If you keep up with privacy-related news, you know that 2019 has been a depressing year. It is hard to go more than a few days without reading about some hack, some company being fined for privacy violations or some new government initiative that will (intentionally or not) strip away a bit more of your privacy.
Given the visible evidence, it might seem that we should just give up on preserving even the tiniest shred of personal privacy. But is the situation really that bad?
In this article, we look at the vast number of threats to our privacy that have popped up recently. It paints a pretty bleak picture.
But we’ll finish up by looking at some powerful pro-privacy forces that are still in play and even growing in power. We end off with links to a load of resources you can use right now to proactively protect your privacy. As bad as things may look, the fate of personal privacy won’t be decided this year.
The Threats Keep Growing
Our online privacy is being attacked from all directions. Hackers target the huge databases of personal information that are held by major corporations, all too frequently succeeding in stealing millions of records from a single target. Companies of all sizes gather whatever private information they can (legally or not) to use in ways that benefit them and not the person whose data it is.
Governments gather private information themselves as well as get it from companies that hold it. And anecdotal evidence shows that governments are even worse at protecting that data than most corporations.
In the rest of this section, we’ll look at some famous and/or recent examples of online privacy failures and threats.
Cambridge Analytica and Other Data Protection Disasters
We’ve all heard of data protection scandals and hacks, with the Cambridge Analytica scandal being a particularly obnoxious example. They harvested data from the Facebook accounts of millions of people (without their permission) and used that data for political advertising.
Coming as it did during the presidential campaign where Donald Trump surprised all the “experts” by defeating Hillary Clinton, this event really got the attention of the public.
Even when the company hosting the data isn’t complicit like Facebook was, billions of records of personal data are stolen by hackers every year. More and more people every day understand that our private information is not safe in the hands of even the largest corporations.
Facial Recognition is Everywhere
As we covered previously, facial recognition systems are popping up everywhere. And their uses are growing faster than we can keep track of. Just moments before I wrote this, a report crossed my desk claiming that the giant home improvement companies Home Depot and Lowe’s have been using the technology illegally in their stores for years.
Two lawsuits were filed this month claiming that these stores have been surreptitiously using the technology to identify and track every one of their customers, in violation of the state of Illinois’s Biometric Information Privacy Act (BIPA).
Perhaps even more worrying is that the lawsuits claim the companies have been sharing the biometric data of their customers with each other, as well as with other stores, again without any customer approval or information about when and how this data is being used.
Google Fined for Violating Child Privacy Laws
The United States Federal Trade Commission recently fined Google $170 million for YouTube (which belongs to Google) violating child privacy laws and profiting from it. More specifically, YouTube violated the Child Online Privacy Protection Act (COPPA) by gathering children’s data without the consent of their parents and earning millions of dollars from advertising that used this data.
While this fine might sound impressive, Google earned over $136 billion in 2018, making this fine less than a slap on the wrist.
SIM Swappers Take Control of Your Phone Number to Control Your Data
Your telephone can be the gateway to much of your private data. With your phone in hand, you can get companies to text you an access code when you forget your password. If someone else gets their hands on your phone, they could possibly get access to many of your online accounts.
SIM Swapping is a technique that hackers use to get that kind of control without ever getting anywhere near your actual phone. By using social engineering techniques like lying to customer support or bribing phone company employees, the crooks convince the phone company to switch a phone number from it’s current SIM card (the one in your phone) to a different SIM card (the one in the hacker’s phone).
Once the phone number has been switched to the hacker’s SIM card, they can start contacting companies like Facebook, Twitter, or Google and claim they lost their password. This works all too often. And there is nothing you, the victim, can do about it. Even powerful tech entrepreneurs like Jack Dorsey, CEO of Twitter and famous Hollywood personalities like Jessica Alba, can be, and are, victimized.
While at least one SIM swapping hacker has been arrested and jailed, this problem looks likely to keep getting worse until companies stop using telephone authentication of social media and other user accounts.
Smart Home Devices Sending Possibly Sensitive Information to Unexpected Locations
According to a recent paper by researchers at Northwestern University and Imperial College London, smart home devices such as smart TVs and other IoT devices sometimes send encrypted data streams to destinations other than the manufacturer (3rd parties).
Since most of the data being sent was encrypted, the researchers weren’t able to say what data was being sent, only that some data was being sent to some destinations. In particular, they found that many IoT devices contact Amazon, Google, and Akamai. This would allow those organizations to learn a lot about the users of the devices.
Another interesting tidbit is that the researchers found that almost every Smart TV they tested contacted Netflix, even though none of the TVs were configured with Netflix accounts. Again, the researchers don’t know what information the Smart TVs are sending to Netflix, only that they are communicating somehow.
Some devices did send some data unencrypted. The researchers stated that they found very limited sensitive or Personally Identifiable Information (PII) in the unencrypted streams. It says a lot about the current state of privacy in the world that the researchers seemed happy that only very limited PII was included in the unencrypted streams.
The takeaway from this is that the Internet-connected devices in our own homes may well be violating our privacy too. An example of taking this to extremes is the new line of Smart Faucets from Delta. According to the press release:
While that’s great and all, having your sink talk to your Google or Amazon puts the details of even more of your life into the databases of these giants. And given recent patent applications that envision these devices listening and analyzing your words at all times, it could lead to everything you say in your kitchen being recorded and analyzed.
As popular and helpful as these devices can be, you need to keep in mind that you are inviting these companies into your home and hoping that somehow your privacy will still be protected. Good luck.
RPSN – Real-Time Monitoring of License Plates Across 30 States Coming Early 2020
When I was growing up, one of the best things about getting your Driver’s License was the freedom it provided. Hop in the car and hit the road and assuming you didn’t get busted for speeding or something like that, you were basically invisible. You could drive to that political rally, or that doctor’s office with a reasonable sense that no one would know (aside from the folks at your destination of course).
But RPSN is going live very soon in 30 states of the United States. And when it does, it will be child’s play for the police or other authorities to track you wherever you go in your car.
RPSN stands for the Rekor Public Safety Network. It is a system that gives law enforcement organizations access to real-time license plate information. By aggregating the data from all of their customers, RPSN reportedly will give access to data from thousands of cameras across 30 states, with a combined count of license plate photos exceeding 150 million per month.
According to Rekor, the system:
The tracking data, generated by AI and machine learning algorithms, will be provided free of charge to any agencies that contribute data to the network. The system can not only tell users where a particular vehicle is right now, but it can also predict where the targeted vehicle will appear next, and when.
While RPSN has legitimate uses in tracking criminals, it also seems designed to make it as easy (and cheap) as possible to track the travels of anyone the authorities choose to track.
Schools Adding AI-Powered Surveillance Cameras to Track Everyone
Artificial Intelligence, paired with high-resolution video cameras, feature in many of the privacy-killing scenarios today. One I find particularly disturbing is the use of advanced systems to identify and track everyone on the grounds of a school, such as the Georgetown County School District in South Carolina.
The school district is just one of several that have reportedly deployed AI-powered video systems from Avigilon. While I don’t know the exact capabilities that Georgetown County has installed, the descriptions of what Avigilon systems can do is technologically impressive, and a privacy nightmare.
Their Appearance Search™ system uses the AI to locate a specific person wherever they are on site. Their Unusual Motion Detection technology lets the AI spot anything out of the ordinary and draws operator attention to the scene.
Going even further, systems are being developed that will reportedly identify weapons, and read people’s facial expressions. As John Tait, the security manager of the Weld County School District (where they have also deployed the Avigilon system) says:
Someday soon you may find your kid in detention or suspended because an AI thought he looked angry or was walking funny and got detained by school security.
Doctor Suggests Real-Time Tracking of Biometrics of Millions or People
Doctor David Sinclair is doing some of the most incredible work on human health and aging that you will ever see. In his new book, Lifespan, he suggested that preventing the next pandemic might require millions of people wearing biometric monitoring devices to be connected to some kind of centralized, real-time monitoring system that would detect the spread of diseases before they became unstoppable.
This is a great example of the conflict between personal privacy and societal good. While such a system would likely make us all safer, it would obliterate the privacy of everyone hooked into it.
The kinds of devices that would be needed to spot and stop the spread of a horrible disease would also be sensitive enough to know how long and how well you slept last night, how much you ate today, if you are angry or sad, when you are having sex, if you are menstruating, and so on.
It is hard to know where to draw the line between the good of the many and the rights of the few, but as the technology to do these kinds of mass monitoring projects becomes available, it will add more energy to the anti-privacy forces in the world.
Showing a Peace Sign in a Photo Can Reveal Your Fingerprints
The classic “V” peace sign is one of the most popular hand gestures seen in photos online. But at the 2019 China Cybersecurity Week event, it was revealed that displaying this sign could be a privacy disaster.
Zhang Wei, a deputy with the Shanghai Information Security Association, explained that photos of people flashing a peace sign could contain enough information to generate a usable copy of someone’s fingerprints.
Zhang says photos from within 3 meters can provide enough information to recreate 50% of a fingerprint, while those taken within 1.5 meters have enough information to reproduce a person’s fingerprints with 100% accuracy. These fingerprints could be used to trick systems that rely on fingerprints for access to locations or accounts.
Once again, as the power and accuracy of our technological systems increase, they can improve our lives but also be threats to our privacy.
Reasons for Hope
So far, I’ve presented a pretty bleak picture of our privacy in the future. Happily, there are still some things going on that offer hope. Let’s look at three big ones.
GDPR and Other Laws
The European Union’s GDPR (General Data Protection Regulation) and similar laws elsewhere in the world are designed to put some controls on the storage and use of our personal data. As you might expect, there are lots of details to the regulations which will keep company lawyers and compliance officers busy while making life even more difficult for small businesses.
It is also unclear whether mega-companies like Google or Facebook will be overly inconvenienced by regulations like these. According to the GDPR FAQS page, the fines for violating GDPR regulations go like this:
While a 4% of annual global turnover would hurt most small companies, the maximum €20 Million fine is a rounding error for the multi-billion dollar companies that are the biggest targets for hackers and sources of data leaks. Still, regulations like these are a start.
This year (2019), there is a lot of noise in the media about governments planning to issue their own “cryptocurrencies.” Even Facebook and various financial institutions are talking about issuing their own. Why? They all want control. As Baron Rothschild put it around 200 years ago:
Governments currently control the major money supplies in the world but see replacing the current physical money supply with their own “cryptocurrencies” as a way to strengthen their control over their subjects. An all-digital financial system controlled by governments would strip all financial privacy from people. It would give governments:
- Complete information about your spending, saving, and investing
- The ability to withdraw taxes directly from your accounts
- The ability to take money directly from you when the next financial crisis occurs
- The ability to destroy your life by freezing or seizing your money
In short, an all-digital money supply controlled by governments would give them complete control over your life. But whatever the media and government propaganda might say, the “cryptocurrencies” these entities want to introduce aren’t true cryptocurrencies.
True cryptocurrencies like Bitcoin are decentralized and beyond the control of any government, bank, or social media network. They provide people with an escape from government money, whether these proposed new systems, or the old-fashioned paper and metal types.
And despite their best efforts, even governments as powerful as China have been unable to stop their subjects from using cryptocurrencies. That’s why people in countries like Venezuela (where the government-backed money is basically useless) are buying up Bitcoin as fast as they can.
True cryptocurrencies are not perfect and aren’t anonymous, but they help people maintain some semblance of autonomy and privacy in their financial lives.
VPNs (Virtual Private Networks) protect their users from being spied on while using the Internet. We talk extensively about VPNs here at Blokt.com, so I won’t go into too much detail here.
The key point is that using a VPN can shield you from hackers, spies, and others who want to know what you do, where you go, and who you talk to online. The message is clearly getting out since the use of VPNs is exploding across the world.
Privacy Networks and Apps
VPNs protect your privacy while you use the public Internet. But there are portions of the Internet that put privacy first. These privacy networks use various techniques to make it difficult for anyone to know what you do when you use them. The classic example is the Tor network.
The Tor network was originally designed by US Intelligence agencies to provide secure communications for their people. It is designed to make it very difficult for anyone to track your activities while using the network. Combining Tor and a VPN is a great way to protect your privacy on this network with millions of civilian and government users worldwide.
Beyond networks like Tor, there are increasing numbers of privacy-oriented apps. Over a billion people use the WhatsApp messaging app to chat in private. But a new generation of privacy apps is starting to appear. These take advantage of previous technologies like the blockchain and the Tor network to build systems that are even stronger on privacy than the current leaders. One such network is Lokinet, which we are currently testing.
The appearance and proliferation of privacy networks and apps give hope that we will be able to regain and protect our privacy in at least some aspects of online activity.
Conclusion: The Battle Isn’t Over Yet
What does all this mean? It means that the battle isn’t over yet. There are indeed powerful forces at work trying to strip our privacy in every aspect of life. But people are becoming ever more aware of what’s happening and starting to take action. The increasing number of pro-privacy laws, along with the development of more capable privacy technology, means there is still hope.
Even better, you don’t have to sit around, passively waiting for someone to come along and save your ass. There are lots of steps you can take to protect your privacy right now. We’ve built a collection of privacy guides that you can use right now. Click here to get started.