The dark side of dataveillance

Chennai

He shot out this tweet: “Free this week, for quick gossip/prep before I go and destroy America”. In British slang, ‘destroy’ implies partying and having a good time. And Bryan willfully meant the same. But the Department of Homeland Security, which scans social media for terrorist threats, took the tweet literally and presumed Bryan and his companion to be terrorists. Hence, immediately upon their arrival, Bryan and his travel partner, 24-year-old Emily, get handcuffed and put in prison with alleged Mexican drug dealers for twelve hours. After an uncomfortable night of interrogation in separate enclosures, Van Bryan and Emily are hurled into a plane and deported back to Britain. Sadly, for Bryan and Emily, dataveillance by the US authorities had done them in, and the only stuff destroyed were their visas and vacation.

Dataveillance is a portmanteau of data and surveillance. It is the practice of monitoring digital data relating to personal details or online activities. We leave a trail of data in the digital space as text messages, phone records, browsing history and e-mail. The data left behind by us are exploitable by companies, data aggregators and data brokers. Some examples of Dataveillance are monitoring data from credit card transactions, GPS coordinates, e-mails, mobile phones, social networks, etc.

Dataveillance is today widespread; its powers are getting unleashed phenomenally. Pegasus superbug is a case in point. Pegasus is a mythical, divine winged horse from Greek mythology that is the offspring of Olympian God Poseidon. The modern Pegasus, which is stirring the hornet’s nest today, is sophisticated Israeli spyware that can bypass phone security and access all data, including WhatsApp messages. It can access data from any mobile phone, including iPhones, which Apple claims to be impregnable. It also can switch on the phone’s microphone, camera and record data without the user being aware.

The Pegasus bug has damaged the democratic reputation of India after the news of its infiltration into millions of mobile phones in a dozen countries surfaced. Pegasus has excellent surveillance/dataveillance capabilities. The spectre of clandestine surveillance through Pegasus spyware has spurred a furious verbal duel between India’s ruling and opposition parties. It may be improper to elaborate further here on the Pegasus controversy, as the matter is sub judice. However, it is imperative that we take cognisance of advances in surveillance/dataveillance methods and incorporate appropriate amendments in Section 69 of the Information Technology Act and enact a dedicated cyber-law to prevent abuse of Pegasus kind of advancements in surveillance.

Over the years, dataveillance has been beneficial to the police to assess security threats associated with terrorism and investigate criminal cases. Police have resorted to dataveillance to predict potential terrorist or criminal threats. Dataveillance amasses data. Hence, it is beneficial for predictive policing as it generates an enormous amount of data. Predictive policing based on dataveillance is helping police predict and prevent crimes.

Financial institutions are using personal dataveillance to track fraudulent purchases on credit card accounts. And businesses are using it to identify potential clients to sell their products. Businesses and websites install cookies to track our online activities and get valuable data in the process that gets sold to other companies or third parties.

Similarly, market analysts use data from supermarkets and online stores to profile customers and predict purchase behaviour. For instance, dataveillance helped a supermarket conclude that a teen customer was pregnant even before her father could know of it. A father in Minneapolis discovered her teen daughter’s pregnancy not from the horse’s mouth but the local Target supermarket. Teen’s father became frantic when the Target store started delivering coupons for baby’s clothes and cribs to their residence. Angry and upset over Target’s promotion, the teen girl’s father scampered to the store and began yelling at the store manager for sending baby coupons to his 15-year-old daughter. However, a few days later, the teen girl’s father called the store and apologised after learning the truth about his daughter’s pregnancy from her. Target stores could discern patterns by analysing customer data, such as buying patterns, credit cards, loyalty cards, and products. Target’s statistician Andrew Pole observed that women on baby registries were purchasing enormous quantities of unscented lotion at the onset of their second trimester. Using the data, Target could estimate the customers due date within a small window to send coupons timed to specific stages of customers’ pregnancy.

Likewise, when we subscribe to the internet and social media, the challenge we confront is that they use the data furnished by the subscriber in a particular context in unpredictable ways, with substantial consequences. For instance, Bobbi Duncan, a 22-year-old lesbian and Taylor McCormick, a gay male, both Texas University students, wanted to keep their sexual orientation hush-hush. But Facebook spilt the beans when they joined the ‘Queer Chorus’ group to meet other LGBT students. After their enrolment, the president of the Queer Chorus added them to Facebook’s group discussion page, for which he did not need their permission. But the president was unaware that the software would automatically notify their other Facebook friends regarding their inclusion as new chorus members. So when he added them, Facebook delivered an automatic notification to Bobbi’s and Taylor’s entire list of friends, including Bobbi’s father, notifying them of her entry into Queer Chorus.

Dataveillance also operates through digital technologies, such as apps, wearables, and other IoT devices. For example, the ‘Google Now’ app accesses our digital footprints. What if a particular husband’s mobile phone was in the vicinity of another woman’s mobile on a specific night? What would that data suggest to Google or others? Studying data patterns of a person could reveal almost everything about a person’s life. Further, the famous ‘OkCupid’ app requires users to fill in data like their preference for sexual partners, group sex, alcohol and illegal drug use, etc. Therefore, novel forms of data-driven surveillance seem to be endlessly emerging.

Finally, authorities and marketers are increasingly becoming obsessed with data, and the scale of data that is getting harvested is mindboggling. People soon will not be happy to know that everything they do is getting tracked and watched. They are becoming weary of it, and the data bubble, which is getting bigger, is about to burst.

— The writer is ADGP, Armed Police