Issues

The Cost of Access

The Internet has become a platform of societal interaction: an information repository, communication tool, commercial-space, and a location for self-brand promotion. Internet web platforms provide users with petabytes of data at their fingertips, and thus provide opportunities for commerce, research, and societal interaction, all at what appears to be no cost. However, access is not free. When an individual accesses their email, a web search platform, online banking, or any other Internet service, the cost of access is the collateral divulging of data – data that has immense value.

Online PrivacyData has value

© Copyright, Potomac Institute Press 

Global digital data is doubling yearly, and individual consumers create the majority of that data, producing in essence, digital footprints. These individual digital footprints – downloads, e-mails, cell-phone readings, “likes,” tweets, clicks, and purchases – on their own provide relatively esoteric indicators of a particular individual. However, big data, by fusing information flows with insights derived from behavioral science, allows advertisers, search engines, and social media platforms to predict and model human behavior.

As data begins to reveal more information about individuals, its value and impact on individuals will increase. Indeed, the value derived from data has already been compared to 18th century commodities, such as oil1 or 17th century power derived through land.2 Data is the 21st century equivalent of oil or land – an asset that corporations and governments alike are trying to tap.

Privacy Fix, an app developed by the security software company AVG, has attempted to estimate how much a specific individual’s data may be worth to some of the Internet’s largest tech giants. In 2014, the company estimated that the most valuable Facebook users generate about $37.98 in revenue per year, while an average Google user is worth about $223 in revenue per year.3 Multiply those figures by Facebook and Google’s nearly 700 million and 1.7 billion users respectively, and it becomes exceedingly clear that personalized data has immense value.

The cost of access

While the sharing of data has facilitated healthier living, smarter cities, more effective disease control and prediction, and any number of other benefits4, there is a cost, a darker underbelly to the sharing and accumulation of personalized data.

In a 2014 report by the World Privacy Forum5, Pam Dixon and Robert Gellman note that data brokers, analytical firms, and retailers are using personal data to create hundreds of inaccessible consumer scores, ranking individuals on the basis of their perceived health risk, likelihood they will keep their job, and their supposed propensity to commit fraud. Data brokers have been known to use data to sort individuals into marketable categories: potential inheritor, diabetic, senior needs, low credit, etc. Companies such as InfoUSA have sold lists of “gullible seniors.” Others, such as Teletrack – which was later fined by the FTC – sold lists of people who applied for nontraditional credit, such as payday loans, to companies who wanted to target high-risk consumers for poor financial deals. The use of secret consumer scores and data profiles can cast an indelible stain on individuals, and are becoming sources of classification, profiling, and discrimination.6 For example, in 2011, Google explained how consumers with “high value profiles” received bids by corporations for targeted advertisements to their profiles.7 Meanwhile, consumers with “low-value profiles,” often received no bids at all. Jeff Rosen of George Washington Law warns that this will essentially eliminate a free and open marketplace; as consumers will no longer “haggle” with sellers on equal terms, while being unaware of what discounts and prices other preselected individuals are being offered.8 Even more problematic is the fact that these consumer scores could affect an individual’s eligibility for a new job, a loan, credit, or affordable insurance. In short, one could see the emergence of a class of “digitally disenfranchised” individuals, whose prospects and ambitions are limited or denied due to the existence of “digital scarlet letters.”

PrivacyPerhaps more troubling than the profiling itself, is that these profiles are often wrong. Indeed, the Economist ran a blog on the increasing backlash against big data, noting three mainstream criticisms of big data.9 While big data criticism is not an attack on the data itself, it is a critique on the numerous perceived deficiencies of data analytics. Data analysis can come to erroneous conclusions and correlations. In a conversation with an insider from a data aggregation and profiling site, the person revealed that the company’s labeling is correct only 40% of time.10 While an accuracy rate of only 40% may not seem like a big deal when Amazon is using individual data to tailor-make book recommendations, a 60% error rate looks a whole lot more disturbing when that same data is then used to determine job eligibility and proclivity to commit crime.

The cost of data insecurity

However, it is not just the misuse or profiling of individuals through their data that come at a cost, the storage of that data also poses significant risk.

In 1998 a group of hackers called LOpht warned Congress that “if you are looking for security, then the Internet is not the place to be”11 – computer software, hardware, and networks had not been designed with security in mind. Seventeen years later, not much has changed. Melissa Hathaway, the former acting director for cyberspace at the National Security Council, and John Stuart, Senior Vice President of Cisco, notes that there are currently “no standards – much less enforceable ones – for devices connecting to the Internet, aside from those inconsistently created by network operators. In addition, entire industries are building connectable devices with little to no experience or history in building (secure, resilient, well-engineered) connectable devices.”12 The devices, software, hardware, and networks by which people access Internet platforms are inherently insecure, and this insecurity puts data at significant risk.

Indeed, in the past six months, nearly 91 million consumer social security numbers were compromised through the corporate breaches to Premera Blue Cross and Anthem. However, that pales in comparison to the EBay and Home Depot 2014 breaches that compromised 145 million and 109 million consumers respectively.13 In 2013, the number of breached records grew by 350%, resulting in over half of the US population’s personal information being exposed.14 The Center for Strategic and International Studies estimates that the annual cost to the global economy from cybercrime is more than $400 billion.15 Data breach and cybercrime can have wide reaching implications for individuals, resulting in financial loss, identity theft, intellectual property (IP) loss, and the erosion of consumer confidence and trust.

Moreover, as the recent Office of Personnel Management (OPM) hack highlights, governments’ stores of personal information are not immune to breach. The OPM breach, which could affect up to 32 million Americans, and likely involves at least 4 million government clearance application (SF-86) forms, has been labeled by some as “w0rse than the Snowden affair.”16 The personal nature of information in the SF-86 – foreign contacts, past employment and residencies, credit history, drug-use, travel, among other information – makes the documents the “crown jewels” of intelligence.17 They reveal an individual’s vulnerability to blackmail or recruitment. Moreover, sensitive details about an individual’s interaction with foreign nationals could be used against those nationals in their own country. While the breach of this data inevitably is a cost to government, it is also of significant cost to those individuals and foreign nationals whose privacy was violated.

As government, industry, and academia shift toward digitizing, marketing, and selling information, they have passed the cost of access to the consumer. Although online accessibility is presented to the consumer as a convenience, the consumer incurs the cost and associated risk of practice.

The cognitive aspects of "free" productsCosts

In light of these costs, it is problematic that people are not wired to rationalize the potential downsides that arise from using these services and platforms.  A study by Kristina Shampanier et al. shows that people offered a choice between a 1-cent Hershey’s or a 26-cent Ferrero chocolate will generally prefer the Hershey’s, but that when they are offered a choice between a free Hershey’s and a 25-cent Ferrero, there is a significant increase in their preference for the Hershey’s.18 While the actual monetary value of both types of chocolate decreased at the same rate, the participants’ behavior indicated that they perceived additional value in the free Hershey’s. Even when the Hershey’s price is held constant at zero, and the Ferrero price is reduced by a significant amount, people still prefer the free chocolate. This effect was replicated across a wider range of products with heftier prices as well. The reduction of a price to zero has a more powerful effect on behavior than a significant price reduction for another item that still has a positive price.

While the study of consumer choice with Hershey’s chocolate may appear to be vastly different from individual access to Internet platforms and services, it does provide insight into consumer behavior when a product or service appears to be free. The fact that these Internet services appear to be free is disproportionately affecting individuals behavior and choices. Individuals need to be conditioned to realize that access to Internet platforms and services do come at a cost.

A way forward?

While the Internet and its associated platforms yield immense societal and economic benefits, access does come at a cost. The onus is on individuals, corporations, and governments to mitigate the risks. The following are suggestions for each stakeholder.

Government:

  • Regulating for Corporate Notification of Data Sale: Governments should pass regulations that require corporate notification and permission to sell individual data to third party data-brokers. This would provide individuals some transparency into the location and use of their personal data, particularly data that was not exchanged for access.
  • Regulating Against Data Profiling: Government regulation should be put in place that protects individuals from opaque corporate profiling. Similarly to a credit score, individuals should be able to access and contest their “big data scores.”
  • Secure System Accountability: Congress and the Executive should move quickly to hold accountable agencies that do not secure their systems. Person- al information on former employees should have an expiration date, whereby that data is deleted from government databases. It may be wise for the government to rethink what data they digitize, in an era where most information in accessible and “hack-able,” perhaps some information should remain off of computer servers.

Corporations:

  • Developan Underwriters Laboratoryfor Internet Connected Devices: Corporations could be incentivized to create an independent group, or tech-equivalent to an Underwriters Laboratory for Internet connected devices.19 The first underwriter’s laboratory was created in 1894 by William Merrill to ensure the safety of electrical devices. Today the underwriters laboratories provide safety related certification, validation, testing, and inspection to seven business areas, prior to providing their stamp of approval on a given product. An Underwriters Laboratory for Internet connected devices could incentivize corporations to manufacture products for security versus marketability.

Individuals:

  • Educating for Data Risk: Individuals need to approach Internet access with cost in mind. While Internet users should not cease use, users should become more informed about their data and associated risks to that data. Educating oneself is the first step in protecting one’s data.
  • Practice Adequate “Cyber Hygiene”: From a data profiling perspective, individuals should refrain from taking online quizzes that ask personal information in exchange for “free services” or games. Individuals that use social media platforms should be aware that they might be relinquishing ownership of their data. At the very least, individuals on these platforms should be cautious of their privacy settings. Search platforms such as DuckDuckGo do not collect data on personal searches and can be used as a mechanism to prevent corporate surveillance and data accrual.
  • Secure (to the best of your ability) Your Digital Assets: From a data security perspective, most states offer quarterly credit score checks for free, individuals that use online banking or credit cards should track their credit carefully for early warning of identity theft. Credit cards have better protections than debit cards and therefore individuals should be cautious of using their debit cards for online transactions.

While these suggestions are certainly not meant to be exhaustive, their implementation could provide a framework for consumer protection moving forward. Today, consumer risk and digital access are intermingled, and cannot be viewed as separate entities. In the future, as the “Internet of Things” becomes a ubiquitous reality – and more of our critical services are connected to the Internet – consumers (and their data) will be increasingly at the mercy of those devices and platforms. There will always be a cost incurred for the benefits afforded by connecting our lives and our things to a digital universe of seemingly free access. The real question, moving forward, should be at how steep of a price?

Notes

  1. Joris Toonders notes, “Like oil, for those who see data’s fundamental value and learn to extract and use it there will be huge rewards.” See: Joris Toonders, “Data is the New Oil of the Digital Economy,” Wired (July 2014).
  2. Jennifer McArdle draws a comparison between the determining element of power in 17th century pre-industrial England, land, and data in the 21st century. See: Jennifer McArdle, “Rethinking Property in the Digital Era,”  National Interest (May 2014).
  3. Cotton Delo, “How Much Are Your Really Worth to Facebook and Google?” Advertising Age (May 7, 2014).
  4. For more information, see: Alex Petland, Social Physics: How Good Ideas Spread–The Lessons from a New Science (New York, New York: The Penguin Press, 2014).
  5. Pam Dixon and Bob Gellman, “The Scoring of America: How Secret Consumer Scores Threaten Your Privacy and Your Future,” World Privacy Forum (December 2014).
  6. Bruce Schneier, Data and Goliath (New York, NY: W.W. Norton & Company, Inc: 2015) p.52.
  7. IAB, Google, and Forrester, “The Arrival of Real Time Bidding,” Slideshare (June 16, 2011).
  8. Jeff Rosen, “Who Do Online Advertisers Think You Are?” The New York Times (November 30, 2012).
  9. The Economist identifies three criticisms that are “not intrinsic to data…but endemic to data analysis.” The first, “are biases inherent to data…Second, some proponents of big data have claimed that theory (i.e. generalizable models about how the world works) is obsolete. In fact, subject-area knowledge remains necessary even when dealing with large data sets. Third, the risk of spurious correlations–associations that are statistically robust but only happen by chance–increases with more data.” See: “The Backlash against big data,” The Economist (April 14, 2014).
  10. Author interview with data insider (April 2014).
  11. Craig Timber, “A Disaster Foretold–And Ignored,” The Washington Post (June 22, 2015).
  12. Melissa Hathaway and John Stuart, “Taking Control of Our Cyber Future,”  Georgetown Journal of International Affairs (July 25, 2014).
  13. Keith Collins, “A Quick Guide to the Worst Corporate Hacks,” Bloomberg (March 18, 2015).
  14. “2013 Cost of Data Breach Study: Global Analysis,” Ponemon Institute (May 2013).
  15. Center for Strategic and International Studies, “Net Losses: Estimating the Global Cost of Cybercrime,Economic Impact of Cybercrime McAfee (June 2014).
  16. Ryan Evans, “Why the latest government hack is worse than the Snowden affair,” The Washington Post (June 17, 2015).
  17. Ibid.
  18. Kristina Shampanier, Nina Mazar, Dan Ariely, “Zero as a Special Price: The True Value of Free Products,” Marketing Science 26.6 (November-December 2007) 742-757.
  19. See: Melissa Hathaway and John Stewart, “Taking Control of Our Cyber Future,” Georgetown Journal of International Affairs (July 25, 2014) and Craig Timber, “A Disaster Foretold–And Ignored,”  The Washington Post (June 22, 2015).