Jamie Bartlett

iSPY: How the internet buys and sells your secrets

Every year you give away up to £5,000 of data online. The greatest heist in history isn't about stealing money, but taking information

iSPY: How the internet buys and sells your secrets
Text settings

You probably have no idea how much of yourself you have given away on the internet, or how much it’s worth. Never mind Big Brother, the all-seeing state; the real menace online is the Little Brothers — the companies who suck up your personal data, repackage it, then sell it to the highest bidder. The Little Brothers are answerable to no one, and they are every-where.

What may seem innocuous, even worthless information — shopping, musical preferences, holiday destinations — is seized on by the digital scavengers who sift through cyberspace looking for information they can sell: a mobile phone number, a private email address. The more respectable data-accumulating companies — Facebook, Google, Amazon — already have all that. Even donating money to charity by texting a word to a number means you can end up on databases as a ‘giver’ — and being inundated with phone calls from other noble causes. Once your details end up on a list, you can never quite control who will buy them.

As you surf the web, thousands of ‘third-party cookies’ track your browsing habits. Then there’s your smartphone, which can log information every waking and sleeping moment. Quintillions — yes that really is a number — of pieces of data are being generated by us, about us. Look at Facebook. In a typical week, its users upload 20 billion items of content — pictures, names, preferences, shopping habits and other titbits: all information that can be stored and later employed to help advertisers.

It is perfectly legal for companies to spy on us, and it is very lucrative. Some analysts estimate we’re each giving away up to £5,000 worth of data every year. A worldwide industry has emerged over the past decade that is dedicated to finding new ways of extracting and analysing this bounty. ‘Data brokers’ operate enormous clearing houses which buy, analyse and then sell online and offline data. One of the largest, Acxiom Corporation, is believed to hold information on about 500 million consumers around the world, and has annual sales of more than $1 billion. Many of the big social media companies, including Facebook, work closely with these data brokers — cross-referencing your status updates against postcodes or loyalty-card data from shops. From thousands of fragments, they can build a remarkably detailed  picture of you.

A little further down the chain, companies are scooping up your tweets or Facebook posts, analysing them and selling on the results for a hefty fee: this week Sony paid $200 million for a company that does exactly that. This doesn’t just affect exhibitionists on Facebook; if you’ve completed the electoral register, your home address could be only a click away for anyone vaguely interested.

This harvested data can be used to figure out your probable location and guess at your consumer behaviour. In one infamous case, a US supermarket responded to a young female customer’s purchases by offering her vouchers for various pregnancy products: these were intercepted by an unsuspecting and very irate father. In another, a GPS service designed to help drivers find quick routes was also selling the information to the Dutch police, who could use it to work out who was breaking local speed limits. Each year, the Little Brothers get cleverer.

This makes it easier than ever for companies — and even politicians — to pin you down with personalised and effective marketing, messages and offers. The Labour party has recently hired one of Barack Obama’s digital gurus, Matthew McGregor. Don’t be surprised to see creepy targeted ads from Dave, Ed and Nick at the next general election, based on some innocuous comment you might have made on your Facebook page about wind farms.

How worried should you be? Having slightly less irrelevant ads popping up on your screen hardly amounts to a sustained attack on your freedom. Data brokers can’t break down your door. And after all, when you join a social network or run a search on Google, it’s an exchange: you let people spy on you, and they give you an incredible service for free.

But this exchange is starting to become a bit one-sided. Every time we download an internet app, we accept a lengthy list of terms and conditions. But few of us really know what we’re signing up to — one recent survey found under half of us knew that mobile phone apps can collect and store personal data.

And those terms and conditions? They’re usually comprehensible only to a contract lawyer with a background in software engineering, but we click yes and hope for the best. The results were explained well in a recent documentary, Terms and Conditions May Apply. ‘The greatest heist in history wasn’t about taking money,’ says the voice-over. ‘It was about taking your information — and you agreed to all of it.’

Agreement, in this case, means clicking ‘OK’ to the contracts that include all sorts of worrying, loosely worded clauses — and which it would take about a month of your life each year to read properly. But perhaps you should set that time aside. A British firm recently included a clause which asked for permission to ‘claim, now and for evermore, your immortal soul’ — a techie’s joke which harvested 7,000 souls in one day.

When the hugely popular Instagram updated its user agreement to say that ‘a business… may pay us to display your photos… without any compensation to you’, uproar ensued, the clause was removed, and the company declared that it had never intended to sell on photos. But in order to opt out of data collection, or to object to nasty terms and conditions, you have to know exactly who’s collecting your data — and it’s hard to know where to start.

Civil liberties groups are increasingly concerned, because they realise that companies, police and governments have a mutual interest in the gathering of personal data. Nick Pickles, head of Big Brother Watch, says large-scale commercial data collection is a ‘dream come true’ for governments because it dramatically extends the possibility for surveillance. Intelligence agencies don’t need to spy on you any more: they can simply go to the relevant internet companies and prise out of them what they need.

All this data is also a goldmine for fraudsters. Identity theft is increasing, which is no surprise seeing how much information people post about themselves online. Often we’re complicit. In saying where we are on our social media accounts, we also say where we are not. The website pleaserobme.com is a joke — but it has a serious point behind it, a rather brutal reminder of the dangers of location-sharing online.

The internet, of course, is just getting started. More and more everyday objects are being fitted with microchips: fridges, keys, wallets, cars. And even hair: Sony recently filed a patent for a SmartWig that could take photos and vibrate when you receive a message. Google’s augmented reality glasses will be able to record what and who you’re seeing. On a more mundane level, smart energy meters which can record your energy consumption patterns will be installed in every home by 2020. As it stands, no one really knows who will own all this information, and how will it be regulated.

The public is getting worried. So what should we do? The past six months have seen a flurry of ‘crypto--parties’ — free workshops to learn about how to protect your privacy online. (I attended a packed event last weekend in London.) Anonymous browsers like ‘TOR’, often used to access the ‘dark net’, are becoming more popular. The dark net is usually referred to as an online underworld where drugs, pornography and worse are bought and sold — but it’s also one of the few places you can go to escape Brothers Little and Big. Even Facebook users who were once happy to share everything are tightening their privacy settings.

Here is another danger. It’s right that people should be able to keep things private, but the vitality of the internet depends on people sharing information: that was the whole point of the net when it began as an academic project in the late 1960s. The more you share, the more you receive. And there are many beneficial uses of data. Professor Nigel Shadbolt, director of the Open Data Institute, says that Google has been extremely successful at using search terms to understand how epidemics spread. Satnav technology is getting better at avoiding traffic jams, because of drivers agreeing to share their progress. Analysing our energy consumption patterns could cut down bills dramatically.

As director of the Centre for the Analysis of Social Media, I am dedicated to making this a serious discipline. Professor Shadbolt thinks if we can analyse the use of social media while respecting privacy and consent, the benefits to British society could be immense.

The digital revolution has transformed our lives, but the technology that does so much for us comes at a cost. For good or ill, the internet has ravaged notions of privacy: it’s not really possible to get by in the modern world without sharing information about yourself. The question is how to control that.

The Germans already have a term, informationelle selbstbestimmung, which translates into knowing what data you have and being in control over how it’s used. In part, that means us wising up to exactly what data is being sucked out of us. It also requires companies to be transparent about what data they’re sucking — and how they’ll use it. At the moment it’s still too shadowy and confusing. Basic market competition should help. As the value of our personal information grows (and we become more aware of that value), companies that are open about what they’re using will have a significant advantage over competitors. The big players are already looking for ways to give users more control over their data: even Axciom has started to open up a little. It makes good business sense, and probably helps that politicians and quangos on both sides of the Atlantic have starting to pay more attention to this issue.

But it may be that we do not want the Little Brothers to stop watching us entirely — we’ve become dependent on the services they help to deliver so cheaply. One of the reasons firms like Amazon and Google have grown so huge is that they deliver services which billions of us want. The majority of Brits now use Facebook, Twitter, Instagram or another social media account — none of which charge us a penny. As the saying goes: if you’re not paying, you’re the product.

Jamie Bartlett, is director of the Centre for the Analysis of Social Media and head of the violence and extremism programme at the think-tank Demos.