Drones, phones and other 2012 privacy threats

New law enforcement and marketing tools and technologies keep privacy advocates on their toes

Verizon's attempt -- unsuccessful so far -- to secure a patent for a so-called 'snooping technology,' which in this case would let television advertisers target individual viewers based on what they're doing or saying in front of their sets, capped another challenging year for privacy advocates.

Verizon's snooping technology and TV ads

The Verizon technology, which includes a sensor/camera housed in a set-top box, would determine the activities of individual viewers -- eating, playing, cuddling, laughing, singing, fighting or gesturing -- and then trigger personal advertisements based on the activities.

Overall, the technology would serve targeted ads based on what the user is doing, who the user is, his or her surroundings, and any other suitable personal information, according to Verizon.

The U.S. Patent Office delivered a "non-final" rejection of Verizon's application in November.

But analysts say that because engineers are already working on such technology, it's a cinch that some kind of similar technology will be included in TV set-top boxes in the not too distant future.

Here, in no particular order, are other developments in 2012 that could have a major long-term impact on privacy:

The U.S. drone law: Eye in the sky

The Federal Aviation Administration Modernization and Reform Act of 2012, signed into law by President Barack Obama in February, was immediately slammed by rights groups, privacy advocates and lawmakers who contended that the law poses a major threat to the privacy of law-abiding citizens.

The bill, still largely unnoticed by the general public, opens up American airspace to commercial unmanned aerial vehicles (UAVs), better known as drones. Over the next few years, the FAA is expected to license the use of as many as 30,000 drones by border patrol agents, government agencies, state and local law enforcement agencies as well as businesses.

The powerful drone lobby has done much to highlight the benefits of drones in tracking fugitive criminals, managing traffic, monitoring crops, conducting land management activities, news reporting and filmmaking.

Numerous agencies, including the Department of Homeland Security, NASA, the FBI. the border patrol, and local police departments have secured licenses to operate drones in U.S. airspace.

Rights advocates argue that the law includes no meaningful guidelines for protecting privacy rights.

The advocates warn that drones equipped with facial recognition cameras, license plate scanners, thermal imaging cameras, open WiFi sniffers, and other sensors could be used for general public safety surveillance.

The Center for Democracy and Technology earlier this year noted that static surveillance technology like closed circuit television cameras cannot track individuals beyond their fields of vision. But drones, the group contended, can peek into backyards and be used -- without a warrant -- to track individuals pervasively.

A drone flying at a height of 400 feet or more would likely be considered to be operating in a public space. So, the center argues, while police would need a warrant to peer over a private fence, they would not need one to use a drone to observe an individual in his or her backyard.

Warrantless cellphone location tracking: What Fourth Amendment?

Despite a major U.S. Supreme Court ruling in January on the constitutionality of GPS tracking by law enforcement agencies, the overall issue of location tracking of individuals remained as murky as ever in 2012.

Cellphones and other mobile devices offer criminal investigators a powerful tool for tracking suspects. Local police departments often use realtime cellphone data track individuals. In addition, historical cellphone data is often gathered -- without a warrant -- by police to track past activities of suspected criminals.

In a case now being heard by the U.S Fifth Circuit Court of Appeals, federal prosecutors maintain that there can be no reasonable expectation of privacy in historical cell phone location data that is collected and maintained by phone companies.

According to prosecutors, the Stored Communications Act (SCA) of 1986 allows them to use a relatively easy-to-obtain court order to force a carrier to turn over a person's historical cell-site location information.

The Sixth Circuit Court of Appeals in August agreed with that assessment, ruling that Fourth Amendment protections do not apply to cellphone location data.

Others courts, however, have ruled that cellphone data is protected.

Privacy advocates have expressed frustration at what they call a continuing lack of clarity over the issue.

Many contend that warrantless cellphone tracking goes against all reasonable expectations of privacy and, in many cases, violates Fourth Amendment prohibitions against unreasonable search.

The advocates say that location data from cellphones and other mobile devices allow law enforcement officials to gather extremely detailed and protected information about an individual.

In a landmark ruling in June, the U.S. Supreme Court agreed with privacy advocates that law enforcement officials need to first obtain a search warrant based on probable cause before conducting some types of location tracking.

However, the court's decision pertained only to the issue of warrantless GPS tracking. It did not address the crucial and much broader issue of whether similar tracking using cellphone data and other geo-tracking devices requires a warrant.

That lack of guidance leaves the door open for all sorts of warrantless cellphone tracking by the government and all sorts of interpretation of those actions by the courts, privacy advocates say.

Internet and mobile privacy: Or the continuing lack thereof

For several years, consumer rights groups and others have been calling on Congress to create regulations governing how Internet companies, online advertisers, mobile service providers and mobile application providers can collect and use consumer data.

Despite some movement in attracting the attention of legislators, 2012 is set to close without any major changes to online consumer privacy rules.

The Consumer Privacy Bill of Rights , released by the Obama Administration in February, sought to encourage the creation of new industry standards for collecting, sharing, storing and using private data on the Internet and mobile networks.

The administration said at the time that the document is part of an effort to require that companies limit the collection of personal data, protect any sensitive data collected, and give consumers the right to access and to correct mistakes in personal data collected by Internet service providers, carriers and mobile application companies.

While many consumer rights groups and privacy advocates have praised the Administration's intent, they have expressed disappointment at the continued focus on industry self-regulation.

Many of them fear that the "multi-stakeholder process" outlined in Obama's Consumer Bill of Rights will be hijacked by deep-pocketed Internet companies with little real concern for consumer privacy. The consumer advocacy groups continue to maintain that meaningful privacy protections can result only from strong legislation.

Predictably, industry groups such as the Digital Advertising Alliance, the Interactive Advertising Bureau and the Direct Marketers Association have cautioned against any legislation and have insisted that self-regulation is the best way forward.

NYC Domain Awareness System: Surveillance city?

A New York City-wide Domain Awareness System (DAS) rolled out by the New York Police Department (NYPD) in July has left groups like the American Civil Liberties Union uneasy about its privacy implications.

The city's data aggregation and real-time analytics tool, built in collaboration with Microsoft, is designed to combat crime and terror threats in the city.

The system gives city police a way to quickly aggregate and analyze data from 3,000 surveillance cameras, along with license plate readers, radiation detectors, 911 calls and multiple public safety databases.

Housed in the Lower Manhattan Security Initiative command center, DAS is designed to provide real-time alerts on potential security threats. Operators and analysts at the command center can use the system's graphical interface to quickly pull up and correlate public safety, geospatial, chronological and other information that might be relevant to an unfolding event.

While city officials have described the system as an invaluable security tool, the ACLU and others have expressed concern about its privacy implications.

For instance, some fear that DAS -- and especially components like its license plate readers -- make it much easier for police to track and conduct warrantless surveillance of individuals and groups.

It's too soon to measure the extent of the systems privacy threat,

City officials have insisted that they have put in various, privacy-friendly measures -- such as purging license plate data every 30 days. Even so, with other cities likely to follow New York's lead, DAS could well become a barometer of things to come.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Join the CSO newsletter!

Error: Please check your email address.

Tags verizonsecurityprivacy

More about BillDASFAAFBIFederal Aviation AdministrationInteractiveInteractive Advertising BureauManhattanMicrosoftNASATechnologyVerizonVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place