Some websites operated by the state collect valuable information about Mississippians' internet habits without their knowledge.
For example, tucked into about 2,000 lines of computer code that generates VisitMississippi.org is a Facebook Pixel Code, which reports back to Facebook.
That's what Sen. Roger Wicker was talking about when he asked Facebook CEO Mark Zuckerberg if the social network had its hooks into internet users even if they aren't signed on to Facebook. Here's that exchange from a transcript supplied by Wicker's office.
"Wicker: One other thing, there have been reports that Facebook can track a user's internet browsing activity even after that user has logged off of the Facebook platform. Can you confirm whether or not this is true?
Premium content for only $0.99
For the most comprehensive local coverage, subscribe today.
"Zuckerberg: Senator, I want to make sure I get this accurate, so it’s probably better to have my team follow up."
As BuzzFeed pointed out, Zuckerberg could have just pointed Wicker to Facebook's own site, where, as BuzzFeed pointed out, that confirmation is under the "help" section.
Wicker's staff sent that testimony out in an email complete with a link to a video on YouTube. As soon as viewers click on that link, YouTube starts tracking them.
Disconnect, a browser extension that uncovers trackers, reveals YouTube, which is owned by Google, uses the tracker DoubleClick. It collects information about browsing habits that can be used to show ads about products that match a visitor's interests. Kind of like those ads that follow Tom Cruise around in "Minority Report."
In all, it's valuable information. Google paid $3.1 billion for DoubleClick in 2008, according to The Guardian. It helped Google capture more than $95 billion in ad revenue in 2017.
In Mississippi, the Secretary of State's Office and the Governor's Office both have sites that track visitors and send information out to 17 sites.
The Office of State Auditor also tracks visitors via Google Analytics and Twitter, but only sends information to two other sites. Within seconds of landing on the Mississippi Development Authority's site, dozens of bits of information have passed back and forth between the site and Google Analytics and three other trackers.
The Attorney General's Office has sued Google over privacy concerns and sent Facebook a letter earlier this year with more privacy concerns. Its website, though, dutifully reports back to Google Analytics and DoubleClick via trackers.
All these companies and the state assure internet users they have their best interests at heart and have their back when it comes to security — data breaches and Facebook scandals aside.
It's a common theme in privacy statements.
"We use data to make our services as useful as possible, but you decide what types of data we collect and use," Google says.
What Mississippi does
Mississippi Interactive said it does not store any sensitive data.
"For any transactions that include sensitive data, we truncate account information as well as encrypt the information, said Drew Levanway, MI's director of operations. "Mississippi Interactive’s payment engine adheres to the highest levels of security within the industry and is compliant with PCI-DSS as a Level 1 Service Provider. All applications and websites undergo routine security scans, are patched to remediate any vulnerabilities, and are audited by third-party vendors that evaluate hundreds of security controls."
Eighty websites built by the state-private partnership offer 126 services, a third of which don't charge fees and therefore shouldn't collect sensitive information. All collect other than sensitive data, though.
And since President Donald Trump rolled back an Obama-era Federal Communications Commission rule that limited how internet service providers use the gathered data, privacy has become a gray area.
FCC Chairman Ajit Pai said the FTC, not the FCC, should govern the providers. But, as the Los Angeles Times reported, the FTC is empowered to enforce privacy rules against companies such as Google but not internet service providers such as AT&T. That leaves regulating providers, for now, up to the state.
In Mississippi, privacy and security are watched over by the Electronic Government Oversight, which includes officials from the state and Mississippi Interactive.
What you can do
Consumers, though, can opt-out of these data mining operations. The Disconnect add-on gives you the option of blocking tracking sites. Through a browser's settings, the user can tell it to reject all cookies.
You can install Privacy Badger to block all spying ads and trackers.
Starting next month, though, the European Union will require sites that gather and store data from web user to get their permission first. And that could spread to the U.S.