“There is no privacy anymore. Get over it.”
That was the sentiment of a Wayne State University new media student as relayed by his professor Dr. Karen McDevitt during an Ambassador magazine Technology Roundtable held in October 2013.
Is this really true? Well, we do live in a world where it seems we are under constant surveillance. Video cameras are everywhere, in every bank and almost every business. Retailers monitor their own employees as much as they watch their customers, and of course, it is now well known that our own government is spying on us.
We as consumers can’t be held blameless because we are willing to give up a great deal of our privacy for the sake of convenience or security. We post our personal information on social media. We assume that our bank accounts are safe as we use our debit cards at every gas station, grocery store or website. And even if we are safe from the malicious hackers who want to take us for everything we own, our sensitive information is readily sold to companies who profit from our data.
When we have questions about subjects like this at Ambassador, we ask the experts. So, we assembled some of the area’s foremost authorities on privacy, information security and civil liberties for a Roundtable discussion at the Automation Alley headquarters in Troy.
Paul Howell, chief security officer who directs the Information and Infrastructure Assurance office at the University of Michigan told us he used the Google Traffic app on his iPhone to help navigate the drive from Ann Arbor to Troy. He explained that the app works because Google tracks the whereabouts of every Android user whose location-based services are activated. The location clusters of Android users in their vehicles on the highways are then broadcast to the app, offering a fairly accurate reading of traffic flow. But how many cell phone users think about the information their devices are relaying back to the manufacturer?
“The real question is: What is our expectation of privacy?” says Robert Sedler, a professor of law at Wayne State University.
“I just went to the store and bought a Red Bull. They asked me for my CVS card. That’s going somewhere into a (data) mine, and they’re going to know I bought it. And I could go out anywhere else and buy something I wouldn’t want my mother to know about and that would be (tracked),” says Professor Daniel Shoemaker, principal investigator and senior research scientist at the University of Detroit Mercy’s Center for Cyber Security and Intelligence Studies. “The data mine at some point in time knows more about me than I know about me because it’s got all the data it’s collected from everything I’ve done. From movies I’ve rented to the stuff I’ve bought, and that’s not protected (by the Constitution).”
“The analytics industry earns ten or fifteen billion dollars a year doing nothing but (collecting data on individuals),” Shoemaker adds.
Sedler explains that the primary purpose of the 4th Amendment was to provide privacy in the home and of the person. “Whenever the government wants to do a search of your home, it has to go to a judge and show probable cause that they believe a crime has been committed. That’s the historical purpose (of the 4th Amendment),” Sedler says. “The Constitution doesn’t run against private individuals. Now there are certain rules about privacy, called the torts of invasion of privacy, but again, that’s using information in a harmful way to a person. If (private companies) mine the data, and you get a lot of advertisements as a result, that would not be considered illegal.”
Professor Sedler explains that to the extent that there are laws protecting individuals, they tend to protect telephone communication, but in addition to the phone calls, there are enormous amounts of data on cell phones. “The Supreme Court has just granted review in a case where the police arrested somebody, and they searched his cell phone,” Sedler adds. “The question is whether that is an unconstitutional search or not.”
“But, let’s understand,” says Phil Bertolini, chief information officer and deputy county executive for Oakland County. “When you sign up for that CVS card, Netflix or anything of that sort, you’re agreeing to terms. They’re selling that information, but you’re agreeing to it. And how many people actually read the long, fine print before checking the box, ‘I agree.’ So, you’re giving up some of that privacy right out of the gate.”
Jane Briggs-Bunting, president of the Michigan Coalition for Open Government notes that historically privacy as discussed in the 4th Amendment at the beginning of the 20th century was defined as “the right to be left alone.” “The problem is you might have the right to be left alone, but you don’t have the opportunity anymore,” she explains.
“Privacy is harder to manage today,” Howell adds. “If you just go about your life as a routine consumer, not reading the terms, signing up for every buyer advantage card, free cruise and things like that, you’re giving away that information. When you go on Facebook or Twitter or any of the social networks, and you set up your account with all sorts of information, and you even publish your birth date, you’re giving that information up. But, you’re giving it up for a reason. So, it’s that calculation of what’s the risk versus the benefit, and I don’t know that the risks around the erosion of privacy are well understood by the average person.”
Leslie Touma, founder and CEO of Michigan Security Network, agrees that this is a matter of consumer awareness. “As we’ve seen recently in the press with the automotive industry, a lot of people who have navigation systems in their car are unaware of the black box data that’s housed there. So, down the road can an insurance company subpoena that information in an accident? Who owns that information is going to be a really big debate. If that’s your information and that’s your vehicle, there has to be some kind of legal definition that protects the consumer,” she explains.
“Can you elaborate on that?” Ambassador Publisher and Roundtable Moderator Denise Ilitch asks. “I did not think about the GPS system having all that data. They can unlock my doors.” Not only that, but they can locate your car if it’s stolen. They have information about your speed, your location and whether you’re wearing your seatbelt. And if you get behind on your payments, they can shut the car down and repossess it.
“(The auto manufacturers) aren’t denying that they collect the information,” Touma says. “But, they’re denying that they share it.” It only became a requirement a few years ago that owner’s manuals must reveal that there is a black box tracking all your driving data. Because your car has become one big computer, a lot of data can be collected. Car companies say mining this data helps them engineer better, safer vehicles. “And there are a lot of times when technology is used for public benefit,” Touma says, referring to a Farmington Hills company called Illuminating Concepts. They market intelligent streetlamps to municipalities, amusement parks and sports stadiums around the world that talk and play music, but also capture video and record conversations as pedestrians stroll down the street. “The argument is that these lights enhance public security, but people might be surprised to know (they are being monitored),” Touma adds.
Merissa Kovach, field organizer for the American Civil Liberties Union of Michigan (ACLU), notes that one of the main problems is that our privacy laws have not kept up with the technology. “If you have an iPhone, Apple is tracking you, and they know where you’ve traveled. You went to Target, and you used your debit card where there was a huge breach of their data a few months ago. Any private emails you sent, our Electronic Privacy Communications Act hasn’t been updated since 1986, so that’s before the Internet,” she says. “Every little thing you do now is tracked. You’re giving up your information, and unless you want to go off the grid and live in a bunker, it would make your life very difficult (not to use the technology). But there are very few protections from the government keeping that information private.”
Kathy Ossian, founder and CEO of Ossian Law P.C., explains that there are some targeted and limited privacy laws. “There’s HIPAA (Health Insurance Portability and Accountability Act), Gramm-Leach-Bliley, which only applies to financial institutions. There’s the Children’s Online Privacy Protection Act, which is broader but applies to children under the age of thirteen,” Ossian notes. “So, we have those kinds of targeted laws on the federal level and then there are various state laws. Some states are more aggressive than others; California being the most aggressive. They just enacted a law last year that is broad enough to cover mobile apps and their focus has been on disclosure – on making sure that there is an accurate disclosure of what data that app is actually collecting.”
Sedler reminds us that there are different components of privacy, however. “We’re talking a lot about informational privacy, but some of us who are pretty old have thought much more in terms of privacy of the home and privacy of the person,” he explains.
Sedler says the last major case he litigated for the ACLU was about a decade ago when the State of Michigan passed a law that mandated drug testing for welfare applicants without suspicion. “We won the case. The court ruled that it was unconstitutional, but now the state is looking for ways to get suspicion. So, this subject keeps resurfacing,” he says. “Like Merissa said, we haven’t done a good job protecting our privacy. But since 9-11, the government has come up with all kinds of ways to gather intelligence.”
“Another piece of it is when the government is collecting information from a third party without the individual knowing it,” Briggs-Bunting adds. “That’s what happened with the Associated Press. They didn’t even bug the phones. They just got all the data from Verizon.”
“One of the provisions of the U.S.A. Patriot Act was that whenever one of the telecommunications companies got a request for this information, they couldn’t tell anybody,” Sedler says. “But just recently the Obama Administration worked out a settlement with some of the big companies – Verizon, AT&T and others – allowing them to notify their customers that the government has requested the information.”
Touma notes that it’s important to have strong safeguards for technology because there is always the potential for abuse.
“We have to ask ourselves, at what level are we willing to have information about ourselves out there in the public?” Bertolini says. “We have to talk about risk versus reward.” We could wrap all our computers in bubble wrap and throw them in the Detroit River, and we’ll never have anybody breach them, but you’ll never use them for anything. Technology is here for a reason. If we lock everything down so tight that no one can ever access it, and no one can share data, then we might as well not have it.”