The headline should be phrased differently. Here's what it should be: "Elsevier Has Deployed an End-user Tracking Tool. They say it's for Security. Users Should Be Concerned About Their Privacy." Todd Carpenter writes, "The service being used by Elsevier is called ThreatMetrix and is owned and provided by the LexisNexis arm of the RELX holding company, which also owns Elsevier." Near the bottom of this article we see the real issue: "It is not that LexisNexis is specifically tracking the download of this paper or that on the Elsevier system, but that it is using these behavioral data, in particular its identification of people and their devices, to build a profile of an ever larger segment of the population to track those citizens." These profiles could in turn be used for a variety of reasons: for access control, for service provision, for hiring and employment decisions, for marketing, and to trigger further investigation. This is why we need laws about disclosure of what's being done and why, how the algorithms function, what decisions are being made, and what they're based on.