Three signs that privacy in the U.S. is dead (or soon will be)

Linda Musthaler
By | July 26, 2012

Posted in: Network Security Trends

In the United States, we consider personal privacy to be sacrosanct. It is part of what makes us “free.” We don’t like the idea of companies or agencies of any sort knowing too much about our personal lives. We expect that what happens not only in Vegas but practically anywhere will remain private. Alas, the privacy genie is out of the bottle, and I don’t think it’s ever going back in. Here are three sure signs that privacy is a thing of the past in the U.S.

#1  Facial recognition based on our photos

As reported in Network World, staff attorney Jennifer Lynch of the Electronic Frontier Foundation reports that many Americans now have their images logged in a facial recognition database, whether they know it or not. Federal and state agencies such as the FBI and Department of Motor Vehicles regularly collect and log facial images. Commercial companies as well – most notably Facebook – identify people based on photos. In testimony to the Senate Committee on the Judiciary Subcommittee on Privacy, Technology, and the Law, Lynch stated that at least 54% of the United States population already has a face print—and that number is growing. Facebook alone claims to have indexed 31 billion facial images to date.

What does that have to do with (the death of) privacy? Lynch suggests that law enforcement agencies can “track Americans” via strategically placed cameras and facial recognition software. It is technically possible today to capture images of people in public places – say at a political protest – and identity who the individuals are and who they are with. This kind of activity evokes thoughts of a controlling government that persecutes its citizens based on what it considers to be contrarian behavior and association with “the wrong people.” I’m not saying our government is spying on us, but the FBI is implementing a nationwide face search and recognition system.

There are practical applications of such a system – stopping known or suspected terrorists from entering airports, for example – but one can also conceive of privacy violations of the average citizen who has done nothing wrong. All because your face has been tagged and identified.

#2  Cell phone records – calls, texts, locations

TechNewsWorld reports that U.S. law enforcement agencies are “feasting” on data from personal cell phones. A congressional inquiry shows that law enforcement agencies made 1.3 million requests to cell phone carriers in 2011, seeking information such as records of individuals' text messages, their locations, and lists of phone numbers they called when in the vicinity of a particular tower—whether the phones belonged to people under investigation or not. Law enforcement agencies are increasingly relying on this type of information in their investigations; requests to Verizon for personal information rose 15% from 2010 to 2011.

Attorney Mary Ann Wymore calls cell phones “a font of easily accessible information about someone," saying they are essentially tracking devices. Of course, we all knew that when we bought our phones. After all, the carriers have to know where we are in order to send calls and messages to our phones. What we perhaps didn’t realize was how often public agencies request the information about us and our calling and texting habits and the locations we visit.

The troubling thing is that there is no comprehensive federal law that addresses questions of who or for what purpose cell phone records can be accessed. Valid reasons for this information to be accessed include crime investigations and state security, but we can’t be sure that the reasons stop there. The fact is, we don’t know who is looking at our cell phone usage records, or why, and how private we can expect this data to remain.

#3 Digital wallets and our spending habits

Data about our cell phones is one thing, but what about data stored on the phones? A University of California-Berkeley School of Law survey entitled Mobile Phones and Privacy reveals that Americans overwhelmingly consider data stored on their mobile phones to be considered private—at least as private as what they have on their home computers. But is this always the case? Depending on how you use your phone, the answer is no.

One growing use of smart phones is as a digital wallet for mobile payments. That is, through the use of a secure payment application, you can use your phone in place of a debit or credit card when paying for goods or services. Google Wallet is perhaps the best known mobile wallet today, and it is just one of many types of mobile payment applications coming to market. While mobile wallets can be very convenient, they potentially can have their privacy drawbacks.

In a follow-on report entitled Mobile Payments: Consumer Benefits & New Privacy Concerns, the UC-Berkeley researchers say that mobile payments shift the privacy landscape. The report states that it’s possible for merchants to collect personally identifiable contact information from consumers. By transferring this information to payment networks, all of the service providers in the payments ecosystem – merchants, payment networks, and the banks involved in the transactions – could develop much more comprehensive and detailed dossiers about consumer purchase behavior than they typically have today. The capabilities of new payment systems will, for example, make it easier for merchants to build customer databases without resorting to loyalty cards.

That doesn’t sound so bad, does it? Well, take a gander at what the Berkeley report points out is the Google Checkout privacy policy (which is the same as the Google Wallet policy):

Transaction information - When you use the Processing Service to conduct a transaction, we collect information about each transaction, including the transaction amount, a description provided by the seller of the goods or services being purchased, the names of the seller and buyer and the type of payment used. We may also collect transaction data from your use of the Mobile Wallet. For example, if you use the Mobile Wallet Application to make a purchase at a merchant or download a merchant coupon, we may obtain information regarding that transaction from the Mobile Wallet Application, from the merchant and/or a partner, as applicable. The information may include the date and time of the purchase, the store location, the amount of the purchase, and the offer associated with the transaction.

OK, now it’s getting creepy. Google wants to know about everything you buy, who you buy it from, when you buy it, and so on. One can only imagine what Google would do with all this information that most people would consider private. However, by choosing to use Google Wallet, you also agree to these data collection terms. This just goes to show that, when you decide on a mobile wallet application, you need to read and fully understand the privacy implications of the user agreement.

When it comes to our digital lives, we should have few expectations in the way of privacy. It will take years for federal privacy laws to catch up to today’s state of the art, and by then it may be too late. R.I.P. Privacy.

You May Also Be Interested In: