As we go about our errands and excursions, you might not realize you’re toting along the 21st century version of Big Brother.
Your smartphone may not only be capturing your location data but also potentially harvesting it and sharing it with advertisers or law enforcement. If your account or a company’s computers are hacked, crooks bent on stealing your identity could exploit the leaked data.
For sure, you can benefit when your phone knows where you are. Your phone can help you avoid traffic, discover a nearby eatery, get up-to-the minute local weather or recover a lost phone. But privacy advocates worry about darker outcomes.
“One of the disturbing realities of modern technology is that increasingly, everywhere we go, our phones, cars and devices are logging our location,” says lawyer Albert Fox Cahn, executive director of the New York-based civil rights group Surveillance Technology Oversight Project (STOP). It's “a creepy way for companies to sell us their products, [and] increasingly, a way for the police, IRS and immigration authorities to track our movements.”
They do this through court orders, digital dragnets known as geofencing, and sometimes by purchasing the data, Cahn says.
“Not only is location data being used for the purposes of criminal prosecution or liability in legal cases, but also just for targeted advertising, which might be harmful to a particular person,” says Bill Budington of the Electronic Frontier Foundation. The staff technologist at the San Francisco advocacy group says someone visiting an alcoholic treatment center might receive embarrassing or unwanted ads for alcoholic products.
Health privacy rules don’t extend to phones
What’s more, federal regulations that have sprung from the Health Insurance Portability and Accountability Act (HIPAA) generally don't protect the privacy or security of your health information when accessed through or stored on your personal cellphones or tablets, according to the U.S. Department of Health and Human Services. For some, that prospect took on added urgency after the Supreme Court’s ruling overturning Roe v. Wade, and the idea that people could be tracked crossing state lines to have a procedure deemed illegal in their home states.
Most folks want to protect their privacy under any circumstances. Almost 9 out of 10 people 55 and older are concerned about the safety and privacy of their personal data, compared with nearly 8 out of 10 people ages 18 to 34, according to an Ipsos poll of 4,000 U.S. adults conducted April 1 to 7.
In a July 1 blog post, a Google senior vice president, Jen Fitzpatrick, wrote that her company is taking some steps to make location data more private. If Google detects that people visit some “particularly personal” medical facilities — including “counseling centers, domestic violence shelters, abortion clinics, fertility centers, addiction treatment facilities, weight-loss clinics [and] cosmetic surgery clinics” — it will delete their location history entries “soon after they visit” such places.
Location History is an account setting that the Alphabet-owned company says is turned off by default. But when it’s on and you sign in to your Google account, you can view the places where you’ve visited — for example, in a Google Maps Timeline. Through auto-delete controls, you can have Google automatically and continuously delete your location history — as well as search, voice and YouTube activity data — after three months or 18 months.
Some want expansion of privacy protections
Critics want Google to go further, given the sheer magnitude of search data it amasses on all of us.
“Rather than simply labeling a few sites as sensitive … Google should be treating all of our movements as sensitive,” Cahn says. “We shouldn’t make civil rights and democracy an opt-in exercise.”
Fitzpatrick didn’t specify how Google’s systems will determine that a person has visited one of these health facilities. Nor did she say what might be done to protect location data captured in the general vicinity of the place or when the person is in transit.
“Google has a long track record of pushing back on overly broad demands from law enforcement, including objecting to some demands entirely,” Fitzpatrick blogged. “We take into account the privacy and security expectations of people using our products. And we notify people when we comply with government demands, unless we’re prohibited from doing so or lives are at stake — such as in an emergency situation.”