The Devil in the Details: User Tracking Is Hurting More Than Our Privacy, It’s Doing Serious Damage to Public-Interest Media, Too.
Josh Braun / UMass Amherst

With the attention economy in full swing, behavioral targeting—tracking and assembling data about users in the service of online advertising—is giving rise to practices and infrastructures that threaten personal privacy, disrupt civic journalism, and incentivize the spread of disinformation.

As I write this, my social media feeds are consumed by the furor resulting from Jeff Bezos’s open letter accusing The National Enquirer’s parent company, AMI, of attempting to extort him over leaked photographs from his affair. While much of the commentary rightly focuses on issues of digitally-enabled blackmail, Slate tech reporter April Glaser simultaneously muses at the irony of a privacy scandal befalling a tech CEO who’s garnered notoriety for “actively building a surveillance state.”

A few weeks on from “Data Privacy Day,” the international holiday aimed at promoting better protection for consumers’ data, the Bezos story is just one of many to raise questions about the individual right to privacy in the digital era. It follows closely on the heels of Facebook’s latest scandal—Apple pulled the company’s services from its app store after the revelation Facebook was paying teenagers to install tracking software on their phones—and years after a ProPublica report that Google had quietly abandoned its ban on collecting personally identifiable tracking data on its users. [ (( Particularly when it comes to Facebook, the hits just keep on coming, fast enough that I decided it’d be unwise to try to keep updating this piece during the proofing process. Editorial: Facebook, Zuckerberg’s sins now include preying on teens. (2019, February 5). The Mercury News. Retrieved from https://www.mercurynews.com/2019/02/05/editorial-facebook-2/; Angwin, J. (2016, October 21). Google has quietly dropped ban on personally identifiable web tracking. ProPublica. Retrieved from https://www.propublica.org/article/google-has-quietly-dropped-ban-on-personally-identifiable-web-tracking.))] Other recent reporting discusses how location information collected from our phones has found its way into the hands third parties ranging from robocallers to bounty hunters, raising deep concerns about individual privacy, personal safety, and even national security. [ (( Vogt, P.J., Goldman, A., Marchetti, D., and Bennin, P. (Hosts.) (2019, January 31). Robocall: Bang bang [Podcast episode]. Reply All. Retrieved from https://www.gimletmedia.com/reply-all/135-the-robocall-conundrum#episode-player; Cox, Joseph. (2019, February 6). Hundreds of bounty hunters had access to AT&T, T-Mobile, and Sprint customer location data for years. Motherboard. Retrieved from https://motherboard.vice.com/en_us/article/43z3dn/hundreds-bounty-hunters-att-tmobile-sprint-customer-location-data-years; Valentino-DeVries, J., Singer, N., Keller, M.H., and Krolik, A. (2018, December 10). Your apps know where you were last night, and they’re not keeping it secret. The New York Times. Retrieved from https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html))]

EverythingMe

A marketing screenshot for the Android launcher app, EverythingMe, which was downloaded 20 million times and eventually found to have been co-opted into a multi-million dollar ad fraud scheme. Co-opted apps tracked phone users’ behavior as a template on which to base convincing automated traffic, which could then be used to defraud advertisers by faking ad views. [ ((Silverman, C. (2018, October 23). Apps installed on millions of Android phones tracked user behavior to execute a multimillion-dollar ad fraud scheme. Buzzfeed. Retrieved from https://www.buzzfeednews.com/article/craigsilverman/how-a-massive-ad-fraud-scheme-exploited-android-phones-to))] Ad fraud schemes siphon massive amounts of revenue out of the advertising market.

As data privacy (or lack thereof) has begun to take on the dimensions of a crisis, another much-discussed emergency has been unfolding in parallel: the economic collapse of ad-supported digital journalism. Following a series of layoffs at news organizations ranging from TechCrunch to HuffPo to BuzzFeed and Gannett, respected tech columnist Farhad Manjoo wrote in The New York Times, “it would be a mistake to regard these cuts as the ordinary chop of a long-roiling digital media sea. Instead, they are a devastation. The cause of each company’s troubles may be distinct, but collectively the blood bath points to the same underlying market pathology: the inability of the digital advertising business to make much meaningful room for anyone but monopolistic tech giants.” Two days later, Vice cut 250 more journalism jobs, or 10 percent of its workforce.

This rash of cuts is especially painful, given that “digital-native newsrooms” were only recently celebrated as one of the few areas in American journalism to have added jobs over the course of a decade-long 25 percent decline in employment led by steady layoffs at traditional newspapers. [ (( Grieco, E. (2018, July 30). Newsroom employment dropped nearly a quarter in less than 10 years, with greatest decline at newspapers. Pew Research Center. Retrieved from http://www.pewresearch.org/fact-tank/2018/07/30/newsroom-employment-dropped-nearly-a-quarter-in-less-than-10-years-with-greatest-decline-at-newspapers))]

These two crucial problems—the erosion of digital privacy and the revenue crisis in American journalism—have tended to be discussed as distinct issues. They are not. [ (( Ryan, J. (2019). The adtech crisis and disinformation [Lecture video]. Vimeo. Retrieved from https://vimeo.com/317245633.))] Rather, they spring from a common origin and, to paraphrase Thoreau, in solving them we would do better to strike at the root than to hack at the branches. [ (( Thoreau, H.D. (1910/1854). Walden. New York: Thomas Y. Crowell & Co., p.98))]

It is a commonplace that advertising pays for most of the free services we use on the the internet. The viral quotation from Jeff Hammerbacher, “The best minds of my generation are thinking about how to make people click ads,” sums up much about the direction online business models have taken. And the solution that has been settled upon is programmatic advertising.

Brave

Screenshot from a document prepared by Brave (the company behind a privacy-oriented Web browser) showing some of the sensitive categories that ad tech firms attach to your persona as you browse the web. It’s a selective excerpt of the Interactive Advertising Bureau’s (IAB) “Content Taxonomy v2” list.

Programmatic advertising takes a number of forms, but generally speaking, in the fraction of a second that it takes a webpage or an app to load on your screen, an automated auction is being held for your attention based on tracking data that has been collected about you. The publisher puts up ad space for sale, brands put in competing bids to place an ad in the space, and intermediaries called ad tech firms handle all the transaction details. By the time the content you requested finishes loading, the auction winner’s ad appears on your screen alongside it.

While the most prominent news organizations, like The New York Times or The Economist, may still do a brisk business directly with branded advertisers, a vast number of other news organizations rely far more heavily on programmatic advertising exchanges to sell their inventory, competing not just with other news organizations, but with blogs, web forums, recipe sites, online games, and any other website or app that sells ad space in programmatic exchanges. This dramatically drives down the cost of ads and hence the revenue going to publishers.

Moreover, these transactions are often focused tightly around reaching particular consumers to the near exclusion of editorial context. To give one example, all of us have experienced “retargeted” advertising—view a suitcase on a retailer’s website and ads for the same piece of luggage follow you across the web for days or weeks.

As Malthouse, Maslowska, and Franks put it, programmatic advertising separates “the value of the content product from the audience product.” [ (( Malthouse, E.C., Maslowska, E., and Franks, J. (2018). The role of big data in programmatic TV advertising. In V. Cauberghe, L. Hudders, and M. Eisend (Eds.), Advances in Advertising Research IX . (pp. 29–42). Wiesbaden, Germany: Springer. p. 32.))] Couldry and Turow argue that for traditionally ad-supported news organizations, continuing to chase down advertising revenue in this new environment is thoroughly corrupting. [ (( Couldry, N. and Turow, J. (2014). Advertising, big data, and the clearance of the public realm. International Journal of Communication, 8, 1710–1726.))] As advertisers begin pursuing users with particular behavioral profiles, while paying less and less attention to the actual publications they’re visiting, publishers can no longer rely as they once did on the quality of their work. Rather, they must increasingly play the role of data brokers, participating in user surveillance and producing increasingly personalized and/or shopper-friendly content that bins visitors neatly into behavioral profiles that will better draw the bids of advertisers—advertisers that now, at least in comparison to days past, pay scant attention to the name on a site’s masthead.

In the days of contextual advertising, ads for suitcases might best be placed in travel magazines. Under the user-tracking paradigm, not only do brands no longer need to rely on particular publications to reach the consumers they’ve identified as desirable, there is now a perverse incentive to place ads on the least reputable sites, since these are the locations where users’ attention can be bought most cheaply. This has led to a boom in clickbait-driven webpages, selling cheap ad space against vapid or plagiarized content focused around miracle diets and strange cosmetic trends. During the 2016 U.S. election, “fake news” did particularly well as a variant of clickbait and thus became a profit-center for scammers.

Originally from The Birmingham Mail, this image was appropriated by a hoax news article titled, “BREAKING: ‘Tens of thousands’ of fraudulent Clinton votes found in Ohio warehouse,” that, according to an expose in The Washington Post, was viewed by 6 million people and generated $22,000 in programmatic advertising revenue. Moreover, at the height of this influx of traffic, the web domain where the hoax was posted was appraised for a six-figure sum. [ (( Shane, S. (2017, January 18). From headline to photograph, a fake news masterpiece. The Washington Post. Retrieved from https://www.nytimes.com/2017/01/18/us/fake-news-hillary-clinton-cameron-harris.html.))]

I don’t use the term “scammers” loosely here—Jessica Eklund and I recently published a study in which we examined disfunction in the programmatic advertising industry. [ (( Braun, J.A. and Eklund, J.L. (2019) Fake news, real money: Ad tech platforms, profit-driven hoaxes, and the business of journalism. Digital Journalism, 7(1), 1–21.))] Industry executives explained that many hoax news sites were fronts for outright fraud, ginning up page views with bots and click workers and selling them to advertisers for a profit. Legitimate visitors to these sites were welcome, of course, but often their main value was confusing fraud-detection mechanisms by pushing down the ratio of automated to human traffic.

In short, it might be fair to expect news organizations to endure stiffer competition from new corners—not simply blogs or Craigslist, but gaming apps and recipe sites. However, in the current market, legitimate journalism is competing for ad dollars with sites engaged in aggressive fraud, sometimes with the assistance of ad tech companies themselves. Along with related enterprises like fake traffic generation, these siphon billions of dollars out of the advertising market annually [ (( Fulgoni, G. (2016). Fraud in digital advertising. Journal of Advertising Research, 56(2): 122–125.))], contributing to the larger problem of market failure [ (( Pickard, V. (2015). America’s battle for media democracy. New York: Cambridge.))] in contemporary journalism.

To review, then, the massive system of commercial surveillance we see online not only impacts us in terms of privacy, safety, and security, it has dramatically increased the amount of information pollution [ (( Wardle, C., and Derakhshan, H. (2017). Information disorder. Strasbourg: Council of Europe. Retrieved from https://firstdraftnews.org/wp-content/uploads/2017/11/PREMS-162317-GBR-2018-Report-de%CC%81sinformation-1.pdf))] in the public sphere, gutting news budgets—and hence newsrooms—by driving down the amount paid for ads, turning trusted news organizations into data brokers that produce less civically valuable content, dramatically incentivizing the creation of clickbait and outright disinformation, and kindling remarkable volumes of fraudulent activity that simultaneously fleeces advertisers and diverts hefty amounts of money away from public-interest media.

One recent survey indicated that a sizable majority of the American public already sees the collection of their data in the service of targeted advertising as unethical. [ (( RSA. (2019). RSA data privacy & security survey [Report]. Bedford, MA: Author.))] I imagine they might feel even more strongly about the issue were it more commonly linked with dramatic declines in the health of public-interest media. As we witness the introduction of digital privacy policy conversations and frameworks, whether the GDPR in Europe or bills proposed in individual states here in the U.S., it’s time to begin examining commercial surveillance not just as a privacy issue, but as a notable threat to our media institutions and public discourse.

Image Credits:

1. With the attention economy in full swing…
2. A marketing screenshot for the Android launcher app…
3. Screenshot from a document prepared by Brave…
4. Originally from the Birmingham Mail, this image was appropriated by a hoax news article….




Beyond Privacy: Concerns about social surveillance
Jacqueline Ryan Vickery / University of North Texas

You're Fired

When is it okay to fire someone because of social media?

Each semester I teach courses on digital media, which means each semester I discuss issues of online privacy with college students. While their concerns and practices have evolved over the course of these conversations, one privacy issue keeps emerging as increasingly concerning to them: (future) employers’ use of the internet to find information about them. While the internet can be a great tool for networking and promoting one’s work etc., it can also lead to unwanted discoveries and misinterpretations. It seems almost every week I read yet another news story about someone being fired for something they said online. To a certain extent, some of these firings seem justified, as might be the case if an employee discusses something that explicitly violates company policies of disclosure or conduct. However, in far too many instances, the firings bring up questions of ethics, privacy, identity expression, and work-life boundaries that make me, and my students, increasingly uncomfortable.

Take for example, the Ohio elementary school teacher who posted pictures of live animals in crates on his Facebook account. He is a vegan and was trying to raise awareness about the inhumane treatment of many farm animals. This is quite clearly a personal value that does not disgrace the school, nor present him as an unacceptable role model for students. Yet, he was fired for expressing his vegan values. The reason? His school was in a rural area of Ohio, one in which many of his students’ families earned their income from farming. He was told he, “might offend the community and the economic interests of the community…if [he] wanted to be a strong vegan advocate, [he] might want to look into something other than teaching.” Nevermind that he was offended by the unethical treatment of animals, his potential to offend others (and threaten their economic interests) was deemed more important that his right to express himself online. To me, the school infringed upon the teacher’s right to his own beliefs and the right to freely express those beliefs in a personal space. What this example highlights (and it is only one of many, many, more like it) is that the ways in which employers are surveilling employees’ online profiles is just as much about identity and speech as It is privacy. Really, it’s about constructing particular subjectivities that are valued in the workforce, even at the cost of other subject positions and identities.

teacher fired for facebook photo

A teacher/girls’ basketball coach in Idaho posted this photo of her fiancé (the school’s football coach) and herself on summer vacation. She was fired (three months after posting the photo), he was only reprimanded.

Far too often, conversations about employers’ use of digital media to monitor employees get thrown into the camp of “well, just be careful about what you put online.” In other words, don’t be stupid about what you share with your employer and you’ll be fine. Similar to my earlier Flow column regarding sexting and Snapchat, I believe this rhetoric falsely presumes that we are the only ones responsible for our own privacy and that we have complete control over privacy. It reduces a complicated issue – identity expression and speech – to an issue of mere individual responsibility, and thus dismisses the questions of ethics and boundaries all together. What the Ohio teacher example reveals is the extent to which we are being disciplined to think of our online identities – and therefore our subjectivities – first and foremost in terms of workers. Arguably the Ohio teacher did not do anything patently offensive, did not bring shame or harm upon the school or his students, and in all likelihood thought he was “being smart” about what he posted. Yet, in essence what the school fired him for was for expressing beliefs that were in contrast to those of his work environment. That’s it. And that’s scary.

Computers and internet-enabled technologies have been constructed as “boundary-crossing” technologies (( Abril, P.S., Levin, A., and Del Riego, A. (2012). Blurred boundaries: social media privacy and the twenty-first-century employee. American Business Law Journal, 49(1), pp. 63-124. )) that permeate and blur the boundaries of personal and work life. Such technologies have led to a variety of legal issues, such as, when can an employer view files on a company-owned laptop that the employee also takes home? Can an employer access text messages sent outside of work hours if the employee’s mobile service is paid for by the employer? Can employees have any expectations of privacy when accessing personal email at work? Such issues have been addressed in court to varying degrees. At the heart of the issues is the fact that telecommunication technologies allow for our personal lives to be increasingly visible and accessible at work, and of course that means it is increasingly possible for work to invade our personal spaces and time as well (e.g. how many of us check work email from home and “off the clock” on a daily basis?).

social media survey infographic

Findings from a survey conducted by the social network monitoring company, Reppler. Note the frequency that online information is used to hurt the employer’s perception of the employee.

Thus, the use of social media becomes just the latest iteration of slippery legal and ethical questions we must consider, questions that require us to re-think boundaries between personal and work life. Certainly a lot of employees create and maintain accounts on social media prior to being hired, they use them to connect with individuals outside of work, and often think of them as personal and private spaces. Even though employees may know their employers may have some access to the accounts, that doesn’t negate the fact that we still tend to think of our social media profiles as personal spaces for expression and connections. Research demonstrates that social networking sites are useful in helping us maintain latent and weak ties, and to acquire emotional and social capital. (( Ellison, N.B., Steinfield, C., and Lampe, C. (2007). The benefits of Facebook ‘friends’: social capital and college students’ use of online social network sites. Journal of Computer-Mediated Communication 12(4), pp. 1143-1168. )) There are a lot of uses, motivations, and benefits of participating in social media that have little to nothing to do with our roles as workers in the marketplace.

Likewise, the internet has been heralded as a tool for democracy that allows underrepresented or misrepresented populations to express their opinions and experiences. (( See Rheingold, H. (2002). Smart Mobs. Cambridge, MA: Basic Books; Shirky, C. (2008). Here Comes Everybody. New York: Penguin Press. )) While we know that there are limitations and deep-seeded systematic inequalities that cannot be easily eradicated via the internet, it does nonetheless provide spaces for marginalized populations to potentially network, build community, organize, and foster change. (( See Jenkins, Henry. (2006). Confronting the Challenges of Participatory Culture. Digital Media & Learning. Cambridge, MA: The MIT Press.; McChesney, R. (2012). Digital Disconnect: How Capitalism turned the Internet against Democracy. New York: The New Press. )) However, such opportunities are likely to be stifled when we are disciplined to first and foremost think of ourselves in terms of (potential) employees. Within a neoliberal context, we are being disciplined to use online spaces as sites to invest in our “human capital”. (( Foucault, M. (2008). The Birth of Biopolitics: Lectures at the College de France, 1978-1979. New York: Palgrave MacMillan. )) Thus, I think it is imperative we ask: what are we sacrificing and what is the cost (to ourselves and to society) when we must not only police what we share and say in online spaces out of fear of being fired for personal activities, but when we must also think about how our personal values could potentially hurt our reputation in the workforce (even when they do not intersect with our job descriptions)?

Furthermore, the extent to which individuals must invest in their “good worker” identities (i.e. ability to capitalize on their skills, qualifications, qualities, etc.) becomes even more problematic when we take into consideration the literacies and skillsets necessary to intentionally construct positive online identities (as are interpreted by the marketplace). Research reveals that some individuals are better prepared and equipped to participate in such ways, as compared to others. Knowingly constructing an “acceptable” online identity involves not only technical access and competencies, but also an understanding of social and network literacies that some individuals have not developed, (( See Arthur, J. and Davinson, J. (2000). Social Literacy and Citizenship Education in the School Curriculum. The Curriculum Journal, Vol. 11, No. 1, pp. 9-23.; Miles, A. (2007). Network Literacy: The New Path to Knowledge. Screen Education Autumn.45, pp. 24-30. )) nor do employees and employers necessarily share the same culturally contextualized understandings of these spaces and identities.

social media preferences survey infographic

Findings from a survey conducted by the social network monitoring company, Reppler. Notice employers tend to prefer personal/social sites over LinkedIn (a space intended for professional networking and use).

To return to the concerns expressed by the college students in my classroom, here’s what I’m seeing – to a certain degree they are hyper aware of online privacy concerns; they know not to post pictures of red Solo cups, they know that even a cigarette might be mistaken for a joint, they know better than to be blatantly racist or homophobic. In other words, they’re trying to do all the “right” things online so they can get jobs. But what I’m hearing is that they are so afraid of something being taken out of context – an offhand joke between friends – or that their sexual or religious or political identities might be used against them, that some are opting out of online social networking almost all together. There’s a reason they are using private Instagram accounts, ephemeral Snapcaht apps, and anonymous Tumblrs – these sites are disconnected from any sort of public online profile or community. On the one hand, these are effective strategies that afford greater privacy and therefore more freedom of expression. But, we also know that social networking sites such as Facebook and Twitter are good at maintaining weak ties with those who aren’t in our immediate social circles. (( Steinfield, C., Ellison, N.B., and Lampe, C. (2008). Social capital, self-esteem, and use of online social network sites: a longitudinal analysis. Journal of Applied Developmental Psychology, 29(6), pp. 434-445. )) Weak ties are valuable for exposure to diverse ideas, for getting jobs, and expanding opportunities. When students opt out of the more diverse and open “networked publics” for the more insular and private forms of interpersonal communication, what is lost?

Lastly, I’ve been primarily discussing this in the context of middle-class jobs and middle class employees. But how do these issues become even more important when we think about minimum wage jobs and nondominant populations? Low-income workers are often subjected to greater surveillance, (( Gilliom, J. (2001). Overseers of the Poor. Chicago: The University of Chicago Press. )) for example, as evidenced by drug testing for minimum wage jobs (but not white-collar jobs). Additionally, many nondominant populations may not have the digital and social literacies required to protect their privacy and construct “good” online identities. We should be concerned that employee surveillance further exasperates inequalities. Who is being monitored, in what ways, for what purposes? How much transparency is there? To what extent should employers at the very least inform employees that they are being searched and monitored? What about individuals who opt out of online networks all together? Or those who have really common names that can lead to mistaken identities or guilt by algorithmic association? Or those who have adolescent mistakes in their past they would like to cover up and move on from? Or what about nondominant expressions of cultural capital that are ripe for misinterpretation from those who benefit from and maintain the status quo? (( See Carter, Prudence. (2007). Keepin’ It Real: School Success Beyond Black and White. New York: Oxford University Press. )) And, of course we can’t overlook the opportunities for blatant discrimination based on age, sex, ethnicity, and religion. While these are legally protected categories, we know that in practice it is all too easy for an employer to ascertain this information online. And we cannot forget that there are still 29 states in the U.S. in which it is legal to fire someone for being gay (an identity no one should have to hide, and yet social media often renders visible and thus open to discrimination).

2012 Gartner study

Suggested policies for employee monitoring (Gartner Inc.).

These are all legitimate privacy concerns, and thankfully some are starting to be addressed in legal literature. (( See Abril, P.S., Levin, A., and Del Riego, A. (2012). Blurred boundaries: social media privacy and the twenty-first-century employee. American Business Law Journal, 49(1), pp. 63-124.; Kane, B. (2010). Balancing anonymity, popularity and micro-celebrity: the crossroads of social networking & privacy. 20 Alb. L.J. Sci. & Tech. 327. ; Strutin, K. (2011). Social media and the vanishing points of ethical and Constitutional boundaries. Pace Law Review, 31(1), article 6. )) But what I’m also increasingly concerned about are the unintended consequences that extend beyond explicit questions of privacy in and of itself. I worry that these modes of surveillance have the potential to chill speech, further silence marginalized identities and experiences, and hinder opportunities for individuals to invest in and acquire other kinds of capital (such as social, emotional, and political). The effects of employee monitoring serve to discipline individuals into modes of self-regulation that have potentially detrimental effects and consequences that far exceed blatant discriminatory hiring/firing practices. Thus, we need to think deeply and critically about how privacy laws and norms must evolve to take into consideration not only expectations of privacy, but also the detrimental consequences surveillance has on other areas of online and offline life and society. And lastly, we need to know who is most likely to be harmed by these practices. My concern is that not all populations are equally affected by increasing modes of online surveillance, thus as researchers we must continue to conduct in-depth, empirical, critical, and diverse research into such questions.

*Author’s note: This article is very much a work-in-progress as I am beginning a much larger empirical study into these questions. I would greatly appreciate any advice and feedback about the direction the research should take.