Privacy & Surveillance Overview

Privacy & Surveillance: Overview

This section details the fundamental concepts surrounding privacy and surveillance. It covers topics such as metadata vs data, digital fingerprinting, multi-factor authentication (MFA), location tracking, and the legal landscape regarding privacy.

Key Points of Discussion

Campus Privacy Expectations

  • Public Spaces: Locations like the Yard and the One‑Stop Office where privacy expectations may face challenges due to the nature of interactions occurring there.

    • The Yard: An open public space frequented by students for study and socializing.

    • One‑Stop Office: A hub for academic discussions, billing inquiries, and exchange of sensitive information.

Distinction between Metadata and Data

  • Metadata: Defined as "data about data". Examples:

    • Sender and recipient addresses

    • Email subject

    • Timestamp of the communication

    • URLs visited.

  • Data: Refers to the actual content, such as the body of an email or attached files.

  • Invasiveness of Metadata: Despite being non-content based, metadata can still infringe on privacy rights due to the detailed information it contains.

Legal Landscape Related to Metadata

  • Court Compulsion: Courts can mandate companies to hand over metadata during law enforcement investigations. A significant point of contention is whether such practices violate the confidentiality aspect of the CIA triad (Confidentiality, Integrity, Availability).

    • Utah Data Center: Operated by the NSA; it serves as a significant repository for metadata collection.

Surveillance Techniques and Claims

Web and Device Fingerprinting

  • Fingerprinting Techniques: Techniques used primarily for targeted advertising, involving:

    • Web Browser Fingerprinting: A unique set of data points (e.g., user-agent string, screen resolution, installed fonts) that can identify a device across different browsing sessions without the use of cookies.

    • Digital Fingerprints: Analytics which synergizes biological fingerprints’ uniqueness and permanence traits with digital identifiers like hardware IDs and software configurations.

Multi-Factor Authentication (MFA)

  • Evolution of MFA: Originated in high-security contexts (e.g., Federal Deposit Insurance Corporation) but is now commonly utilized across various platforms.

    • Example Implementation: A Duo push notification system that requires a secondary code input after a password entry.

Databases and Linkage of Fingerprints

Centralized Data Storage

  • Database Capabilities: Centralized databases can house biological and digital fingerprints alongside personal identification records (e.g., driver's licenses, criminal records).

  • Utilization of Fingerprints: Matched fingerprints can:

    • Identify Individuals

    • Correlate Activities Across Services: This enables surveillance-as-a-service models, which profit from aggregated fingerprint data.

Digital Fingerprinting and Trace Data

Definitions and Concepts

  • Digital Fingerprint: A unique combination of device characteristics, including browser version, screen resolution, and installed fonts.

  • Trace Data: Metadata that is unintentionally left behind during digital interactions, considered essentially invisible to end-users.

    • Collection by Companies: Major corporations like Google, Meta, and Adobe utilize trace data to build user fingerprints.

Targeted Advertising Strategies

  • Remarketing: A method wherein ads for products previously viewed by a user are displayed upon subsequent visits.

    • Workflow Example: If a user visits an e-commerce site on Monday, their digital fingerprint is recorded, and ads for viewed products are shown later.

Connectivity of Privacy and Location Tracking

Location Tracking Technologies

  • GPS: Global Positioning System; not prominently used in browsers due to high power consumption and inaccuracy.

  • Methods Indicating Location:

    • IP Address: Provides an approximate geographic location based on network routing.

    • Wi-Fi SSID/BSSID: Identifiers of nearby routers that can be mapped geographically.

    • Bluetooth Low Energy (BLE): Small beacons can triangulate position with an accuracy up to 3cm.

Comparison of Tracking Technologies

Technology

Power Usage

Typical Accuracy

Primary Use

GPS

High

5–10m (outdoors)

Navigation

IP Address

Low

City-level

Network routing

Wi-Fi scanning

Moderate

10–30m

Indoor positioning

BLE Beacons

Very Low

1–3cm

Proximity detection

Cookies vs. Web Fingerprinting

Cookies

  • Definition: Small text files stored by browsers that users may block.

Transition to Fingerprinting

  • Web Fingerprinting: Emerges as a robust alternative for tracking by collecting browser and device characteristics, forming persistent identifiers without dependencies on cookies.

  • Industry Shift: Google is transitioning from cookie-based systems to web fingerprinting, highlighting an industry-wide trend towards more resilient identifiers.

Real-World Implications of Digital Surveillance

Case Study: Target's Predictive Marketing

  • Example Scenario: Target used shopping patterns to predict personal life events, such as a customer's pregnancy, by analyzing specific purchasing behaviors—tracking items like maternity-related products.

    • Business Goal: To embed Target as the go-to store for expectant mothers by mailing relevant advertisements during key phases of their pregnancy.

Data Collection Sources

  • Retail Chains: Major e-commerce sites and retail outlets such as Target and M-Dub are primary repositories for consumer data.

Surveillance & Law Enforcement

Legal Considerations

  • Social-Media Metadata: Extensive metadata related to user activities on social media platforms can be pivotal in criminal investigations. For instance, prosecutors can request specific datasets from platforms like Facebook to support cases.

  • Legal Compliance: Companies may be compelled to produce data deemed necessary for trials, despite the lack of explicit legal privacy rights in the U.S. Constitution.

Final Considerations on Privacy Implications

Uniqueness of Fingerprints

  • Significance: Unique digital fingerprints can link online behaviors back to real individuals without their consent, thereby implicating both privacy and legal concerns.

  • Commercial vs. Law Enforcement Use: The same metadata can serve distinct purposes depending on the accessing party's intent—whether for targeted marketing or for surveillance in criminal investigations.

  • Proposals for Greater Privacy: Discussions on the necessity of updated privacy rights in light of evolving digital footprints and surveillance technologies are ongoing.