Tag Archives: geolocation and right to privacy

How to Categorize Individuals: Surveillance Pricing

Leave a reply

The United States Federal Trade Commission issued orders to eight companies offering surveillance pricing products and services that incorporate data about consumers’ characteristics and behavior. The orders seek information about the potential impact these practices have on privacy, competition, and consumer protection.

The orders are aimed at helping the FTC better understand the opaque market for products by third-party intermediaries that claim to use advanced algorithms, artificial intelligence and other technologies, along with personal information about consumers—such as their location, demographics, credit history, and browsing or shopping history—to categorize individuals and set a targeted price for a product or service. The study is aimed at helping the FTC better understand how surveillance pricing is affecting consumers, especially when the pricing is based on surveillance of an individual’s personal characteristics and behavior.

“Firms that harvest Americans’ personal data can put people’s privacy at risk. Now firms could be exploiting this vast trove of personal information to charge people higher prices,” said FTC Chair Lina M. Khan. “Americans deserve to know whether businesses are using detailed consumer data to deploy surveillance pricing, and the FTC’s inquiry will shed light on this shadowy ecosystem of pricing middlemen.”

The FTC is using its 6(b) authority, which authorizes the Commission to conduct wide-ranging studies that do not have a specific law enforcement purpose, to obtain information from eight firms that advertise their use of AI and other technologies along with historical and real-time customer information to target prices for individual consumers. The orders were sent to: Mastercard, Revionics, Bloomreach, JPMorgan Chase, Task Software, PROS, Accenture, and McKinsey & Co.

FTC Issues Orders to Eight Companies Seeking Information on Surveillance Pricing, Press Release, July 23, 2024

How They Sold Us Out: Mobile Companies and Data Privacy

Leave a reply

On April 29, 2024, the US Federal Communications Commission (FCC) fined the
nation’s largest wireless carriers for illegally sharing access to customers’ location information without consent and without taking reasonable measures to protect that information against unauthorized disclosure. Sprint and T-Mobile – which have merged since the investigation began – face fines of more than $12 million and $80 million, respectively. AT&T is fined more than $57 million, and Verizon is fined almost $47 million.

The FCC Enforcement Bureau investigations of the four carriers found that each carrier sold access to its customers’ location information to “aggregators,” who then resold access to such information to third-party location-based service providers. In doing so, each carrier attempted to offload its obligations to obtain customer consent onto downstream recipients of location information, which in many instances meant that no valid customer consent was obtained.

This initial failure was compounded when, after becoming aware that their safeguards were ineffective, the carriers continued to sell access to location information without taking reasonable measures to protect it from unauthorized access. Under the law, including section 222 of the Communications Act, carriers are required to take reasonable measures to protect certain customer information, including location information. Carriers are also required to maintain the confidentiality of such customer information and to obtain affirmative, express customer consent before using, disclosing, or allowing access to such information. These obligations apply equally when carriers share customer information with third parties.

“The protection and use of sensitive personal data such as location information is sacrosanct,” said Loyaan A. Egal, Chief of the FCC Enforcement Bureau and Chair of its Privacy and Data Protection Task Force. “

Excerpts from FCC Fines, ATT&T, Sprint, T-Mobile, and Verizon Nearly $200 billion for Illegally Sharing Access to Customers’ Location Data, FCC Press Release, Apr. 29, 2024

What Do You Do When You Are Up for Sale?

Leave a reply

Under an executive order issued on February 28, 2024, specific classes of Americans’ sensitive data, including genomic, biometric, personal health, geolocation, financial and certain types of personal identifiers, will generally be barred from being sold or transferred in vast tranches to “countries of concern” or vendors known to supply data to them. The countries of concern are China, Russia, North Korea, Iran, Cuba and Venezuela, and have a record of misusing data on Americans, an official said.

In 2023, the U.S. intelligence community issued a groundbreaking report acknowledging that the vast amount of Americans’ personal data available for sale, which are often bought and repackaged by data brokers and then resold through a labyrinthine ecosystem of vendors and resellers, has provided a valuable stream of intelligence for the U.S. government and adversaries alike. The report, commissioned by Director of National Intelligence Avril Haines, admitted that such streams created significant threats to privacy, and had rapidly grown in scale such that they had begun to replicate the results of intrusive surveillance techniques, such as hacking, that are typically more targeted.

The executive order is notably silent on the purchasing of commercially available data sets by the U.S. government.

Excerpts from Dustin Volz, U.S. Limits Sales of Americans’ Personal Data to China, Other Adversaries, WSJ, Feb. 129, 2024

Unstoppable: How the FBI Mines Personal Information

Leave a reply

The Federal Bureau of Investigation’s access to a controversial intelligence trove of intercepted emails, texts, and other electronic data should be curtailed following serial missteps that have damaged public and congressional trust in the surveillance tool, a White House panel of intelligence advisers has concluded. in July 2023. The recommendation and others made by the panel come as a challenge to the Biden administration, which has spent months aggressively lobbying lawmakers to preserve the spying program, which is set to expire at the end of 2023. At issue is the FBI’s access to a cache of data collected under what is known as Section 702 of the Foreign Intelligence Surveillance Act.(FISA)..Top Biden administration officials have said the program—classified details of which were revealed 10 years ago by former intelligence contractor Edward Snowden—is among the most vital national security tools in their possession, critical to preventing terrorism, thwarting cyberattacks and understanding the aims of adversaries such as China and Russia. It allows the National Security Agency to siphon streams of electronic data from U.S. technology providers such as Meta and Apple. The data, collected in intelligence repositories, can then be searched without a warrant by spy agencies including the FBI, which has a robust counterintelligence mission.

The board was critical of the FBI’s history of wrongfully plumbing American data in the Section 702 trove, which have included improper searches of George Floyd protesters and sitting lawmakers, and said reforms needed to be adopted and codified in law.

Excerpts from Dustin Volz, FBI Access to Spying Tool Should Be Restricted, Panel Advises, WSJ, July 31, 2023
See also pdf

The Law of the Jungle for Personal Data: Who Benefits?

Leave a reply

The vast amount of Americans’ personal data available for sale has provided a rich stream of intelligence for the U.S. government but created significant threats to privacy, according to a newly released report by the U.S.’s top spy agency. Commercially available information, or CAI, has grown in such scale that it has begun to replicate the results of intrusive surveillance techniques once used on a more targeted and limited basis, the report found. “In a way that far fewer Americans seem to understand, and even fewer of them can avoid, CAI includes information on nearly everyone that is of a type and level of sensitivity that historically could have been obtained” through targeted collection methods such as wiretaps, cyber espionage or physical surveillance, the report concluded. 

In recent years, data brokers’ offerings have grown from basic address history and demographic information to include the trail of information generated by smartphone devices and apps, social-media platforms, automobiles and location trackers such as fitness watches. Such detailed information can now “cause harm to an individual’s reputation, emotional well-being, or physical safety,” said the report, which urged the intelligence community to develop better policies, procedures and safeguards around its acquisition of such information.  Virtually anyone can purchase the data, and the marketplace is loosely regulated in the U.S., which has no comprehensive national privacy law. 

Much of that data is sold to the government by vendors who claim it is “anonymized”—stripped of personal information such as names or addresses. But privacy advocates and researchers say that in the case of geolocation information on phones or cars, a name can often be inferred: Individuals typically park their cars at night and set down their phones at their homes. In the case of certain internet data, browsing behavior also can reveal personal information.

“If the government can buy its way around Fourth Amendment due-process, there will be few meaningful limits on government surveillance,” Wyden said in a statement, referring to the U.S. Constitution’s protections against “unreasonable searches and seizures.”

Excerpts from Byron Tau and Dustin Volz, U.S. Spy Agencies Buy Vast Quantities of Americans’ Personal Data, WSJ,, June 13, 2023