Drones, phones and other 2012 privacy threats

New law enforcement and marketing tools and technologies keep privacy advocates on their toes

Verizon's attempt -- unsuccessful so far -- to secure a patent for a so-called 'snooping technology,' which in this case would let television advertisers target individual viewers based on what they're doing or saying in front of their sets, capped another challenging year for privacy advocates.

Verizon's snooping technology and TV ads

The Verizon technology, which includes a sensor/camera housed in a set-top box, would determine the activities of individual viewers -- eating, playing, cuddling, laughing, singing, fighting or gesturing -- and then trigger personal advertisements based on the activities.

Overall, the technology would serve targeted ads based on what the user is doing, who the user is, his or her surroundings, and any other suitable personal information, according to Verizon.

The U.S. Patent Office delivered a "non-final" rejection of Verizon's application in November.

But analysts say that because engineers are already working on such technology, it's a cinch that some kind of similar technology will be included in TV set-top boxes in the not too distant future.

Here, in no particular order, are other developments in 2012 that could have a major long-term impact on privacy:

The U.S. drone law: Eye in the sky

The Federal Aviation Administration Modernization and Reform Act of 2012, signed into law by President Barack Obama in February, was immediately slammed by rights groups, privacy advocates and lawmakers who contended that the law poses a major threat to the privacy of law-abiding citizens.

The bill, still largely unnoticed by the general public, opens up American airspace to commercial unmanned aerial vehicles (UAVs), better known as drones. Over the next few years, the FAA is expected to license the use of as many as 30,000 drones by border patrol agents, government agencies, state and local law enforcement agencies as well as businesses.

The powerful drone lobby has done much to highlight the benefits of drones in tracking fugitive criminals, managing traffic, monitoring crops, conducting land management activities, news reporting and filmmaking.

Numerous agencies, including the Department of Homeland Security, NASA, the FBI. the border patrol, and local police departments have secured licenses to operate drones in U.S. airspace.

Rights advocates argue that the law includes no meaningful guidelines for protecting privacy rights.

The advocates warn that drones equipped with facial recognition cameras, license plate scanners, thermal imaging cameras, open WiFi sniffers, and other sensors could be used for general public safety surveillance.

The Center for Democracy and Technology earlier this year noted that static surveillance technology like closed circuit television cameras cannot track individuals beyond their fields of vision. But drones, the group contended, can peek into backyards and be used -- without a warrant -- to track individuals pervasively.

A drone flying at a height of 400 feet or more would likely be considered to be operating in a public space. So, the center argues, while police would need a warrant to peer over a private fence, they would not need one to use a drone to observe an individual in his or her backyard.

Warrantless cellphone location tracking: What Fourth Amendment?

Despite a major U.S. Supreme Court ruling in January on the constitutionality of GPS tracking by law enforcement agencies, the overall issue of location tracking of individuals remained as murky as ever in 2012.

Cellphones and other mobile devices offer criminal investigators a powerful tool for tracking suspects. Local police departments often use realtime cellphone data track individuals. In addition, historical cellphone data is often gathered -- without a warrant -- by police to track past activities of suspected criminals.

In a case now being heard by the U.S Fifth Circuit Court of Appeals, federal prosecutors maintain that there can be no reasonable expectation of privacy in historical cell phone location data that is collected and maintained by phone companies.

According to prosecutors, the Stored Communications Act (SCA) of 1986 allows them to use a relatively easy-to-obtain court order to force a carrier to turn over a person's historical cell-site location information.

The Sixth Circuit Court of Appeals in August agreed with that assessment, ruling that Fourth Amendment protections do not apply to cellphone location data.

Others courts, however, have ruled that cellphone data is protected.

Privacy advocates have expressed frustration at what they call a continuing lack of clarity over the issue.

Many contend that warrantless cellphone tracking goes against all reasonable expectations of privacy and, in many cases, violates Fourth Amendment prohibitions against unreasonable search.

The advocates say that location data from cellphones and other mobile devices allow law enforcement officials to gather extremely detailed and protected information about an individual.

In a landmark ruling in June, the U.S. Supreme Court agreed with privacy advocates that law enforcement officials need to first obtain a search warrant based on probable cause before conducting some types of location tracking.

However, the court's decision pertained only to the issue of warrantless GPS tracking. It did not address the crucial and much broader issue of whether similar tracking using cellphone data and other geo-tracking devices requires a warrant.

That lack of guidance leaves the door open for all sorts of warrantless cellphone tracking by the government and all sorts of interpretation of those actions by the courts, privacy advocates say.

Internet and mobile privacy: Or the continuing lack thereof

For several years, consumer rights groups and others have been calling on Congress to create regulations governing how Internet companies, online advertisers, mobile service providers and mobile application providers can collect and use consumer data.

Despite some movement in attracting the attention of legislators, 2012 is set to close without any major changes to online consumer privacy rules.

The Consumer Privacy Bill of Rights , released by the Obama Administration in February, sought to encourage the creation of new industry standards for collecting, sharing, storing and using private data on the Internet and mobile networks.

The administration said at the time that the document is part of an effort to require that companies limit the collection of personal data, protect any sensitive data collected, and give consumers the right to access and to correct mistakes in personal data collected by Internet service providers, carriers and mobile application companies.

While many consumer rights groups and privacy advocates have praised the Administration's intent, they have expressed disappointment at the continued focus on industry self-regulation.

Many of them fear that the "multi-stakeholder process" outlined in Obama's Consumer Bill of Rights will be hijacked by deep-pocketed Internet companies with little real concern for consumer privacy. The consumer advocacy groups continue to maintain that meaningful privacy protections can result only from strong legislation.

Predictably, industry groups such as the Digital Advertising Alliance, the Interactive Advertising Bureau and the Direct Marketers Association have cautioned against any legislation and have insisted that self-regulation is the best way forward.

NYC Domain Awareness System: Surveillance city?

A New York City-wide Domain Awareness System (DAS) rolled out by the New York Police Department (NYPD) in July has left groups like the American Civil Liberties Union uneasy about its privacy implications.

The city's data aggregation and real-time analytics tool, built in collaboration with Microsoft, is designed to combat crime and terror threats in the city.

The system gives city police a way to quickly aggregate and analyze data from 3,000 surveillance cameras, along with license plate readers, radiation detectors, 911 calls and multiple public safety databases.

Housed in the Lower Manhattan Security Initiative command center, DAS is designed to provide real-time alerts on potential security threats. Operators and analysts at the command center can use the system's graphical interface to quickly pull up and correlate public safety, geospatial, chronological and other information that might be relevant to an unfolding event.

While city officials have described the system as an invaluable security tool, the ACLU and others have expressed concern about its privacy implications.

For instance, some fear that DAS -- and especially components like its license plate readers -- make it much easier for police to track and conduct warrantless surveillance of individuals and groups.

It's too soon to measure the extent of the systems privacy threat,

City officials have insisted that they have put in various, privacy-friendly measures -- such as purging license plate data every 30 days. Even so, with other cities likely to follow New York's lead, DAS could well become a barometer of things to come.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies