Data brokers have so much data on us, scraped from all parts of the Internet. But if that data falls in the wrong hands, it can be more dangerous than we might’ve originally thought.
Data brokers are companies that scrape your personal information from all areas of the web to then sell on to other companies for profit.
What’s important to remember is that data brokers don’t discriminate, they can sell your information to anyone who wants it.
Whether that’s an advertising company trying to sell you products or an angry ex-partner who wants to craft your digital profile to exploit you, data brokers are a lot more dangerous than we might think.
Cybernews spoke to the CEO and co-founder of DeleteMe, Rob Shavell, to discuss how data brokers can facilitate cybercrime.
What is a data broker?
While there isn’t a single definition for data brokers, as Shavell told Cybernnews, this CEO’s definition is pretty simple.
Data brokers are “companies that have personal information about us that we don't have a customer relationship with.”
The main purpose of a data broker is to make money, Shavell told Cybernews, as they sell all kinds of data to all different people in the United States and across the world.
“For example, they'll sell to political organizations to target voters… like we've had all these problems with Russians buying data to try to influence elections because the data brokers don't care. They don't care whether it's a Russian political organization masquerading as some legitimate thing, or North Korean, or Chinese,” Shavell said.
This is what makes data brokers so dangerous, as they seemingly have no moral position on the personal data they sell. How is this legal?
How are data brokers legal?
In the UK and European Union, there are specific rules data brokers must follow, but this is very different when it comes to the US.
“There are no laws to say you should discriminate; you can only sell data to good…there are very few laws that cover that, and the only laws that do are very old, they're from the 1970s,” Shavell told Cybernews.
Data brokers are a black box, as people know very little about where they get their data from and how they sell this data on. So it’s extremely difficult to regulate.
“You’ve got a black box on two sides. You've got the data and the data broker. You don't know how they get the data or their sources. You also don’t know where they're buying it and where they’re scraping it. Finally, you don't know who they're selling it to on the other side.”
Rob Shavell, CEO of DeleteMe
There’s also a problem of new technology, as the laws surrounding data brokers are very old, particularly in the US, the laws haven’t caught up with new tech.
This is also an issue when it comes to the data that these brokers collect, because of our online footprint, data brokers are building more comprehensive profiles, that could be exploited by cybercriminals.
What information do data brokers collect?
The types of personal information that brokers collect vary massively. But, to simplify things, data brokers will collect any and all information they can. And as we live our lives online, that only complicates matters.
“Since we're generating more and more data from our digital lives, they are collecting more, not just more data, but different types of data,” Shavell said.
At DeleteMe, which functions as an antidote to data brokers by scrubbing your personal data from the web, the company used to find about 250 different kinds of personal information on a customer before deleting it.
“About four years ago, that was the average amount of PII, personally identifiable information, that we found on each customer – now it's over 700.”
The types of data previously collected include very basic things like email addresses, phone numbers, home addresses, work addresses, spouses' names, and ages.
Now it can include family and relative information (dates of birth, ages, and relationships), the car you drive, the make and the model of past cars you’ve driven, and so much more.
Information now collected by data brokers includes “political voting data and affiliation, and can include court records if you've been involved with any kind of legal troubles,” Shavell mentioned.
How do doxing and data brokers relate?
The connection between data brokers and doxing, the action of exposing personal data to hurt and exploit the victim, wasn’t glaringly obvious to me until I spoke to Shavell.
But then, I had a eureka moment.
“Data brokers are essentially doxing people all the time because they're holding our personal information and then selling it to companies,” I told Shavell.
Shavell reiterated that sentiment, saying that “in order for data brokers to make money, they must advertise our information for sale, and therefore they are doxing us.”
While we might think that doxing only affects high-profile figures like influencers and politicians, anyone could be easily exploited by cybercriminals, or anyone that they may have wronged.
Differences of opinion lead to doxing, and data brokers are stoking the fire
Online interactions have become really problematic, Shavell told Cybernews, “if people have differences of opinion, they may start taking that from chat rooms to Twitter, Facebook, or Instagram.”
“And when these conversations are happening, people often get into disagreements because they have different points of view. Since so much of our social life has moved online, doxing has become a way to escalate disagreements that used to be done in person.”
Doxing is only one way that information bought by data brokers can be exploited.
Cybercriminals could buy information from brokers to build a comprehensive profile for fraud and data theft, and the list goes on and on.
“There are so many different reasons that having our information available for sale, at very specific levels of detail, can be abused and misused in ways that can harm us,” Shavell said.
What’s alarming is that all of these people are exploiting our sensitive information, data we didn’t even know existed about us, and there are no repercussions.
As our conversation came to a close, Shavell made it very clear that there are “no penalties or relatively few penalties for data brokers today.”
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked