Cyber Privacy

Leveraging big data, large companies amass unprecedented knowledge about individual internet users.

As consumers, investors, communicators and voters, people are spawning personal data online at an accelerating pace. Tech companies compile this information – places you visited, purchases you made, search phrases you typed – into salable data sets. When the companies that collect and own your web usage trail aggregate and analyze multiple data points, they accumulate granular information about your personal preferences – and everyone else’s, too.

When plugged into sophisticated analytical tools, this data yields remarkably detailed predictions about individual behavior. The supermarket industry offers a case study in the embrace of big data. For decades, bargain hunters clipped coupons for discounts, and shoppers redeemed them anonymously. Store marketers knew generally if a promotion was popular, but they couldn’t track precisely who presented coupons. Now, consumers get similar deals through store loyalty programs and, unknowingly, freely give the store detailed, trackable information about what they buy and when they buy it.

“Many of today’s most sophisticated data uses haven’t resulted from changes in the data itself; they’ve been made possible by advances in computer storage and processing.”

Huge leaps in computer power make big data compilations possible. For instance, doctors’ notes once sat in paper files. Now, health care providers digitize and analyze that information. Computer processing power doubles every 18 months, amounting to a trillion-fold jump in capacity from 1955 to 2015. That power enables Big Tech to analyze huge amounts of information. As of 2018, the world’s four billion internet users typed in five billion searches a day. Facebook users posted 300 million images a day. One report in late 2018 estimated that fully 90% of all data in existence had been created and harvested in the previous two years.

Consumers often don’t understand the trade-offs they are making with their personal data.

One revealing study by privacy researchers offered shoppers a choice between two gift cards. One was worth $10 and didn’t track the user’s shopping. A second card was worth $12, but it did track the shopper’s spending. The study offered shoppers who received the $10 card a chance to accept a card with an extra $2 and less privacy; most declined. But when researchers offered shoppers who received the $12 card the option of taking $2 less and receiving more privacy, most said no, the opposite of the first group. It appeared that these shoppers didn’t think it was worth spending $2 to gain privacy. The main determining factor for members of both groups was their position on privacy before the study.

Outside a controlled study, the choices are more complex and multifaceted. Consumers are rarely aware of the privacy options that accompany their actions on social media, search engines and video platforms.

“When measuring the value of data-intensive services, privacy is always part of the equation, even if it’s unexpressed.”

One truism of data: “If you’re not paying for the product, you are the product.” Facebook, Google, and other apps and services charge consumers nothing. But free services monetize users by extracting valuable data about them to sell to advertisers. Marketers pay because the insights are so deep. A 2015 academic study asserted that Facebook’s algorithms can get to know its users in excruciating detail. Click the like button 10 times on Facebook, and the platform has a better read on you than your co-workers do. Click it 300 times, and Facebook has better intelligence on you than your own spouse does.

The Big Four tech companies constantly glean in-depth knowledge about you.

Amazon, Apple, Facebook and Google have amassed detailed profiles about consumers’ news and entertainment choices, their purchases, online searches, religious and political profiles, and much more. This rapid rise has flummoxed US regulators. On the one hand, innovation and prosperity are part of the American story. On the other, Big Tech firms have more information about individuals than any organization has ever had in the history of humanity.

“Facebook – along with Apple, Google and Amazon – knows you better than your own mother does.”

All of this data mining remains a mystery to most consumers. What data points do the Big Four capture? How do they use that information to influence users? Sometimes tracking reveals itself, for example, when you visit a gas station for the first time, then see an ad for that business in your Facebook feed an hour later.

For starters, assume that Big Tech tracks every move you make online. Log into Facebook, enter a search phrase on Chrome or send an email with Gmail, and that provider logs your activity.

“The scope of the 2019 FTC [US Federal Trade Commission] fine against Facebook illustrates the ways in which a handful of major tech platforms have become so large that they’re virtually ungovernable.”

The US government has taken a mostly hands-off approach to this issue, leaving privacy protections to state legislatures. The US Federal Trade Commission (FTC) did step into action in 2019, imposing a $5 billion fine against Facebook. Critics pointed out that this penalty was not a deterrent; it had little impact on a company with $15 billion in quarterly revenue and cash reserves of $40 billion.

While American authorities mostly tolerate tech companies’ data gathering, European authorities take a harder line. In 2017, the European Union’s antitrust authorities looked into regulatory action against the tech giants. Germany’s Federal Cartel Office ruled in 2019 that Facebook violated European data protection standards.

Predictive analysis is both problematic and promising.

In the 1956 science fiction story The Minority Report, author Philip K. Dick imagined a world in which nearly omniscient people predicted crimes before they happened. An adaptation of the story became a film starring Tom Cruise. If Dick had written his tale in 2020, behavioral algorithms would be the all-knowing force fingering future criminals.

“Machine learning programs have often been described as ‘black boxes,’ because even the system’s own designers can’t explain precisely why the computer reached a particular conclusion.”

These advanced tools already make life-and-death decisions. One suicide helpline relies on algorithms to determine which calls to prioritize. Prison parole boards employ algorithms to guess which inmates would stay on the straight and narrow and who would re-offend. The risk is that algorithms will replace free will in navigating a mental health crisis or re-entering society after imprisonment.

Biases often affect algorithms. An Amazon hiring algorithm, for example, overwhelmingly recommended applicants who were white and male  A tool that predicted ex-criminal offenders’ recidivism proved less accurate than the judgment of human parole officers. 

However, algorithms can be beneficial. The Crisis Text Line, for example, is an offshoot of DoSomething.org. By 2015, the service was available in all US area codes and was receiving 15,000 text messages a day.

“One of the reasons the text line has gained so much traction is that, according to research, people are more willing to disclose sensitive personal information via text than in person or over the phone.”

With such a high response volume, the Crisis Text Line hired a data scientist to analyze patterns within its messages. The findings indicated, among other things, that episodes of anxiety peak at 11 p.m., and self-harm is most likely at 4 a.m.  Certain words were more likely to indicate a real crisis – for instance, a mention of ibuprofen led to a need for emergency services 16 times more frequently than use of the word suicide. The Crisis Text Line collected this data without compromising any individual’s privacy. 

Mobile technology enables abusers to track their victims. 

In the last century, an obsessive ex-spouse or a domineering partner could engage in stalking, but committing that crime required time – to physically follow the victim– or money – to hire a private detective. Now, a stalker can use location-tracking “spouseware” to watch someone’s every move.

Installing such software on another person’s phone is illegal, but many criminals do so anyway. Women’s Aid, a UK domestic violence organization, says more than a quarter of women in abusive relationships discovered spyware on their phones. The practice is so common that many domestic violence shelters insist that residents not use Facebook because of its location tracking.

“Today’s technology opens up a new world of opportunities for abusive partners to track the people – usually women – who are the objects of their obsession.”

Stalkerware is legal in certain cases – a parent can lawfully place a tracking app on a child’s phone, and an employer can legally install it on a device it provides its employees. Generally, installing such software on a spouse’s phone is not legal. These apps are quite powerful. They provide location data, recordings of phone calls, copies of text messages and photos, and even a record of keystrokes and internet search histories. Despite the obvious dangers, US courts rarely try cases of illegal stalking.

The federal government expanded warrantless searches and seizures under President Donald Trump’s administration.

China and Russia are full-surveillance states; the United States has yet to turn that corner. However, the federal government aggressively asserted new powers to invade privacy – without legal warrants – during the Trump administration.

The Fourth Amendment protects American citizens from search and seizure without probable cause. Yet, cloud computing and big data dramatically expand law enforcement’s ability to examine individuals’ otherwise private information. Landline phones produced limited records of calls made and received; mobile phones offer a trove of location tracking and other personal data.  A cell phone pings nearby cell towers so frequently that these systems track a user’s location almost constantly.

“The Trump administration has stretched the bounds of executive power in ways that are deeply disturbing to privacy advocates and promoters of civil liberties throughout the country and around the world. ”

Responding to an emphasis on border security during the Trump years, the Department of Homeland Security stepped up warrantless searches of cell phones and computers of people entering and leaving the United States. The agency reports searching 30,000 devices in Trump’s first year in office, a 60% jump from the previous year.

The Fourth Amendment bars “unreasonable” searches, but travelers have little choice but to submit. Border patrol officers insisted travelers provide the passwords to their social media accounts, so agents could scrutinize their activities. Under the Trump administration, authorities could carry out these warrantless intrusions within 100 miles of the nation’s borders, and in the entire states of Michigan and Florida, along with large portions of Pennsylvania and Ohio.

Public officials, consumers and tech executives should rethink how technology companies do business.

Your individual protection against the unlawful use of your data is primarily a matter for government agency regulators, policymakers and legislators.

“We don’t want the apps to be using us – we want to be the ones consciously and freely deciding when to use them.”

Lawmakers and regulatory authorities should carry out these policy recommendations:

• Clarify what constitutes an illegal invasion of privacy – American courts haven’t been keen to see breaches of privacy as a compensable injury. The US legal system must offer remedies to individuals whose personal information gets used in ways they didn’t anticipate.
• Limit government surveillance or define what’s acceptable – The US legal system needs to define how the government can use the information it collects through electronic surveillance.
• Take a page from environmental regulation – The Environmental Protection Agency (EPA) regularly tests air, water and soil and sets an acceptable limit of contamination measured in parts per million. Data security regulation could adopt this concept. Complete privacy does not exist, but government should define a reasonable margin of error.
• Balance the First Amendment with the Fourth – Internet platforms that post defamatory content or intrusive information use the First Amendment – assuring freedom of the press – as blanket protection against accountability. When the content in question is revenge porn or political disinformation, for example, the Fourth Amendment should grant privacy rights to harmed individuals.
• Balance privacy and profits – Tech industry business models sacrifice individual privacy in favor of profit margins. Advertisers on Facebook and Google receive information that allows them to identify individual consumers. That sensitive data is susceptible to theft. Tech platforms should be allowed to divulge only demographic data, not information that personally identifies someone.
• Train consumers and voters to recognize data-driven manipulation – Teach students to recognize how businesses use their data.Working-age adults need to learn about persuasion campaigns in the workplace. And seniors, because of their lower levels of digital literacy, must learn about misinformation, a curriculum that senior centers and nursing homes could deliver.