Can I Have My SSN Back?

Identity Thief:  CarbonNYC (CC Licensed)

Offline, more of my information is being collected, repackaged, and sold by data brokers like Little Rock, AR-based "marketing services" company Acxiom. You may not have heard of Acxiom, but the company has heard of you. Through public records, it claims to have the goods on 95 percent of all households in the U.S., which it sells to companies that are looking for more customers. In short, it's the reason you get junk mail. How detailed the records are varies from person to person, but it can go pretty deep. Chief Privacy Officer Jennifer Barrett told me in a recent conversation that an individual in the Witness Protection Program once contacted the company because he was receiving offers in the mail addressed to his old identity. Imagine what they have on you! Acxiom, however, gives consumers the option to delete the marketing info the company keeps on them, which you can do here. According to Barrett, the company has no use for you if you're not interested in receiving the kinds of offers its clients send.

Whether Acxiom actually completely deletes your information or not is up for debate, but I'd like to see this same kind of offer made by Web sites. In fact, as naïve and unrealistic as this may sound, I really think it should be the law. I should be able to use the full features of a site like Amazon or Google while also maintaining control over my personal information and privacy. If I stop using the site, it should stop holding onto my information.

But an Acxiom-like solution isn't quite right, because it's all or nothing. I can't call Acxiom, have a look at my record, fix a couple of things on it, and keep receiving offers from its clients. I can either delete my record, or keep it as is.

I think that any Web site that stores my user information -- whether as a customer or simply a blog commenter -- should be required by law to give me access to the full file it keeps on me. If I want the file deleted, I can do so. If I want to remove certain things from it and leave others intact, I can do that too.

Why not? Isn't the endgame of gathering all of this information just to sell me more stuff I'd be interested in? Aren't Amazon and Google working up these profiles on me so that they can make better recommendations or serve more relevant advertisements? (I certainly hope it's not something more sinister than that.) If I don't want anything to do with them, why should they want anything to do with me? If I want to help them better target their recommendations and ads by making my profile more accurate, doesn't that benefit everyone? If I don't want my Social Security number on there, but I'm OK with my address being listed, shouldn't that be my call to make?

I'll admit that it's my fault these companies have all of this info in the first place. They wouldn't have it if I hadn't somehow given it to them. I don't even mind that they have it, but I do think I should have the right to take it away from them. In the end, all I want is to keep my personal information out of the hands of the next cat burglar who decides to knock over an office building for its computer hardware. I can't do that when control of my privacy rests in the hands of others. Sure, I can disable cookies, I can download programs to disguise my IP address, and I can encrypt my chats and email. Or I can just stay off the Internet completely, as I said before. But there's the problem: Privacy is tough work these days.

If there's one statement that best sums up the point I'm trying to shape into some semblance of coherence, it's something Peter Eckersley of the Electronic Frontier Foundation told me in a recent conversation. He said, "Privacy should be the default rule, rather than being some kind of privilege that only incredibly talented hackers can obtain for themselves."