Profound Privacy Risks without our Consent: NMA E-Newsletter #545

GeekWire posted last month that Portland, Oregon quietly launched a controversial mobile location data project with partner Sidewalk Labs (a subsidiary of Alphabet–which is the parent company of Google). In this year-long pilot program, the city has authorized that people, who have smartphones, will be tracked without their consent or knowledge.

Portland is using software called Replica that cost nearly $500,000 and expects to determine how people actually move in the metro and surrounding counties. The city claims the software will use de-identified mobile location data, but in a NY Times article late last year reporters were able to debunk the premise of anonymity with this kind of location tagging.

Pam Dixon, executive director of the Oregon-based World Privacy Forum, said:

“If a city is going to use a system, it has a responsibility to have full transparency about where all of the data is coming from, how it is being deidentified and to what level, and if that data is reused again or stored by Replica or Sidewalk or passed to its parent company. There’s too much that we don’t know.”

Other cities on deck for Sidewalk Labs’ Replica testing include Chicago and Kansas City. Sidewalk Labs has already been working with the city of Toronto on a smart cities project which has not been without controversy.

Researchers at the International Data Corporation or IDC released a report last month titled Surveillance Avenue—Urban Mobility and Addressing the Erosion of Privacy which concluded that it is becoming more difficult for people to use public transportation systems without giving up some personal data. They showed how easy it is now using various surveillance technologies such as facial recognition cameras, license plate readers, and mobile phone data in combination with other datasets to paint a detailed picture of the movements of individuals.

Mark Zannoni, IDC’s Worldwide Urban Mobility Program researcher wrote:

“As increasing amounts of data are collected, we are faced with the issue that one must exchange personal privacy for the use of publicly funded transportation networks or assets. Whether initially personally identifiable or anonymous, individual data from urban mobility can be deanonymized, which is not only invasive but also enables potentially dangerous situations.”

The IDC report urged the federal government to put in place measures to protect people’s privacy, particularly specific movement-related data of individuals. This would provide a framework for local governments to build privacy protections into their own regulations.

Personal data held by companies and governments are often at risk to cyberattacks. Even worse, some sell that information outright without the consent of those whose privacy is being invaded.

Another example of privacy intrusion is the use of facial recognition technology. The FBI has access to over 641 million photos in their database that have been culled from driver’s licenses, passports, and mugshots. The US House Committee on Oversight and Reform recently discussed the issue of regulating facial recognition. Chairman Elijah Cummings said in an opening statement on June 4th: “There are real concerns about the risks this technology poses to our civil rights and liberties and our right to privacy.”

Earlier in June, the American Civil Liberties Union (ACLU) led 60 other privacy, civil liberties, civil rights and other groups in urging Congress to put a moratorium on facial recognition for law and immigration enforcement. The coalition issued a letter asking that the use of this technology be stopped until Congress debates and determines how this technology (that we do not give consent for) can be used.

Privacy rights issues have also been taken up by local governments. The San Francisco, California Board of Supervisors adopted in May 2019, a ban on facial recognition by police and local government agencies. This has brought more awareness to the privacy issue, but many are skeptical that either this will not be enough or it is a mistake to take these kind of devices out of commission. Nearby Oakland passed in 2018, a Surveillance and Community Safety ordinance which the Electronic Frontier Foundation or EFF has declared the gold standard.

Civic engagement on the local level is important in bringing transparency to this situation. This 2018 The Nation post entitled: Mass Surveillance begins at the Local Level. So does the Resistance explains what groups are doing to fight back against this exploding surveillance landscape.

The NMA encourages members to become involved in supporting privacy laws on a local, state, and national level. We will keep you informed of further developments.

Not an NMA Member yet?

Join today and get these great benefits!