Spokeo a Growing Threat to Internet Privacy, Cyber Security Experts Warn

Think your data isn't online? Think your privacy is secure? Take a minute to visit Spokeo and you'll change your mind.

The popular information-gathering website offers a multitude of options for finding information about anyone. It purports to know your income, religion, spouse's name, credit status and the number of people in your household. It even offers a satellite shot of your house, complete with an estimated value.

Spokeo’s not alone in the information-mining business -- competitor Intelius, for instance, offers similar services -- and for as little as $2.95 a month for a year’s membership, you can run a detailed background check that pulls information from local, state and federal government databases and hundreds of social-networking sites.

A trade group has even petitioned the Federal Trade Commission (FTC) to investigate. FTC spokeswoman Claudia Bourne Farrell confirmed to FoxNews.com that "the Center for Democracy and Technology has petitioned the FTC to investigate Spokeo for violations of the Fair Credit Reporting Act," though she could not offer further details on an investigation.

The possibility of an FTC probe hasn't stopped the service from expanding, which now lets you search for the username of Facebook friends and track down their personal details.

More On This...

Larry Ponemon, the chairman and founder of the Ponemon Institute, an organization that researches Internet privacy and security, told FoxNews.com that sharing personal information about you is “grossly unethical” -- and barely legal. Worse, many of the personal data purveyors knowingly disseminate inaccurate information.

“It's evil for organizations to collect information that is knowingly inaccurate about people, no matter how many caveats they have,” he said, pointing out that the sites also make it easy for criminals to access your personal information, opening the door to identity theft -- or worse.

Scary stuff -- but how do these sites get away with it?

Along with offering your personal information to anyone who wants to pay the price, much of the information that’s being disseminated isn’t always correct. FoxNews.com put Spokeo.com to the test, and while it returned some scarily detailed results, accuracy often left much to be desired.

Of the 15 people we asked to research themselves on Spokeo.com, 10 reported inaccuracies in their report. Of those, three said the information was mostly inaccurate, while the others noted only minor discrepancies, such as an incorrect address or the wrong number of people in their household. Only five said the data was completely accurate.

"Since individual profiles are only as accurate as the published information they are comprised of, we continue to remind users that any information on our site should be regarded as a reference only," said Katie Johnson, a spokesperson for Spokeo.

In one case, the site reported an income level for a colleague at least twice as much as he actually earns. In another case, the information about a person was accurate but included a past divorce that no one actually knows about in his circle of friends.

Ponemon argues that in fact much of the information is woefully suspect because sites such as Spokeo and others like it rely on outdated public databases, some poorly maintained. In just one example, the information at the site was accurate -- it reported an income level around $146,000 for another colleague -- income based on investments and other private holdings that the colleague does not want to make public.

“These sites piece together a profile about you,” Ponemon said. “If you live in a wealthy neighborhood, they can take this data and infer certain things about you.”

Spokeo was developed by former Stanford student and company CEO Harrison Tang -- who has unsurprisingly blocked his own personal information from Spokeo searches. Company spokeswoman Katie Johnson said there is a difference between “personal information” and “private information” that shouldn't be revealed.

“Offering a more efficient mechanism by which to pull together information is not the same as providing greater access to personal information,” Johnson told FoxNews.com.

Among the numerous concerns Spokeo raises with privacy experts is that the service obfuscates its data sources. There is no way to correct the information, although you can opt-out to block your name from the searches. FoxNews.com tried unsuccessfully to use the opt-out feature, which at first didn’t offer a way to enter a required e-mail address. The site appears to have updated this feature following a FoxNews.com inquiry.

Another issue is how Spokeo and Intelius obtain personal data. Intelius spokesperson Jim Cullinan told FoxNews.com that the service gathers records from public sources, many of them from widely available government sources.

“Intelius isn’t scraping data off consumers and then reselling it,” he said. “There has always been a misconception of this, but the data comes from public records. People may not know what their digital footprint is, but since governments have digitized so many public records, this information is out there.”

For instance, each state collects information on births, deaths, marriages and other such information in a Vital Statistics database (MA, NY, OH and so on); while most of Spokeo’s data is in the public record, these Vital Statistics databases aren't simply public data. A recent amendment to the Drivers Privacy Protection Act prohibits a DMV from distributing your personal information unless you give them permission. It's unclear whether Spokeo is covered by these regulations, or how the various privacy policies governing different database are respected when the data in them are combined.

Access to other commercial databases is possible too, in spite of federal laws that restrict it. It's a crime to sell credit reporting information without letting you know about the transaction or providing a way to find more information, for example, according to the Fair Credit Reporting Act (FCRA). Sites like Spokeo get around this criteria by reporting a general credit score of low or high, not the actual score.

Robert Siciliano, a security consultant with IDTheftSecurity.com, explained that a website or social-media site you join might provide a terms of service for site users that says the site will not sell your information. Yet, there is no way to enforce adherence to a terms of service.

Kyle-Beth Hilfer, an attorney who covers privacy issues, says the FTC is carefully watching Web activity to protect consumers and encouraging the safeguarding of personal information.

So what can you do if you spot too much personal information? Hilfer says one recourse is to contact the site owner and attempt to block your information. She says you can always go to your state representatives and complain. “We will see more legislation on this depending on how the sites regulate themselves,” she said.

Siciliano argues that transparency on the Web is a good thing -- that revealing some personal information is okay because it means there is a way to link an online persona with an actual individual. Angry posters at Websites can be traceable and not engage in anonymous name-calling, in other words.

“There is no mystery anymore,” he said. “We have been living this way for decades, the data has been compiled and now people are taking this data and piecing it together. This has been going on for a long time.”

Ponemon warns, however, that brokering personal data can lead to serious abuses, such as cyberstalking and online impersonation.

So what can you do to protect your privacy? With Spokeo.com, it's a good idea to opt-out of the listing. You'll need to do a search on your name, find your listing, copy the URL, and fill out the fields at Spokeo.com/privacy.

But your information is probably already online anyway.

And short of visiting every site that lists personal information and opting out -- or a federal law -- most privacy experts say to accept the fate. If your personal info is out there, someone will find a way to buy it or sell it to the highest bidder.

That may not be ethical, but it's part of living in the digital age.