The spy in your pocket

By | February 27, 2024

Means of Control: How the Hidden Alliance of Technology and Government is Creating a New American Surveillance StatThrough Byron TauCrown, 400 pages, $32

An officer stopped Ivan Lopez in Somerton, Arizona, a small town near the Mexican border. The officer claimed Lopez had a broken taillight and was speeding. A drug-sniffing dog then pointed out possible contraband; Police searched his truck and found fentanyl, cocaine, heroin and meth. Lopez subsequently agreed to a plea deal that would see him serve 84 months in prison for drug trafficking.

The traffic stop took place in 2018. Lopez (and his lawyers) only found out in 2020 that neither the traffic violations nor the dog led to Lopez’s demise: it was location data from his phone, which showed that he was passing through. the border at a place where there was no guarded border crossing. A secret underground tunnel led from Mexico to a property he owned in the Arizona border town of San Luis.

A handful of Border Patrol agents in small towns had not been actively monitoring Lopez’s phone location. They purchased the information from third-party brokers, who collected GPS data produced by the apps on Lopez’s phone.

Byron Tau, then a Wall Street Journal reporter, reported that year that the federal government, particularly immigration officials, had begun purchasing such data, which was typically intended for use by advertising companies. (It was Tau who told Lopez’s lawyers about the data purchases while reporting his story.) In this way, both local and federal law enforcement circumvented Fourth Amendment restrictions to obtain information that typically requires probable cause and a warrant was needed.

Such stories animate Tau’s Means of controla book that documents how over the past twenty years our government has turned to the private sector to keep an eye on us, while both the authorities and the companies involved do everything they can to keep Americans in the dark.

***

Tau begins, as almost all modern stories about the American surveillance state must, with the September 11 attacks. When the federal government realized there were holes in its intelligence operations, people in the business of collecting and selling personal data realized their information could be useful.

In the days after September 11, a data collection company called Acxiom decided to run the terrorists’ names through its databases to see what it could find. Information was found about 11 of them. The company then expanded its search to include people who shared addresses with the men, looking for connections to others in the US who may be planning attacks. Meanwhile, a rival company, Seisint, was doing something similar: It tried to develop profiles of potential terrorists and sift through the company’s data to see who matched.

This was a fishing expedition: a broad search for information in the hope of finding evidence of wrongdoing. Before the police can collect or search our data, they are deemed to have reasonable suspicion that the persons involved are involved in criminal activities; they are not supposed to collect people’s data first Than Take a look at it to see if they did something wrong. But Axciom and Seisint are not law enforcement agencies, and that’s where privacy protections start to falter.

The third-party doctrine, which dates back to Supreme Court rulings in the 1970s, means that data that Americans voluntarily provide to banks, phone companies and other third parties does not have the same Fourth Amendment protections as data we store for ourselves. Interestingly, in the aftermath of September 11, Defense Department lawyers warned Pentagon officials against attempting to include data from these companies in their intelligence.

These warnings were not heeded. Tau’s book is an in-depth account of how the US went from a place where federal lawyers warned against searching privately collected data to a place where government agencies spent untold sums of taxpayer money to buy the information.

People who follow data privacy issues may already be familiar with some of the stories in this book. For example, in 2019, a government contractor warned that gay hook-up app Grindr’s data about its users (and their locations) was accessible to anyone with access to the exchanges that sell ads to apps. Because a Chinese company bought a majority stake in Grindr in 2016, this led to fears of national security risks. Ultimately, the foreign company was forced to sell its stake. This saga received a lot of attention in the press.

What wasn’t discussed as widely is that many other apps have the same flaw. Tau shows that as phones increasingly became storage centers for people’s personal data, the amount of private information that citizens — whether they realized it or not — provided to private companies also increased. This creates a marketplace where secretive intermediaries collect data from these apps and ad exchanges and then quietly sell it to the government. When apps or platforms implement privacy restrictions that say no data can be used for government tracking purposes, the middlemen step in and allow authorities to bypass these rules. As Lopez and his lawyers would discover, this secretive system can also make it impossible to challenge the source or legitimacy of information used against people in court.

“Neither the user nor the app developer can definitively say what their use is after the data leaves their control,” Tau writes. “They cannot guarantee that the data will only be used for commerce or analysis. Once the data is collected and sold, no one can guarantee what happens to it.”

***

Tau’s extensive research gives readers a detailed tour of the mind-bogglingly complex ecosystem of brokers and buyers of this information. The cynic may be surprised to learn that there are people in government who take citizen privacy seriously and oppose these surveillance methods. The cynics won’t be surprised if other officials and their private sector allies figure out ways to get around that resistance.

Even as Tau shows us how transparent our lives are, much of the process of transferring data into the hands of brokers and then to the government remains quite opaque. This is not a criticism of Tau’s writing or research: this book has much to teach us about how this secret marketplace came to be and how it works. Nevertheless, as Tau acknowledges, even he could only penetrate so much of the system.

Tau never loses sight of the fact that the government is the driving force behind this market. Any possible solution that actually works would likely involve legislative measures or court decisions limiting what data the government can collect. Some of this, although not enough, has already happened: in 2018 Carpenter v United Statesthe Supreme Court ruled that police need arrest warrants to access cell phone tracking data.

The two-party Fourth Amendment is not for sale would ban the government from purchasing Americans’ device data from third-party brokers and instead let authorities seek a court order before collecting data from the original app or platform. As Tau notes, the bill received unanimous support from the Republican-led House Judiciary Committee last July, which seems like a positive sign. But an attempt to fold the legislation into a larger surveillance reform bill failed, and the future of the measure is unclear.

So unfortunately it’s still useful Means of control contains an appendix with “An Ordinary Person’s Guide to Digital Privacy” – a guide for people who want to protect their own data. As Tau says, “No one ever went broke betting that Congress would do nothing.”

The post The Spy in Your Pocket appeared first on Reason.com.

Leave a Reply

Your email address will not be published. Required fields are marked *