In late March, Congress approved a bill lifting restrictions imposed on ISPs last year concerning what they could do with information such as customer browsing habits, app usage history, location data, and Social Security numbers. They additionally absolved ISPs of the need to strengthen their existing customer data holdings against hackers and thieves. For more on the particulars of the bill, you can see reports on the Washington Post and Ars Technica. Given that the repealed restrictions hadn’t yet come into effect, the immediate impact of the new bill is somewhat unclear. But given what typically happens with massive stores of aggregated, location-specific customer data, the prognosis is not good.
So what’s the worst that can happen? Let’s run through a few probable outcomes:
We all might be familiar with this; when we buy a product online and then see ads for it relentlessly for a couple weeks thereafter. But with increased granularity of metadata, ad retargeting can be significantly more ‘effective.’ As an example, certain tech support scam companies prefer to draw their staff directly from complicit drug detoxes and rehabs, largely in order to ensure a compliant, desperate employee base. So the next time someone searches for help with an intractable heroin addiction, they might get targeted ads for unlicensed rehabs that come with a new job opportunity of scamming the elderly. Perhaps if my browser history correlates to those of low income or unemployed people, my ads would fill with work from home scams. Or low literacy search phrasing, in conjunction with low income, could get me directed to multi-level marketing scams. There are a cornucopia of ways to target the weak and vulnerable via metadata and it’s both legal and profitable.