On August 29, 2022, the FTC initiated legal action against Kochava Inc., a data broker, accusing it of selling geolocation data from hundreds of millions of mobile phone devices. The committee found that consumers were typically unaware that location data was being sold and that their past whereabouts could be traced.
According to the FTC’s complaint against Kochava, the company’s information can be used to “identify which consumers’ mobile devices visited reproductive health clinics,” among other sensitive purposes.
Many abortion patients found themselves in legal risk after the Supreme Court’s June 24, 2022, decision to overturn Roe v. Wade. In light of the proliferation of abortion prohibition laws at the state level, we can see how vulnerable our right to privacy really is. As someone who studies cybersecurity and privacy, I can attest to the ease with which individuals’ whereabouts and actions can be monitored.
Well-intentioned advocates for abortion access often advise clients to “act like a CIA operative” and “burner phone” their way to the clinic. Even so, that still wouldn’t be sufficient to ensure confidentiality.
People voluntarily disclose information when they use a navigation app, input search phrases into a search engine, or engage in online discussion. Mobile devices, however, broadcast a lot more information than just what their owners say or type. Communication details such as who was contacted, when, for how long, and on what device are broadcast to the network. That’s necessary for things like making phone calls and sending emails.
Who is talking to whom?
Call Detail Records are a type of metadata that the National Security Agency collects in bulk from American phone companies in order to monitor terrorists, a fact that caused widespread outrage once it was revealed by NSA whistleblower Edward Snowden. The people had valid worries about invasion of privacy.
Later, Stanford researchers demonstrated how phone records, when combined with other publicly available information, might reveal private details, such as if a person has a cardiac condition and their arrhythmia monitoring equipment is broken or whether they are planning to operate a marijuana shop. Listening in isn’t always necessary to understand a person’s inner thoughts and intentions. Call logs reveal all, including who called whom and when.
IP-packet headers, which are transmitted along with any internet-based communication, can expose much more information than call logs. Even if the contents of a Voice over IP connection are encrypted, information contained in the packet header may reveal some of the words being said in the call.
Sensing devices stuffed into your pocket
However, that’s not all your communication gadget reveals about you. Smartphones have numerous different sensors because they are computers. Your phone features a gyroscope and an accelerometer to ensure accurate data display, a power sensor to extend the life of its battery, and a magnetometer to provide navigational assistance.
These sensors can be used for various purposes, much like communications metadata can be used to monitor your activities. It’s true that turning off GPS will stop apps from tracking your location, but the gyroscope, accelerometer, and magnetometer data might still reveal your whereabouts.
Companies may be interested in this sort of sensor data. For instance, Facebook has a patent that utilizes the many wireless networks in the user’s vicinity to infer when two users may have been in close proximity to one another on multiple occasions (e.g., at a conference or while riding a commuting bus) in order to introduce them. Creepy? Of course! Having ridden the New York City subways as a young woman, the last thing I need is for my phone to introduce me to someone who has stood suspiciously near to me on multiple occasions.
Uber is aware that individuals are more eager for a ride when their battery is low. Do they do a credit check and up the price if that information is found to be accurate? Despite Uber’s denial, the possibility remains.
As an added bonus, this treasure trove of information is not restricted to applications alone. Applications collect this data, which is then sold to data brokers who aggregate it with other data and sell it to businesses and governments. By doing so, the government is able to avoid the due process safeguards that would otherwise prevent them from obtaining the information without a court order.
Beyond the realm of agreement
There is not much consumers can do to safeguard themselves. It is possible to communicate, transport, and display content by utilizing communication metadata and device telemetry, which is data gathered from the phone’s sensors. You can’t avoid them in most cases. Metadata and telemetry are transmitted in the background, unseen by the user, as opposed to actively provided input like search phrases or map locations.
Consent is an implausible gesture. Too much information exists, making it difficult to evaluate each individual circumstance. Metadata and telemetry are utilized otherwise by the various software packages you employ, such as video, chat, web browsing, and email. It’s practically impossible to give completely informed consent in which you know exactly what information you’re supplying and why.
Metadata and telemetry can reveal your visit to the cannabis dispensary and other aspects of your personality, such as your level of extroversion or your likelihood of being on the outs with family members since the 2016 election, if you use your phone for anything other than a paperweight.
Assuming you intend to use the burner phone, it is true even if you pay for it in cash. When you do this while also toting around your regular phone, you reveal the connection between the two devices and, by extension, your identity. Another way your burner phone might be traced back to you is by your location history, with as few as four points of identification. You and your passenger both need to be vigilant should one of you be tracked by the other’s phone. Incredibly personal details can be gleaned from metadata and telemetry data. But you have no control over who sees or does with that information.
Today’s technological reality
Constitutional protections exist for maintaining one’s privacy. As an illustration, the Supreme Court has ruled that one’s First Amendment right to assemble is limited to the freedom to do so in secret, without disclosing the identities of its members to the government. However, in today’s world of smartphones, such a privilege has become mostly unfeasible. No longer can anyone really go about their daily lives without a cell phone. Public payphones and paper maps are almost a thing of the past. You pretty much need a smartphone to do anything nowadays, whether it’s getting from point A to point B, scheduling an appointment, placing a takeout order, or checking the weather.
Privacy is at stake for everyone due to the information that phones leak, not just those who are considering abortion. One of these job-seekers could be your own child: If an employee is suspected of taking part in a demonstration, the employer may look into their whereabouts to determine if they are indeed present. It’s also possible that you’re the one who gets outed when your coworker discovers, thanks to your devices’ gyroscope, accelerometer, and magnetometer readings, that you both spent the night in the same hotel room.
If laws or regulations were in place to ensure that the information you submit to services like TikTok, SnapChat, and YouTube is used only for sending and receiving communications, then this chilling scenario could be avoided. This is a boon not only to those seeking abortions, but to society as a whole.