Yes, you are watched, even if no one is looking for you
The United States has the most surveillance cameras per person in the world. Cameras are ubiquitous on city streets and in hotels, restaurants, malls and offices. They are also used to screen passengers for the Transportation Security Administration. And then there are smart doorbells and other home security cameras.
Most Americans are familiar with video surveillance of public spaces. Likewise, most people know about online tracking — and want Congress to do something about it. But as a researcher who studies digital literacy and covert communications, I think that to understand how ubiquitous surveillance is, it’s important to recognize how physical and digital tracking work together.
Databases can correlate location data from smartphones, the growing number of private cameras, license plate readers on police cars and toll roads, and facial recognition technology, so if security forces order want to know where you are and where you’ve been, they can. They need a warrant to use cell phone tracing equipment: connecting your device to a mobile device forensic tool allows them to extract and analyze all of your data if they have a warrant.
However, private data brokers also track this kind of data and help monitor citizens – without a warrant. There is a vast market of personal data, compiled from information provided voluntarily by people, information provided involuntarily by people – for example, through mobile applications – and information stolen during data breaches. Among the customers of this largely unregulated data are federal, state and local law enforcement agencies.
How are you followed
Whether or not you pass under the gaze of a surveillance camera or a license plate reader, you are being tracked by your mobile phone. GPS tells weather or map apps your location, Wi-Fi uses your location, and cell tower triangulation tracks your phone. Bluetooth can identify and track your smartphone, and not just for COVID-19 contact tracing, Apple’s “Find My” service, or connecting headphones.
People offer their locations for carpooling or for games like Pokemon Go or Ingress, but apps can also collect and share location without your knowledge. Many late-model cars come with telematics that tracks locations – for example, OnStar or Bluelink. All of this makes the opt-out impractical.
The same is true online. Most websites have third-party ad trackers and cookies, which are stored in your browser each time you visit a site. They identify you when you visit other sites so advertisers can track you. Some websites also use key logging, which monitors what you type into a page before you hit submit. Similarly, Session Recording monitors mouse movements, clicks, scrolling, and typing, even if you don’t click “submit.”
Ad trackers know when you browsed, where, what browser you used, and what your device’s internet address is. Google and Facebook are among the main beneficiaries, but many data brokers slice and dice this information by religion, ethnicity, political affiliations, social media profiles, income and medical history for profit.
Big Brother in the 21st Century
People may implicitly consent to some loss of privacy in the interests of perceived or actual security – for example, in stadiums, on the road and at airports, or in exchange for cheaper online services. But these trade-offs benefit individuals much less than the companies that aggregate the data. Many Americans distrust government censuses, but they willingly share their jogging routines on apps like Strava, which has revealed sensitive and secret military data.
In the post-Roe v. Wade, there are concerns not only about period-tracking apps, but also about the correlation of physical movement data with online searches and phone data. Laws like the recent Texas Senate Anti-Abortion Bill 8 invoke “private individual enforcement mechanisms,” raising questions about who has access to tracking data.
In 2019, the Missouri Department of Health stored data on patient periods from the only Planned Parenthood clinic in the state, correlated with state medical records. Communication metadata can reveal who you are in contact with, when you were where, and who else was there – whether they are in your contacts or not.
Location data from apps on hundreds of millions of phones allows the Department of Homeland Security to track people. Wearable health devices pose similar risks, and medical experts note a lack of awareness about the security of the data they collect. Note the resemblance of your Fitbit or smartwatch to the anklets people wear during court-ordered surveillance.
The most widespread user of tracking in the United States is Immigration and Customs Enforcement (ICE), which has amassed vast amounts of information without judicial, legislative, or public oversight. The Center on Privacy and Technology at the Georgetown University Law Center reported how ICE searched the driver’s license photographs of 32% of all adults in the United States, tracked cars in cities home to 70% of adults and put updated the address records of 74% of adults when these people activated new utility accounts.
No one is watching the watchers
No one expects to be invisible on the streets, at borders or in malls. But who has access to all this surveillance data and how long is it stored? There is no single US privacy law at the federal level, and states face a patchwork of regulations; only five states – California, Colorado, Connecticut, Utah and Virginia – have privacy laws.
It’s possible to limit location tracking on your phone, but not completely avoid it. Data brokers are supposed to mask your personally identifiable data before selling it. But this “anonymization” does not make sense since individuals are easily identified by crossing additional data sets. This makes it easy for bounty hunters and stalkers to abuse the system.
The biggest risk for most people comes when there’s a data breach, which happens more often – whether it’s a leaky app or a negligent hotel chain, a data sale DMV or a compromised credit bureau, or even a data brokerage intermediary whose cloud storage is hacked.
This illicit flow of data not only jeopardizes fuzzy notions of privacy, but can also sell your addresses and passport numbers, biometrics and social media profiles, credit card numbers and dating profiles. , your health and insurance information, etc.