Asked about state and local police accessing millions of people’s geolocation data without warrants, an Arkansas prosecutor recently said Americans have given up any reasonable expectation of privacy when they use free phone apps—and that those who object belong to a “cult of privacy.”
Well, count me in. I am a proud member of the cult of privacy, and I want to bring you into the fold. If you would rather try to protect your privacy than be tracked in everything you do and everywhere you go, you might want to join us. Light a candle, download a VPN client, and help us overthrow surveillance capitalism.
The privacy-poo-pooing prosecutor was quoted last week in an Associated Press story based on a joint investigation with the Electronic Frontier Foundation, where I work as associate director of digital strategy. That project revealed that law enforcement agencies across the country have been paying a company called Fog Data Science to gain warrantless access to millions of people’s cell phone location data.
It works like this: Thousands of seemingly harmless apps that do everything from help you buy coffee to find the fastest route to your destination also gather your location data, and many sell that information to data brokers. That data is frequently connected by your phone’s advertising identifier (“Ad ID”). Fog buys that data and sells access to it cheaply to state and local police. Law enforcement can use it to trace a device’s location—and its owner’s—everywhere they’ve been. It’s like the old internet axiom: If the app is free, then you are the product. Except now, you and your data may also be the product even if you pay for the app or use it to buy things. In this case, Fog is buying your data from a bunch of different apps, then wholesaling it to the police.
The Ad ID associated with your phone is one of the major tools used by companies to link data from different sources back to you. This is part of why you get surprising ads for products that sometimes feel invasive. Fog Data Science is the first company we’ve seen that sells state and local law enforcement the location data of millions of people’s cell phones using an Ad ID.
This is a big and troublesome violation of our privacy. But after years of cascading revelations of secretive data-sharing agreements between companies and the government, it might seem like you have to be an online privacy zealot to believe your privacy even can be protected.
Make no mistake: Fighting for online privacy can sometimes feel like trying to put out a wildfire with a thimble. Much of our online life (and therefore, our life) has been infiltrated by Big Tech companies that mine our actions, secretive third–party data brokers that buy and sell our private data, and law enforcement who use it—whether through geofence warrants, keyword warrants, or even warrantless searches—to learn far more about us than we ever expected.
When criticized, defenders of the status quo claim it’s necessary to give us all the free goodies we’ve come to expect from the internet, or to catch criminals. To mix the religious metaphors, it’s been said that the original sin of the internet was basing it on advertising, and some feel that it’s too late to fix it now. In other words, under surveillance capitalism, all these privacy invasions are just business as usual.
But that’s not the internet I signed up for, and I’m confident it’s not the internet we must have. I’m not alone: At EFF, we’ve been fighting for privacy and transparency for more than 30 years, and we have over 35,000 paying members who agree with us that these rights are attainable and worth fighting for. (One EFF supporter suggested on Twitter that she’d happily wear a “member of the cult of privacy” T-shirt. Bless you, my child.)
In many cases, privacy has made gains.
Sometimes, it’s been through technical means: Most websites are encrypted now, protecting browser communications with the sites you visit from being leaked to people or companies that might spy on them. And on both Android and iOS devices the aforementioned ad ID now can be reset or even turned off, which was not always the case.
Although the law moves slowly, it is also catching up. In several high-profile Supreme Court cases, Fourth Amendment protections have been expanded to include newer technologies. In a 2018 opinion in Carpenter v. U.S., Chief Justice John Roberts recognized that cellphone location information creates a “detailed chronicle of a person’s physical presence compiled every day, every moment over years,” and as a result, police must now get a warrant before obtaining this data. And just recently, the Federal Trade Commission sued Kochava, a data broker, for unfairly harvesting and monetizing phone app location data. The cult of privacy has members in high places, apparently.
With the Supreme Court’s recent decision in Dobbs v. Jackson, what used to be more benign reproductive health data is now potentially criminal evidence, as the FTC recognized in its suit against Kochava. Similarly, data may be weaponized against trans youth seeking health care in some states, putting caretakers and healthcare professionals at risk. A frequent argument against privacy is that “you have nothing to worry about if you have nothing to hide.” That has never made sense; if it did, why even have curtains on your windows? But these days, the underlying idea fails miserably.
Privacy is one of the (seemingly few) issues that crosses the aisle. Whether you’re seeking reproductive health care or going to gun shows, each one of us is at risk of our data being abused—whether by companies or law enforcement—and all of us deserve privacy protections.
Verily, I dream of a promised land where people do not have to share their location data with shady surveillance companies, to be packaged, sold, and repackaged, and resold. If you also dream of such a place, I hope you’ll help us get there. Most people are just a conversion experience away from seeing the light, and when you have yours, the cult of privacy will be happy to have you.