7 Privacy Threats the Constitution Can't Protect You Against
Stay up to date with the latest headlines via email.
The week before last, the Roberts Supreme Court uncharacteristically handed down a decision that doesn't radically infringe on civil liberties. The justices unanimously ruled that police overshot their authority by planting a GPS device on suspected drug dealer Antoine Jones' car without a warrant, tracking his movements for over a month. For now, Americans can rest assured that police can't secretly tag them -- at least without a warrant.
At the same time, privacy advocates pointed out -- and some of the justices admitted -- that the court's majority opinion in US vs. Jones completely skirted more pressing privacy issues. The problem, the majority argued, was that police had trespassed on Jones' private property by planting a GPS device on his car. The majority opinion did not address whether or not it's okay for law enforcement to use a sophisticated surveillance technology to log someone's movements for a whole month without a warrant.
In separate, concurring opinions Justices Alito and Sotomayor both warned of the multitude of surveillance technologies that do not require intrusion onto private property to trample privacy rights. Here's a (non-comprehensive) breakdown of existing or impending technologies that make our privacy protections wildly outdated.
1. Everything you use, all the time.
The Jones case itself presents an outdated problem, because police don't really have to bother with the clumsy task of sneaking a device onto a car; at this point, private companies have shoehorned location trackers in most "smart" gadgets. Justice Alito pointed out that the more than 332 million phones and wireless devices in use in the US contain technology that transmits the user's location. Many cars feature GPS as well, thanks to OnStar navigation.
"Even if police can't track you using a GPS device," Lee Tien, of the Electronic Frontier Foundation, tells AlterNet, "if they can go to your phone company and get information on your whereabouts, what does that matter?"
As Sotomayor pointed out in the concurring opinion, "GPS monitoring generates a precise, comprehensive record of a person’s public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations… (Disclosed in [GPS] data will be trips the indisputably private nature of which takes little imagination to conjure: trips to the psychiatrist, the plastic surgeon, the abortion clinic, the AIDS treatment center, the strip club, the criminal defense attorney, the by-the-hour motel, the union meeting, the mosque, synagogue or church, the gay bar and on and on). The Government can store such records and efficiently mine them for information years into the future."
Location is just the start. There has probably not been a single week since 2005 without a story about Facebook, or Google, or Verizon, or AT&T terrifying consumers and privacy advocates with some new way to collect too much information and then share it with other companies or authorities.
The problem is that the law does not adequately address private information that has been shared with third parties, like credit card companies or Google, Facebook and the telecoms, Tien says.
As Sotomayor put it, "I for one doubt that people would accept without complaint the warrantless disclosure to the Government of a list of every Web site they had visited in the last week, or month, or year."
2. Cameras everywhere: License plate readers, movement tracking on cameras.
Thanks in part to a decade of Homeland Security grants, America's cities are teeming with cameras -- they're on subways, on buses, on store fronts, in restaurants, in apartment complexes, and in schools.
In New York, the NYCLU found a five-fold increase in the number of security cameras in one area of New York between 1998 and 2005, and that was before the Bloomberg administration -- inspired by London, most heavily surveilled city in the world -- pledged to install 3,000 cameras in lower Manhattan as part of theLower Manhattan Security Initiative (this plan was expanded to midtown Manhattan as well). The cameras, which stream footage to a centralized location, are equipped with video analytics that can alert police to "suspicious" activity like loitering. The NYPD, and municipalities all over the country and world also make generous use of license plate readers (LPR) that can track car movement.
The big issue, as EFF's Tien tells AlterNet, is that these surveillance tools muddy the legal barriers between public and private that are at the heart of constitutional protections, because they're so much more sophisticated than human observation. In other words, a person might expect that what they do on a street corner can be observed, but not that their actions might be logged in a database or that they can be tracked for a month.
As cameras become more sophisticated and better able to capture higher quality images from further away, there's a push to merge surveillance with biometrics technology -- the use of unique physiological features, like facial features or iris patterns, to ascertain identity.
After 9/11 many cities and airports rushed to boost their camera surveillance with facial recognition software. The tech proved disappointing, and after testing that hit a paltry 60 percent accuracy rate in one case (that's pretty bad if you're trying to figure out identity), many programs were abandoned. In the years since then, both private companies and university research labs funded with government grants have made vast improvements in facial recognition and iris scans, like 3-D face capture and "skinprint" technology (mapping of facial skin patterns). Iris scans can allegedly tell identical twins apart.
Many private companies shill these products directly to local law enforcement agencies, a business strategy that police tend to be pretty enthusiastic about. One such success story is the MORIS device, a gadget attached to an iPhone that can run face recognition software, take digital fingerprints and grab an iris scan at a traffic stop. Starting last fall, the MORIS device has been in use in police departments all over the country.
4. Government databases.
Privacy advocates point out that novel types of biometric technology like facial recognition and iris scans can be an unreliable form of ID in the field, but that has not discouraged government agencies from embarking on grand plans to hugely expand their biometric databases. The FBI's billion-dollar "Next Generation Identification" system (NGI) will house iris scans, palm prints, measures of voice and gait, records of tattoos, and scars and photos searchable with facial recognition technology when it's complete in 2014. The bulk of this information is expected to come from local law enforcement.
Other government agencies have also been jazzing up their biometric databases. The DoD's ABIS contains millions of biometric records from Iraq and Afghanistan, including images of faces, fingerprints, iris scans, and voice recordings. DHS's IDENT database houses photos searchable with facial recognition. The DoJ, DHS and DoD have a mandate to make their databases "interoperational" so anyone from any agency can search the others.
The development of the new FBI database is subject to internal review to ensure compliance with privacy laws. But privacy advocates point out that there are few bulwarks against abuses in how the information is collected and used, especially since much of this information can be picked up remotely without consent.
5. FAST (Future Attribute Screening Technology).
Then there's the tech that's supposed to peer inside your head. In 2008, the Department of Homeland security lab tested a program called Future Attribute Screening Technology (FAST), designed to thwart criminal activity by predicting "mal-intent." Unsavory plans are supposed to reveal themselves through physiological tells like heart rate, pheromones, electrodermal activity, and respiratory measurements, according to a 2008 privacy impact assessment.
The 2008 privacy assessment, though, only addressed the initial laboratory testing of FAST's prophesying sensors on volunteers. According to a report in the journal Nature, sometime last year DHS also tested the technology in a large, undisclosed area in the northeastern US.
Unmanned flying vehicles, a key part of the valiant effort to transform modern warfare into a video game, are likely to become increasingly common domestically. The FAA currently restricts the use of drones (with occasional exceptions) but that won't last long: Congress has instructed the agency to open six US test sites that will help establish rules for their routine use, according to Bloomberg.
Border agents already use drones to track activity on the border and even inside Mexico. Also, in December the LA Times reported that U.S. Customs and Border Protection generously loaned out drones to police departments.
An ACLU report from December says that local law enforcement officials are pushing for domestic use of the new technology, as are drone manufacturers. As Glenn Greenwald points out, drone makers "continuously emphasize to investors and others that a major source of business growth for their drone products will be domestic, non-military use."
Right now drones range in size from giant planes to hummingbird-sized, the ACLU report says, with the technology improving all the time. Some can be operated by only one officer, and others by no one at all. The report points to all the sophisticated surveillance technology that can take flight on a drone, including night vision, video analytics ("smart" surveillance that can track activities, and with improvements in biometrics, specific people), massive zoom, and the creepy see-through imaging, currently in development.
7. Super drones that know who you are!
In September, Wired reported that the military has given out research grants to several companies to spruce up their drones with technology that lets them identify and track people on the move, or "tagging, tracking, and locating" (TTL). Noah Shachtman writes:
Perhaps the idea of spy drones already makes yournervous. Maybe you’re uncomfortable with the notion of an unblinking, robotic eye in the sky that can watch your every move. If so, you may want to click away now. Because if the Army has its way, drones won’t just be able to look at what you do. They’ll be able to recognize your face — and track you, based on how you look. If the military machines assemble enough information, they might just be able to peer into your heart.
One company claims it can equip drones with facial recognition technology that lets them build a 3-D model of a face based on a 2-D image, which would then allow the drone to ID someone, even in a crowd. They also say that if they can get a close enough look, they can tell twins apart and reveal not only individuals' identity but their social networks, reports Wired. That's not all. Shachtman continues:
The Army also wants to identify potentially hostile behavior and intent, in order to uncover clandestine foes. Charles River Analyticsis using its Army cash to build a so-called “Adversary Behavior Acquisition, Collection, Understanding, and Summarization (ABACUS)” tool. The system would integrate data from informants’ tips, drone footage, and captured phone calls. Then it would apply “a human behavior modeling and simulation engine” that would spit out “intent-based threat assessments of individuals and groups.” In other words: This software could potentially find out which people are most likely to harbor ill will toward the U.S. military or its objectives. Feeling nervous yet?
All of these technologies are either already integrated into daily life or coming down the pike.In Constitution 3.0, Jeffrey Rosen invited scholars and futurists to envision how current civil liberties protections would fare when faced with technologies of the future (not well). One chilling possibility highlighted in the book: What if Facebook and Google decided to archive and post footage from millions of surveillance cameras?
In a speech to Brookings Institute, Rosen says this not-unlikely scenario would make it possible to, "sign onto Google or Facebook, click onto a picture of me, for example, back-click on me to see where I’d come from this morning, forward click to see where I’m going this afternoon, and basically have 24/7 surveillance of everyone in the world at all times."