Identity Graphs

Category: When It is Fundamentally Dubious

Data ostensibly collected for one purpose may be used to create comprehensive user profiles. Todd Carpenter (2020, October 13) writes of a service "being used by Elsevier is called ThreatMetrix (that) is owned and provided by the LexisNexis arm of the RELX holding company, which also owns Elsevier." He writes, "It is not that LexisNexis is specifically tracking the download of this paper or that on the Elsevier system, but that it is using these behavioral data, in particular its identification of people and their devices, to build a profile of an ever larger segment of the population to track those citizens."

Created by such services, 'identity graphs' are "tools that online advertisers use to link together your behavior across your phone, laptop, work laptop, Xbox and work Xbox" and are widely used in the advertising industry (Heaton, 2017). While "there is probably a strict set of self-regulatory non-binding guidelines discouraging them from abusing it," identity graphs are nonetheless ripe for abuse. These profiles could in turn be used for a variety of reasons: for access control, for service provision, for hiring and employment decisions, for marketing, and to trigger further investigation.

Hamel (2016) asks "Is it legal and ethical for 3rd parties to build consumer profiles from your social and online presence, merge it with their own internal data, credit scores and any other data sources they can find, and potentially sell back the enriched data to avid marketers?" It does appear to be legal. "Popular services like SalesForce, Marketo, Nimble, HubSpot, Rapportive and tons of others in the mar-tech space allows marketers to learn amazing details about individual people and tweak their marketing message."

The issue, he writes, is that "this is generally done without your knowledge, without your consent and without the ability to review the collected data." And the result is an outcome that at a minimum places the individual at a relative disadvantage vis-à-vis the advertiser, and at worst, places them in danger. Though the identity graph may be anonymized, marketers have long since been able to 'de-anonymize' the data (Ohm, 2010).

"Professor Peter McOwan... told us that AI systems have become better at automatically combining separate datasets, and can piece together much more information about us than we might realise we have provided. He cited as an example 'pleaserobme.com', a short-lived demonstration website, which showed how publicly accessible social media data could be combined to automatically highlight home addresses of people who were on holiday." (Clement-Jones, et.al., 2018).

Examples and Articles

Solving the identity graph gap through robust identity resolution
"An identity graph (ID graph) is a single database that collects datapoints from across multiple channels and matches them to an individual customer." Direct Link

Do you have another example of Identity Graphs? Suggest it here

Force:yes