Every border you cross, purchase you make, call you dial, friendship you keep, site you visit…is in the hands of a system whose reach is unlimited but whose safeguards are not.
A major facet of the Information Apocalypse is the cumulative erosion of personal privacy. The Surveillance Apocalypse has been sneaking up on us for several years and continues to grow, aided not only by personal preferences and business advances but also by the yin and yang of technology’s convenience and opportunity balanced against its opposite, the risk to privacy and the threat to personal identity.
The Department of Defense (DoD) kicked off 2020 with a ban on the popular Chinese app TikTok. The app exploded in popularity in 2019, with its short video format and appeal to Gen Z users. The Army even used it as a recruiting tool along with Instagram and other social media platforms as part of its new recruiting strategy, the ‘Warriors Wanted’ campaign. The Army believed 30-second videos and memes would be more effective than television commercials at audience penetration.
Action shots of military hardware are the type of video subjects that goes viral. That happened as planned on TikTok with scenes of paratroopers jumping out of helicopters and aircraft doing tricky and impressive maneuvers. But what else did those videos reveal while showcasing weapons platforms, new training or advanced technological capabilities? The answer was user data, including IP addresses, metadata, and other potentially sensitive information. Alarmed by Chinese laws requiring domestic companies “to support and cooperate with intelligence work controlled by the Chinese Communist Party,” Senator Chuck Schumer urged the Army to assess potential risks because of this seemingly innocent app. That warning resulted in the recent instruction to Soldiers to avoid using TikTok, and urging Army personnel and their families to uninstall the app from personal devices, phones, and tablets.
This is not the first time a specific platform has been targeted for avoidance. In 2016 DoD advised service members to avoid Pokemon Go because it tracked user locations. Some users ventured into restricted areas on military installations while playing.
Smart watches and fitness trackers have also come under scrutiny. GPS-based geolocation features present in devices like smart phones, Apple Watches, and other devices including fitness trackers were banned for service personnel while deployed. DoD found that fitness trackers posed a threat because they could reveal the location of soldiers and patterns in their travel when deployed. But operational requirements are the yin to the yang of operational security. The Army recently awarded a contract to Robotic Research Company LLC for a sensor to be worn on a boot and can be used to track soldier locations, even in GPS-denied environments.
It adds up, piling onto the burgeoning mountain of data discards that reveal our daily movements, conversations, buying history, and more.
Millions of people “carry spies in their pockets.” Researchers recently tracked the exact location of the President due to the location pings from a Secret service agent’s smartphone. The privately owned vehicle that travels from a soldier’s home to office transmits data about the drive, (the route, the time involved) and the destination, even the driver’s acceleration and braking habits. Most new cars in 2020 come with built-in internet connections, transmitting data directly to manufacturers, insurance companies. It adds up, piling onto the burgeoning mountain of data discards that reveal our daily movements, conversations, buying history, and more.
Voice assistants such as Alexa, Siri, Cortana and others listen and record. Doorbells watch, and can share with neighbors and law enforcement what they learn. What does that data do when it is sent back to the company who programmed its harvest? It is more than shopping habits consumers need to be concerned about. It is passive listening, collection, sale to third parties, and use of data for surveillance, manipulation, and information operations.
The means by which personal data can be harvested from unassuming individuals has grown exponentially over the past few years. But the risks go beyond just new technologies, apps, and platforms. Our most personal information—down to our genetic code—is at risk for exploitation.
The seemingly benign family genealogy sites that offer kits for individuals to trace their heritage through DNA research have come under fire. In 2018 the Golden State Killer was nabbed using information from an ancestry site that linked his DNA to a crime scene. Some companies continue to provide ‘evidence’ and genetic profiles to law enforcement, or private entities working with law enforcement, on a case by case basis. The problem continues to be that private data released deliberately or inadvertently could have major impacts, from paternity testing, to discovery of existing health issues, or even a genetic predisposition to cancer or other serious afflictions. DoD officials were alerted to the issue last fall when it was brought to their attention that direct to consumer (DTC) testing companies, like Ancestry and 23andMe were offering discounts to service members to take the DNA test. Both companies stated that they were diligent in protecting user data and did not target service members. The DoD Memo published Dec 20, 2019 states, “Exposing sensitive genetic information to outside parties poses personal and operational risks to Service members.”
The genetic fingerprint, whether exposed through family DNA testing or a retina scan could potentially be used for mass surveillance, to identify individuals involved in a covert action, or lead to their discovery when entering a foreign country under a different name. The two-edged sword could be used effectively by law enforcement and military personnel but could also be weaponized by foreign governments or non-state actors for nefarious purposes.
Airport security enhancements continue to improve security and simultaneously erode privacy. Biometric boarding is now used by several airlines and at a growing number of airports in the U.S. Customs and Border Protection also uses fingerprints and facial recognition at kiosks for returning international passengers who are enrolled in the Global Entry program. The benefits are obvious: faster transit and less hassle for passengers. But there are also concerns about the data and how it is protected. Government systems are not impervious to breaches. More than five million people were affected by the Office of Personnel Management (OPM) data breech in 2015, which resulted in the theft of more than 21.5 million records, including social security numbers, names and addresses, and fingerprints.
“Only the paranoid survive,” said Sara Swisher of the New York Times. How soldiers protect themselves is the big question, particularly when the most innocent of cool devices, toys that connect to the internet, even simple downloaded gaming apps or maps ….All can potentially reveal each day’s browsing history, reading choices, travel plans, destinations, and even health decisions. Preventing the data dump may be inconvenient. But it also may be necessary.
There is growing public awareness about some security measures. Don’t ask voice assistants questions while in public places and beware of public access sites for phone charging stations. If you use voice assistants, continue to delete data on a regular basis, just as you delete cookies from your browser. Individuals in intelligence or special operations forces may decide to decline to participate in facial recognition to ease boarding a flight. Likewise, personal smart phones must be monitored – don’t accept the default settings on any communications device. Use complex passwords and two forms of authentication. Don’t reveal personal information such as birth dates, hometown, or phone numbers on social media sites. Keep checking for potential breeches. Switch off all of the location monitoring access buttons on personal smartphones. Change the default setting from “Always on,” to “Ask next time.”
These “dos and don’ts’ require constant monitoring. Hyper awareness is necessary to keep on top of potential issues. Where to go for help? Will an app that keeps passwords actually keep those passwords or share them? Can it resist outside efforts to access them? What else can be done? The truth is that the majority of people don’t have the time or the expertise to defend themselves from this nefarious offshoot, the Surveillance Apocalypse.
All consumers need to pay attention to changes in the law concerning data protection and privacy. The U.S. still doesn’t have a broad privacy law like the European Union’s General Data Protection Regulation (GDPR). The U.S. is moving in that direction but it appears to be difficult at this time to gain consensus on how to move forward. Action to date has taken the form mostly of regulatory fines and a focus on tech regulation and anti-trust action.
States are taking action. In January 2020 the California Consumer Privacy Act (CCPA) took effect. It directs companies to tell consumers what data they have collected about them, and on request, to stop selling it. This requires companies to be cognizant about their data collection practices and storage. New York and Washington are considering similar laws and globally, India is also looking at a similar law while the U.K. will be developing its own privacy protections once Brexit takes effect.
The threat continues to grow; while changes are coming in laws and law enforcement, individual efforts only go so far. Perhaps consumers need something along the lines of a Privacy Advisor, performing the role of shield, teacher, and supporter in much the same way a financial advisor does. The new privacy laws in Europe and California, and the potential for more in other states mean that there is an opportunity for existing and start-up businesses to provide those health checks.
There is a growing number of apps designed to safely store passwords, delete old texts, or social media posts and photos, such as Lifelock, Private Photo Vault, and hundreds more. Jumbo is one new app that purports to “Help build an internet we can all trust. We believe that your data belongs to you, which is why we fight so hard to give you the tools you need to protect your personal data and privacy. Download today and take back your privacy!” New apps are arriving daily. Some increase parental controls. Others block participation in certain social media settings. Whether it’s access, deletion, or simply opting out, changes continue to arrive with a downpour of options.
While it is impossible to predict where these trends will go, we do know that protecting ourselves is a lifelong project. While media literacy education efforts by parents and in schools are a beginning, they may be insufficient. Education can help develop critical thinking skills, but critical thinking (especially in young brains and bodies) often can’t stand up to social and peer pressure. Soldiers don’t leave their lives as young men and women behind when they put on the uniform. We need to ensure that our technology is sufficiently advanced to protect them operationally and that they are educated to the point to be able to take measures to protect themselves and their families personally.
Once upon a time, checkbook management classes for Soldiers were thought to be innovative. Maybe classes on media literacy and privacy protection should be next.
Mari Eder is a Featured Contributor to WAR ROOM. She is a retired major general in the U.S. Army and an expert in public relations and strategic communication. The views expressed in this article are those of the author and do not necessarily reflect those of the U.S. Army War College, U.S. Army, or Department of Defense.
Photo Credit: U.S. Air Force photo by Mark Herlihy
WAR ROOM Releases by Mari Eder:
- THE INFORMATION APOCALYPSE, PART VII: COMPETENCE AND ETHICS
- THE INFORMATION APOCALYPSE, PART V: THE FOURTH ESTATE
- THE INFORMATION APOCALYPSE, PART IV: INTELLIGENCE SECRETS OF SUCCESS
- INFORMATION APOCALYPSE, PART III: THE WAR ON REALITY
- INFORMATION APOCALYPSE, PART II: THIS TIME, IT’S PERSONAL
- THE INFORMATION APOCALYPSE … IS ALREADY HERE