Who Moved My Data?

You've been told a zillion times by now that it's a bad idea to give out your personal data online. But hell, we all do it. Those of us who are particularly wary tell ourselves we're engaging in good data hygiene by checking the privacy policies of the companies that hold our e-mail and financial records. Of course, we all know in the backs of our minds – don't we? – that privacy policies are just guidelines and not legally binding. And yet we put our faith in them. It's the same process that keeps us paying Social Security even though the government might spend all our hard-earned retirement money by the time we need it.

Plus, who wants to keep track of all their own crap? It's nicer if Gmail can index your mail, even if it fills it with ads. And that's the kind of thinking that drove so many thousands of customers to a service called PayTrust, an online bill management system that receives your bills, pays them, and balances your checkbook in the process. Instead of having a messy bill drawer full of tattered stubs, you can use PayTrust to keep all your records in neat little spreadsheets, easily accessed and searched on the web whenever you want.

Although it's scary to imagine anyone who isn't you reading all your bills and paying them, for many people the trade-off is worth it. Meaning, the hassle saved is worth the risk – and that risk, until recently, seemed minimal. PayTrust was the only entity that had access to their information, and they could sever their relationship with PayTrust and remove their data at any time.

But then, a couple of weeks ago, PayTrust customers discovered that financial software giant Intuit had bought PayTrust and all of their personal information. One morning PayTrust customers were confronted with a new log-in screen telling them that if they wanted access to the service, they had to click through Intuit's terms of service. Clicking through meant tacit acceptance of all Intuit's rules. And one of those rules has to do with a new privacy policy: Intuit reserves the right to share customers‚ transaction information with Intuit's "subsidiaries," all of which have different privacy policies from Intuit's.

Suddenly, PayTrust wasn't quite so trustworthy. An unknown number of "subsidiaries" might have access to information about everything from a customer's bank account and medical records to their preferred magazines and credit-card spending habits. PayTrust customers' information had been sold to Intuit without their consent and without notice – and in order to gain access to that information, they had to agree to these new, disturbing terms. It's like the textbook definition of a gross violation of privacy.

And it sounds like grounds for a lawsuit to me. I hope those PayTrust clients have consumer class action maven Ira Rothken's phone number on speed dial.

More than that, though, the PayTrust debacle is a reminder to contemplate even the most heinous possibilities when considering whether to give up giant chunks of data online. Your "trusted" company could sell out tomorrow. And your "trusted" ISP might be employing one irritating little twit who's reading your e-mail – and who will decide one day that it's time to alert someone about what he or she has read there. Not only is it technically possible that such a twit exists, but there are also no laws against that person looking at any communications taking place on his or her company's network. As long as the data is "owned" by the company that owns the network – the way your mail is owned by Google, or your bill payment records are owned by PayTrust – network operators are permitted to look at it. It may be illegal for them to disclose to anyone else what they find there, but what are the odds you'll find out when they do?

Everybody always wants a tidy answer to the problems raised by data-sharing online. Of course, there isn't one – you give up your life's details, and you take your chances. But if you're worried, don't tell people who you are online unless you absolutely have to. When The New York Times asks you to create an account, just lie. Register your web site under a fake name. Sign up for e-mail under my favorite moniker: Pseudo Nym. Make the data worthless. And fer chrissake, pay your own damn bills.

Enjoy this piece?

… then let us make a small request. AlterNet’s journalists work tirelessly to counter the traditional corporate media narrative. We’re here seven days a week, 365 days a year. And we’re proud to say that we’ve been bringing you the real, unfiltered news for 20 years—longer than any other progressive news site on the Internet.

It’s through the generosity of our supporters that we’re able to share with you all the underreported news you need to know. Independent journalism is increasingly imperiled; ads alone can’t pay our bills. AlterNet counts on readers like you to support our coverage. Did you enjoy content from David Cay Johnston, Common Dreams, Raw Story and Robert Reich? Opinion from Salon and Jim Hightower? Analysis by The Conversation? Then join the hundreds of readers who have supported AlterNet this year.

Every reader contribution, whatever the amount, makes a tremendous difference. Help ensure AlterNet remains independent long into the future. Support progressive journalism with a one-time contribution to AlterNet, or click here to become a subscriber. Thank you. Click here to donate by check.

alternet logo

Tough Times

Demand honest news. Help support AlterNet and our mission to keep you informed during this crisis.