Our civilization has entered the digital age. The technological realm has become pervasive and we can hardly escape it in our daily interactions. But can we trust those steering the ship? As each day brings new insight into the fraudulent use of personal data, breaches of privacy, and attempts to filter our perception, we need to be more aware than ever. With today’s hasty technological development, few people stop to examine how these changes will affect our privacy, liberty, or our ability to control our own lives. Each week, Liberty Nation’s You’re Never Alone will catch you up on the facts you need to know.
In our first installment, we’ll look at a few of the companies that have been collecting your data, without you even knowing it. Retail apps have been recording users’ every move, telecom companies have sold the details of customers’ exact locations, and Facebook has just been reprimanded for tracking users’ online data across the board. Be sure to check out LN’s other recent coverage on Facebook, including the social media company’s questionable ties to the U.S. government, and its alleged reliance on fake accounts to fuel profits.
Shopping Apps Track Customers
Screenshots by the App Analyst – Air Canada recordings do not consistently mask personal information
Multiple retail apps have been recording users’ screen activity during app use, which the company or app developer can then view as a video – all without telling users. TechCrunch revealed that retailers including Hollister clothing, Abercrombie & Fitch, Hotels.com, Air Canada, Expedia, Singapore Airlines, and others have installed software into their apps to collect real-time of recordings of customers’ every move. The videos can then be viewed via “session replay,” allowing companies to view how users interacted with the app and better tailor it to better serve their interests. One provider of such software is Glassbox Digital Analytics. “Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it? This is no longer a hypothetical question, but a real possibility,” reads the Glassbox website.
TechCrunch reports that none of the named brands make any mention of Glassbox data collection in their user agreements, privacy policies or terms and conditions, thereby ensuring that the customer has no way to know that their screen is being recorded. Aside from the obvious privacy and data collection issues here, there are also potential security risks. When users make purchases on these apps, they may divulge sensitive personal information, including credit card details, passport numbers, and banking passwords. While the software supposedly masks sensitive fields, tech blogger the App Analyst found that Air Canada’s app didn’t always properly conceal this information – so that anybody who views the Glassbox recording will have access to unencrypted personal information of the app’s users.
While Abercrombie & Fitch and Hollister sent their data directly to Glassbox’s servers, others such as Expedia and Hotels.com sent the information to their own servers, adding another opportunity for improper access. Apple has demanded that the software be removed from its app store, stating that, “Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.”
Facebook Market Dominance and Data Tracking
You may be forgiven for thinking that Facebook only monitors users who are actually on the Facebook website or app – but that is not so. Pew Research recently found that 74% of users were unaware that Facebook actively tracks users across social media platforms, apps and even third-party websites. The company collects data on users’ broader online activity to create detailed profiles which are then used to attract highly-targeted advertising. Germany’s antitrust regulator, the Bundeskartellamt, recently ruled that Facebook has been abusing its power to gain dominance in the social media market, and demanded that it stop collecting off-site data.
“Facebook users practically cannot switch to other social networks. In view of Facebook’s superior market power … The only choice the user has is either to accept the comprehensive combination of data or to refrain from using the social network. In such a difficult situation the user’s choice cannot be referred to as voluntary consent,” the ruling said. The regulator declared that Facebook was in breach of the recently installed European data protection rules and that users will henceforth be required to give informed consent before it can track information beyond the Facebook platform.
Andreas Mundt, president of the Bundeskartellamt, said in a statement that:
“In future, Facebook will no longer be allowed to force its users to agree to the practically unrestricted collection and assigning of non-Facebook data to their Facebook user accounts. The combination of data sources substantially contributed to the fact that Facebook was able to build a unique database for each individual user and thus to gain market power. In future, consumers can prevent Facebook from unrestrictedly collecting and using their data. The previous practice of combining all data in a Facebook user account, practically without any restriction, will now be subject to the voluntary consent given by the users.”
Some have suggested the ruling will ruin Facebook’s plans to merge its subsidiary apps Messenger, Instagram and WhatsApp into one entity.
What does all this mean for America? Maurice Stucke, law professor at the University of Tennessee and antitrust expert, told Wired magazine that the decision may prove influential elsewhere. “This ruling is really an icebreaker. Icebreakers break through the ice in order to lead the path for other vessels to follow,” he said.
Telecom Providers Sell Customer Locations
Facebook may be selling customer data to advertisers, but it’s not the only company that finds such information to be profitable. U.S. telecom providers sold user location data to third-parties, between 2012-2017, alleges website Motherboard. AT&T, T-Mobile, and Sprint sold customers’ GPS locations to data collectors, using information that was supposed to be reserved for 911 emergency responders.
Secretive data collection company CerCareOne (now closed-down) made over 18,000 requests for data over the five years, then sold real-time GPS coordinates to bounty hunters, bail bondsmen, and bail agents for up to $1,100 per location. The data trickled down as bounty hunters were then able to sell the data to others – Motherboard claims its investigative staff were able to purchase such coordinates for $300.
The allegations have prompted 15 senators to write to the Federal Trade Commission and the Federal Communications Commission to investigate the selling of customers’ GPS data. Geoffrey Starks, a recently appointed commissioner of the FCC, responded to the scandal: “[T]he for-profit location data industry has flourished in the shadows without any government oversight. The lights are starting to come on, and I believe that the FCC should use its authority to stop this practice, safeguard the public, and hold those responsible for this outrageous conduct accountable.”
Charles Rhea Shaw III, a bail agent in Georgia who appears to have been a CerCareOne customer, told Motherboard, “This type [of] information is solely used for and extremely beneficial in locating and tracking wanted fugitives.” While that may be the case, the mere fact that exact, real-time locations can be so easily and secretly sold then re-sold to unverified parties, brings forth major privacy concerns for all telecom customers.
That’s all for this week from Tech Tyranny and Digital Despots. Check back in next Monday to find out what’s happening in the digital realm and how it impacts you.
