I'm Flore Lictman and you're listening to Science Friday. As ice cracks down in Minneapolis and across the country, reporters and privacy advocates have drawn attention to the technology that the agency is using. Facial scanning without consent, using private health records to make arrests, using phone data to track people's location in real time. So we're taking a step back. How does all this work? How does the US's data ecosystem make it possible, not just for ice, but other government agencies and businesses to buy our private data? And what actually happens after we send that DM or open up Instagram at a protest to post a picture? Here to help is Laura Moy, associate professor of law at Georgetown Law. She's testified in Congress about privacy laws and how data brokers profit off of personal data. And she's partnering with organizations that work for stronger privacy laws. Hey, Laura. Hi. All right. You know, I think we've all heard that we can be tracked, but I want to get into the details. What does that mean exactly? Are we talking about my messages, my DMs, my car? Walk us through it. We're pretty much talking about all of the above. So we all carry a very powerful tracking and computing device with us everywhere we go now. It's our smartphone. And people take them in the car with them when they go to work. They take them when they go pick up their kids from school. They take them to church when they go to worship. And some people even take them in the shower. And all of that time, those devices are generating all kinds of information about us where we go who we communicate with, what apps we like to use, what websites we like to browse. And any and all of that information might be subject to collection. And in addition to that, you mentioned cars. We also have license plates on our cars. And as I think most folks are aware, there are cameras everywhere now that track where our cars are going. We might see them as red light cameras or speeding cameras or maybe parking garage cameras. And to private companies and then to those that purchase information from private companies like the government. And then in addition to that, there's information about ourselves that even if we don't have a phone or a car with us when we're going somewhere, we can't help but share. And that's our faces. You mentioned facial recognition technology that ICE is now using. We carry that information with us everywhere we go and a government agency that wants to deploy a powerful technology to try to identify us out in the field can now do that just using a mobile app on their end. ICE has a really powerful app now called mobile fortify. And it is error prone. It has misidentified multiple people but ICE is using it to try to identify people as they are out in the field. Can you opt out of any of this? I mean, obviously you can't opt out of your face or your car getting scanned but what about your phone? Like does it come down to turning off location services or is it way beyond that? I think for the average person, it is way beyond that. But honestly, even for a pretty tech savvy person, it's way beyond that. There are some things that we can turn location services off and then we know that our information isn't being shared directly with that app. However, some of the information that has come out about location tracking companies that sell location information to government agencies suggests that sometimes location tracking is happening in other ways. For example, through mobile ad spots, when you look at a website or an app on your phone and you see an advertisement in it, you might think that that advertisement is being shared with you based on what's on the website or the app that you're viewing. In reality, that advertisement might be being placed in a very short moment based on information about you that is sent to an advertising network and then the advertising network determines the most appropriate ad to display to you. And the information that goes out about you to the advertising network often includes location data and that can happen even if you're not aware that you're sharing location data by visiting that website. So there are some things that we can maybe opt out of. There's a lot that we can't and then of course for folks who have to drive places, we really can't do anything about sharing location through our license plates. You have to have a license plate on your car. And what about, you know, if your social media account is private, for example, is that a meaningful distinction in terms of how that data gets tracked and sold? It is still a meaningful distinction, but it's certainly not an airtight way to protect ourselves. And I guess one other thing that I'd say about that is even when you're sharing information over social media privately with folks that you know and are connected to, there's always a possibility that the network itself, that the social media provider is also gaining insight into your activity through that service. And there's no perfect guarantee that that information can't be mined to gain insights about you either by the social media company or maybe eventually by the administration. You know, I want to trace how our data is collected and then where it goes sort of beginning to end. So we've been talking about the sort of data gathering, then who takes it and where does it go? Yeah, it's so confusing because that data can go so many different places. When a person is using their cell phone, something that they may not realize is that they are sharing information with their cell phone provider, their cell service provider, also with the maker of the cell phone, also with every social media service or app that they use, also with advertisers through websites and through email and other communications that they have. They're just kind of constantly sharing information with many, many different parties through that device. So you kind of ask what happens to that information? A lot of that information then gets kind of vacuumed up, bought up by what are called data brokers, these companies that specialize in collecting information from lots of different sources and aggregating it and then repackaging it and reselling it or selling access to that information to others that might want it. In most cases, advertisers or marketers who want to gain your attention and your interest in products, they want to sell you things, but sometimes it's the government. I think that that's one thing that has become really, really clear in recent months is that this administration, perhaps more than ever before, has been using those commercial resources, it resources available through data brokers to track people down again for purposes of finding people and deporting people for figuring out where they live and where they work so that it can capture them at those places or to locate folks for the purpose of suppressing descent. I mean, how integrated is this data collection? Are our data brokers able to combine my location data, the fact that I was at a protest and my healthcare data that says I have a pre-existing condition and my social media and where I went in my car into one profile or is it piecemeal and owned by different companies? I think that the fact that that information can be combined is one of the things that is scariest about advances in computing and advances in data processing. So I think most people think that it would be really difficult to combine all that information about them and they think not only do I have nothing to hide, but also nobody would ever be so interested in me that they would combine all of that information, that they go through all that trouble. But the reality is that that process can be done at scale in an automated way, really quickly and cross-referencing of different data sources is actually quite trivial. So if I can just link it back again to ICE, one of the things that folks may have been reading about in the news is about ICE's relationship with a big company called Palantir and one of the things that Palantir's platform does that makes it such a powerful and frankly terrifying platform is that it does link data from lots of different sources and enable ICE very quickly to pull from all of those different sources about one person and even to add its own information gathered from agents out in the field to the network of data sources. So just to make that concrete, what does that look like? That looks like data brokers that collect information about you from advertising networks combined with location data brokers that hold information about the location of your phone and everywhere that you've been in the past month, combined with information about you from the driver's license database in your state that contains a high resolution photograph of your face along with your address, combined with any other number of other records, not only about you but about all of your family and associates that you're close with. It's shocking. I mean, I think I just want to underline this because I think you're right. I think a lot of people think, well, the scale of this data must provide some anonymity. It's just too much. But what I'm hearing you say is that that's wrong. Yeah, I think that's wrong and I think that it used to be true, at least to some extent. And as I said, I think that due to advances in automated data analysis techniques, it's just not true anymore. Why do we not have laws to protect our private data? I grew up when you had to get a war, you know, a phone tap. What happened? I mean, you still do, right? You know, in theory, at least we still have the fourth amendment that protects us from certain unwarranted access to and collection of information. But setting that aside and setting aside, perhaps the fact that ICE has recently declared that it does not need a fourth amendment warrant to enter people's homes. Why do we not have privacy laws? There's a variety of factors. One of them is that, as I kind of mentioned before, the technological landscape has changed dramatically in a relatively short period of time. And laws haven't kept up. In addition to that, I think, you know, some folks will know that there have been multiple efforts to try to pass a comprehensive privacy law that would kind of mandate things like data minimization and a deletion horizon that says that companies that are collecting your information have to delete it after a certain period of time that would kind of create some baseline rights for people and also prohibit the use of our private information for being used for nefarious purposes. Those laws just haven't managed to pass at the federal law. There's been a little bit more progress at the state level, but I think it's still too early in those efforts to see whether those state laws are really going to protect folks from misuses of their information by companies that sell it to agencies like ICE. And I guess another thing that I would say is that the companies that don't want strong privacy laws fight tooth and nail against a privacy law that might threaten to limit the amount of, for example, again, location information that they can have about an individual. As if I know where you go every day, I know where your kids go to school and I know where you worship and I know where you shop, then I can really successfully target my advertisements to you. And that makes that information valuable. It makes it very threatening to companies that advertise and companies that depend on advertising to see privacy laws potentially passed that protect the location of our phones and our cars. So I think that that's another big reason that we don't have strong privacy laws that are very clearly protecting the location of our phones. What are your personal privacy protocols? I opt out of information and data sharing whenever I can. I use encrypted communications whenever I can, like signal, yes, like signal, and that gives me some comfort. And I try to remain aware of the fact that I may be tracked wherever I go. But I mean, I know it's really, it's not a huge comfort. It's not a huge comfort. We need to solve this problem not at an individual level, but at a societal level. And the way to do that is through legislation and policy. That's why I do the policy work that I do. And it's why I think that folks really should care about privacy laws and trying to get them passed and advocating for stronger protections, paying particular attention not just to their individual rights as consumers, but to the protection of information that is likely to be misused to go after the most oppressed and most targeted among us. And right now, you know, we see that that is immigrant and mixed status communities, but sometimes it is low wage workers, right? There are folks who get targeted for nefarious uses of data. And we really should be passing stronger privacy laws to protect those folks. Laura Moe is an associate professor of law at Georgetown Law. Laura, thank you so much for taking the time. Thank you. I really appreciate you covering this important topic. And it was a pleasure speaking with you. My pleasure too. This episode was produced by Deep Pedershmit. And if you'd like to get this podcast delivered to you by passenger pigeon after hearing this episode, please let us know along with any other thoughts, questions, or feelings. 877-4Syfry. We really do always love to hear from you. 877-4Syfry. Thank you for listening. I'm Flora Licktman.
