Privacy is disappearing faster than we realize, and the coronavirus isn’t helping B Y
S A M A N T H A
ure, you lock your home, and you probably don’t share your deepest secrets with random strangers. And if someone knocked on your door and asked to know when you last got your period, you’d tell them to get lost. Yet, as a smartphone user, you’re likely sharing highly personal information with total strangers every minute — strangers whose main focus is to convert every element of your personality into money. Click here. Vote for this candidate. Open this app again. Watch this ad. Buy this product. We’ve been giving out our private information to be able to use convenient, fun, and largely free apps, and we’re only now understanding the true costs. Would you mind if an app that you specifically told not to use your location tracked your real-time movements anyway by pinging off nearby Bluetooth and Wi-Fi signals? What if the mobile therapy app you use for counseling told Facebook whenever you’re in a session and, without using your name, told an advertising firm the last time you felt suicidal? Or, what if there was a global pandemic and a company you’d never heard of revealed a map of cell phone locations showing that you hadn’t been doing your part to stay away from others and slow the spread of the deadly virus? Could that become enforceable? Could you be fined? Publicly shamed? While most Americans say they’re concerned about how companies and the government use their data, Pew Research shows they also largely feel they have little to no control over the data that companies and the government collect about them. Tech companies often defend data collection, noting they remove users’ names to “depersonalize” the information, but privacy experts say that’s pretty much bullshit: Location data without a name can easily be pinned to an individual when you see that pin travel between a workplace and a home address. And even if your internet activity is shared under a unique number instead of your name, the goal is to intimately understand exactly who you are, what you like, and what you’ll pay for.
FO R T WO R T H W E E K LY
M AY 1 3 - 1 9 , 2 0 2 0
fwweekly.com
S
6
W O H L F E I L
The good news is, privacy advocates say that we can avoid a dystopian future in which nothing is private. But to get there will take understanding the many ways that data and technology are already used to violate privacy and civil rights. Lawmakers also will need willpower to pass strong legislation that ensures actual consent to how our information is used and penalties for those who abuse our trust. People also need to decide if the risks outweigh the perks. “People don’t like it — they don’t like being known unless they’ve asked to be known,” said Jennifer King, director of privacy at Stanford University’s Center on Internet and Society. “Companies are banking on the fact that if they keep pushing us toward that world, we’ll just say, ‘Yeah, it is really convenient.’ ” First of All, We’re Being Tracked At this point in the digital age, many Americans realize they’re being tracked in one way or another, whether by companies or governments, even if they don’t know just how detailed that tracking is. Seven years ago, whistleblower Edward Snowden revealed that the United States doesn’t just spy on the rest of the world. The federal government also tracks its own citizens through the National Security Agency, which maps cell phone locations, reads people’s emails, and monitors internet activities. Then, about two years ago, former employees of tech company Cambridge Analytica revealed to lawmakers in the United States how they used Facebook surveys to secure thousands of data points about every American voter. Even voters who hadn’t signed up for the personality tests were captured in the scraped data, which was used to create highly targeted ads for “persuadable” voters to help Donald Trump’s 2016 presidential campaign. The company focused specifically on flipping persuadable voters in certain precincts, which then helped flip a few key states in his favor, as detailed in the documentary The Great Hack.
Illustration by Jef f Drew
Is Privacy Dead?
Now, as contact-tracing efforts are becoming widespread for COVID-19, the world has received its latest reminder that many companies far less recognizable than Google, Apple, Amazon, Facebook, or Microsoft are purchasing and using our location data all the time. With much of the world sheltering in place for weeks to slow the spread of the deadly virus, people quickly turned their attention to places that weren’t taking aggressive measures. Florida, for instance, was playing host to spring break partiers in mid-March, and dozens who traveled to the beaches there later tested positive for COVID-19. The extent of how those travelers could have spread the virus was shown in late March, when location data and mapping companies Tectonix GEO and X-Mode Social created a visualization showing how thousands of phone users who spent time on a single Florida beach traveled across much of the United States over the next two weeks. Public reaction was mixed. Some found the map to be a helpful tool to show how easy it is for the virus to spread, underlining the importance of social-distancing measures. Others questioned how the companies obtained the data and called it terrifying. The companies had received consent, they replied, noting that they comply with strict data protection policies in California and Europe, but many people don’t realize that when they allow an app to use their location for the service it provides, companies can also sell that location information to third parties who use it in “anonymized” applications like the kind that enabled the mapping. “We definitely understand the concern, but we take every effort to ensure privacy in the data we use,” Tectonix GEO responded to one Twitter user. “All device data is anonymized, and we only work with partners who share our commitment to privacy and security above all! It’s about using data to progress, not to invade!” But users pointed out that if you can see all the stops a phone makes over the course of two weeks, it’s not truly anonymous.
Contact Tracing: Coming to a Phone Near You To help public health officials start to reopen the economy, Google and Apple have both announced plans to create opt-in contacttracing tools for Android and iPhone. The tracing tools would use your phone’s Bluetooth signal to ping off the devices of the people you’re around at coffee shops, grocery stores, and other public spaces. Strangers’ phones would store a number that your phone sends via Bluetooth, and your phone would store the number from their phone. The numbers, which could be generated and changed by phones regularly, would not be shared with the tech companies but stored in individuals’ phones for a few weeks. If someone tests positive for COVID-19, they could send an alert from their phone that would ping phones that gathered their signal over the past two weeks to let people know they may have come in contact with someone who tested positive. Without that type of tool and more extensive testing, experts warn that the only other way to prevent deaths from spiking again until there is a vaccine is to extend the stay-at-home orders that plunged more than 22 million Americans into unemployment in March and April. While the tool could allow more people to return to their routines, the American Civil Liberties Union (ACLU) warns that cell phone location data aren’t perfect and if they were used to enforce quarantines for those who have come into contact with the virus, phones would essentially be turned into ankle monitors. “The challenges posed by COVID-19 are extraordinary, and we should consider with an open mind any and all measures that might help contain the virus consistent with our fundamental principles,” the ACLU said in a statement in response to the proposals. “At the same time, location data contains an enormously invasive and personal set of information about each of us, with the potential to reveal such things as people’s social, sexual, religious, and political associations. The potential for invasions of privacy, abuse, and stigmatization is enormous.”
