TL;DR
- Always look up information about yourself on the Internet. Do so frequently.
- Secure your information by mitigating information present on the web, a good start is this link
- Public release of personal information is sometimes required, but it should protect the people first.
- Current policies to protect individuals are too lax and are protecting organizations more than individuals.
Background Info and Spokeo Research
Being a computer science student interested in social engineering, infosec, phreaking, and other such fields, this assignment was just like a regular security check to “hack myself” I suppose. People should check their footprint all the time on the internet for additional information since it can affect their lives, jobs, and their loved ones. Events such as the Equifax hack has made it apparent authorities even at the bureaucratic level cannot keep your information safe (and it wasn’t even a complex hack at all, it was a username:admin password:password situation).
I conducted a search on Spokeo and found myself on the site as well as the rest of my family in the same household. Some of the information there I think should’ve been included in the paid tier at least, since then there would be a user tracked in Spokeo’s own systems asking for the information, just like how credit history is tracked. The same standard as credit history should apply to personal information, even phone numbers in my opinion since most phones are cellphones that have a GPS module within them. Locating a cell phone is much easier since each one has a unique id that maps to it.
Opting out of the information was easy enough and Spokeo actually did it automatically. After I submitted the form, it must’ve taken the post off the website. However, I doubt the data is deleted. In fact, a couple weeks ago I was testing a site I developed that had a Facebook plugin (any website with a facebook plugin will automatically track anyone visiting the site). I received a reactivation email of my account from Facebook from 7 years ago. Information is definitely kept after you request it to be taken down unless otherwise.
Protection in the United States and Networked Information
At least in the United States, there are only a few laws in place that loosely relate to the type of information kept by websites like Spokeo or organizations like Facebook. A collection of them can be found in the Wikipedia article, but legal protections on anything cyber-related in the US is never prioritized. Sometimes it is for good reason to allow for freedoms such as allowing a site such as Google or Facebook to operate, but other times they hurt the individual more than whatever the organization gets out of it.
In Georgia, public information is disclosed at http://open.georgia.gov/index.html. Since my parents are both GSU faculty and even I am part of GSU as a student assistant, information about our salaries, travel expenses, full names are all available to the public. This isn’t bad since the public needs to know about these facts. It’d be weird if I, a student assistant, was being paid like 60,000 dollars for travel expenses. Someone would notice that and contact those in charge (see: Tom Price Travel Expenses Scandal). However, any organization outside of government that uses this information in ill ways, such as mapping it to an account to track personal expenditures and locations, should be reprimanded rights to use the information and a substantial fine. However, from the laws protecting personal information, it’d be a hail Mary trying to argue a case in court.
Conclusion
Overall, the state of personal information disclosure on the internet is dictated and authorized by non-government organizations for their own uses. Finding my own personal information was easy, and for Spokeo removing it was easy too. But I expect more protections for my personal information, since it is too easy for someone to use it for their own benefit.