The Data Diva E230 - Lawrence Gentilello and Debbie Reynolds

Show Notes

Debbie Reynolds “The Data Diva” talks to Lawrence Gentilello, CEO and Founder of Optery, a company dedicated to removing personal data from online databases to enhance privacy and security for individuals and businesses. We discuss his career journey, beginning with his early work in the data industry at BlueKai, a firm specializing in collecting intent and purchase data for targeted advertising. He discusses how the industry evolved from simple ad personalization into a vast ecosystem where personal data is used in ways that can pose risks to individuals. His decision to launch Optery in 2020 was influenced by both his professional experience and a personal incident in which criminals used publicly available information to create fraudulent IDs in his and his wife’s names.
Debbie and Lawrence examine the hidden world of data brokers—companies that gather, package, and sell personal information without individuals’ direct knowledge or consent. Lawrence describes how these brokers operate across different sectors, from advertising and email prospecting to risk analytics and law enforcement databases. He highlights the difficulty individuals face in protecting their information, as the average person has around 100 exposed online profiles, making them vulnerable to identity theft, cyberattacks, and even physical security threats.

The discussion also covers emerging threats, including the rise of AI-native data brokers—companies that use artificial intelligence to automate the collection and sale of personal data at an even greater scale. Lawrence describes how these firms often operate without transparency and avoid legal disclosure, making it harder for individuals to track how their information is being used. He also references a recent incident involving the Russian ransomware gang Black Basta, where leaked internal communications revealed that cybercriminals were using data broker services like ZoomInfo and RocketReach to research and target victims.
Debbie and Lawrence explore the real-world consequences of unchecked data sharing, including phishing scams, cyberattacks, and even physical harm. They discuss how executives, government officials, and everyday individuals become targets due to the ease of accessing their personal data online. Lawrence explains how Optery’s services help address these risks through deep-crawling search technology, before-and-after screenshot verification, and automated monthly scans that continuously remove exposed information.
Lawrence outlines his vision for improving privacy protections. He advocates for a standardized set of privacy laws across the U.S., stronger enforcement against data brokers that fail to comply with regulations, and the inclusion of authorized agent provisions in all privacy laws to ensure individuals can get assistance in managing their data. Debbie emphasizes the importance of ongoing awareness and proactive steps to combat the risks associated with data brokers. This insightful discussion sheds light on the urgent need for privacy-focused solutions and stronger policies to protect individuals and their data.

Support the show

Transcript

[00:00] Debbie Reynolds: The personal views expressed by our podcast guests are their own and are not legal advice or official statements by their organizations.

[00:12] Hello, my name is Debbie Reynolds. They call me the Data Diva. This is the Data Diva Talks privacy podcast where we discuss data privacy issues with industry leaders around the world with information that businesses need to know.

[00:24] Now I have a very special guest all the way from San Francisco, Lawrence Gentilello, who is the CEO and founder of Optery, which specializes in personal data removal for customers and businesses.

[00:39] Welcome.

[00:40] Lawrence Gentilello: Thank you. Really appreciate the opportunity to speak here. Debbie. It's been a little while to make this happen, but great to kick off the year here and this spring speaking with you.

[00:51] Debbie Reynolds: Yeah, this is amazing. So I'm glad we're definitely getting to talk. I think we have some synergies in the fact that we are very much in tune with kind of the data business and the harms and risks that can come to consumers and businesses and the things that they need to do.

[01:09] But why don't you tell me about your journey into Ottery and why you thought it was important to create this business?

[01:17] Lawrence Gentilello: Yeah, definitely. So my journey to Optory came from really two angles. And the first angle is that I entered the data space in 2011 when I joined a company called Blue Kai.

[01:32] And Blue Kai was one of the early leaders of data companies that would partner with companies like Expedia, Kayak, Cars.com, hotels.com, eBay.com and would capture intent data, purchase int data on cookies, and then would sell that cookie data into the ad tech ecosystem.

[01:53] So the biggest customer was Google. Another big customer might be Yahoo or aol. And so it was a data broker, and it was a data broker that focused on more personalized advertising.

[02:03] And so when I entered the space, it was really kind of a heyday of like kind of Google Ads and Facebook ads that was all really starting to take shape.

[02:13] And it was from a pretty innocent perspective of, oh, we have more targeted ads. It was a lot of it around retargeting. You look at a pair of shoes on Nordstrom and then you go look at football blog and you see the pair of shoes.

[02:24] And that was really what bluekai did and what brought me into the space. And I spent a few years there. And then that company was acquired by Oracle and that became bluekai became the foundation of the Oracle data cloud.

[02:36] That set off the chain reaction of a series of acquisitions. Datalogix, Crosswise Moat, and a few other kind of data companies.

[02:44] From there, I left and went to Accenture and I Led Accenture's data management platforms practice within Accenture Interactive for about three and a half years. And from my start getting into the space in 2011, really just kind of working on more personalized ads.

[03:02] When I left in 2020, the what I saw was that data was being increasingly weaponized against people and used in very harmful ways, far beyond which I had originally kind of financial industry.

[03:15] And so at around that time, these privacy laws were starting to get passed because, you know, if you go into the maybe early 2000s, nobody really cared about this stuff, but all of a sudden, consumers are starting to get more aware, more upset, more concerned.

[03:30] And so that led to demands for laws. And that started in Europe, really kind of reached the public consciousness. It started in Europe, the GDPR made its way here to California where I live, and has been cascading through the country.

[03:42] And so I felt like when I left Accenture that there was a real need for a piece of software that would encode the rights that were being provided to just everyday people into technology.

[03:59] And so that was one key thing was just kind of being from inside the industry. The data broker industry is pretty vast. There's lots of different categories. Some of it's for personalized ads, some of it's for email prospecting, some of it's for direct mail, database marketing, analytics, like everything,

[04:17] you know, there's lots of different places in my area was within personalized ads. And I left Oracle, I think, in 2016. And that was at Accenture.

[04:27] So that was one kind of like vector to the other thing that happened. Also, it was right around 2019 when I started thinking about this was I was the victim of identity theft.

[04:36] And I thought I was doing a pretty good job of kind of protecting myself and, you know, reasonably tech savvy and an attacker I don't really, really know, but I believe profiled me and actually created a fake id, California driver's license with my home address on it and with my name on it,

[04:55] and actually also a fake ID in my wife's name as well. And. And so two individuals walked into a Verizon store with two false identifications. They knew our phone numbers, they knew our home addresses, and they got some free cell phones out of it.

[05:12] And so I kind of was like, whoa, how the heck did this happen? And I at the time, it was just like I had no idea. And then I learned more about data brokers and sites like Spy Dialer and it kind of, you can kind of map people to phone numbers and phone numbers to home addresses and I said,

[05:28] wow, I googled myself and it was like my cell phone number was literally in the Google search results. Like you just would type in my name and it was like there was my cell phone number right there.

[05:37] And I kind of started learning more about what was going on and I started to get it removed and I just felt like there were some solutions. I didn't feel like they were very good.

[05:46] And kind of coming from a kind of a technology background, I felt like there was this huge opportunity to, you know, provide a piece of software to people and companies and really to outdo what I saw as existing solutions on the market that were just not very good.

[06:02] So those are the two things that led me to start Optory and kind of brought me here. And so now, you know, optory started in 2020 and we consider ourselves a privacy and cybersecurity company.

[06:13] And we're working all day long with customers that care about this stuff and companies, they're protecting their employees, their own customers, government officials,

[06:23] and that's how I got here.

[06:25] Debbie Reynolds: That's a great story. Thank you for sharing that.

[06:28] One thing that I want your thoughts on, and this is something I think is very important to talk to consumers and businesses about and that is I think people just don't imagine how much data is out there about them and they can't imagine how someone will possibly use it against them.

[06:47] Right. So I think that's pretty much the shock. But I want your thoughts there,

[06:51] definitely.

[06:52] Lawrence Gentilello: I think it's like the analogy I like to use is like if you kind of maybe go out into the country away from the city, you may join a trip to visit some family or something like that.

[07:02] You're kind of middle of nowhere and you look at the stars, it's just so vast, you know, as compared to maybe when you're in the city, it's just like endless.

[07:10] That's really what it's like with data brokers. It's even being in the industry for a while and kind of, you know, we, we actually just released a open source data broker directory.

[07:21] So if you go to opti.com, you go to Resources, you can click data broker. I think there's about 600, 650 different data brokers that we have profiles on the opt out place you can go to opt out self service, opt out guides, etc.

[07:34] And that's great that we have 650 up there that we're profiling and kind of making aware to the public we've assembled that data set will soon be Moving it over and giving people access to it in GitHub.

[07:44] But right now it's there. But that just scratches the surface. There's just still so much more. And our approach right now is pretty US centric. We're actually very close to expanding into other countries.

[07:56] But right now, even though 650 or so is pretty just like just kind of scratching the surface, I think the last I checked the California data broker registry had like 550 or so.

[08:08] That's good because a couple years ago there was only like 400 day or so data brokers that had disclosed themselves. I think some of the legal action that state attorney generals are starting to take against data brokers that are not disclosing themselves has been great.

[08:20] I think the getting data brokers are behaving a little better so they disclose themselves. But even then there's actually a lot of companies that aren't disclosing themselves properly. And that's a very US centric list.

[08:29] But there's just, I think Jeff Joseph, she's a privacy researcher we have a lot of respect for. He maintains a list and I don't remember the exact name number but I think he's tracking like 2,000 of them.

[08:41] So it's just really vast. And there's every type of data set under this on, you know, it's everything from, you know, your driving behavior agreements that maybe a Toyota or you know, General Motors might have or Ford with data brokers like where you're driving and how fast you're driving to purchase information and just everything.

[09:02] It's just endless.

[09:03] Debbie Reynolds: Yeah. Oh my goodness. Terrible. I know I was at a conference that someone who is in the insurance industry said that they actually know how much water is in the wheel well of people's cars and Lord knows what they're going to do with that type of data.

[09:19] But this is just the granularity of information that they collect on people and like devices and stuff like that.

[09:26] What's happening in the world right now that's concerning you most? Maybe something in the news that you saw. You're like, wow. Like this is, this is unbelievable.

[09:35] Lawrence Gentilello: Yeah, well, so I think maybe a couple things. One, I think one of the things that we're seeing and noticing a lot of is the, the, I call it the privacy divide.

[09:46] And there's different states that have privacy laws that are active and you know, live. Like in California we have one, Texas has one, Oregon has one. But there's a, most of the states don't.

[09:57] If you're a citizen of a Certain state you don't have rights to privacy. And so maybe early on your data brokers was getting so few opt out requests, they were just sort of like honoring them.

[10:08] And now the awareness among the public and companies like Optory and others, our businesses are growing very rapidly. And so the volume and the scale of the opt out requests that we're starting to send to data brokers is getting larger.

[10:21] And some, not all, but some data brokers are starting to say, hey look, if you're in North Dakota, sorry, like there's no legal requirement for us to stop selling your information.

[10:32] But hey, okay, you're in Colorado and Utah and Virginia, we'll stop selling information. So I think that's a really important thing for people to understand is that there's a growing privacy divide in the United States of haves and have nots in terms of who has rights to privacy and who don't.

[10:49] And, and really it's up to the, the citizenry and like the people in those states to demand their lawmakers to get something passed. The other thing that's happening that's I think very concerning is I think it's really unknown to the, the public how powerful the data broker lobby is.

[11:07] There's tremendous billions and billions of dollars that's earned by data companies. And they are not dumb, they're very smart and they have a lot of money. And so when they see privacy laws getting passed or they see companies like ours, they'll do whatever they can to, to, to maintain the status quo.

[11:28] And so they put forth tremendous effort and resources to water down privacy laws, to block them, you know, to cast doubt and dispersions to, you know, privacy companies.

[11:43] So even like something very simple like there's different privacy laws in the United States and some of them have specific legal provisions for what's known as an authorized agent. That's what Ostree is we're an authorized agent.

[11:55] There's a lot of talk these days about agentic AI and AI, who agents that are going out and doing things on your behalf for that became the buzzword du jour.

[12:04] That's what we are. We're an authorized agent, we have agent relationship with our customers and then we go out and get this information removed. So one of the things that the success is that when you see the data brokers high fiving and cheersing themselves is if they were able to water down a privacy law such that it doesn't include provisions for an authorized agent and they'll cast assertions and say that there's problems with Authorized agents.

[12:27] And there's like bad incentives and this and that. But the reality is that maybe you and I are privacy and technology and security savvy enough to go out and do these opt outs, but there's a lot of people that aren't.

[12:41] My parents are aging, baby boomers are not super tech savvy. And to get my mom to go opt herself out of this stuff, forget about it. She needs an authorization.

[12:51] She needs someone to help her. Our business customers, we work with court systems to protect judges, counties to protect public officials and companies, to protect executives, employees that have access to financial systems, to have access to code bases.

[13:07] Those people are busy. Those people aren't in our industry. You know, they have kids, they have, they have jobs, they have deadlines. And when a data broker is successfully waters down a privacy law such that it doesn't have a provision for a company to assist those that don't have time or maybe just don't have the savvy,

[13:29] it's a big win for the data broker industry and it's a big loss for consumers. So those are a couple things that are just really concerning. And as more privacy laws get passed, every time one gets passed, we actually support it pretty much immediately once it goes into effect,

[13:45] we look at the terms and you can kind of see what's going on. And scientists say, oh, the data brokers really got their teeth into this one. So Florida, for example, was a privacy law that was like basically a privacy law and name only.

[13:57] It's like, yes, they have a privacy law, but it kind of doesn't really do anything for you.

[14:02] It's just they were able to get something passed that doesn't really protect people very much. It's far different than maybe like what's passed in Texas. Texas has a good law, California has a good law, Florida does not.

[14:15] Debbie Reynolds: Yeah, well, I'm glad you brought this up because I think there was some spirited debate I saw several weeks ago about a authorized agents. And I think you're right. I mean, people need help.

[14:25] Anyone who can step in this place to help consumers with this, managing their data rights is important. I think the last statistic I saw is that the average person has over well over 50 kind of logins and passwords to stuff.

[14:42] Right. And so that doesn't account them like going to websites, doing other types of business on the Internet. So the fact that you're doing this service for people and for companies to help protect them is very important.

[14:55] And I think in addition to privacy, you know, I started talking a lot about safety. Right. We saw as a result of the United Healthcare CEO murder that happened, a lot more businesses started being concerned about the safety of people.

[15:11] Right. We're doing these high stress, powerful jobs or who basically executives already are very much target of cyber. Right. Like ransomware and different things like that. So I think unfortunately, that situation kind of highlighted that the safety issues.

[15:30] And as a result, one of the laws I'm sure you're familiar with, which is Daniel's Law out of New Jersey, a lot of the data brokers, they kind of filed a suit and they lost in that suit because they were saying, hey, we have a First Amendment right to sell people's data.

[15:48] And they were like, no, you don't. Right. And so we're seeing more states try to implement more of Daniel's Law. And some of the arguments that I heard from some of the data broker lobbying groups were just ridiculous.

[16:01] Right. It's like, I need to sell the data of a police officer or a judge because then they can get a car loan. It's like, well, if you're dead, you can't get a crime.

[16:10] Right. And so I think talking more about safety is a very important thing to do.

[16:17] Lawrence Gentilello: Definitely. Yeah. And that's safety. This is our niche. Privacy is a big space. VPN gives you browsing privacy and things like the Tor network gives you privacy. But there's a lot of different things in privacy and there's a lot of different things in security, endpoint, security, network security, security, education,

[16:34] like just everything. This is our niche. This is where, where, where we have our hedgehogging is this like opt out of data broker. But the other thing, a big reason that, that this problem is important to people is physical security.

[16:48] It's something someone that's stalking or out to commit violence. If your home address is just sort of like readily out there, that can lead to people confronting people physically.

[16:58] So a lot of times people use our product because they don't want their home address out there, or maybe they're victim of domestic violence. Or even we have some of our corporate, like, opportunities for business customers.

[17:10] They are planning to do a layoff and they maybe the last time they did that, they had some disgruntled employees that would show up at executives homes. And so they sometimes will preemptively take steps to get home addresses because they're worried about physical security.

[17:25] But yeah, it's anything about anything that an adversary. An adversary can be someone in Asia and a pig butchering farm who's profiling people across the globe, or it could be someone not too far from you that maybe you got in a car accident with or something.

[17:42] They're like really ****** off about it. And it's really just data. I mean today data is so powerful and those that use it can be used against you. And so people want to take control.

[17:52] Debbie Reynolds: Totally, totally. Well, tell me, what is your key differentiator? Well, after.

[17:57] Lawrence Gentilello: Yeah. So when we started Optory, we launched the product in 2021 and there's been more companies that have come into the space. At the time there weren't very many, it was like two or three.

[18:07] And now there's, there's a lot more. So we have a very strong technical team and that's one of the things that we pride ourselves in at Optre is there's a few different things that set us apart from other companies.

[18:19] One is, and actually even just aside from me, Consumer Reports did a blind study. They blindly tested six or seven of these, of these companies, Optree and others, and Optre was the number one most effective product after like three or four months that they did a study.

[18:36] The biggest name in the space, kind of the big market leader, performed about half as good in the blind Consumer Reports study as Optory did. So when, especially when we go to like business customers, a lot of business customers think, oh this is like a commodity product, they all work the same,

[18:54] right? And we say no, no, no, they don't do, they won't work the same. Do a blind test, test this out. Take a few of your employees, test this out for a few months and then make a decision.

[19:06] So anyway, this is not just me saying this. The other thing about Opry is Opera's won the PCMAG Editor's Choice Award. 2022-2023-2024-2025 is the most outstanding product in the market.

[19:17] This is not just me saying NOP3 is the best. There's, there's a lot of objective analysis out there that has said that. But what sets us apart is we have a really powerful search engine.

[19:28] We have patented technology and proprietary kind of trade secret technology where we do deep crawl scan scrapes of hundreds of data broker sites. And I think this is what really got us that first PC Mag award where we kind of like people started to notice us.

[19:44] And on average we actually find around 100 exposed profiles for our average person that signs up for a free account. So Optry has a freemium model and we search these hundreds of sites.

[19:57] On average you find about a hundred exposed profiles. And so we were the first to basically Send people reports that say, hey, look like, here's 100 screenshots of you. I've been verified, and Instant Checkmate and Spy Dialer and Cell Revealer and like Social Catfish and just the list goes on.

[20:12] That was really key, is that we actually can show people. And our. One of our kind of like mottos is it's hard to find. It's hard to remove something if you can't find it.

[20:22] And Optory has a really powerful search engine that does a really nice job of finding profiles. That's one. Two is poof. A lot of these companies, they say they remove you, but they don't.

[20:32] And so this is like a big. Our industry is not perfect, right? Like, we have a lot of work to do. There's like problems with that. We're constantly trying to fix things.

[20:39] But a lot of companies just sort of send a report, like maybe a PDF that says been verified, removed. It just says removed. And you just trust them that it's been removed.

[20:49] Unless you go Google it and you really search cinema or something. So one of the things that sets out three apart that our business customers really like is we actually send before and after screenshots.

[20:59] Not only do we take screenshots to find you, and we send you here report with a hundred, A hundred screenshots of where you found, we also send you an after, which is, hey, here's where you were.

[21:08] And now if you search that page, this is what comes up that's really helpful to kind of justify things internally. If you have a cybersecurity decision maker who has to justify a budget through the CEO or the board or maybe through the CFO to say, look like, here's like real evidence that we're.

[21:24] We're reducing our surface area of attack. So that visibility that we give is one of the things that really sets us apart.

[21:31] Two is just monthly scanning and removals. So every month we automatically go out and do monthly scans and removals. And three is just kind of the breadth of coverage. So I think today we cover like 650 or so data brokers, and some out there maybe cover like 200.

[21:47] And so you definitely matters like the breadth of coverage. And it's also really important to actually pay close attention and to how it's being covered. So you. Most of the companies in our space covers things like, kind of like just natively and by default and then have something called custom removals or customer requests.

[22:06] And that's where like, hey, I have to submit that request in manually. And some of our competitors really, really juice their numbers by saying, hey, we cover a thousand data brokers but only a hundred of them are covered actually by like automation.

[22:20] And the other 600 or 900 are covered by like you have to submit them manually. So just the breadth of the coverage, the visibility and last one is just like probably our enterprise features and kind of enterprise reporting it displays to people like hey, we've removed 2,000 emails or 2,000 phone numbers.

[22:39] So those are a few of the things that kind of differentiate optory in the space.

[22:44] Debbie Reynolds: Wow, that's amazing. So what are you seeing out there? So are you seeing, are there more data brokers coming online every day? Are there more? They're trying. I'm sure a lot of them want to do this manual process because they know it's hard for people to do.

[23:00] But what are you seeing just in the data broker industry, like what are they doing right now?

[23:06] Lawrence Gentilello: Yeah, I think one of the most interesting trends that we're seeing right now is the emergence of AI native data brokers. So you have these like different categories of data brokers, people search sites.

[23:18] The one that most people are pretty familiar with now, white pages, Spokeo and some Checkmate been verified really the place that this industry kind of started with two is the prospecting databases and like the catalogs that have been around for a while.

[23:30] ZoomInfo, Rocket Reach, Qubit, Apollo, basically SDRs and BDRs that are sending out cold email campaigns and you know, basically trying to get meetings with a lot of kind of technology buyers.

[23:45] So those have been around for a while and that's kind of what we've been working on for a while. But just in the last year there's been a tremendous amount of capital that's gone into AI and there's a lot of different companies, AI companies doing all, everything right, all kinds of things,

[23:57] human robots and like everything can imagine. One of the things that they're doing is AI native prospecting. So AI SDRs. So I don't need to have like buy hire 10 sales development representatives.

[24:10] I can just use this company to auto generate emails and send them out to prospects and not only send them but also respond to them. But historically you'd have companies that would kind of send out emails and then if the prospect would respond, a human would write back, hey.

[24:29] So we set up a meeting but now that's all happening just kind of like with just bots who are sending out the emails, responding to emails, setting up the meetings, following up, just all automatically.

[24:41] And there's a lot of companies that are doing this right now that we would kind of refer to them as like AI native prospecting companies. And actually they're getting a little bit of a free pass temporarily because most people are focused on hey, like get my home address out of Google or hey,

[24:58] like opt me out of Zoom Info or Rocket Reach. They're not yet familiar with these new names. So there's a bunch of new names like instantly and maybe like Warmly and AISDR and Artisan and Copilot.

[25:11] And we've profiled around 30 to 50 of them and they're all getting a lot of venture capital. And so throughout the coming months, you know, they'll, most of them are not disclosing themselves in these data broker registries.

[25:25] They're selling access to people, they're selling data. But they're kind of like when the California data brokerage first came out, it was like 200 data. 200 data brokers disclosed themselves.

[25:36] And then over time now that's like up to like 500 or so. I think a lot of them kind of like are in denial that they actually have to be accountable to laws.

[25:46] And right now there's also so many data brokers you can only do, you can only target something at a time. So there might be just a trickle of like lawsuits or action that's happening out of California or out of Texas, even though the, the violations is just like massive.

[26:01] So it's definitely very concerning. And I think like over time they'll increasingly be aware that okay, we have to like, we have to like comply with this laws and you'll start to see them covered by companies like ours and kind of like help people privacy and you know, privacy about control.

[26:18] It's like, okay, here's my information, I want to be able to control it. And so that's a really interesting trend that we're seeing and it'll play itself out over the next like year or two.

[26:26] It's not going to be, it's not going to get to be a quick fix.

[26:29] Debbie Reynolds: No, I agree with that. Actually, Vermont was the first state to have a data broker registry. But even at the time when they did that, it was interesting because the average person, even me, I couldn't like point out like, who are these people and why do they know me?

[26:46] Right? But I think a lot of people are getting more visibility into data brokers because as these, as some of these data brokers are getting breached, they're getting letters from these companies they'd never heard of saying, hey, your data got breached and we had your Data.

[27:01] And like, who are you? Like, why are you? Why did you have my data? And so, and I, I want your thoughts on this. So one of the things that I had always been, I don't know, like, shake my fist at the sky around privacy regulation and as it relates to kind of data brokers or this,

[27:18] what I call this, like underground data that people never hardly think about is that a lot of the way that privacy laws have traditionally been passed, they assume that you are in a business relationship of some sort with some company and that who that company is, and you willingly exchange your data.

[27:38] All right, so we know the data broker industry is not like that at all, right? So they get data from however they want. They scrape different places, they. They combine data sets together, they package it up and sell it.

[27:53] And so I think one of the. I'm glad to see that there are some states like California, who are trying to, like, plug this hole or try to address this market.

[28:04] But I think because this is a problem in Europe as well, where,

[28:09] because the way that the laws are written, they assume that this is a company that you know. And so having company that you don't know that's collecting data about you, it's hard.

[28:22] You know, how can you contact a company you don't know? Right.

[28:26] I want your thoughts.

[28:27] Lawrence Gentilello: Yeah, definitely.

[28:28] Yeah. I mean, it's. We're all busy, right? People don't have time to read all these hundreds of complicated privacy policies that are,

[28:38] you know, getting you to inadvertently accept terms. I mean, I think there's a lot of cars these days have mobile apps where you can kind of have unlock your car from your phone, maybe turn on your car, find out where your car is if you forgot where it was in the big,

[28:52] big parking lot. And when you sell those apps, there's some, some boxes you have to check. And a lot of people don't maybe like, read and say, okay, I just want to install this app.

[29:02] I'm going to hurry. I gotta go. I'm gonna click the boxes. Click. Okay. And then they're okay, great. I can use my mobile app. I can see, like, how low I am on gas before I get in my car.

[29:11] But they don't remember they're actually in there. It says that you actually are permitting your geolocation data and all your car data, and that's going to get sold through a bunch of places.

[29:21] So it's kind of just the reality of the world that we live in. But then what's the solution to that? Well, I think the solution to that is things like, you know, centralized registries that makes it visible as to what people, what companies are collecting data.

[29:35] Companies like Opti, authorized agents that are doing the work to track you. So, you know, at Optu, we have a team of maybe like around 10 people. Their whole job is just researching data brokers, testing data brokers, ones that are going out of business, getting them removed, new ones that are coming online,

[29:51] getting them added.

[29:52] Data brokers are constantly changing things up on us. We're adjusting our technology to handle those differences.

[29:59] And so I think they're just. You have to kind of fight to tech with tech. And I think that's one of the things that, that data brokers are trying to do by watering down these data, these privacy laws of like prohibiting consumers to fight tech from tech, and basically knowing,

[30:16] like, you're not going to be able to. If you as a human just using your own, your two hands and your two eyes, you're not gonna be able to beat, you know, us.

[30:23] And so tech with tech, whether that's through like things like the delete act or the drop system that's being worked on here in California or registries or authorized agents like us, it kind of starts to even the playing field a little bit where you're not fighting this big,

[30:39] multi tentacled, powerful beast.

[30:42] Debbie Reynolds: And I think before we started recording, we were chatting a bit about a particular ransomware attack which I thought was really interesting, where they had links, you said, to zoom info.

[30:52] Tell me a little bit about that.

[30:54] Lawrence Gentilello: Yeah, just a week or two ago, there was. There's a Russian ransomware gang that goes by the name of Black Boston. And they had been operating for at least a few years and were reputed for targeting critical infrastructure, hospitals, insurance companies, and quite successfully.

[31:13] And there was an internal conflict within the Russian ransomware gang. They had some kind of conflicts between the gang and somebody within the gang decided to leak their private chat logs for about a year.

[31:28] I think it was from like 2023 to late 20. I think it was 9-9-2023 to 9-24-24. And so they leaked them. And security researchers are all over it and, you know, parsing through it and searching through this data.

[31:41] And one of the things that was really interesting that the security researchers revealed was that there were 380 separate links to Xoom info. There was very clear evidence that ransomware gangs are utilizing data brokers.

[31:56] I don't want to single out zoom info. I mean, they are the big, yeah, the biggest publicly traded company and everything. But they also had others that were Doing the same.

[32:03] I think Rocket Reach was found in there as well, and probably others. But what we do know is just sort of categorically that this is real evidence that ransomware gangs are using data brokers like ZoomInfo and Rocket Reach to profile their targets, research their targets before they attack.

[32:22] And so these are data brokers that we remove people from. And a lot of times people say, oh, like, does it really matter? Like, do. Do. Will ransomware gangs really use data brokers?

[32:33] And this news that came out a couple weeks ago is. Is proof that they do, and it does matter. And you want to just sort of leave yourself exposed and just say, hey, like, my company's wide open and you can profile us, or are you going to do something about it?

[32:46] So it's definitely bittersweet. I mean, like, no one wants to see ransomware games, period. But it was kind of good to have a little bit of data to tie together their methodologies.

[32:59] Debbie Reynolds: You're talking about the story about ransomware. Well, they also use this information for phishing. Right. Because if they can call you or send you an email and they have some type of credible information that you probably would think, well, I never told anybody that.

[33:14] Or the fact that they know that that gives you more trust and maybe sharing information with them. And that's just one of the big problems with sharing, having so much data out there about you.

[33:25] Lawrence Gentilello: Definitely, yeah, Yeah. I think they were creating kind of fake websites and tricking people to provide their logins to what would be the real website. But definitely, yeah.

[33:38] Debbie Reynolds: Well, Lawrence, if you're the World according to you, and we did everything you said, what would be your wish for privacy or cyber safety anywhere in the world, whether that be regulation, human behavior, or technology?

[33:53] Lawrence Gentilello: Yeah, talked about a few of these things throughout the conversation. And so maybe part of this is just a summary, but I would say, you know, some of this is a summary and some of it's not.

[34:02] But I'd say one is a consistent set of privacy laws even just within our country, I think. So Europe is nice because they have a consistent set of laws across countries, and that's gdpr.

[34:12] That makes things easier for companies. It makes easier for people. Makes it easier. Easier for privacy companies as well. And I think one would be a consistent set of laws in the United States, across states, or even better would be at the federal level.

[34:27] And then two would be. And we talked about this a little bit before, but provisions in every law for authorized agents. I think it's really critical that people that are not tech savvy or maybe don't have time on their hands or maybe have jobs that are not, where they're not sitting in front of a computer all day where they can go do this stuff themselves that they have the right to a service provider.

[34:51] One of the analogies I like to use is that the IRS makes it free for anybody in the United States to file taxes. You can file your taxes as an individual and you can do that for free.

[35:01] There's a lot of complexity to it. People are really busy. They don't have time to keep up with all the laws. They don't have time to keep up with everything.

[35:07] So they use service providers, they use maybe automated ones like TurboTax or tax layer, or they'll use an accountant to help them, you know, close their personal, you know, financials for the year and submit their taxes.

[35:20] And so what data brokers, the data broker lobby is, is doing would be akin to prohibiting people from using, you know, tax assistance to file taxes. And so I think it's really key to give people access to companies like ours and services like ours.

[35:39] Yeah, so I think those would be the two things and the last one would just be enforcement. Like there's very, very little enforcement for what's going on. Just this week we discovered a data broker that we've been sending them opt out requests for tens of thousands of our customers.

[35:55] And they have been removing the information from the kind of like publicly accessible like places, but still in the background selling the data via API to their like, API customers.

[36:11] And so we're starting to document that and we need to send that information over to the relevant government officials and enforcement bodies. But the enforcement is just so, so weak.

[36:22] So I think those would be the three things I would wish.

[36:25] Debbie Reynolds: Yeah, that's a good list. I support you in that. Definitely. Well, definitely keep up all the great work that you're doing. This is tremendous. We absolutely need help. So anything that can help a consumer or business be able to protect themselves, I think is, is the way to go.

[36:41] So thank you so much for all that you're doing.

[36:44] Lawrence Gentilello: Thank you so much for the opportunity to speak with you. You have some really, really interesting people on here. So it's a, it's an honor to be here speaking with you.

[36:51] So thank you so much.

[36:52] Debbie Reynolds: Oh yeah, it's my pleasure. And I'm sure we'll be able to talk soon. Thank you. Sa.