
13) Reunion.com
14) US Search
15) USA People Search
16) Veromi
17) ZabaTools
18) Harris Digital Publishing
19) Intelius (also owns several subsidiary brands)

DIRECT MARKETING (6 total)

1) Abicus
2) Aristotle / Voter Lists Online
3) Enformion
4) 555-1212.com
5) ChoicePoint Direct Marketing
6) Dex Media

DIRECTORY (12 total)

1) Switchboard
2) AnyWho by AT&T
3) Switchboard (also Dogpile)
4) MetaCrawler (also WebCrawler and Infospace)
5) Google PhoneBook
6) DA Plus aka Directory Assistance Plus
7) Super Pages by Verizon

Some companies are double listed (e.g. Yellowbook.com and Worldpages.com). That's because when you opt out of the database through one company, the other can no longer access it. This is typically due to the two companies being close affiliates, one being a subsidiary, or one company contracting the use of another's database.

Opt Out - Via Email

First, copy the following email addresses and paste them into the "to" field in a new email.

Tip: If you put these addresses in the "bcc" (rather than "to" or "cc") on your email, they can't see that you're sending the same information to other companies as well.

Next, copy and paste this email template into the body of your email. Then change all the information in the brackets to fit your situation.

For example, change [YOUR NAME] to your actual name. Now do the same for: [Address], [Past addresses], [Email], [Phone Number], and [Date of Birth]. When you are finished with that, look over your information and send the message out.

One last step: Don't forget the header of the email. Use "Delete Me from Your Database" as your header.

CONGRATULATIONS! You've just deleted your information from many of the largest data providers!

Opt Out - Via Online Databases

You can't get out of ALL the major databases with email requests. In fact, some of the most important databases won't even read your email. Lucky for you, we'll take the time to walk you through every website that allows you to opt out online.

With any of these websites, if you search your name or phone number and nothing returns, then you are not in their database (that's a good thing).

However, if you do find your information, the following databases are available online to remove your information from being sourced to other providers.

Company Name

Website

Information Required of Customer

555-1212.com

Link

Full name, telephone number, address, email address

Address.com

Link

Removal reason, first name, last name, e-mail address, country, phone

AnyWho by AT&T

Link

First, you need to find out online if the number is in the database. ; then you can call to remove the number (you need to call from the phone number, and the call cannot be blocked - *82)

If your number was on the Anywho by AT&T database, you will need to call them from the phone number you want removed. You need to call from the same number that you want removed and you need to have your call blocking off (you can do this by pressing *82).

Acxiom

Link

Select "US Consumer Opt Out" at this link. Fill out the form on the site and they will mail you an opt out statement.

ChoicePoint Direct Marketing

Link

Name, address, email address, phone. Allows opt out of email, phone, and mail solicitation [check the box(es) of what you want]

DA Plus aka Directory Assistance Plus

Link

First name, middle initial, last name, address, phone number

FoneCart / InfoUSA

Link

Full name, address, phone number.

Google PhoneBook

Link

Name, city, state, check box for removal reason

Switchboard / Dogpile White Pages

Link

Removal reason, first name, last name, email address, address, and phone number

MetaCrawler / WebCrawlers / InfoSpace White Pages

Link

Perform the search first. If you have a listing, click on the name then click the Update / Remove link to the right of the listing. IMPORTANT: After you fill out your information, click the "REMOVE" icon to right NOT the "UPDATE" icon at the bottom (tricky devils!). To verify your request, InfoSpace will send an email message to the address you provided. Once you verify your submission, the listing will be deleted from their White Pages Directory, generally within 48 hours.

Phone Number / White Pages

Link

Removal reason, first name, last name, email address, address, and phone number

Super Pages
Aka Verizon

Link

Removal reason, first name, last name, email address, address, and phone number

Yellowbook.com / WorldPages.com

Link

Select "Delete your residential Internet listing"
Removal reason, first name, last name, email address, address, and phone number.

Zoominfo

Link

Visit website. Search your name under people search, then click on the "Forward" link at the top of your profile, your given email address needs to match their email address for you (if the site has it available), fill out the required opt out information and mail the forward to remove@zoominfo.com.

Opt Out - Via Phone & Fax

Some companies require that you give them a call or fax them in order to opt out of their databases. The majority of them offer other easier ways of opting out, like email or online forms. For companies that offer these alternatives, we used the most convenient for you. There are very few companies that only offer a phone or fax number to opt out: Lucky for you, there's only one of them.

Phone Opt Out:

1) DexMedia Customer Service (dm, dir).
1-800-422-1234. If your number is already unlisted, it shouldn't be in here. This company is a direct market compiler (list makers), and they also create phone directories.

Fax Opt Out:

Take one of your letters from the last section and fax it to the folks at Net Detective. You'll need to include your name, address, any recent addresses, your phone number, and date of birth.

1) Harris Digital Publishing / Net Detective is the only company that only allows opt outs via fax. Fax to 386-736-3882.

Opt Out - Via Postal Mail

You'll have to send in these requests via postal mail. This used to mean a lot of paperwork, but now you can just fill out one simple form, print out several copies, and send them as-is. Of course, you will need to put proper postage on them. It will only take you 5 minutes to fill out the form and print copies, and you won't have to do it again for years!

Open the opt-out request form below and fill out your personal information. Then print out 9 copies. (The form is provided in Microsoft Word or Adobe PDF format.)

Microsoft Word .doc Format:
* Opt-Out Request Form - Click Here * (user: myprivacy1, Password: phone)

Adobe Acrobat .pdf Format:
* Opt-Out Request Form - Click Here * (user: myprivacy1, Password: phone)

Now that you have printed out 9 completed copies of this form, it's time to send them in. Some of the most important database compilers are listed below. Just address standard envelopes, send in your requests...and you're done. There will be two letters left over for the next steps. Send the opt-out letters to these agencies:

Company Name

Opt-Out Address

Peoplefinders

Peoplefinders.com
1821 Q Street
Sacramento, CA 95814

Reunion.com

Reunion.com, Inc.
Attn: Privacy Policy Officer
12100 Wilshire Blvd., Ste 150
Los Angeles, CA 90025

Private Eye / Public Records Now

PrivateEye / Public Records Now – Opt out
15332 Antioch St. # 713
Los Angeles, CA 90272

US Search

US SEARCH Opt-Out
600 Corporate Pointe, Suite 220
Culver City, CA 90230

USA People Search

USA People Search
PO Box 188860
Sacramento, CA 95818

Veromi

Opt-Out/Veromi.net
1821 Q Street
Sacramento, CA 95814

ZabaSearch

ZabaTools
2828 Cochran St., #397
Simi Valley, CA 93065

Opt Out - Via Intelius

The Intelius database is the largest of the consumer data brokers online. If someone is looking for your personal information, this is likely where they will find it. Unfortunately, it takes a little bit of extra work to get out of the Intelius database.

But the good news is that once you've take the necessary steps, your privacy will be safe from strangers and whoever is looking for you.

Intelius supplies people search information for many other companies (sometimes affiliates and sometimes just Intelius doing business under a different name), such as:

1) 99lists.com
2) People Finder
3) People Record Finder
4) Phone Book
5) The Public Records

To remove yourself from the Intelius database, you'll need a copy of a government issued ID (e.g. driver's license) or a notarized form asking for your removal.

Often someone at your bank branch is a Notary. Other likely places to get notarized forms are mortgage broker offices, title company offices, real estate offices, and many copy shops. Also private mailbox places (especially those catering to foreign nationals) often have a Notary on staff.

Your bank will often provide one or two notary sessions at no charge if you are a customer. Any of the other places will do free notary work if you are engaged in a transaction. Otherwise the fee is somewhere between $10-$30, depending on the type of transaction.

Include either of these with your opt-out request form and then fax it to Intelius at (425) 974-6194.

This may seem like a lot of work, but if you're interested in removing your name and information from as many places as possible, this company should rank high on the priority list. Intelius doesn't need your entire driver's license, but they do want to confirm it's you. Cross out your photo and driver's license number. They just need to see your name, address, and date of birth.

Here is their complete removal policy:

"In order for Intelius to ‘opt out' your public information from being viewable on the Intelius website, we require faxed proof of identity. Proof of identity can be a state issued ID card or driver's license. If you are faxing a copy of your driver's license, cross out the photo and the driver's license number. We only need to see the name, address and date of birth. Please fax information to our customer service department at 425-974-6194.If you are not comfortable doing this, you can send us a notarized form proving your identity and we will be glad to remove this public information. Please note removing the data here does not prevent public records from sending us new information in the future. To permanently have your records sealed, you will need to contact your county's records department."

Unlisting Your Number -- Keeping Your Phone Private

So you just deleted your phone number from all these databases; but if you have your phone number listed or publishable from your phone company, they will share it with other companies again. It won't take long before it starts to show up on these websites and databases once more.

When a phone number is publishable, it means your phone company can sell your information to other companies. When a phone number is unlisted, that means your number can still be sold or shared, but it won't be listed in a telephone directory (your telephone company's own directory, or a directory to where your number has been sold).

If you're interested in keeping your phone number unpublished and unlisted, it's fairly simple. Here's what to do:

1) When you sign up for a new phone service, they will give you the option of publishing your phone number AND making it listed or unlisted. Choose "Unpublished" AND "Unlisted." If there is no check box or line for making it non-publishable, then write your request in and verbally tell them you do not want it published in their directories. Your customer service representative may either "unpublish" the number there or will point you to the correct contact person at the company.

2) If you want to change an existing phone number that was listed or publishable, then call your phone service provider. Confirm with them that it's your account, and then request that your phone number is made "Unpublishable" and "Unlisted."

The Do Not Call Registry

If you are receiving too many telemarketer calls, check out the national Do Not Call Registry.

You can place your cell phone and/or landline number on the list in one of two ways: visit https://www.donotcall.gov/default.aspx and be sure to acknowledge the confirmation email, or call (888) 382-1222 and follow their directions.

All persons with a U.S. phone account are allowed to have their phone numbers placed on the Do Not Call Registry. Please allow 31 days from registration confirmation for telemarketers to cease calling. Registry enrollment is valid for 5 years.

One last thing: it is against the law for telemarketers to call cell phones... if it happens to you, tell them they are calling a cell phone and they have to remove you from their call list.

Opt Out -- Credit Cards

Prescreened credit cards are those credit card offers we get in the junk mail. Sometimes we go for days without receiving one, and other days it seems like our mailboxes are filled with them.

1. How do all those companies get my mailing information?

Prescreened credit card offers are a result of your credit score. Your credit score is maintained by the major credit bureaus (Equifax, Experian, and TransUnion). Basically, the majority of companies you have accounts with report to these bureaus. Examples of companies that report to bureaus are numerous: banks, car loans, student loans, utility companies, cell phones, and credit cards. They report your current balance to the credit bureaus and whether you're making your payments on time. These credit bureaus create a score based on your income, your amount of debt, and your track record of making payments (on time or not on time).

Basically, if you've ever applied for a credit card, a loan, to become a renter of a home, or for any other large financial contract... they contacted one of these four credit bureaus for your credit report.

A company (creditor or insurer) in search of customers will establish a certain set of criteria—the simplest just being a minimum credit score—and will ask a credit bureau or a consumer reporting agency for a list of prospects that match those criteria.

These credit bureaus and consumer reporting agencies rent their customer lists, delivering customers that meet certain criteria to a company that offers prescreened credit card offers (could be prescreened loan or mortgage offers, or what have you).

2. So how do I opt out of them selling my name in the future?

The major credit bureaus allow you to opt out of prescreened credit cards by:

a) Going to https://www.optoutprescreen.com/opt_form.cgi

You'll need your name, address, and social security number.

b) You can also opt out by calling (888) 5OPTOUT. With this single number (888-567-8688) you can call to opt-out of all of the prescreened credit cards. It is available in English and Spanish.

c) Or you can opt out by contacting all of these companies.

Equifax Options, Marketing Decision Systems

o By phone: ( 888) 567-8688
o By mail:
Equifax Credit Information Services, Inc.
P.O. Box 740241
Atlanta, GA 30374

Experian Marketing Solutions

o By phone: (888) 246-2804
o By mail:
Online Privacy Team
Experian
475 Anton Blvd.
Costa Mesa, CA 92626

TransUnion

o By phone: (888) 567-8688
o By mail:
TransUnion Name Removal Option
P.O. Box 97328
Jackson, MS 39288

If you mail the information, include the following information with your request: First, middle, and last name (including Jr., Sr., III), current address, previous address (if you've moved in the last six months), Social Security number, date of birth, and signature.

Once you opt-out, your name will be removed from the prescreen database for 5 years. If you would like a lifetime opt out, you can fill out the request on their website, then just print and sign the "permanent opt out" portion.

Junk Mail

To stop junk mail, the single most important tool is the Direct Marketing Association's (DMA) Mail Preference Service (MPS). The DMA is the "hub" association for the vast majority of direct market advertising companies in the United States. When you register for this list, they will put you in a "Do Not Mail" file which is distributed to member direct marketing agencies quarterly.

It will cost you to join this list. But it costs only one dollar. The DMA does this so only people who are serious about being removed from the list actually do it.

You have two choices when you join this list.

The easier option:

Register online at www.dmaconsumers.org/cgi/offmailinglist. In the registration materials, they ask for your credit card information and will charge the $1 to the card. The DMA states that this option is faster than mailing in your registration.

The other option:

Mail in your letter (here's a sample letter- www.privacyrights.org/Letters/jm1a.htm) with your $1 check or money order to:

Mail Preference Service
Direct Marketing Association
PO Box 643
Carmel, NY 10512

By registering for this service, your junk mail will be greatly reduced in less than 3 months. This is because the DMA updates the file every month and then mails it out quarterly. Some direct marketing companies update the list monthly. However the maximum update interval is 3 months.

Who is not included in the Mail Preference Service?

  • Companies you regularly do business with. (Because this creates a "business relationship" with them, so they can contact you, however you typically can opt out of direct mail upon signup). For example, many people in the U.S. do business with Wal-Mart. If you have ever signed up for any service with Wal-Mart, you may receive advertisements from them because you've created a "specific business relationship" with them.
  • Some magazines
  • Many charities
  • Professional associations

Opt Out Policies

Direct marketing and data broker companies have different opt out policies because they are not required to have a standardized policy by any law. Currently, the law only states that there needs to be an out option in the terms and conditions portion of any contract you sign (when they reserve the right to sell your information). But the law does not state that the opt out policy needs to be via checkbox, email, website, letter, fax, or whatever.

Basically, when you opt out of direct marketing or data broker databases, you opt out of your name being sold... and they lose money. Direct marketing agencies and data brokers (just like most businesses) don't like to lose money.

Some companies greatly respect privacy and make it very easy to opt out of their databases with a simple email or a web form. But there are also a large number of companies that may allow opt outs, but they make it challenging. Some examples of challenging procedures are: certain companies make you fax a copy of your driver's license to them, some will only allow you to opt out if you are victim of identity theft, while others only delete your information from their database if you are a member of a law enforcement agency or have a restraining order against somebody (in all cases, you may be in personal or financial danger because your information is available).

The good news is: We have spent months putting together all the information in one place, and we will take you through the opt-out procedure for nearly every available database in the United States.

Some companies require a higher amount of resources from people who wish to opt out. We will take you as far as we can, and do everything in our power to help opt you out of these databases.

Why some data brokers will not allow an opt out--

All direct marketers offer some form to opt out from their marketing. Not all data brokers offer opt outs however. I believe this shows a lack of respect for consumer privacy and it's simply a bad business practice. Nonetheless, there are companies out there that don't offer opt outs.

When inquired as to why they don't offer an opt out, the most common response is that "our source data comes from open public records." Next, they will tell you if you're interested in removing your data, you should "go to the source." This typically means going to the courthouse or whichever government group holds the record and sealing the record. Public records can be very difficult to seal.

So, they are not doing anything illegal by not offering an opt out, but frankly it's just bad business.

Sealing Public Records with Your Private Information

To seal public records, here is the common procedure:

1) You must file an individual petition and pay a fee for each case or incident you want sealed. The fee varies from jurisdiction to jurisdiction. This typically occurs at the county courthouse level.

2) After you get the necessary forms, you next must determine whether you are eligible to have your record(s) sealed. You are eligible to have your records sealed only if:

  • You were not charged
  • The case against you was completely dismissed
  • You were acquitted of all charges
  • And FYI, no criminal justice information involving a conviction may be sealed

3) It is your responsibility to specify in your petition(s), which criminal justice agency(-ies) has a copy of your record(s).

4) Here are some things the records may include:

  • The police contact report
  • An arrest report
  • An indictment, case information, summoning documentation, complaint documentation, and any case data associated with it
  • Any other record held by a criminal justice agency regarding the incident

4) You may not petition to seal any records of cases involving a conviction on a
DUI (driving under the influence) or DWAI (driving while ability impaired) and certain traffic offenses and infractions.

5) After the petition is filed and the fees are paid, the court sets a hearing date. Each agency that you listed on the petition will receive a notice of the petition and the hearing. If the court decides to grant your Petition to Seal Arrest and Criminal Records, it orders the record to be sealed.

When you do all of this, and you have successfully sealed your public record.

Data Brokers

Your personal information is more places than you may think. People who aren't reading this page, in their naïveté, probably believe that the only companies out there with their information are the companies with which they are currently doing business: banks, credit cards, utilities, cell phone companies, all the way to the websites they have signed up with like Amazon.com and eBay.

What they don't know is that very frequently, within the fine print (that is, the Privacy Policy and Terms & Conditions Agreements) of their account contract, the company states that they may sell customer information to other companies who are selling marketing products.

They do this legally.

Now I want you to think about the past month of your life... and think of how many brand new services you signed up for (that is, new products that required registration). You may have signed up for these services via phone, in person, via mail, or over the internet. For me, within the past 30 days I have signed up for:

1) An iTunes account (got with the times a few years late)
2) A Safeway Rewards card
3) A member account at a hip clothing store: American Apparel
4) One print magazine subscription: The Economist
5) One online free newspaper profile: The Washington Post
6) A new email address at Gmail
7) A new credit card because my introductory APR was raised on my old one
8) A new cell phone provider, Verizon

That's eight new services I signed up for in the past 30 days (that I can remember). Consider that any of these companies could (and do) have contracts with direct marketing firms who may be collecting your information.

The reality is: the direct marketing industry is thriving because NOBODY ever reads the fine print in their account contracts.

Click here to see an example of the fine print.

Now think about all the junk mail you get. Even if your phone number and address are unlisted in your local phone book, don't you wonder how all these random companies get your information?

Companies that purchase this information and use it are frequently direct marketers.

What is direct marketing?

The direct marketing industry is a multi-billion dollar juggernaut in the United States. Basically, direct marketing companies will contract from company to company (such as Safeway and AT&T) and collect their respective customer lists, then compile them into their own direct marketing proprietary database, at which point they may resell it to other companies that thrive on customer leads or use it themselves.

Basically, information is sold from company to company below the public radar...and it is completely legal. It's just one of those things that happen in America.

Is the company required to tell you anything if they are going to sell your information? What is the government doing to protect consumers? To get some answers, click here.

Each additional name on a customer list and each additional chunk of information increase the worth of the databases when they are sold. So your information can be sold for the purpose of marketing new products to you, but there is also one other main use.

What is data brokering?

The data brokering industry is based simply on maintaining and selling libraries of information on people. This information is then sold for various purposes including: criminal records checks, background checks, address verification, classmate finders, job screening, and more. Once again, the buying and selling of all these libraries largely goes on below the public radar with minimal government oversight and is completely legal.

Much of this information is public, meaning it is available from government agencies or it is termed "directory information" from utility companies. Directory information is defined as your name, your address, and your phone number (if not "unlisted").

Examples of government-kept public information are: marriage & divorce court records, criminal records, real estate records, and driving records.

Why is data brokering necessary?

What are the dangers?

The greatest risk that you face as a result of the data brokering industry is not the prospect of a telemarketer interrupting your Yankee pot roast. Rather, identity theft can be made easier by the sheer availability of all this information (that is by purchase or by stealing).

These personal information libraries are the picnic, and identity thieves are the ants.

There have been several cases in recent years of serious breaches of brokers' databases, which have resulted in an enormous hemorrhage of personal information into the hands of persistently creative criminals. Once a thief has the basics about you, he or she can then go on to pose as you. While they accumulate credit, high-end merchandise, and everything else imaginable, you accumulate nothing but debt and a dismal future.

So, what can you do to protect yourself?

1) Learn how to read a Privacy Policy and Terms & Conditions Agreement:

The meat of what you're after is usually located in the Privacy Policy. Look for key words that companies often use to describe who it is they're selling your data to.

Such entities are often called subcontractors, service providers, affiliates, third parties, non-affiliated third parties, etc. While some of these are completely necessary relationships (like the outsourced billing company they use)... some of these relationships may be to direct marketers or data brokers. So take the time to read the company's definition of these ambiguous entities.

One might wonder what the point is of taking time to read these mind-numbing pamphlets. What makes the eye strain worthwhile is that companies may state in the fine print that they do not share your personal data with these third parties. Although it may necessitate LASIK eye surgery, it is your job nevertheless to read and accept the contract agreements. Those that do will oftentimes have instructions or links on how to opt out of some or all of this process.

2) Ask that your public servants serve you:

While you're online signing up for that new product or service, take a stroll on over to your friendly state or federal representative's webpage. Even the most out of touch politician will usually maintain their presence on a small tidbit of internet turf. Many of you may firmly believe that contacting your elected officials is a pointless exercise. My mother would be proud that I'm about to type this: if more people actually took the time to express their views to their congressmen and women things might change.

3) Contact the data brokers and direct marketers themselves:

Opt out of their databases. Unfortunately, data brokers and direct marketers usually have different opt out policies (that is, there is no standardized way to opt out, each company makes their own). None the less, deleting your data from marketing and broker databases is an important way to protect your privacy, safeguard your family, and keep your "secrets" safe.

The Necessity of Data Brokering

Employers and police agencies use the information they obtain from data brokers to screen potential employees and investigate crimes, respectively. This may seem unsettling in itself at first glance.

However, when looked at from the employer's or the detective's point of view the need for this resource is clear. Should an employer simply ignore a potential way to screen out a drug addicted pre-hire? Would you feel comfortable knowing that your police department wasn't pursuing every possible resource for solving a crime?

The answers to these questions make it clear why the data brokering industry is necessary. That said, the information is used for more than just these noble purposes. Basically, this information may be sold to whoever has the money.

Legal Issues

Why are Direct Marketing and Data Brokering legal? When is it illegal?

Fundamentally, direct marketing and data brokering are legal and most of their practices look to stay legal for the foreseeable future. Basically, there is so much money being made, that governmental changes have largely failed. This type of information used to be very fragmented across the nation. However, with the growth of technology, databases have evolved to include more and more information. Once courthouse and other public records are digitized, they can be duplicated and sold.

Is the government concerned with data brokering?

Over the past three years approximately twenty bills have been proposed in Congress with roughly the same goals in mind. See www.GovTrack.us for more information. The main gists of these bills have been:

  • A company failing to reveal the breach of a database would be criminalized
  • Citizens would gain the right to view and amend any of their personal information possessed by data brokers
  • Data brokers would be forced to initiate their own internal security as well as notify citizens when a breach affecting them has occurred
  • The selling of Social Security Numbers or their required use as identification tags for customers would be forbidden
  • The government itself would be required to regulate and police its use of information obtained via data brokers

These all sound like great ideas. Unfortunately, as of September 2007 all but the two youngest of these bills have perished like neglected goldfish. Each bill has been proposed, and then routinely no vote has taken place. After a session of Congress all bills not voted on are binned. Politicians seem to grasp that improvements in this sensitive area are needed and wanted by the American people, yet the inaction of both Parties continues to put all of us at risk.

Not even disasters in our own backyard have spurred any change. Case in point: the loss of data on over 26 million U.S. Veterans that occurred last summer. Each veteran received a letter from the Veterans Administration. Other than that not much else has been done.

Is the government concerned with direct marketing?

Government concern for direct marketing has mostly focused on telemarketers. Telemarketers have gotten a lot of attention for disturbing people in their homes and aggressive tactics. The Federal Trade Commission created the Do Not Call Registry in response. The registry prohibits telemarketers from calling you. You'll have a chance to sign up for the registry a bit later.

You can place your cell phone and/or landline number on the list in one of two ways: visit https://www.donotcall.gov/default.aspx and be sure to acknowledge the confirmation email, or call (888) 382-1222 and follow their directions. All persons with a U.S. phone account are allowed to have their phone numbers placed on the Do Not Call Registry. Please allow 31 days from registration confirmation before telemarketers to cease calling. Registry enrollment is valid for 5 years.

What do the laws actually state?

The two relevant laws are the Fair Credit Reporting Act (FCRA) and the Gramm-Leach-Bliley Act (GLBA). The FCRA states that if companies are going to sell information to third party affiliates—such as direct marketing or data broker companies—they must provide the customer with an opt out notice. Neither the language of the opt out notice nor the actual opt out method are specified. The opt out means that customers can say "NO" to allowing their information to be shared with other companies.

The opt out does not apply to: information shared with those companies providing priority services to the company (like billing or shipping), marketing of products or services for the company (that is, the companies marketing itself), and when the information is deemed legally required (information will be given if a law agency has a subpoena).

The GLBA requires that a privacy policy is issued to customers at the time of sign up, made available to customers, and customers are informed any time there is a significant change to the policy. The opt out option created by the FCRA act must be in the privacy policy.

Your Online Information

Any information you put online in a public place becomes public. Remember, it's digital; once it's created, it's duplicatable. Most certainly, once information is posted on the World Wide Web... it's public.

Even if you delete your comments or the excessive personally identifiable information you've posted, many online companies archive sites on the internet. The majority of the World Wide Web is archived. To get an idea of what I'm talking about, check out this site.

This means most information out there is available to be copied. Anything you post online basically becomes public information.

The exceptions are: online community profiles that have privacy settings turned on (key words: "turned on," they're not good if they're not turned on), commerce transactions (secure socket layer web transactions) when you purchase things, and any account you have that requires a password (assuming you're not posting to a public space with the account).

Online communities pose a whole new set of interesting issues. These communities are everywhere from your social networking profile to your YouTube feedback profile (I think of this every time I see a racist or particularly ignorant comment on their site... identities are so easily traceable).

What exactly are online communities?

An online community is loosely defined as a group of people that primarily interact over the internet rather than face-to-face. There are multitudes of ways to interact over the internet. Some of the most common ways that average computer users interact are:

Consumer feedback sites: Allow users to buy from a site while interacting. Examples are eBay.com and Amazon.com.

Blogs: Short for web logs. They allow users to chronicle entries, that is, put a personal journal online to be viewed by the public. Visitors can leave comments for the blog writer about particular entries. Examples are Blogger.com and many people "in the know" site Facebook.com and Myspace.com as blogs for their blogging features.

Bulletins/Message Boards: These are groups in which you have a profile, and submit information/commentary onto their message boards or forums. PoliticalForum.com and IGN.com are examples.

P2P (Peer-to-peer) networks: Are very popular and focus on connections between computer users on the network (rather than a large amount of network serves). Kazaa, Morpheus, Napster, and Limewire are examples.

Social Networking: A booming market. Most popular are: myspace.com, facebook.com, and linkedin.com

Rating sites: Allow users to flag, rate, or bookmark articles and websites on the internet. Ideally, this helps users decide and find what's "hot" on the Web. Examples are Digg.com, and Rateitall.com.

UseNet’s: These include online groups you join based on a specific topic. Google Groups and Yahoo! Groups are examples.

Wikis: Are a collaborative form of online community information. The Wiki flagship is Wikipedia, the largest encyclopedia ever (we're talking 7.5 million articles in 253 languages).

What should you be aware of when you join a community?

Think about it. Online communities require a username, email, and password (at the least) in order to contribute. Many ask for a lot more information than that, but these are the essentials. They may ask for gender, birth date, addresses, educational information, phone numbers (home, cell, work), Instant Messenger names, and even more.

Now really think about that. This is a direct marketer's (telemarketers, junk mailers, and customer information brokers) and data broker's dream find. It can be sold by the owner of the website (read the privacy policy to find out) or there is technology out there that allows from the scrapping and storage of your information from the site.

Second, consider that many of these profiles are public and the comments you leave are available in public spaces. The bottom line: 1) don't post information that you're not comfortable sharing with complete strangers, and 2) read the privacy policy when you join these sites.

Remember that comments you post are permanently recorded on the community site.

The more you reveal in your online profiles, blogs, and posts, the more vulnerable you are to data harvesters... not to mention scams, spam, and identity theft.

Sample Privacy Policies

A good guy:

Some companies have straight forward, no nonsense policies. A great example of this is Amazon.com. As of September 2007 their Privacy Policy regarding the selling of your information to direct marketers was:

Does Amazon.com Share the Information It Receives?

Information about our customers is an important part of our business, and we are not in the business of selling it to others. We share customer information only as described below and with subsidiaries Amazon.com, Inc. controls that either are subject to this Privacy Notice or follow practices at least as protective as those described in this Privacy Notice.

Affiliated Businesses We Do Not Control: We work closely with our affiliated businesses. In some cases, such as Marketplace and Auctions sellers, these businesses operate stores at Amazon.com or sell offerings to you at Amazon.com. In other cases, we operate stores, provide services, or sell product lines jointly with these businesses. Click here for some examples of co-branded and joint offerings. You can tell when a third party is involved in your transactions, and we share customer information related to those transactions with that third party.

Third-Party Service Providers: We employ other companies and individuals to perform functions on our behalf. Examples include fulfilling orders, delivering packages, sending postal mail and e-mail, removing repetitive information from customer lists, analyzing data, providing marketing assistance, providing search results and links (including paid listings and links), processing credit card payments, and providing customer service. They have access to personal information needed to perform their functions, but may not use it for other purposes.

Promotional Offers: Sometimes we send offers to selected groups of Amazon.com customers on behalf of other businesses. When we do this, we do not give that business your name and address. If you do not want to receive such offers, please adjust your Customer Communication Preferences.

Business Transfers: As we continue to develop our business, we might sell or buy stores, subsidiaries, or business units. In such transactions, customer information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Notice (unless, of course, the customer consents otherwise). Also, in the unlikely event that Amazon.com, Inc., or substantially all of its assets are acquired, customer information will of course be one of the transferred assets.

Protection of Amazon.com and Others: We release account and other personal information when we believe release is appropriate to comply with the law; enforce or apply our Conditions of Use and other agreements; or protect the rights, property, or safety of Amazon.com, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. Obviously, however, this does not include selling, renting, sharing, or otherwise disclosing personally identifiable information from customers for commercial purposes in violation of the commitments set forth in this Privacy Notice.

With Your Consent: Other than as set out above, you will receive notice when information about you might go to third parties, and you will have an opportunity to choose not to share the information.

They do a great job of explaining in non-cryptic, simple language what their objectives are and what their customers can expect. The clear kicker is in the first line of the policy when they say: "Information about our customers is an important part of our business, and we are not in the business of selling it to others." That is the kernel of what you need to hear.

A bad guy:

By comparison, here is the privacy policy of a company that doesn't do such a good job (that is, they're shady):

"[Insert company name here] does not sell, trade, or otherwise disclose customer lists or information to unaffiliated third parties without your permission."

This is taken from an actual company but also is the general language for the guys who end up selling your stuff. Basically, they say they won't do it without your permission, but your permission is given if you don't check a tiny box at the end of their user agreement. That is, in most cases, your permission is tacit or unspoken and assumed. This company is not explicitly stating they are not interested in selling your information.

1 comment:

floraaketch said...

"Affiliate Marketing is a performance based sales technique used by companies to expand their reach into the internet at low costs. This commission based program allows affiliate marketers to place ads on their websites or other advertising efforts such as email distribution in exchange for payment of a small commission when a sale results.
www.onlineuniversalwork.com

latest trend"