A Vault for Taking Charge of Your Online Life

Peter DaSilva for The New York Times

Michael Fertik, the founder and chief executive of Reputation.com, at its offices in Redwood City, Calif., where he has amassed a database of information collected on millions of consumers.

REDWOOD CITY, Calif.

Fatemeh Khatibloo of Forrester Research said consumers want to know when data about them is collected and stored and by whom, and how it is used.

“YOU are walking around naked on the Internet and you need some clothes,” says Michael Fertik. “I am going to sell you some.”

Naked? Not exactly, but close.

Mr. Fertik, 34, is the chief executive of Reputation.com, a company that helps people manage their online reputations. From his perch here in Silicon Valley, he views the digital screens in our lives, the smartphones and the tablets, the desktops and the laptops, as windows of a house. People go about their lives on the inside, he says, while dozens of marketing and analytics companies watch through the windows, sizing them up like peeping Toms.

By now many Americans are learning that they are living in a surveillance economy. “Information resellers,” also known as “data brokers,” have collected hundreds to thousands of details - what we buy, our race or ethnicity, our finances and health concerns, our Web activities and social networks - on almost every American adult. Other companies that specialize in ranking consumers use computer algorithms to covertly score Internet users, identifying some as “high-value” consumers worthy of receiving pitches for premium credit cards and other offers, while dismissing others as a waste of time and marketing money. Yet another type of company, called an ad-trading platform, profiles Internet users and auctions off online access to them to marketers in a practice called “real-time bidding.”

As these practices have come to light, several members of Congress, and federal agencies, have opened investigations.

At least for now, however, these companies typically do not permit consumers to see the records or marketing scores that have been compiled about them. And that is perfectly legal.

Now, Mr. Fertik, the loquacious, lion-maned founder of Reputation.com, says he has the free-market solution. He calls it a “data vault,” or “a bank for other people's data.”

Here at Reputation.com's headquarters, a vast open-plan office decorated with industrial-looking metal struts and reclaimed wood - a discreet homage to the lab where Thomas Edison invented the light bulb - his company has amassed a database on millions of consumers. Mr. Fertik plans to use it to sell people on the idea of taking control of their own marketing profiles. To succeed, he will have to persuade people that they must take charge of their digital personas.

Pointing out the potential hazards posed by data brokers and the like is part of Mr. Fertik's M.O. Covert online profiling and scoring, he says, may unfairly exclude certain Internet users from marketing offers that could affect their financial, educational or health opportunities - a practice Mr. Fertik calls “Weblining.” He plans to market Reputation.com's data vault, scheduled to open for business early next year, as an antidote.

“A data privacy vault,” he says, “is a way to control yourself as a person.”

Reputation.com is at the forefront of a nascent industry called “personal identity management.” The company's business model for its vault service involves collecting data about consumers' marketing preferences and giving them the option to share the information on a limited basis with certain companies in exchange for coupons, say, or status upgrades. In turn, participating companies will get access both to potential customers who welcome their pitches and to details about the exact products and services those people are seeking. In theory, the data vault would earn money as a kind of authorization supervisor, managing the permissions that marketers would need to access information about Reputation.com's clients.

To some, the idea seems a bit quixotic.

Reputation.com, with $67 million in venture capital, is not making a profit. Although the company's “privacy” products, like removing clients' personal information from list broker and marketing databases, are popular, its reputation management techniques can be controversial. For instance, it offers services meant to make negative commentary about individual or corporate clients less visible on the Web.

And there are other hurdles, like competition. A few companies, like Personal, have already introduced vault services. Also, a number of other enterprises have tried - and quickly failed - to sell consumers on data lockers.

Even so, Mr. Fertik contends Reputation.com has the answer. The company already has several hundred thousand paying customers, he says, and patents on software that can identify consumers' information online and score their reputations. He intends to show clients their scores and advise them on how to improve them.

“You can't just build a vault and wish that vendors cared enough about your data to pay for it,” Mr. Fertik says. “You have to build a business that gives you the lift to accumulate a data set and attract consumers, the science to create insights that are valuable to vendors, and the power to impose restrictions on the companies who consume your data.”

THE consumer data trade is large and largely unregulated.

Companies and organizations in the United States spend more than $2 billion a year on third-party data about individuals, according to a report last year on personal identity management from Forrester Research, a market research firm. They spend billions more on credit data, market research and customer data analytics, the report said.

A version of this article appeared in print on December 9, 2012, on page BU1 of the New York edition with the headline: Your Digital Switzerland.

Moving Towards Mobile App Transparency in Fits and Starts

A Tumultuous Trip to Mobile App Transparency

MOBILE apps are the Trojan horses of our smartphones.

A prototype by application developers and advocacy groups showing how a smartphone screen telling consumers what kinds of information a mobile app might collect could look.

We think they're free, or nearly free, and invite them in - without always knowing exactly what's inside.

Apps often collect all kinds of information from our smartphones, like our contact lists and data on our precise locations. Both Android and iPhone apps are supposed to ask users' permission first. But many people probably don't know that third parties, like ad networks, analytics companies and data brokers, may also gain access to that information, security experts say.

An Android photo-sharing app, for instance, might request access to a user's contacts, making it easy for that user to share photos, says Harry Sverdlove, the chief technology officer at Bit9, a cybersecurity firm. But a banner ad running on that same app, he says, might also be able to get access to that list, too, and use it to profile the user's activities.

“It's like the app is asking, ‘May I have permission to enter your home?' ” Mr. Sverdlove says. “Maybe I am coming over to visit and have dinner. Maybe I am coming over to steal.”

Now, a new joint effort of the app industry and advocacy groups is working to give consumers more clarity on this issue. Last month, the coalition - it includes the Application Developers Alliance, the American Civil Liberties Union, Consumer Action and the World Privacy Forum - proposed that mobile apps voluntarily display standardized, short-form notices that would list the main types of data they collect and the entities with which that information is shared.

The idea came in response to a federal effort to update consumer privacy rights for the digital era.

“App developers want to do something that advances consumers' trust in their industry,” says Tim Sparapani, senior adviser for policy and law at the Application Developers Alliance, an industry group. “To make it work, they want it to be implementable and easy.”

The White House earlier this year asked the National Telecommunications and Information Administration, a division of the Commerce Department, to gather industry and advocacy groups together in an effort to develop a “Consumer Privacy Bill of Rights.” After reviewing public commentary on the process, the telecommunications agency announced its first step would be to convene interested parties to work out a code of conduct for transparency in how mobile apps handle consumer data.

The process has been bumpy. The mobile app meetings have been beset by animosity and incivility. And some of the parties are operating on different channels. Some advocacy groups have been publicly pushing for comprehensive, detailed disclosures on data use by apps and third parties. Meanwhile, an advertising industry alliance has been working outside of the process to privately develop its own self-regulatory code of conduct.

A recent report about the collection of mobile device location data issued by the Government Accountability Office faulted the telecommunications agency for its unstructured approach. Although the collection and sharing of location data could put consumers at serious risk of surveillance, stalking and identity theft, the report said, the telecommunications agency “has not set specific goals, milestones and performance measures for this effort.”

“Consequently, it is unclear if or when the process would address mobile location privacy,” the G.A.O. said.

The telecommunications agency sees its role as a facilitator or convener of the process, not as a director or active member.

“I am pretty pleased with the progress the stakeholders have made so far,” John Morris, the agency's director of the Office of Policy, Analysis and Development, said in a phone interview last Thursday. “I am looking forward to seeing them reach a conclusion.”

But some stakeholders say they have been frustrated with the lack of progress. That is why the app developer and advocacy groups worked on their own to develop a more practical approach, designing what they call “voluntary transparency screens.”

“There's a whole lot of shouting going on about process. There's a whole lot of shouting going on about substance,” Jon Potter, the president of the Application Developers Alliance, said at a meeting of the stakeholders on Nov. 30. “What if we close the door, lower the temperature and try to get something done?”

THE level of strife so far over the narrow issue of mobile app transparency, some advocates say, doesn't bode well for the larger federal effort to work out a comprehensive consumer bill of privacy rights.

App industry representatives and advocates wrangled for months to hammer out prototypes for their short-form notices, negotiating over the data disclosures they felt consumers should see and different ways to present them. They came up with an idea that users could click on a disclosure screen or two before they downloaded an app.

A first screen, the coalition proposed, might list the types of data an app collected, like a device's location, personal contacts, Web browsing history, photos, financial or health information. A second screen could list the kinds of entities - ad networks, data brokers, data analytics companies, government agencies, social networks and so on - that could also gain access to that data. Or it could all be on one screen.

The idea, Mr. Potter says, is to give consumers a quick way to compare apps not just on utility but also on the extent of data collection. In an industry where long-winded, opaque privacy policies have become the norm, the proposed short notices seem radical in their clarity and brevity.

“The process is about effectively communicating to consumers what data is being collected and who it is being shared with,” Mr. Potter says.

Ad industry representatives applauded the simplicity of the notices. But they vociferously objected to the idea that app users would have to click through a screen before they could use an app.

“That you'd have to scroll through all this privacy stuff before you get to the app, there's no public call for that,” said Stuart P. Ingis, a lawyer representing the Direct Marketing Association, an industry group, in the negotiations on mobile app transparency. “Consumers don't want that.”

Mr. Ingis also represents the Digital Advertising Alliance, an ad industry self-regulatory initiative that offers an ad-choices program for Internet users. The alliance, he says, has been working outside of the telecommunications agency process to privately develop its own guidelines for third parties that collect consumer data across apps.

But advocates and app developers argue that consumers should receive clear notices of mobile app and third-party data collection practices before they download apps. It would be good for consumers and for commerce, they say.

“I think app developers see the market advantage to this,” says Michelle De Mooy, a senior associate at Consumer Action, a consumer group based in San Francisco. “The goal is to provide transparency that consumers, who after all are the customer of the apps, have asked for.”

E-mail: slipstream@nytimes.com

A version of this article appeared in print on December 9, 2012, on page BU3 of the New York edition with the headline: A Tumultuous Trip to Mobile App Transparency.

Disruptions: How My Smartphone Emptied My Pockets

Growing up, I noticed that something happened to my father as he aged: his wallet expanded with each passing year.

There were new credit cards, membership cards, coffee cards, business cards, pictures of his family, stamps and other plastic and paper things, added almost weekly. Eventually, his wallet grew so large that he would pull it out of his back pocket when he sat down, dropping it on the table like a brick.

As I've grown older, something entirely different has happened to my wallet: each year, it has become slimmer. Things that once belonged there have gradually been siphoned out by my smartphone. Last week, I realized I didn't need to carry a wallet anymore. My smartphone had replaced almost everything in it.

So, it's gone. Add that to the pile of things - my address books, Filofax, portable music player, point-and-shoot camera, printouts of maps - that have melded into the smartphone.

So where did the things that used to live in my wallet go?

Printed photos, which once came in “wallet size,” have been replaced by an endless roll of snapshots on my phone. Business cards, one of the more archaic forms of communication from the last few decades, now exist as digital rap sheets that can be shared with a click or a bump.

As for cash, I rarely touch the stuff anymore. Most of the time I pay for things - lunch, gas, clothes - with a single debit card. Increasingly, there are also opportunities to skip plastic cards. At Starbucks, I often pay with my smartphone using the official Starbucks app. Other cafes and small restaurants allow people to pay with Square. You simply say your name at a register and voilà, transaction complete.

But wait, what did I do with all of the other cardlike things, like my gym membership I.D., discount cards, insurance cards and coupons? I simply took digital pictures of them, which I keep in a photos folder on my smartphone that is easily accessible. Many stores have apps for their customer cards, and insurance companies have apps that substitute for paper identification.

Because I own an iPhone, I don't have to carry tickets around, either. I use Passbook, a free Apple app that can store boarding passes, movie tickets, coupons and loyalty cards. I've used these digital replicas to board a flight to Los Angeles and to get into a movie and a bas eball game.

Some people might cringe at the thought of putting a picture of an insurance card on their phone, but if I lose my phone, there is a password to stop someone from opening it. My wallet never came with a password.

There are a couple of things I still carry in my pocket, held together with a money clip: the debit card and my driver's license. But I'm confident that those, too, will someday disappear.

Soon enough, my phone will become my sole credit card, and the only thing left in my pocket will be my driver's license. And at some point, the government will enter the 21st century and offer a digital alternative for that.

Or maybe I won't need a driver's license at all: when cars drive themselves in the not-too-distant future, I'll be taking a nap while my car takes me to work.< /p>

E-mail: bilton@nytimes.com