Most Americans are aware of video surveillance of public areas. Likewise, most people know about online tracking – and wants Congress to do something about it. But as a researcher who studies digital culture and secret communicationI believe that to understand how ubiquitous surveillance is, it’s important to recognize how physical and digital tracking work together.
Databases can correlate location data from smartphonesthe growing number of private cameras, license plate readers on police cruisers and toll roads, and facial recognition technologySo if law enforcement wants to keep track of where you are and where you’ve been, they can. They need a command to use mobile search equipment: connect your device to a forensic tool for mobile devices let them unpack and analyze all your data if they have an order.
However, private data brokers also keep this kind of data and help keep an eye on citizens– without command. There is a large market for personal data, composed of information that people voluntarily provide, information that people unknowingly provide, for example, through mobile apps–and information stolen in data breaches. Among the customers for this largely unregulated data are: federal, state and local law enforcement agencies.
How you are tracked
Whether or not you walk under the gaze of a surveillance camera or license plate reader, you are being tracked by your cell phone. GPS tells weather apps or maps your location, WiFi uses your location and cell-tower triangulation tracks your phone. Bluetooth can identify and track your smartphone, and not just for tracing COVID-19 contacts, Apple’s “Find My” service, or plugging in headphones.
People offer their locations for share ride or for games like pokemon go or Enterbut apps can too collect and share location without your knowledge. Many late model cars have location tracking telematics, for example OnStar or Bluelink. All this makes opting out impractical.
The same is true online. Most websites have third-party ad trackers and cookies, which are stored in your browser when you visit a site. They identify you when you visit other sites so advertisers can track you. Some websites also use log key, which checks what you type on a page before hitting submit. Similarly, session recording monitors mouse movements, clicks, scrolling and typing even if you don’t click ‘send’.
Ad trackers know when you browsed where, which browser you used, and your device’s internet address. google and Facebook are among the main beneficiaries, but there are many data brokers slicing and dicing such information by religion, ethnicity, political affiliations, social media profiles, income, and medical history for profit.
Big brother in the 21st century
People can implicitly agree to some loss of privacy in the interest of perceived or actual security, for example in stadiums, on the road and at airports, or in exchange for cheaper online services. But individuals benefit much less from these trade-offs than the companies that collect data. Many Americans are suspicious of the government countsbut they like to share their jogging routines on apps like Stravawhich one has revealed sensitive and secret military data.
In the post-Roe v. Wade legal environmentthere are concerns not just about follow period apps just about correlate data on physical movements with online searches and phone data. Legislation such as the recent Texas Senate Bill 8 anti-abortion law calls for “private individual enforcement mechanisms”, raising questions about who gets access to tracking data.
In 2019, the Missouri Department of Health stored data on patients’ periods in the state’s lone Planned Parenthood clinic, correlated with state medical records. communication metadata can reveal who you’re in contact with, when you were where, and who else was there – whether they’re in your contacts or not.
With location data from apps on hundreds of millions of phones, the Department of Homeland Security people follow. Health wearables pose similar risks, and medical experts note that lack of attentiveness about the security of the data they collect. Note the resemblance of your Fitbit or smartwatch to anklets that people wear during court checks.
The most pervasive user of tracking in the US is Immigration and Customs Enforcement (ICE), which: collected a huge amount of information without judicial, legislative or public oversight. Center for Privacy and Technology at Georgetown University Law Center reported on how ICE searched the driver’s license photos of 32% of all adults in the US, tracked cars in cities where 70% of adults lived, and updated address information for 74% of adults when those people activated new utility accounts.
No one is looking at the viewers
Nobody expects to be invisible on the street, at the border or in shopping centers. But who has access to all that surveillance data and how long is it kept? There is no US privacy law at the federal level and states face a patchwork of regulations; only five states – California, Colorado, Connecticut, Utah and Virginia –have privacy laws.
It’s possible to limit location tracking on your phone, but not to avoid it altogether. Data brokers are meant to provide your personally identifiable information before selling it. But this “anonymization” is meaningless as individuals can be easily identified through cross-references to additional data sets. This makes it easy for bounty hunters and stalkers to abuse the system.
The greatest risk for most people arises when a data leakwhich happens more often – whether it is a leaking app or careless hotel chaina Sales of DMV data or a compromised credit bureauor indeed a data brokering intermediary whose cloud storage gets hacked.
This illegal flow of data not only puts vague concepts of privacy, but can compromise your addresses and passport numbers, biometrics and social media profiles, credit card numbers and dating profiles, health and insurance information, and more for sale.
Peter Krapp is a professor of film and media studies at the University of California, Irvine.