Today’s Big Story
America’s New Age of Surveillance
Several weeks ago I asked a provocative question: Will the Coronvirus Normalize Surveillance? Two weeks have passed since then and the answer, more and more, is a resounding yes.
I’m currently typing this from an apartment in New York City, an area that has become the beating heart of a rapidly expanding global pandemic. The numbers are bleak: over 89,000 confirmed cases in New York, with 40,000 in the city alone. Over 1,000 New Yorkers have died, some of their piling bodies reserved to the frozen coffins of vans and trucks.
It’s in this context, one of unprecedented fear and uncertainty, that governments and private businesses have stepped in to monitor your location data, but not necessarily in the ways you might have expected.
According to recent reporting in The Wall Street Journal, mobile advertising companies are currently handing over large swaths of precise geolocation data in American hot spots (including New York City) to the Centers for Disease Control.
Here’s Byron Tau writing for The Wall Street Journal:
“The federal government, through the Centers for Disease Control and Prevention, and state and local governments have started to receive analyses about the presence and movement of people in certain areas of geographic interest drawn from cellphone data, people familiar with the matter said. The data comes from the mobile advertising industry rather than cellphone carriers.
The aim is to create a portal for federal, state and local officials that contains geolocation data in what could be as many as 500 cities across the U.S., one of the people said, to help plan the epidemic response.”
Ostensibly, the CDC claims it can use the plucked location data to determine areas where large clusters of groups are defying social distancing guidelines. With that knowledge, officials hope to deploy resources to limit crowds and potentially reduce the virus’s spread. For cities implementing shelter in place guidance, the data can potentially provide researchers with a ner real-time roadmap illustrating how many residents in the area are complying, by analyzing how often and how far they leave their places of residence.
One of those high cluster areas noted by researchers in the WSJ article is Brooklyn’s Prospect Park. Indeed, just yesterday I personally went for a jog around the park (shun me, please) and found nothing short of hordes of visitors, some practicing social distancing and others not. With pretty much all gyms closed and spring weather clawing its way out of New York’s winter gloom, I’d argue there are more people in Prospect Park now than this time last year.
When I last asked the question of whether or not some level of surveillance was warranted during the current climate, I tried to avoid burying my head in the sand like come privacy absolutist … but I also said that any answer to that question should be made with the careful consideration of the communities on the receiving end of said surveillance.
That’s not what’s happening here.
Instead, mobile ad companies — not even the telecoms directly consuming our data — are working in the shadows to send personal information to the CDC. There was no announcement, no public poll, no town hall. There wasn’t even a CDC blog post. Without the Journal’s reporting, odds are the public would have never known.
The fact that the government is pulling data from ad companies and not Telecomms is also important. As the Journal article notes, telecoms have far more regulations imposed on them that place certain safeguards on how they can share consumer data. Much of these safeguards were put in place following the Edward Snowden leaks which exposed, what was then, an essentially straight pipeline of personal data flowing from telecoms to government agencies. Presumably, the CDC knew this and knew that any attempts to harvest data from telecoms would be met with some opposition. So, it turned to the far less regulated mobile ad industry instead. Transparency be damned.
That’s not to say other private companies aren’t also trying to get in on the action. As we discussed in the last newsletter, Facebook and Google have already announced plans to monitor geolocation data to monitor coronavirus cases. According to the Journal article, Foursquare Labs Inc., one of the world’s largest location-data companies, said it was in discussions with “numerous state and local governments about use of its data.”
This week, new reporting, also out of the Journal, found that Palantir, Peter Thiel’s law enforcement analytics company known most controversially for ushering in an era of racially fraught predictive policing to major US cities, is working with the CDC on data collection and data integration. Even Clearview AI, the dystopian facial recognition start-up that’s become the most recent de-facto villain for mass surveillance, is reportedly in discussions with state agencies to track the virus.
The American government’s embrace of mass surveillance in the name of public health follows on the heels of similar location-sharing practices occurring throughout Europe over the past month. But there’s reason to suggest the US is operating on a totally different tier of potential privacy invasion.
Some of the countries who’ve had the most success with some degree of surveillance amid the coronavirus, like South Korea and Taiwan, have done so with far more attention paid to personal privacy. Here’s Violet Blue writing on the topic for Engadget.
“The countries with the best balance of privacy and virus tracing are containing it, namely South Korea and Taiwan. In fact, most of the countries showing success with coronavirus tracing have unique, current legislation specific to pandemics with provisions on data collection. The laws in Germany, Italy, South Korea, and Taiwan meet the European Union's General Data Protection Regulation (GDPR) standards. These countries are thinking about what will happen in the days after we all survive the novel coronavirus, and acknowledge that it's a terrible idea to unbraid privacy from healthcare.”
So far the US has lacked any meaningful conversation over the question of “what will happen in the days after we all survive.”
None of that’s to say that the question over surveillance is easy. Some of the most vocal critics of state surveillance have already lowered down their guardrails. In an interview with BuzzFeed News, Glenn Greenwald, who helped expose the NSA’s mass surveillance apparatus (and is one the greatest sources of inspiration for this newsletter) says he’s receptive to surveillance he would otherwise find abhorrent.
“The kind of digital surveillance that I spent a lot of years — even before Snowden, and then obviously, the two or three years during Snowden — advocating against is now something I think could be warranted principally to stave off the more brute solutions that were used in China,” Greenwald said.
Greenwald went on to quickly caveat that and advised caution.
“We're in this early stage where our survival instincts are guiding our thinking, and that can be really dangerous. And I’m trying myself to calibrate that.”
He’s not alone. Another convert in the same BuzzFeed article was former 2016 Libertarian presidential candidate Gary Johnson (remember him?) who, on the topic of location tracking, told Google to “go for it.”
“You're just not hearing it: What are the alternatives?” Johnson said. “I don't know, not having [currently] sat at the table as governor, what the options were. And given that every state appears to be doing the same thing, I have to believe that everything is based on the best available information.”
Sidney Fussell, a writer I admire, recently penned an article for Wired magazine titled, “How Surveillance Could Save Lives Amid a Public Health Crisis.”
Then here’s David P. Fidler writing for the Council on Foreign Relations.
“The damage done by COVID-19 might provide incentives for governments and public health experts to overlook cybersecurity and privacy concerns in favor of technological capabilities that promise results in preventing and controlling life-and-death emergencies.”
Like Greenwald though, others are still torn over what amounts to a moral dilemma. While some level of surveillance might be warranted now, there’s really nothing in place to make sure government agencies don’t maintain the practice once the Coronavirus smoke clears.
“My fear is that, historically, in any moment of crisis, people who always want massive surveillance powers will finally have an avenue and an excuse to get them,” Matthew Guariglia, an analyst at the Electronic Frontier Foundation, said in the BuzzFeed News article.
Probably the most disheartening element of this whole saga though is the US government’s apparent unwillingness to trust its populace to make the right decision. If the decision to temporarily suspend our desired levels of privacy in exchange for the immediate public were posed to the public, what would the general consensus be? It’s possible enough people could see the nuance and act accordingly. But maybe not.
Like what you’ve read so far? If so, please consider becoming a paid subscriber for $5 per month.
If that’s too much commitment, no worries. You can also support the newsletter by making a one-time Venmo donation to @Mack-DeGeurin to help keep this content coming.
In Other News…
***European companies embrace surveillance***
Despite recent GDPR regulations limiting how companies can share customer data, a growing number of European telecoms are handing over location information to government agencies. As is the case with all of the recent surveillance woes, these governments are acting in the name of public health amidst the Coronavirus.
Germany’s Deutsche Telekom AG and Belgium’s Proximus SA are two of the major carriers reportedly providing precise location data of its customers to their respective governments. With this data, officials hope to analyze hotspots where groups of people are violating social distancing guidelines.
But wait, you might ask, isn’t Europe supposed to have some of the strictest privacy regulations in the world?
Well, sort of. While the EU’s General Data Protection Regulation and the ePrivacy directive, (GDPR) specifically outlaws the collection of personal data without someone’s explicit permission, researchers working with the data claim they aren’t violating the law because the data being viewed is “anonymized.” This, despite numerous studies in recent years showing how, with relative ease, anonymized data can still be used to identify people. It’s worth noting that American companies, like Facebook and Google, use this same argument over anonymous data collection to justify their business practices in the US which, under normal circumstances, would violate the GDPR.
The cynical answer here (but I think the correct one) is that the current coronavirus data tracking in Europe does violate the GDPR, but governments are choosing to look the other way in the name of public health. That may well say lives, but it risks leaving the legitimacy of GDPR on life support once the virus subsides.
Catherine Stupp, The Wall Street Journal
***Uh-oh Zoom***
Workers and family members all around the globe have flocked to Zoom and similar video conferencing apps in recent weeks (I’ve personally jumped on my fair share of Houseparty chats) to bring some face to face time in what has become a near-overnight mass work from home experiment. Unfortunately, the platforms making this possible are about as secure as a wooden nail.
In this case, Zoom reportedly leaked the personal information of at least 1,000 users, information which included their email addresses and photos which could allegedly be used to start a video call under their name.
The data leak, according to VICE, occurred as a result of Zoom’s “Company Directory” setting, which automatically adds people to a user’s contact list if their email has a matching domain name. Theoretically, this setting would help people in the same company (sharing the same domain) connect seamlessly, but many users claimed they signed up using personal emails and Zoom grouped them together with complete strangers … which isn’t great.
***More bad news for Zoom***
Zoom is facing a class action for a lawsuit from a customer who says the company violated her privacy by selling her data to Facebook. It’s been a rough few weeks for Zoom. Privacy and data practices that may have otherwise gone overlooked and swept under the rug of indifference are being pulled up to the surface thanks to the public’s sudden dependence on video conferencing.
In this case, the California plaintiff claims Zoom has failed to adequately safeguard the personal information of its flood of new users in recent weeks. The suit claim’s revolved squarely around recent reporting revealing the company’s less than transparent selling of personal information, including a user’s device model, time zone, phone carrier, the city they are connecting from and a unique advertiser identifier created by the user’s device, to Facebook.
While much of this newsletter in recent weeks has focused on the privacy and public health trade-offs associated with nations tracking the coronavirus, the recent Zoom news proves that corporate surveillance is still alive and well.
Isobel Asher Hamilton, Business Insider
***NHS courts Big Tech***
The three American tech firms, which each have their own splotchy history when it comes to domestic surveillance, are gathering mammoth swaths of data on UK residents and dissecting it to help the NHS decide how and where to allocate resources.
The NHS claims the partnership is limited and that it would “maintain ownership” of all personal data, but also said it was open to learning from the data gathering techniques and using them in the future.
Separately, The Times reported that the tech arm of the NHS is working to rapidly roll out an opt-in Coronavirus tracking app that would likely use GPS location tracking data. In an interview with The Daily Mail, privacy advocates derided such an app as “Orwellian.”
Shona Ghosh and Isobel Asher Hamilton, Business Insider
Long Reads/ Food for Thought
For Autocrats and Others, Coronavirus Is a Chance to Grab Even More Power
By Selam Gebrekidan
A good piece here reinforcing some of the anxieties over Coronavirus fueled expansions of state power outlined over the past few weeks in this newsletter. All across the globe, from China to Israel to Chile and the United States, governments are relying on various iterations of “emergency” powers to reshape the relationship between the ruled and rulers. While most agree some degree of otherwise unprecedented action should be taken, autocratic rulers are using that necessity as cover to mold rules to benefit themselves.
“Governments and rights groups agree that these extraordinary times call for extraordinary measures. States need new powers to shut their borders, enforce quarantines and track infected people. Many of these actions are protected under international rules, constitutional lawyers say.”
“But critics say some governments are using the public health crisis as cover to seize new powers that have little to do with the outbreak, with few safeguards to ensure that their new authority will not be abused.”
‘Pandemic drones’: useful for enforcing social distancing, or for creating a police state?
By Michael Richardson for the Conversation
As you may recall, I previously wrote here about the emergence of police drones equipped with microphones used to scold shelter in place violater back into their homes. The practice started in China back in January but has since moved to Spain and may be on its way to Australia. While by far the more paramount surveillance concern at the moment has more to do with geolocation data tracking, Michael Richardson provides some bleak, Orwellian possibilities associated with the normalization of everywhere drones.
“This level of social control may be appealing in a pandemic that could cost millions of lives. But it could also have chilling effects on social and political life.
Surveillance tools typically work best for social control when people know they are being watched. Even in liberal societies, people might think twice about joining climate or racial justice protests if they know they’ll be recorded by a drone overhead.”
The Federal Bureau of Investigation (FBI) used drones to capture scenes from the 2017 Black Lives Matter protests in Baltimore. FBI / ACLU
Feeling like you’re constantly being watched can can create a kind of atmospheric anxiety, particularly for marginalised groups that are already closely monitored because of their religion or welfare status.”
Drones, in some form or another, will become more common once the virus eventually fades into history. Police departments around the globe already rely on drones for some policing and private companies (I’m looking at you Amazon) are bullish on their plans to fill the sky with hovering product bots.
Do we really want Palantir embedded in the NHS?
By John Leonard
Alright, that’s it for now. Thank you for reading, and stay tuned for another issue this Friday.
Thoughts? I want to know what you think! This newsletter is a living, evolving, work and it is meant to be a helpful resource to keep you informed and engaged with the ways emerging technologies are impacting daily life. Please send all comments, questions, corrections, criticism, and hate (lemme have it) to thestateofsurveillance@gmail.com.
If you found this newsletter beneficial, you can help keep it going by sharing it online or (better yet) telling a friend about it. To help support the newsletter in more tangible ways you can make a donation of any amount to my Venmo account below. Any and all support is greatly appreciated.
Follow the State of Surveillance on Twitter @state_of_spies
Follow me on Twitter @mackdegeurin
Support this newsletter with a Venmo donation to @Mack-DeGeurin