Who Moved My Data?

You've been told a zillion times by now that it's a bad idea to give out your personal data online. But hell, we all do it. Those of us who are particularly wary tell ourselves we're engaging in good data hygiene by checking the privacy policies of the companies that hold our e-mail and financial records. Of course, we all know in the backs of our minds – don't we? – that privacy policies are just guidelines and not legally binding. And yet we put our faith in them. It's the same process that keeps us paying Social Security even though the government might spend all our hard-earned retirement money by the time we need it.

Plus, who wants to keep track of all their own crap? It's nicer if Gmail can index your mail, even if it fills it with ads. And that's the kind of thinking that drove so many thousands of customers to a service called PayTrust, an online bill management system that receives your bills, pays them, and balances your checkbook in the process. Instead of having a messy bill drawer full of tattered stubs, you can use PayTrust to keep all your records in neat little spreadsheets, easily accessed and searched on the web whenever you want.

Although it's scary to imagine anyone who isn't you reading all your bills and paying them, for many people the trade-off is worth it. Meaning, the hassle saved is worth the risk – and that risk, until recently, seemed minimal. PayTrust was the only entity that had access to their information, and they could sever their relationship with PayTrust and remove their data at any time.

But then, a couple of weeks ago, PayTrust customers discovered that financial software giant Intuit had bought PayTrust and all of their personal information. One morning PayTrust customers were confronted with a new log-in screen telling them that if they wanted access to the service, they had to click through Intuit's terms of service. Clicking through meant tacit acceptance of all Intuit's rules. And one of those rules has to do with a new privacy policy: Intuit reserves the right to share customers‚ transaction information with Intuit's "subsidiaries," all of which have different privacy policies from Intuit's.

Suddenly, PayTrust wasn't quite so trustworthy. An unknown number of "subsidiaries" might have access to information about everything from a customer's bank account and medical records to their preferred magazines and credit-card spending habits. PayTrust customers' information had been sold to Intuit without their consent and without notice – and in order to gain access to that information, they had to agree to these new, disturbing terms. It's like the textbook definition of a gross violation of privacy.

And it sounds like grounds for a lawsuit to me. I hope those PayTrust clients have consumer class action maven Ira Rothken's phone number on speed dial.

More than that, though, the PayTrust debacle is a reminder to contemplate even the most heinous possibilities when considering whether to give up giant chunks of data online. Your "trusted" company could sell out tomorrow. And your "trusted" ISP might be employing one irritating little twit who's reading your e-mail – and who will decide one day that it's time to alert someone about what he or she has read there. Not only is it technically possible that such a twit exists, but there are also no laws against that person looking at any communications taking place on his or her company's network. As long as the data is "owned" by the company that owns the network – the way your mail is owned by Google, or your bill payment records are owned by PayTrust – network operators are permitted to look at it. It may be illegal for them to disclose to anyone else what they find there, but what are the odds you'll find out when they do?

Everybody always wants a tidy answer to the problems raised by data-sharing online. Of course, there isn't one – you give up your life's details, and you take your chances. But if you're worried, don't tell people who you are online unless you absolutely have to. When The New York Times asks you to create an account, just lie. Register your web site under a fake name. Sign up for e-mail under my favorite moniker: Pseudo Nym. Make the data worthless. And fer chrissake, pay your own damn bills.

Understand the importance of honest news ?

So do we.

The past year has been the most arduous of our lives. The Covid-19 pandemic continues to be catastrophic not only to our health - mental and physical - but also to the stability of millions of people. For all of us independent news organizations, it’s no exception.

We’ve covered everything thrown at us this past year and will continue to do so with your support. We’ve always understood the importance of calling out corruption, regardless of political affiliation.

We need your support in this difficult time. Every reader contribution, no matter the amount, makes a difference in allowing our newsroom to bring you the stories that matter, at a time when being informed is more important than ever. Invest with us.

Make a one-time contribution to Alternet All Access, or click here to become a subscriber. Thank you.

Click to donate by check.

DonateDonate by credit card
Donate by Paypal

Don't Sit on the Sidelines of History. Join Alternet All Access and Go Ad-Free. Support Honest Journalism.