Naveen Jain has always skated close to the edge of the law. As founder and CEO of Infospace, allegations of wrongdoing dogged him as the company's stock rose meteorically through the dot com bubble. Finally forced to settle, Jain's story was famously written up in the Seattle Times story Dot-Con Job. The Times portrayed Jain as a duplicitous rat who bilked shareholders out of millions to finance his opulent lifestyle.
Now he's in the news again. MSNBC reports that his latest venture, Intelius, is compiling a cellular phone directory, without consumers consent. Intelius claims to have the cellular phone information for 90 million Americans in their directory. It's much worse than that, however. Jain's company has built an engine which scrapes public databases to provide a complete dossier on any individual. For a price, any individual or business can buy the information about any other individual in the database.
And it's all being done without the consumers consent.
Ed Petersen, the company’s executive vice president, said it was surprisingly easy for Intelius to compile its directory. The company considers a consumer to have opted in to the service if he or she has ever given the number to a government agency or a business.
"Geez, [there are] tons of ways — everything from going out to a Web site and buying a ring tone for your phone to putting your phone number down at anything [like] ordering a pizza,” Petersen told NBC affiliate KING of Seattle. “There are literally dozens and dozens of ways that a user or a consumer could opt in to a database.”
Petersen acknowledged that Intelius was counting on cell phone users’ not knowing they were exposing their numbers to his database whenever they gave them out to other businesses.
“When they’re ordering pizza, they’re not thinking about opting into a database,” he said.
I typed my own name into Intelius system, and found no current information. Instead, it produced records from the period from 1994 to 2001 when I lived in Washington State, and an exhortation to purchase a copy of my private information from them for $49.95.
When I used my full legal name it produced a mangled record claiming that I had lived in Davenport IA, Redmond WA, and Lynnwood WA as well.
In other words, the information in Intelius' database is not only out of date, but completely inaccurate.
Let's view Intelius through the lens of the four principles of the Privacy Manifesto I published a couple of weeks ago on GigaOm.
Every customer has the right to know what private information is being collected. That rules out any secret data collection schemes, as well as monitoring regimes that the customer hasn’t agreed to in advance. It also rules out any advertising scheme that relies on leaving cookies on a customer’s hard disk without the customer’s consent. Intelius is a complete failure, with secret data collection schemes and a demand that consumers pay $14.95 just to learn what information the company has collected about them.
Every customer has the right to know the purpose for which the data is being collected, in advance. Corporations must spell out their intent, in advance, and not deviate from that intent. Reasonable limits must be imposed on the collection of personal information that are consistent with the purpose for which it is being collected. Furthermore, the common practice of inserting language into privacy policies stating that the terms may be modified without notice should be banned. If the corporation collecting data wishes to change its policy then it’s incumbent upon the corporation to obtain the consent of customers in advance. Again, Intelius is a complete failure. When customers order pizza, they're not opting into a scheme under which their personal information is collected and distributed for profit by third parties.
Each customer owns his or her personal information. Corporations may not sell that information to others without the customer’s consent. Customers may ask, at any time, to review the personal information collected; to have the information corrected, if that information is in error; and to have the information removed from the corporation’s database. Intelius makes it near impossible to correct or remove your information from their database. Moreover, they hold your personal information hostage until such time as you pay their $14.95 ransom.
Customers have a right to expect that those collecting their personal information will store it securely. Employees and other individuals who have access to that data must treat it with the same level of care as the organization collecting it is expected to. Once more, Intelius fails. Not only do they provide no guarantees of their own, they actually disclaim the privacy policies of the third parties that they share information with.
This is a slimy business. Everything that these guys are doing is illegal in many other parts of the world. It's only in the lax privacy environment of the United States that you could make a business out of pimping unethically gathered data to the highest bidder. The most damning indictment of the state of American privacy law is that not only can this business exist in the United States, but that Jain and company have filed for a $143 million IPO.
Invest in Intelius? You'd have to be a fool. Perhaps that's what Jain is counting on, having fooled the investing public once before.