A few weeks ago the PIA Blog had a long and detailed post about Fog Reveal. Long story short, Fog Reveal provides law enforcement agencies with easy, and often guaranteed, access to the accurate geolocation of hundreds of millions of US citizens. Significantly, it is capable of using standard advertising identifiers used by both Apple and Google in their mobile operating systems.
This is useful, if unfortunate, confirmation of what this blog has warned about for years: that micro-targeted ads are inherently a privacy threat. Since it’s about tracking everything people do on the internet, it can also be used for other purposes like law enforcement using services like Fog Reveal. It is able to do this because data brokers can collect highly personal information and then sell it to anyone.
US Immigration and Customs Enforcement
As if Fog Reveal wasn’t bad enough, other equally serious threats to the privacy of US citizens and others have surfaced in recent months. For example, a two-year investigation by researchers at Georgetown University’s Center on Privacy & Technology found that U.S. Immigration and Customs Enforcement (ICE) operates a vast surveillance system that uses personal information from a variety of databases:
ICE now uses information streams that are much more comprehensive and updated much more frequently, including Department of Motor Vehicle (DMV) records and utility customer information, as well as call records, child welfare records, loan headers, employment records, geolocation information, health care records, housing records, and Social Media Posts. Access to these new datasets, combined with the power of algorithmic tools to sort, match, search, and analyze, has dramatically expanded the scope and regularity of ICE surveillance.
Recently, Senator Ron Wyden, one of the leading US defenders of digital rights in general and privacy in particular, wrote a letter to the US Customs and Border Protection (CBP) commissioner to protest what Wyden called “two egregious violations” called the rights of Americans”:
1) Pressure travelers to unlock their electronic devices without adequately informing them of their rights, and
2) Downloading the contents of Americans’ phones into a central database where that data can be searched for 15 years by thousands of Department of Homeland Security (DHS) employees with minimal protection from misuse.
The CBP tried to downplay the impact of this program, which stored text messages, call logs, contact lists, and in some cases photos and other sensitive data in a central database, and claimed fewer than 10,000 phones were affected each year. Nonetheless, it’s another example of insidious surveillance.
City surveillance in San Francisco and New York
So is a 15-month pilot program in San Francisco that will allow police there to access thousands of private security cameras in a live feed, if their owners give permission. This will be allowed for all “significant events involving public safety concerns”. Previously, the San Francisco Police Department had to request access for specific post-crime incidents and could only access it in real-time in more extreme “imminent danger” situations.
The Electronic Frontier Foundation has announced that it will take action against an extension of the program. The danger is that the program will become permanent and other police forces will point to it as justification for demanding the same kind of real-time access. This will further normalize routine real-time surveillance of people in public places.
The normalization of real-time monitoring is already well underway elsewhere. New York has announced plans to install surveillance cameras on all of its 6,455 subway cars. Footage from the cameras is stored on a memory card and is available to law enforcement agencies at the local, state, or federal level to solve crimes. Similar surveillance systems are already in use on other rapid transit systems, including BART in the San Francisco area and the Washington Metro in DC. However, according to NBC News, the New York system will be the largest such initiative in the United States to date.
Widespread surveillance by the US military
The last example of insidious mass surveillance is perhaps the most surprising. Once again, it was Senator Ron Wyden who lifted the curtain, this time on some troubling moves by the US military, as reported here by Motherboard:
Several branches of the US military have gained access to a powerful internet monitoring tool that claims to cover over 90 percent of the world’s internet traffic and in some cases has access to the email data, browsing history and other information such as internet cookies as per the contract data and other documents checked by Motherboard.
In a letter to the US Departments of Defense and Homeland Security, Wyden reveals that a whistleblower provided details of this large-scale surveillance. For example, the whistleblower alleges that the US government is complicit in the no-warranty purchase and use of Internet browsing records by Americans.
The developments described above have a disturbing pattern. They all involve surveillance of US citizens by US and local government agencies, many of which could be illegal. They also draw on the vast databases of personal information that have been built up over the years, and which continue to be fed with billions of data points every day. If our privacy is important to us at all, greater control is required over how our personal information is collected, stored and shared with third parties.
Featured image produced with Stable Diffusion.