Tag Archives: gps

Privacy: Then and now

Americans value privacy. We close and lock our doors when we get home at the end of the day. We close the blinds when we change clothes so the neighbors can’t peek. If someone wants to visit, they don’t just come over unannounced–they call or text first. In terms of technology, we set passcode locks on our computers and smartphones.

A 2014 Pew Research poll asked people to define “privacy” in one word. The most popular answers were security, secret, personal, alone, information and business.

But today, it’s possible to follow your Internet searches, see who you email, text and call, track your geographical location at all times, monitor your purchases and even track your credit card and phone bills.

The trackers include everyone from family and friends to companies, marketing agencies, the government and law enforcement. From basic information posted on social media, to GPS tracking on your smartphone, people around the world can learn a lot about you from your Internet activity — even when you aren’t intentionally on the Internet. Combining these various components gives them a pretty good idea of what you do, your likes and dislikes, and who and where you are.

You know that nightmare where you’re standing naked in front of an audience? Well, this is the very real 21st century equivalent.

Nearly every app on the modern smartphone is programmed with GPS. Whenever you walk by a WiFi-enabled store, café or home with your Wi-Fi turned on, it registers your device– creating a virtual path of your movement. Do you ever search Google for something, and minutes later see advertisements for it on your sidebar or Facebook? That’s not a coincidence.

In 1965 Gordon Moore, co-founder of Intel, made a prediction known as Moore’s Law: computing power doubles every two years. In other words, computers process large amounts of data faster than ever before. That’s why those Google searches turn into ads so quickly.

Further, the price of data storage is steadily dropping. In 1991, one-gigabyte hard drives cost around $2,700. In 2007, one terabyte (1000x GB) hard drives cost $375. Currently, one terabyte drives cost around $60.

What happens when infinitely faster processing meets infinitely cheaper storage?

“It starts to infringe upon privacy,” said Paul Rosenzweig, cyber and homeland security expert.

So what right do Americans have to privacy?

The Founding Fathers wrote the Fourth Amendment to the Constitution in 1791. It grants citizens the right to be “secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” Obviously they didn’t have Internet security in mind. Instead, it was a response to Britain’s “general warrant” allowing soldiers total access to search American colonials and their homes.

Let’s translate this to cybersecurity: without a warrant, the government cannot keep surveillance on devices for which individuals have a reasonable expectation of privacy. It also cannot physically take these devices to later use as evidence in court.

Fast-forward nearly 200 years to the Privacy Act of 1974. This legislation came after concerns about the government’s collection, retention and use of personal data. The federal government has a number of databases with information on individuals, both citizens and noncitizens.

The Privacy Act of 1974 set four basic restrictions on the government regarding these databases. First, it required government agencies to show individuals all records kept on them if requested. Second, it set “fair information practices” that agencies must follow when collecting and saving data, such as giving notice that it is collecting the information, how it is storing it and how it is protecting privacy. Third, it restricted the ways information can be shared with other people and agencies. Fourth, it allowed people to sue the government if it violates these regulations.

Even though the Privacy Act was meant to increase government transparency, it contains many exceptions and loopholes.

For example, nongovernment entities, like email and phone providers and app developers are barely restricted when it comes to information collection. They are legally required to disclose in privacy agreements the information they collect (yes, those long, size five-font agreements that very few people bother to read), but that’s about as far as regulation goes. Further, these companies are required to provide government agencies with these user records whenever requested, leaving virtually no choice.

That’s why privacy advocates like Amie Stepanovich encourage companies to only collect information completely pertinent to the functioning of the business.

Stepanovich is senior policy counsel at Access Now, an international digital rights organization.

Stepanovich also urges further safeguards for personal privacy, such as encrypting emails, turning off smartphone app location services and creating secure passwords for online accounts. While these precautions–ranging from simple to very skillful–can certainly aid in Internet security, there’s no surefire way to be anonymous online.

Privacy professionals know that it’s impossible to function in 21st century society without being active online. They also know that, though it means being tracked, keeping location services turned on for some apps can make life easier and, honestly, more fun. Who wants to carry around–and decipher– a map when a GPS provides voice activated turn-by-turn directions? Similarly, think about apps like Starbucks’ that send alerts and coupons every time you’re near a store.

We’re okay with giving Starbucks our location, and maybe even letting Google track our searches, if it means we’ll be notified of sales. But when did we consent to give our purchase histories to credit companies, address histories to data aggregation companies, or travel habits and telephone records to the government?

Americans have mixed feelings about digital surveillance. Many are willing to sacrifice some privacy in exchange for stronger national security. Wouldn’t we all rather the government use cyber tracking to identify and stop terrorists through before they attack?

But specifically after the Snowden leaks, many Americans have become skeptical of the government’s digital surveillance. The Pew Research poll found that 80 percent of adults believe Americans should be concerned about the government monitoring their phone and Internet activity.

Even more are concerned with company surveillance. That same poll showed that 91 percent of adults “agree” or “strongly agree” that consumers have lost control over how companies collect and use their personal information.

While 61 percent said they would “like to do more” to protect their anonymity online, 76 percent consider that a difficult feat.

Others don’t find any reason for online anonymity.

The “I have nothing to hide” argument is a popular one. But critics say no one wants their entire life exposed, no matter how “good” of a person they are.

Too much privacy may enable corrupt behavior. Too little privacy may bring Orwell’s Big Brother to reality. People act differently when they know they’re being watched, and Americans are being watched now more than ever before.

In 1999, SUN Microsystems CEO and founder Scott McNealy famously said, “You have zero privacy anyway. Get over it.” We may be moving that way.

Supreme Court decision leaves unanswered questions on GPS tracking

(Mike Renlund/Flickr)

WASHINGTON — As Antoine Jones drove his Jeep Grand Cherokee around the Washington area  in the fall of 2005, he was simply going about his daily routine.  But unfortunately for Jones, whose daily routine involved frequenting a drug stash house in Maryland filled with $850,000 and 97 kilograms of cocaine, the U.S. government was watching.

Thanks to a global positioning system covertly placed in the underbelly of Jones’ car, the government was able to track and record the Jeep’s every move.  But Jones challenged the legality of evidence, saying the GPS had not been installed within the time frame or physical jurisdiction outlined by the court in issuing a search warrant. The government argued that the GPS placement didn’t actually constitute a search under the Fourth Amendment so the fact that police had not followed the warrant guidelines was irrelevant.

In what many viewed as a strong victory for privacy rights, the Supreme Court unanimously ruled that the attachment of the device was  a search under the Fourth Amendment, thus requiring a warrant.  But while the opinion authored by Justice Antonin Scalia answered the specific question in regards to a “physical search,” it was mum on the broader implications of the ruling.

“[The case] simply left for another day whether monitoring a device that had been preinstalled or otherwise gathering a large quantum of data on somebody would also raise a Fourth Amendment issue,” said David Gray, an associate law professor at the University of Maryland’s Carey School of Law.  “That was the ground that the four-justice concurring opinion by Justice [Samuel] Alito was ready to reach, but the narrower ground identified by the Scalia majority didn’t need to get there, so it didn’t.”

This narrow ruling was not unusual, Gray explained.  Courts usually try to “reach the narrowest grounds for a decision” and, because the court did not believe that the larger issue was adequately presented, Gray believes it would have been “irresponsible” to extend the decision more broadly.

A whole new level of technology

The Jones decision was built off of the Fourth Amendment, which protects “the right of the people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures… [unless] upon probable cause, supported by oath or affirmation.”  Over time, the amendment has been understood to assert the necessity of a search warrant before law enforcement can begin a search of people or property.

While the U.S. government did concede that officers had violated the terms of the warrant, the lawyers argued that GPS tracking did not require a warrant, citing previous cases that ruled placing a homing beacon on a car did not require a warrant.  However, the defense asserted that GPS technology was exponentially more intrusive than the homing beacons, which essentially allowed police to track the beacon only when they were within its line of sight.

“This is an exceptional form of technology in terms of what resources have been available to law enforcement in the past,” said Kendall Burman, a senior national security fellow at the Center for Democracy and Technology.  “They are able to track individuals and cars in this instant without the use of human beings.”

The third party doctrine

Because Scalia’s ruling stated that the “government physically occupied private property, questions continue to arise in regards to “nonintrusive” searches.

The Supreme Court’s third party doctrine outlined in United States v. Miller explains that citizens cannot expect privacy protection under the Fourth Amendment over information they disclose to a third party.  When coupled with the growing amount of location information collected by private companies, this doctrine allows companies to use this information however they see fit.

Graphic by Ben Kamisar

John Villasenor, a senior fellow in the Center for Technology Innovation at the Brookings Institution, said that as private companies continue to amass mountains of information on the general public, location tracking without a “physical search” that would require a warrant under the U.S. v. Jones is already becoming less relevant

“Technology has changed so much that a lot of us have our locations tracked anyway without a warrant, so the issue of before-the-fact warrants will, in many cases, be less important than it was even when the events that led to Jones started,” he said.  “…The location data to track you and me and almost everyone else is already stored somewhere.  The question is, [who can] go and get it.”

As of March, a Pew Internet report found that 46 percent of American adults use a smart phone.  These devices, which mostly run on operating systems created by Apple or Google, collect location data which is aggregated and stored by the company.

Justice Sonia Sotomayor addressed the issue of the third party doctrine in her concurrence, where she mentioned the possibility of reviewing the doctrine.   Burman said that she was “heartened” to see Sotomayor question this doctrine and hopes that the court will address situations where people are not intending to lift the “veil of privacy” from their activities.

“I think the concurrence really draws that doctrine into question,” she said.  “The strength of [Justice] Sotomayor’s concurrence along with [Justice] Alito’s suggests that there is a real opportunity to reevaluate what the third party doctrine means.”

But while Gray understands the need to re-evaluate the doctrine, he believes that the current doctrine “reflects a pre-existing assessment [of] the proper balancing of interests under the Fourth Amendment” between private rights and the ability of law enforcement to perform their duties.  In his view, there are many legitimate circumstances in which law enforcement should be able to work with private companies. As a hypothetical example, he cited  a social network company turning evidence of criminal activity to the police on its own accord.

“If you had a broad rule that any information that was detected and aggregated by a private company could not be shared with government without violating the Fourth Amendment, then you would essentially be building this artificial wall that would dramatically limit the ability for law enforcement to get involved in circumstances we would like them to get involved,” he said.  “It’s going will be hard to make the case that building an artificial wall best serves the proper balance.”