Is Your Smartphone Spying on You?
Welcome to Big Brother 2.0.
In the 1964 spy flick Goldfinger, James Bond’s gadget arsenal included a “homer,” a tracking device that was sci-fi then and seems quaint now. Today, 007 wouldn’t need it: There are lots of companies selling our real-time location data based on where our cellphone is. They buy this data from not only wireless carriers in the U.S. and Canada but also innocuous apps, like the ones we use to check the weather, get sports scores or read the news. According to a 2018 New York Times exposé, there are at least 75 such data-brokers trading in the whereabouts of millions of devices. “Location information can reveal some of the most intimate details of a person’s life,” U.S. Senator Ron Wyden told the newspaper, “[like] whether you’ve visited a psychiatrist, whether you went to an AA meeting, who you might date.”
If the threat of losing your privacy makes you shrug – after all, why worry if you have nothing to hide? – consider that there’s more at stake than just secrecy. “Privacy is about having personal control over your personal data,” explains Dr. Ann Cavoukian, who leads the Privacy by Design Centre of Excellence at Ryerson University. If you’re personally cool with disclosing exactly where you live, where you go every day, what you write in every email, what you’ve Googled, what pics you’ve snapped and more – well, having privacy means that’s your call. Privacy means control isn’t in the hands of corporations and governments that may vacuum up your data and use it for purposes you can’t predict now, don’t know or don’t want.
“Privacy is an internationally recognized human right. So when we talk about tools and apps violating our privacy, what we’re really talking about is a business model we’re allowing to take away a fundamental right.”
When you think about privacy as a matter of control, it’s more obvious why mass surveillance is a signature of totalitarian states. “You cannot have a free and democratic society without a foundation of privacy,” says Cavoukian. Likewise, Brenda McPhail, director of the Privacy, Technology & Surveillance Project at the Canadian Civil Liberties Association, points out: “Privacy is an internationally recognized human right. So when we talk about tools and apps violating our privacy, what we’re really talking about is a business model we’re allowing to take away a fundamental right.”
The tech we use daily knows us better than our best friend does, and it’s not in the business of keeping secrets. “Basically, it’s without limits,” says Cavoukian, who’s regarded as one of the world’s leading privacy experts, when asked what personal data is being amassed through our can’t-put-down devices. Unless you’ve taken extra security measures, “you have to assume your information is flowing out there,” she adds.
Here’s just some of the data hoarding that’s going on: Facebook knows what you’re doing on Facebook – and off Facebook. It tracks your behaviour around the web in numerous ways, including “like” buttons and the invisible FB pixel embedded on advertiser sites. The latter enables companies to “retarget” you later, serving up a Facebook or Instagram promo for that lipstick you were perusing. Google knows who you are, what you’re searching (from the banal to the deeply intimate), what’s in your Gmail messages and every location you’ve been.
“We’re in the Wild West right now when it comes to these ‘internet of things’ devices.” There’s a lack of regulations restricting what they can and can’t do.
With Facebook and Instagram, there’s also been long-running speculation that these apps are eavesdropping on us. How else to explain that creepy coincidence of seeing an ad pop up that’s promoting a store you just mentioned to a friend over lunch? No one has hard proof, but the rumour won’t die, despite Facebook and IG’s repeated denials. In McPhail’s view, these companies don’t need to tap your mic – they can find out so much about you already, which is no more reassuring.
Then there are smart devices designed to listen, like Google Home and Amazon Alexa. Last year, a woman in Portland, Ore., was alarmed to discover that her Alexa had secretly recorded a private conversation she’d had with her husband – and sent the audio to a random acquaintance. While Amazon cited Alexa’s misinterpretation of words to explain what it called an “extremely rare occurrence,” the case highlights the privacy we give up when we welcome tech designed to eavesdrop. “I won’t have it in my home,” says McPhail. “We’re in the Wild West right now when it comes to these ‘internet of things’ devices.” There’s a lack of regulations restricting what they can and can’t do, she explains.
What the internet’s biggest companies are capable of may not be surprising, but there’s good reason to be suspicious of all apps, from the aforementioned weather checkers, which are reselling real-time location data, to selfie tuners wanting to access your entire camera roll. Consider a recent study done at Northeastern University in which researchers analyzed more than 17,000 Android apps. They found that some were sending screenshots and videos of phone activities to third parties – without getting permission or notifying users. Such a privacy breach could be exploited to, say, steal sensitive info, like your credit-card number.
We’re living in the age of “surveillance capitalism” – corporations are mining the human experience to not only make money but also predict and manipulate our behaviour.
But perhaps the darkest side to apps being capable of spying on us is stalkerware, or what a recent report from the Citizen Lab at the University of Toronto called “the predator in your pocket.” Stalkerware is defined as any software with the ability to conduct surveillance and that can be used, for example, by an abusive partner to control, harass and terrorize a significant other. (Even legit apps, like a GPS tracker intended for keeping tabs on your kid, can be stalkerware if used like this.)
According to a 2014 NPR survey of counsellors at domestic-violence shelters in the U.S., 85 percent had helped victims whose abusers tracked them with GPS. Sometimes, abusers need to get the victim’s phone to install stalkerware; other times, spying is done by getting into, say, a victim’s Apple iCloud account. “These apps, and what they enable people to do, are already illegal, but there’s a lack of enforcement,” says Cynthia Khoo, a research fellow at the Citizen Lab who worked on the stalkerware report.
Privacy experts say that Canadian laws, such as the Personal Information Protection and Electronic Documents Act (PIPEDA), lack teeth and desperately need updating. “Our privacy laws were made at a time when we were worried about keeping files safe in locked cabinets,” explains McPhail.
But as governments lag behind, we’re living in the age of “surveillance capitalism” – a term coined by Harvard Business School professor emerita Shoshana Zuboff to describe how corporations are mining the human experience to not only make money but also predict and manipulate our behaviour. It may sound abstract, but it’s already happening: Last year, news broke that Cambridge Analytica, a political consulting firm that has done work for the Trump campaign, harvested personal info from up to 87 million Facebook profiles to design micro-targeted ads – allegedly for election meddling. How did the company hoover up so much data? By making a seemingly innocent Facebook app: a personality quiz.
So, short of becoming a neo-Luddite, what’s the solution? “It’s not realistic to tell people to simply give up these services,” says Khoo. “We have to put pressure on companies to do the right thing and put pressure on regulators and politicians to enforce the laws – putting the onus to act where it belongs.” It’s possible: While Canadians wait for PIPEDA to be over-hauled, last spring the E.U. implemented the world’s strictest data privacy laws, known as the General Data Protection Regulation (GDPR). But until everyone else catches up? You’d be wise to use your gadgets with your own eyes wide open.
A Few Ways To Take Back Some Control of Your Personal Data
Choose devices and apps carefully
Dr. Ann Cavoukian personally favours Apple devices because they have stronger privacy protection. With any given app, you don’t know what will happen with your personal data, so ask yourself if you need it enough to accept the risks.
Switch to sites that guard privacy
Wary of Google knowing all? DuckDuckGo is a privacy-focused rival search engine that doesn’t track you and sells nothing to advertisers.
Which apps are tracking your location at all times? Or seeing your contacts, getting into your calendar and accessing your camera or mic? Review your settings and revoke permissions you’re not cool with.
Set up device encryption
If you do only one thing, it should be this, advises Brenda McPhail. Encryption makes your phone data readable only when your device is unlocked. Look for device-specific how-tos online.
This article originally appeared in the October 2019 issue of ELLE Canada.