I was most of the way through my bottle of wine by 9pm CST on Tuesday, but I’m fairly sure that a major part of Obama’s State of the Union proposals, made with regard to technology, centered around protecing Americans from cunning and dastardly commercial data companies who harvest your Internet preferences without your consent and sell them in bulk to major retailers who then use them to determine which products they can successfully market to you through social media. It’s how one click over to Neiman Marcus’s website to check on how much Michelle Obama’s Michael Kors suit cost has managed to fill my Facebook news feed with ads begging me to drop $3K on something that looks like a Chanel knock-off Hazmat suit.
Anyway, the White House, which has often used micro-targeting data in its own campaigns wants to require companies to inform consumers that their data is being collected, and subsequently, allow those same consumers to opt out.
“We believe that there ought to be some basic protections,” he said Monday, describing new legislation he hopes will become law. The proposed bill, which has not yet been introduced in Congress, will build upon the Consumer Privacy Bill of Rights, a measure Obama first introduced three years ago. According to the president, the bill will give Americans “the right to decide what personal data companies collect from them and how they use that data.” The mass of information about shopping habits, Facebook likes, health information, location, and other information plugged into smartphone apps would be safe, and misuse and misdirection of private data by companies would be strictly policed. That’s the hope, at least.
Obviously, there are lots of insider groups that would be opposed to cutting off a main source of marketing information, but probably most prominent among them? The people who run your Healthcare.gov website, which, according to information released yesterday by the Electronic Freedom Foundation, is sharing all of that personal, confidential health- and history-related data you input into your federally-mandated health insurance application with basically everyone on the planet.
EFF researchers have independently confirmed that healthcare.gov is sending personal health information to at least 14 third party domains, even if the user has enabled Do Not Track. The information is sent via the referrer header, which contains the URL of the page requesting a third party resource. The referrer header is an essential part of the HTTP protocol, and is sent for every request that is made on the web. The referrer header lets the requested resource know what URL the request came from. This would for example let a website know who else was linking to their pages. In this case however the referrer URL contains personal health information.
This is, of course, even scarier than a corporation collecting your data so that it can sell you things more effectively, though obviously that’s still part of the equation. According to EFF, if you input, say, that you’re in the early stages of a pregnancy, Healthcare.gov shares that directly with a data collection service, which will immedately update your ads. Worse than the embarrassing and potentially emotional consequences tied to that, is that many of these data collection companies create vast personal profiles, which now, thanks to the federally-mandated nature of the healthcare application process, can contain vast amounts of personal healthcare information, thus providing sites like Google (and, perhaps, the Federal government writ large) with a detailed personal profile. And some day, when you come up for evaluation in front of the Death Panels, they’ll not only know that you’re an alcoholic, but they’ll know exactly which poison you prefer.
Hilariously, this kind of exposure to third party collection also makes Healthcare.gov more susceptible to outside attacks. But seeing as how the website is still only functioning intermittently, I suppose that concern is mitigated.
