In the digital age, we are always on our phones, tablets and computers. There are cameras everywhere. In fact, even our refrigerators are smart. So, what’s the correct balance between personal data privacy and access to evidence by law enforcement? How do we manage security vs. privacy? What rights do companies have to use and sell our data? What are the repercussions when security fails and our data is stolen from companies we trust to protect our information?
Let’s start with a few hypotheticals. If I asked you, “Do you think we should do what we can to catch murderers and other dangerous criminals?” It would most likely result in a simple “Yes.”
Now what if I asked you, “Do you think your Amazon Echo or Google Home should be able to listen to and record your conversations?” or “Do you want the government to have access to your DNA?” Most people would probably say “No.”
Let’s take a closer look at some real-life examples that bring the issue to the forefront.
Have you ever heard of the Ring Doorbell? It’s a line of home surveillance products. Amazon owns Ring. According to Ars Technica (here and here), Ring Doorbell has over 400 partnerships with local Law Enforcement agencies. Through these partnerships, Ring provides backdoor access to their Neighbors app to Law Enforcement officers, which allows them to locate users and request footage. LE has also successfully received access to names, home addresses and email addresses for users who made subsidized purchases of Ring (here). In exchange for this data, Ring gets advertisement and increased sales from the subsidy programs.
If you are interested in true crime (yes, I’m guilty), you’ve undoubtedly heard about the arrest of the alleged Golden State Killer. It was certainly exciting to have a suspect in custody for this decades-old serial murder and abuse case. However, the arrest also raised a lot of flags with those concerned about data privacy after law enforcement used familial DNA from a public database.
The private DNA testing industry has grown greatly in the last few years. Though many of these companies do not share information with law enforcement, there are some databases that do, such as GEDmatch. Users upload their DNA test results to the site to compare with other people. Likewise, police upload suspect DNA from crime scenes to this same database and look for matching genetic markers. Then if a link is found, they can use it to investigate family members. After some controversy, GEDmatch added a user opt in before they share data with LE.
Next, let’s think about everything in our homes that is connected to wi-fi. Smart home information, including recordings from an Alexa device and water use data from a smart water heater, was used in a murder case. Though it was eventually dismissed, it makes you think about how much data is being collected when you have a device listening at all times and even your water heater and refrigerator are recording information on your movements.
Cell Phone Data
Currently, law enforcement and government officials want legally mandated encryption backdoors for devices like cell phones. The backdoors would allow access to a suspect’s data. According to a survey by Venafi of over 4,000 people, consumers obviously disagree. They believe they will be giving up privacy, but that they will not be better protected.
Facebook and Cambridge Analytica Scandal
Cambridge Analytica, a political consulting firm, harvested data from over 80 million Facebook profiles exposed by Facebook. They used a loophole in the Facebook API to collected data not only from quiz takers but also from anyone they were friends with on the social media site. Then Cambridge Analytica sold this data, which is prohibited.
“The people whose job is to protect the user always are fighting an uphill battle against the people whose job is to make money for the company,” Sandy Parakilas, who worked on the privacy side at Facebook, told the New York Times.
Hacks and Breaches
Capital One. Facebook. Quest Diagnostics. Freedom Mobile. AMC Networks. Georgia Tech. Dow Jones. Advent Health. Dunkin’ Donuts. Coffee Meets Bagel. Fortnite. What do all these have in common? They all experienced a data breach. These companies are just a portion of the list and furthermore, the breaches are only from 2019. Plus it’s still 2019!
According to Selfkey, “AT LEAST 4 billion records, including credit card numbers, home addresses, phone numbers and other highly sensitive information, have been exposed through data breaches in 2019.” In fact, Wikipedia has a list of about 300 breaches. Many of us don’t even notice breach announcements anymore and that’s not right.
Clearly, these cases raise a lot of questions that we need to find answers to before long. Furthermore, we must consider our privacy from multiple angles.
- What should the police have access to and what is the correct way to request this data? How much of this information should be available and how much work should it take to get it? While we want to provide our law enforcement with the tools needed to solve cases and protect us from criminals, we also want to know that we have some privacy and that all of our data is not fair and open game to whomever wants access to it.
- What can companies do with our data? Can they sell it? Do they need to let us know what they are doing with the data we provide?
- Moreover, what responsibility do companies and governments have in protecting our data from hackers?
Stay tuned for part two, Privacy in the Digital Age: The Necessary Actions, where we’ll provide some answers and ideas on how to address these issues.
Stay informed with industry-relevant emails curated by our team of experts.
We send out emails once or twice a month relating to IP Services, industry news, and events we'll be attending so you can meet our experts in person.