DMVs Are Selling Data to Private Investigators, Marketing Firms


This site may earn affiliate commissions from the links on this page. Terms of use.

A new report shows that the DMVs (Department of Motor Vehicles) in many states are taking full advantage of the modern information economy, and they’re making bank doing it. The data we’re required to hand over by law in order to qualify for a driver’s license is being used for very different purposes than you likely intend. Specifically, it’s being sold to private investigators.

That’s the result of a major Motherboard investigation into how DMVs are using the personal data of the citizens they supposedly serve. Like a lot of companies these days, DMVs sell data. Insurance companies buy some of the data, but much of it is being sold to other sources, like private investigators. Such data is apparently popular for surveilling cheating spouses, and the same private investigators that advertise such services are apparently major purchasers.

DMV-Data-Sales

Data and graph by Vice

Multiple DMVs stressed that they don’t sell social security numbers or photographs, as if this represents some kind of meaningful protection. Some contracts with these investigators are for bulk searches; some are targeted searches. The cost per search is as low as $0.01, and these contracts can run for months at a time.

“The selling of personally identifying information to third parties is broadly a privacy issue for all and specifically a safety issue for survivors of abuse, including domestic violence, sexual assault, stalking, and trafficking,” Erica Olsen, director of Safety Net at the National Network to End Domestic Violence, told Motherboard in an email. “For survivors, their safety may depend on their ability to keep this type of information private.”

All of this is perfectly legal, thanks to the Driver’s Privacy Protection Act, which was passed in 1994. While that law was specifically intended to increase the protections surrounding DMV databases, it included specific carve-outs for private investigators. Granted, the text of the law states that private investigators are only allowed to access these records for a “permitted” DPPA use, but apparently that’s not an issue.

The exact data sold varies from state to state, but it typically includes at least a name and address. Other data, including zip codes, phone numbers, date of birth, and email address are also included depending on the state. The DMV also sells data to credit reporting companies like Experian and LexisNexis. Delaware has arrangements with more than 300 entities. Wisconsin has more than 3,000.

Why are DMVs going down this road? Money. Delaware brought in $384,000 for itself between 2015 and 2019, while the Wisconsin DMV brought in $17M in 2018 alone, up from just $1.1M in 2015. In Florida, the DMV made an eye-popping $77M just in 2017. The contracts with various DMVs explicitly state that the purpose of these agreements is to generate revenue, and the states are aware that some of the information they sell to third-parties is abused. Whether their controls for catching and locking abusers out of these systems are adequate are an entirely different question.

It is long past time for the United States to pass better privacy laws. There is absolutely no justification for the current free-for-all. There is no standard for how data-sharing agreements should be overseen. Local investigations have found that Florida is selling data to marketing firms, not just private investigators, and some citizens have been hit with an onslaught of robocalls and spam as a result. Florida sells data to Acxiom, one of the largest data brokers in America. Acxiom is not a PI firm, just in case you were wondering. Citizens who have been slammed with robocalls, direct mail, and even door-to-door salesman showing up at their homes as a result of this relentless data-selling have no recourse. There’s no one to complain to, there’s no way to get taken off the lists, and there’s no way to prevent their own data from being endlessly sold. Robocalls have become such an epidemic, people now actively avoid answering the phone unless they know the number of the person calling them.

People often ask questions like “Why should I care if someone sells my data?” but don’t connect the question to the fact that they get 15 robocalls a day. Sexual assault and domestic violence survivors may not have those kind of options. But privacy shouldn’t be a right that depends on whether someone is threatening to harm you physically. Privacy should be the default state, particularly when it concerns the government organizations virtually all of us are required to interface with.

If you ever drive in the United States, you must have a driver’s license. Just as with credit reporting agencies, none of us get any choice in the manner. The legal system allows states and the federal government to create effectively mandatory standards because it recognizes that doing so helps ensure the safety of everyone. But if the legal system is going to require that citizens submit data to the federal and/or state government for licensing and registration purposes, it ought to simultaneously require that said data is kept private and only accessed under strictly controlled conditions. The idea that people “opt in” to these practices simply by existing has been stretched past the breaking point. It’s time for a change.

Now Read:




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Netflix’s big problem and Apple’s thinnest product yet – gpgmail


Hey. This is Week-in-Review, where I give a heavy amount of analysis and/or rambling thoughts on one story while scouring the rest of the hundreds of stories that emerged on gpgmail this week to surface my favorites for your reading pleasure.

Last week, I talked about the Capital One breach and how Equifax taught us that irresponsible actions only affect companies in the PR department.


Thomas Trutschel/Photothek via Getty Images

The big story

Disney is going to eat Netflix’s lunch.

The content giant announced this week that when Disney+ launches, it will be shipping a $12.99 bundle that brings its Disney+ streaming service, ESPN+ and ad-supported Hulu together into a single-pay package. That price brings those three services together for the same cost as Netflix and is $5 cheaper that what you would spend on each of the services individually.

This announcement from Disney comes after Netflix stuttered in its most recent earnings, missing big on its subscriber add while actually losing subscribers in the U.S.

Netflix isn’t the aggregator it once was; its library is consistently shifting, with original series taking the dominant position. As much as Netflix is spending on content, there’s simply no way that it can operate on the same plane as Disney, which has been making massive content buys and is circling around to snap up the market by acquiring its way into consumers’ homes.

Disney has slowly amassed control of Hulu through buying out various stakeholders, but now that it shifts the platform’s weight, it’s pretty clear that it will use it as a selling point for its time-honed in-house content, which it is still expanding.

The streaming wars have been raging for years, but as the services seem to become more like what they’ve replaced, Disney seems poised to take control.

Send me feedback
on Twitter @lucasmtny or email
lucas@Gpgmail.com

On to the rest of the week’s news.

Screen Shot 2019 03 25 at 1.37.32 PM 1

Trends of the week

Here are a few big news items from big companies, with green links to all the sweet, sweet added context:

  • Apple Card rolls out
    Months after its public debut, Apple has begun rolling out its Apple Card credit card. We got our hands on the new Apple Card app, so check out more about what it’s like here.
  • Amid a struggling smartphone market, Samsung introduces new flagships
    The smartphone market is in a low-key free fall, but there’s not much for hardware makers to do than keep innovating. Samsung announced the release of two new phones for its Note series, with new features including a time-of-flight 3D scanning camera, a larger size and… no headphone jack. Read more here.
  • FedEx ties up ground contract with Amazon
    As Amazon rapidly attempts to build out its own air fleet to compete with FedEx’s planes, FedEx confirmed this week that it’s ending its ground-delivery contract with Amazon. Read more here.

GAFA Gaffes

How did the top tech companies screw up this week? This clearly needs its own section, in order of badness:

  1. Facebook could get fined billions more:
    [Facebook could face billions in potential damages as court rules facial recognition lawsuit can proceed]
  2. Instagram gets its own Cambridge Analytica:
    [Instagram ad partner secretly sucked up and tracked millions of users’ locations and stories]

Extra Crunch

Our premium subscription service had another week of interesting deep dives. My colleague Sarah Buhr had a few great conversations with VCs in the healthtech space and distilled some of their investment theses into a report.

Why is tech still aiming for the healthcare industry? It seems full of endless regulatory hurdles or stories of misguided founders with no knowledge of the space, running headlong into it, only to fall on their faces…

It’s easy to shake our fists at fool-hardy founders hoping to cash in on an industry that cannot rely on the old motto “move fast and break things.” But it doesn’t have to be the code tech lives or dies by.

So which startups have the mojo to keep at it and rise to the top? Venture capitalists often get to see a lot before deciding to invest. So we asked a few of our favorite health VC’s to share their insights.

Here are some of our other top reads this week for premium subscribers. This week, we talked about how to raise funding in August, a month not typically known for ease of access to VCs, and my colleague Ron dove into the MapR fire sale that took place this week:

We’re excited to ramp up The Station, a new gpgmail newsletter all about mobility. Each week, in addition to curating the biggest transportation news, Kirsten Korosec will provide analysis, original reporting and insider tips. Sign up here to get The Station in your inbox beginning this month.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Equifax, Capital One and your stupid desire for justice – gpgmail


Hello, weekenders. This is Week-in-Review, where I give a heavy amount of analysis and/or rambling thoughts on one story while scouring the rest of the hundreds of stories that emerged on gpgmail this week to surface my favorites for your reading pleasure.

Last week, I talked about the Facebook FTC fine, the Sprint/T-Mobile deal getting approved, and the creeping feeling that decisive antitrust action was going to be fairly limited in scope.


Jaap Arriens/NurPhoto via Getty Images

The big story

There’s no rest for the wicked.

The very same week that users impacted by the Equifax breach were told they wouldn’t be receiving their full $125 settlement because too many people wanted it and not enough funds were put aside, we heard about a new awful hack, this time affecting Capital One and about 100 million of its customers.

Before delving into the blame game, I’d first like to call attention to their ingenious solution towards minimizing the fallout, by hoping affected parties didn’t read the bullet points in their statement.

Why does Capital One feel it gets to act this way? Because transparency still isn’t incentivized in any way during these data breaches and for these companies damage minimization is the true crisis, not making things better for consumers.

The FTC settlement with Equifax has left the stock price in the worrisome position of being within striking distance of an all-time high. The fact that consumer payouts were lowered because the FTC didn’t understand the full scope of consumers that knew they had been affected just adds insult to injury.

We likely still don’t know the extent of the damage from this breach, but we all understand the extent of the damage that Capital One may end up feeling — our anger and not much else.

Send me feedback
on Twitter @lucasmtny or email
lucas@Gpgmail.com

On to the rest of the week’s news.

Image via Getty Images / mrspopman

Trends of the week

Here are a few big news items from big companies, with green links to all the sweet, sweet added context:

  • Facebook is still working on a brain-computer link
    You might imagine that after all the privacy scandals have highlighted Facebook’s inability to cope with ethical concerns on existing platforms, Facebook may be a bit more reticent to build out future platforms, but you would be wrong! Facebook picked this week to highlight some of the progress of its non-invasive thought-to-text speech that it hopes will bring sophisticated input to AR headsets in the future. Read more here.
  • A Ninja disappears
    Microsoft, and you may not know this, runs a Twitch competitor called Mixer which it built on the back of its Beam acquisition. The platform received a lot more visibility this week when one of Twitch’s biggest stars, Ninja, announced he was going to be leaving the platform and streaming exclusively on the Microsoft-owned platform. I am deathly curious what the price of this deal was, shoot me an email if you have leads. Read more here.
  • Trump strikes at JEDI
    Maybe $10 billion isn’t what it used to be in the age of Softbank and decacorns being the new unicorns, but to Silicon Valley’s cloud titans, the government’s $10B JEDI cloud contract is huge. Trump also hates Jeff Bezos and is lobbying the DoD not to toss Amazon any favors. Read more here.

GAFA Gaffes

How did the top tech companies screw up this week? This clearly needs its own section, in order of badness:

  1. Apple reigns in Siri recording analysis after backlash:
    [Apple suspends Siri response grading in response to privacy concerns]
  2. Google gets busted over voice recordings as well:
    [Google ordered to halt human review of voice AI recordings over privacy risks]

Photo by Steve Jennings/Getty Images for gpgmail

Extra Crunch

Our premium subscription service had another week of interesting deep dives. The most interesting — of course — was what I wrote this week 🙂 I chatted with NEA’s GP Scott Sandell about his investments in both Salesforce and Tableau and about his 25-year career in VC.

Sandell: Well, I don’t know, I can’t speak for the industry because I think most firms are different. But at NEA, we intentionally hire and develop associates, and some of them become partners and general partners. So we have a long tradition in a systematic way of doing that.

Matney: Why do you favor that route?

Sandell: That’s a good question. I think, looking at it from the other side, we haven’t had a lot of success, hiring in very seasoned executives and turning them into investors, and I don’t think the industry has either. I think that that’s a fairly low-probability event that somebody that’s been the CEO of XYZ turns into a great investor.

Adding somebody as a general partner means that you’re going to commit a lot of capital to them before you know whether they’re any good, so they’re a much more expensive failure if they come in as a general partner and turn out not to be a good enough investor. You know, a lot of people come in that way and think they already know everything there is to know, they’re a little bit less likely to recognize that being an investor is an entirely different skillset. And while the experience they have can be informative to that and possibly very advantageous, it’s really a completely different game…

Here are some of our other top reads this week for premium subscribers. This week, we talked about “virtual beings” and how to handle exceptional talent at your startup.

We’re excited to announce The Station, a new gpgmail newsletter all about mobility. Each week, in addition to curating the biggest transportation news, Kirsten Korosec will provide analysis, original reporting and insider tips. Sign up here to get The Station in your inbox beginning this month.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

FTC Toadies for Equifax, Begs Citizens to Register for Largely Worthless Credit Monitoring


This site may earn affiliate commissions from the links on this page. Terms of use.

In theory, organizations like the FTC exist to safeguard United States citizens. In practice, all too often, these organizations are far more beholden to the companies they supposedly regulate than the citizens whose rights they protect. Last week, the FTC announced a settlement with Equifax, in which individuals whose data was stolen — that’s basically everyone in the United States — were eligible for $125 in compensation. Given the breadth and importance of the data Equifax allowed to be stolen, one might think that kind of minimal compensation would be the least the company could offer, given that it leaked social security numbers, addresses, phone numbers, dates of birth, and names.

Now, however, the FTC has changed its tune. Far too many people have registered for the $125 settlement. Under the proposed settlement structure, only $31M has been set aside to provide these refunds. That translates to $125 for 248,000 people. The Equifax hack affected 147 million people. In other words, according to the FTC, only 0.16 percent of Americans were estimated to request $125. Now our government is begging its own citizens to accept near-worthless free credit monitoring (which costs Equifax literally nothing to provide) rather than asking for a tiny cash settlement in exchange for one of the most egregious database thefts of all time.

Just Buy It Pick Free Credit Report Monitoring

The FTC’s new blog post is headlined “Equifax data breach: Pick free credit report monitoring.” Robert Schoshinski, the Assistant Director, Division of Privacy and Identity Protection, writes:

The free credit monitoring is worth a lot more – the market value would be hundreds of dollars a year. And this monitoring service is probably stronger and more helpful than any you may have already, because it monitors your credit report at all three nationwide credit reporting agencies, and it comes with up to $1 million in identity theft insurance and individualized identity restoration services.

The FTC blog post does not note that the only reason the pool of cash for refunds is so small is the FTC deal with Equifax only allocates $31M to the relevant fund. While the agreement with Equifax included up to $425M to help victims of the breach, the overwhelming majority of the money is earmarked for other purposes. That’s dealt with in a separate press release. The government also doesn’t note that under the terms of the deal, it will be extremely difficult for anyone to prove an incidence of identity theft was tied to the Equifax database theft because that database has never been detected for sale on any hacking website. This implies it was stolen by a state actor rather than a conventional hacker.

Hurrah. R0ckH4rd69Lvr doesn’t have your data; Russia or China probably does. That’s vastly better.

Most financial websites do not agree with the FTC’s claim that free credit monitoring is worth “a lot more.” To quote Levar Burton, “You don’t have to take my word for it.” Here’s a sampling of quotes and links on the topic:

NerdWallet: “NerdWallet recommends avoiding such offerings from credit bureaus.”
US News & World Report: “It’s of some value if you are a victim of identity theft, but its value is rather narrow.”
CNBC: “Credit monitoring services may not be worth the cost”
CNN Money: “Most of what these products provide you can easily do yourself, and for free.”
LendingTree: “The paid credit monitoring services won’t necessarily monitor your reports any better than a free service.”

Maryland Attorney General Brian Frosh captured the spirit of the issue far better in his comments about the settlement last week. Speaking about the ~147M victims of the Equifax hack, he noted: “Most of them—most of us—did not sign up… We did not choose Equifax,” Frosh said. “It chose us. It collected our personal information, it compiled it, analyzed that information, and sold the product and some of the raw data to other people. Their carelessness with our personal data will cause harm perhaps for millions of Americans.”

Slate’s argument, made last week, was that customers had a moral obligation to claim this funding, to send a message to Equifax and other companies about the critical importance of data security and to hold them accountable for failing to do so. Nobody chooses to do business with Equifax, TransUnion, or Experian. These institutions compile financial records and credit reports on Americans without consent, to provide global information about one’s credit history. There is no way to voluntarily withdraw from the system and credit checks are so important for so many life events, there would be little practical way for any but the richest Americans to do so.

Facebook got hit with a $5B fine for Cambridge Analytica, but Equifax is skating by with a $671M fine. According to the FTC, this was a deliberate decision to protect Equifax. “We want to make sure we don’t bankrupt the company or have them go out of business,” Maneesha Mithal, a data and privacy subject matter expert with the FTC, told Ars Technica. “We want to make sure they have the funds and resources to protect consumers going forward.”

Yes. Because nothing speaks to the importance of protecting consumers like a slap on the wrist when a company loses the data of 147 million Americans. Nothing promotes trust like the FTC publishing a shameful, toadying blog post declaring the value of worthless monitoring services that the company being fined can provide at no cost to itself.

Details on how to object to the settlement, should you wish to do so, are on the FAQ linked at the EquifaxBreachSettlement page. You cannot ask the Court to change the settlement, but you can advocate for it to be approved or denied. A $125 payment for a few million Americans was bad enough, but the government’s behavior in this case, not to mention the terms of the settlement itself, are both insulting.

Now Read:




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something