Search
User Avatar Login
The Defender
  • Explore The Defender
  • Categories
    • CHD.TV
  • Explore CHD.TV
  • Archive
    • Resources
  • Explore Our Resources
  • CHD Bookstore
  • CHD Films
  • eBooks
    • Community
  • Explore Advocacy
  • Community
  • Advocacy Help
    • Science
  • Explore the Science Section
  • Science Library
  • Vaccines
  • Electromagnetic Radiation
    • Legal Justice
  • Explore Litigation
  • Learn The Law
    • About Us
  • About Children’s Health Defense
  • More from CHD
    • Electromagnetic Radiation & Wireless

    Privacy and Surveillance

    Privacy concept graphic with man carrying suitcase.

    Privacy refers to the ability to decide what is disclosed to external entities while maintaining a level of control over how those disclosures are used. Despite the importance of privacy in many aspects of human life, including freedom of movement, privacy of personal data, bodily autonomy and privacy of thought, technological advancements have enabled highly sophisticated means of privacy invasion. In recent decades, this has largely been due to the expansion of wireless networks and smart city technologies, purposefully designed to track, trace and control citizens around the world. Explore the sections below to learn more about the current and future privacy implications of smart city technologies.

    Internet of Things (IoT)

    The Internet of Things (IoT) is a massive network of real-world objects embedded with sensors and other technologies designed to automate functions and processes by collecting large volumes of fine-grained, real-time data and exchanging that information with other IoT devices via the internet. Simply put, the IoT is the transformation of everyday objects into internet-enabled devices that can talk, think, act, and interact. The IoT network has the potential to generate up to $11 trillion in economic value in 2025 and is forecasted to reach over 29 billion devices worldwide by 2030, almost doubling the 15 billion devices in 2023.

    While IoT technologies differ in design and function, they share four main components: sensors, cloud connectivity, data processing, and a user interface. The sensors are the physical components of IoT devices that collect data about the physical environment of the object, including cameras, accelerometers, gyroscopes, thermometers, infrared detectors, motion sensors, pressure gauges, smoke detectors and humidity sensors. As the sensors collect information, it is transferred to a cloud storage system accessed over the internet via wireless communication, such as cellular, WiFi, Bluetooth or satellite. Once transferred to the cloud, software tools are used to process and analyze the data to accomplish a particular task or function. For example, data collected from a smart home camera can be processed to identify intruders in a home. Once collected and processed, it is relayed to the end user via a user interface, often through an alert on a smartphone application. The user interface can simply relay information to the end user, such as alerting the homeowner of the intruder, or it can allow the user to affect the physical environment of the sensor, such as notifying the authorities.

    The Internet of Everything (IoE), the second generation of IoT (IoT 2.0), takes the IoT and the Internet of Bodies (IoB) even further. The IoE broadens the IoT’s reliance on machine-to-machine (M2M) communications to include machine-to-people (M2P) and technology-assisted people-to-people (P2P) communications. Industry expert Cisco defines the IoE as “the networked connection of people, process, data, and things’.” The European Commission’s Joint Research Centre explains that while the IoT connected “as many ‘things’ as possible,” IoT 2.0 “deals with generating actionable intelligence from devices and their data” and promises to “revolutionize the digital-physical interaction patterns.”

    Privacy Risks of the IoT

    Data generated by the IoT and IoE is ripe for exploitation by third parties and malicious actors. The very presence of surveillance-enabled devices in intimate spaces jeopardizes traditional notions of privacy and anonymity.

    Data Privacy and the Internet of Things (2022)UNESCO Inclusive Policy Lab

    “If left unchecked, the increasing volume and variety of IoT data … may lead to an expansion of surveillance capitalism with even more far-reaching consequences.”

    “IoT devices can be used by various entities to colonize and obtain access to people’s homes and bodies while potentially decreasing their anonymity. This possible corporate colonization and surveillance may limit individuals’ ability to determine what happens to their information and may decrease their ability to shield themselves, their emotions and their daily activities from various actors.”

    For Safety’s Sake, We Must Slow Innovation in Internet-Connected Things (2018) MIT Technology Review

    “The point is that innovation in the Internet+ world can kill you. We chill innovation in things like drug development, aircraft design, and nuclear power plants because the cost of getting it wrong is too great. We’re past the point where we need to discuss regulation versus no regulation for connected things; we have to discuss smart regulation versus stupid regulation.”

    Privacy and the Internet of Things: Emerging Frameworks for Policy and Design (2018)UC Berkeley Center for Long-Term Cybersecurity

    “The Internet of Things heralds a qualitative shift in how privacy is managed, both by people and by the organizations that create, sell, and operate internet-connected devices. The IoT amplifies prior privacy challenges, such as the opacity of data flows and actors, and it creates new issues, such as enabling the stockpiling of emotional data.”

    “Yet the IoT also has potential to alter our lives in other ways, including by normalizing practices that in other contexts would be regarded as an invasion of privacy. The ultimate effects of this normalization are unclear: if children know that their teddy bear is watching them (or by extension, adults know that their smart TV is watching them), how will this affect their behavior? How do people meaningfully grant consent to be observed in a world of pervasive surveillance? How does the proliferation of internet-connected devices alter our traditional notions of privacy?”

    “The IoT has the potential to diminish the sanctity of spaces that have long been considered private, and could have a ‘chilling effect’ as people grow aware of the risk of surveillance.”

    Daniel R. Coats Statement for the Record: Worldwide Threat Assessment of the US Intelligence Community (2017) Senate Select Committee on Intelligence

    “Our adversaries are likely to seek capabilities to hold at risk US critical infrastructure as well as the broader ecosystem of connected consumer and industrial devices known as the “Internet of Things” (IoT). Security researchers continue to discover vulnerabilities in consumer products, including automobiles and medical devices. If adversaries gain the ability to create significant physical effects in the United States via cyber means, they will have gained new avenues for coercion and deterrence.”

    Comments of the Electronic Privacy Information Center to the Federal Trade Commission on the Privacy and Security Implications of the Internet of Things (2013)Electronic Privacy Information Center (EPIC)

    “The vast quantity of data generated by the Internet of Things creates the risk that this data could be used for purposes that are either unnecessary to the provision of a given service or not initially disclosed to the consumer. Smart devices could reveal a wealth of information about consumers’ location, media consumption, activity patterns, associations, lifestyle, age, income, gender, race, and health—information with potential commercial value. Companies might attempt to exploit this data by using it to target advertising or selling it directly. Because the Internet of Things will generate data from all aspects of consumers’ lives, these types of secondary uses could lead to the commercialization of intimate segments of consumers’ lives.”

    “These surveillance-enabled increases in power will also facilitate companies’ ability to influence or direct the behavior of consumers. This influence or direction may take many forms and may be accomplished through a variety of consumer devices. For example, insurance companies might use Event Data Recorders to adjust insurance rates according to driving behavior … Similarly, the increased amount of usage data will enable companies to develop and enforce hidden charges and fees for certain uses.”

    Internet of Bodies

    The World Economic Forum (WEF) describes the Internet of Bodies (IoB) as “the network of human bodies and data through connected sensors” that can be “attached to, implanted within or ingested into human bodies to monitor, analyse and even modify human bodies and behaviour.” IoB applications include “a person with a heart monitor implant, a farm animal with a biochip transponder… or any other natural or man-made object that can be assigned an IP address and provided with the ability to transfer data over a network.” The WEF predicts that in the current “era of the ‘Internet of Bodies,’” the IoB will spread “into every aspect of our existence.”

    Like IoT devices, IoB devices contain software or computing abilities, communicate with the IoT, collect health and biometric data, and can even alter bodily processes and functions. The most recent generation of IoB devices are embedded directly within the human body. Brain-computer interfaces (BCIs), which enable people to control devices using brain signals, represent the ultimate expression of IoB technology. Products like Synchron, a neural implant that allows people to send emails and browse the internet using their thoughts alone, are increasingly entering commercial spaces. Synchron is funded in part by the Defense Advanced Research Projects Agency (DARPA).

    Privacy Risks of the Internet of Bodies

    The IoB represents an unprecedented integration of humanity with technology. IoB-generated biometric data enables surveillance, threatens personal autonomy and presents opportunities to augment human biology.

    Futurists Predict a Point Where Humans and Machines Become One. But Will We See It Coming? (2023) The Conversation

    “BCIs [brain-computer interfaces] are a natural beginning to the singularity in the eyes of many futurists, because they meld mind and machine in a way no other technology so far can.”

    “Today, the ‘singularity’ refers to a hypothetical point in time at which the development of artificial general intelligence (AGI) – that is, AI with human-level abilities – becomes so advanced that it will irreversibly change human civilisation. It would mark the dawn of our inseparability from machines. From that moment on, we won’t be able to live without them without ceasing to function as human beings. But if the singularity comes, will we even notice it?”

    The Internet Of Bodies: Opportunities, Risks, And Governance (2020)RAND Corporation

    “Access to huge torrents of live-streaming biometric data might trigger breakthroughs in medical knowledge or behavioral understanding … Or it might enable a surveillance state of unprecedented intrusion and consequence.”

    “Increased IoB adoption might also increase global geopolitical risks, because surveillance states can use IoB data to enforce authoritarian regimes. For example, China is using DNA data in an attempt to surveil Uighurs. It has also been reported that China’s social credit scoring system uses enormous amounts of aggregated data, including health records, on individuals to determine their trustworthiness and to incentivize desired behaviors. Widespread IoB use might increase the risk of physical harm, espionage, and exploitation of data by adversaries.”

    The Internet of Bodies (2019) William & Mary Law Review

    “As bits and bodies meld and as human flesh becomes permanently entwined with hardware, software, and algorithms, IoB will test our norms and values as a society. In particular, it will challenge notions of human autonomy and self-governance.”

    Attiah et al. (2014) Frontiers in Systems Neuroscience

    “The futuristic ethical concerns already mentioned arise in the long-term future. We define this era as when BCIs are routinely used to augment human brains, giving users perceptual, cognitive and motoric abilities that may greatly exceed those of the unenhanced, and transforming emotional life as well. At this point, cyborgs will differ radically from unenhanced humans. One concern is that they will view us as a different, and inferior life form, much as we now regard chimpanzees. Loss of individuality is another long-term future scenario. If BCIs are used for direct brain-to-brain contact, this would enable new modes of communication but also lead to the possible replacement of individual mental lives by a network in which individual brains are mere nodes.”

    Smart and 15-Minute Cities

    The IoT is the backbone of smart cities. Smart cities are designed to automate virtually every aspect of urban living via continuous surveillance of the physical environment and everyone who lives in it – including movements, thoughts, transactions and affiliations. Although the American government has been surveilling its citizens for the past several decades, smart cities will usher in a new era of top-down control, transferring unprecedented levels of power to technocratic elites and allowing them to influence and control every aspect of human life and behavior, including restricting access to fundamental rights.

    The 15-minute city takes this concept yet one step further. While the World Economic Forum describes 15-minute cities as a way to “reorganize urban space,” critics describe them as “open-air prisons” where individuals will be incessantly monitored, meticulously profiled and ultimately, restricted. Various features of smart cities have already been implemented throughout the world. Learn more about these smart city technologies below.

    5G-IoT

    5G is the fifth generation of wireless network technology after 1G, 2G, 3G and 4G. It uses various technologies, such as millimeter waves (MMW) and small cells, to increase information transmission and densify network coverage. According to industry experts, “5G is the foundation for realizing the full potential of IoT,” and the “Internet of Things (IoT) landscape, smart cities, mobile money, and identity management technology are just a few areas that 5G will transform.” The densification of wireless network infrastructure enables 5G to support up to one million devices per square kilometer, a stark increase compared to the 100,000 devices (per square kilometer) supported by 4G and 10 million devices (per square kilometer) expected to be supported by 6G. The number of 5G base stations worldwide surpasses three million. At the end of 2022 in the US, there were 142,100 cell towers and 452,200 outdoor small cell nodes, according to The Wireless Infrastructure Association (WIA).

    Privacy Risks of the 5G-IoT

    The 5G-IoT directly enables access to massive volumes of fine-grained information from all aspects of life, both public and private.

    5G Wireless: Capabilities and Challenges for an Evolving Network Technology Assessment Report (2020)U.S. Government Accountability Office

    “5G technology will likely exacerbate privacy concerns due to (1) the increased precision of location data and (2) the proliferation of IoT devices. Whether the privacy of user information will be adequately protected is a significant question in the deployment of 5G, in part because there is no comprehensive federal legislation addressing privacy requirements for non-federal enterprises.”

    The Terrifying Potential of the 5G Network (2019) The New Yorker

    Robert Spalding, former senior director for strategic planning at the National Security Council, is quoted as saying: “5G is not just for refrigerators. It’s farm implements, it’s airplanes, it’s all kinds of different things that can actually kill people or that allow someone to reach into the network and direct those things to do what they want them to do. It’s a completely different threat that we’ve never experienced before.”

    “What is existential to democracy is allowing totalitarian regimes—or any government—full knowledge of everything you do at all times. Because the tendency is always going to be to want to regulate how you think, how you act, what you do. The problem is that most people don’t think very hard about what that world would look like.”

    Sullivan et al. (2021) IEEE Explore

    “In fact, the computational power of current mobile devices allows for launching complicated attacks from inside the mobile network. Furthermore, the type of attacks and generated malwares are more efficient and effective than those faced by previous generations. This leads to attacks being driven by stronger aims compared to previous generations, including big cyber-crime rings with clear financial, political, and personal motives. This is further motivated by the fact that the mobile network is not limited to voice and video calls, but also supports a large number of other services and devices, creating a wide attack surface that may lead to severe disruption in the functioning of one of the interconnected networks.”

    5G Means You’ll Have to Say Goodbye to Your Location Privacy (2019)Fast Company

    “However, there is one major–and unavoidable–drawback to 5G: It’s going to cost you your location privacy. Anyone with access to your ISP’s cell tower data will be able to hone in on your exact location far more precisely than they can today under our 4G networks.”

    “But since 5G towers will need to be everywhere and you’ll only connect to one 5G tower at a time, your mobile network will now be able to pinpoint your location much more accurately–even knowing which building you are in.”

    “So what does this lack of location privacy on 5G networks mean to you? If your mobile network sells your data, it will be much easier for data brokers and advertisers to see your current location and target more relevant ads to you based on your location. This data can also enable advertisers and data brokers to see the exact routes you take each day and even which buildings you go into. And anyone with access to your mobile network’s cell tower data will now be able to track your movements in real time.”

    Welcome to 5G: Privacy And Security in a Hyperconnected World (Or Not?) (2019)Privacy International

    “5G could be the gateway for new and dystopic future in which the meaning of property has radically changed, leading to an era where we don’t really own our devices, but instead possess a device that works as a service.”

    WiFi

    WiFi refers to a group of wireless network protocols that use radiofrequency (RF) signals in the 2.4 GHz and 5 GHz range to allow devices authenticated on a WiFi network to access the internet. When an active WiFi connection is present, RF signals are continuously transmitted back and forth through the air between the wireless router and nearby devices and converted into digital information that the user can interpret. Wi-Fi Alliance states WiFi is “an essential IoT enabler,” and projections show that smart home WiFi devices will reach 17 billion units by 2030.

    Privacy Risks of WiFi

    Due to their inherently wireless nature, WiFi signals can be intercepted through the air, presenting numerous privacy and cybersecurity concerns. Additionally, WiFi signals can reflect off and penetrate physical barriers such as objects, people and walls. With the help of artificial intelligence, these properties are actively being manipulated to develop new kinds of surveillance capabilities, such as WiFi sensing and imaging.

    What is Wi-Fi Eavesdropping? Understanding the Risks and How to Stay Secure (2023)MakeUseOf

    “Wi-Fi eavesdropping attacks involve intercepting and monitoring wireless network traffic without authorization. Data packets are sent over the airwaves each time you enter your password, send a message, or conduct an online transaction over a public Wi-Fi network. These packets can be intercepted by anyone with extensive Wi-Fi eavesdropping skills if they are not adequately protected. Once an attacker has access to your data, they can analyze it to find private messages, credit card details, contact information, and passwords.”

    How to Protect Against Rogue Access Points on Wi-FiByos

    “A rogue access point is an unauthorized Wi-Fi access point that is added to a network without the knowledge or permission of the network administrator … The risks associated with rogue access points include data theft, malware & ransomware, and denial-of-service attacks.”

    Wi-Fi RTLS, Location Tracking & Positioning Inpixon

    “Wi-Fi is a radio-frequency technology for wireless communication that can be leveraged to detect and track the location of people, devices and assets, and can be easily activated for indoor positioning with existing Wi-Fi access points (APs) and hotspots.”

    Geng et al. (2022)Carnegie Mellon University

    DensePose is a technology developed by Meta/Facebook that can detect human poses based only on WiFi signals. According to Geng et al., “The results of the study reveal that our model can estimate the dense pose of multiple subjects, with comparable performance to image-based approaches, by utilizing WiFi signals as the only input.”

    Inventing WiFi Sensing: An Interview With Dr. Ray Liu (2022)Origin Wireless

    Origin is a commercial WiFi sensing technology developed by former DARPA contractor Ray Liu that can localize motion with over 90% accuracy and even capture breathing patterns. According to Liu, “For example, we first realized we could perform precise indoor positioning, then we realized we could detect whether a door was closed or open. Soon after, we found that we could sense a person through the wall by establishing the world’s first radio biometrics. From there, the applications snowballed- we could pick up breathing, monitor sleeping, detect a fall, recognize gait patterns, and even pick up sound without a microphone.”

    Anand et al. (2018) IEEE Xplore

    “But in Wi-Fi networks, it is possible that a man can be in the middle between the user and service provider, watching over the entire traffic that is shared between the user and the service provider. Monitoring this traffic as an intermediary, gives access for the attacker to steal the passwords and affects the confidentiality and integrity of the messages sent between them.”

    Bluetooth

    Bluetooth is a wireless protocol that uses 2.4 GHz radiofrequency (RF) signals to enable devices to connect and exchange data over a relatively short distance, such as a keyboard to a computer or a smartphone to a car. In order to establish a Bluetooth connection between two devices, one device transmits signals that can be detected by the other. Once discovered, they pair via Bluetooth and exchange data over the established personal area network (PAN). Bluetooth Smart is a communication protocol that has become the “de facto communication protocol for the Internet of Things (IoT) and smart wearable devices.”

    Privacy Risks of Bluetooth

    Bluetooth protocols and devices are vulnerable to several privacy and security threats, including various kinds of cyberattacks and privacy invasions.

    Bluetooth Security Issues: Understanding and Preventing Risks (Accessed 2023)Alvarez Technology Group

    “Bluetooth signals can be intercepted by third-party devices within range, allowing hackers to access sensitive information such as personal contacts and messages. To prevent eavesdropping, it is essential to use strong encryption when transmitting sensitive data and to disable Bluetooth when not in use.”

    “Bluetooth connections can be intercepted by a hacker who poses as a legitimate device to gain access to sensitive information. To prevent man-in-the-middle attacks, it is important to verify the authenticity of devices before connecting to them and to use secure authentication protocols.”

    “Bluetooth devices can be configured to be discoverable, making them vulnerable to unauthorized access. To prevent unauthorized access, it is vital to configure devices to be non-discoverable and to use strong passwords or PINs to secure them.”

    Peker et al. (2022)Sensors

    “In our analyzed devices, we found that they have vulnerabilities that could be exploited either to track users, collect potentially private information (e.g., health-related data), biometrics-related data, or, in the case of the keyboard that we studied, collect sensitive data, such as passwords or private identifiable data (e.g., social security numbers) due to the lack of encryption in the data packets.”

    Barua et al. (2022) IEEE Xplore

    “Due to the simplified design of this protocol [Bluetooth Smart], there have been lots of security and privacy vulnerabilities. As billions of health care, personal fitness wearable, smart lock, industrial automation devices adopt this technology for communication, its vulnerabilities should be dealt with high priority.”

    Solon et al. (2006) International Journal of Computer Science and Network Security (IJCSNS)

    “Bluesnarf attacks are the use of Bluetooth technology to access restricted areas of a users’ device without their knowledge or approval for the purpose of capturing data e.g. contacts, images, lists of called missed, received or dialed, calendars, business cards and the device’s International Mobile Equipment Identity (IMEI) … Accessing information by Bluesnarfing was thought to only be possible if the users device is in ‘discoverable’ or ‘visible’ mode, but Bluesnarf attacks have being carried out on devices set to ‘non-discoverable’ mode.”

    Satellites

    Artificial satellites are transceivers launched into orbit around the Earth and operate by transmitting and receiving RF signals from transceivers located on the ground, called ground stations. Low Earth Orbit (LEO) satellites, which orbit at significantly lower altitudes and support faster communications and higher bandwidth, are replacing traditional satellites, particularly for navigation and communications services. As of January 2024, approximately 8,300 of the 9,000+ satellites in orbit were LEO satellites. According to the International Telecommunications Union (ITU), one million satellites are planned to be launched in the coming years. Commercial satellite constellations like Starlink, which the Federal Communications Commission (FCC) authorized in March of 2020 to deploy 12,000 satellites for rural 5G services, represent the largest share of satellites to be launched before 2030.

    Privacy Risks Of Satellites

    The proliferation of satellites presents numerous privacy and surveillance threats, including real-time imaging and precision location tracking.

    Large Constellations of Low-Altitude Satellites: A Primer (2023)Congressional Budget Office

    “According to public reports, adversaries may be able to temporarily or permanently disable satellite connections using a variety of methods. Damage from such attacks could range from physical destruction (caused by an interceptor missile launched from Earth) to signal disruption (caused by an adversary broadcasting noise to overwhelm, or jam, the satellite’s communications).”

    Department of Commerce: Address Privacy Before Licensing Satellites to Watch Over Us (2019)Electronic Frontier Foundation

    “Satellites are capable of highly advanced and continuous surveillance through high resolution imaging, thermal imaging, and near real-time video, and their capabilities are increasing every day.”

    “A single one of these satellites can orbit around the Earth revisiting and reimaging the same area every 90 minutes, and several satellite operators advertise an archive of images that dates back ten or nearly 20 years. These vast archived datasets—which include data on private citizens—allow anyone with access the ability to enter a virtual time machine and view and monitor past actions for as long and as far back as a satellite operator retains data.”

    Are We Ready for Satellites That See Our Every Move? (2019)The New York Times

    “We must consider the longer-term implications of having commercial high-resolution satellite image of this quality and what will happen when we can identify individuals or license plates from space — because that’s not far-off. We are not ready for the ethical boundaries this invasion of privacy will cross.”

    “Yet I also imagine a dystopian not-so-distant future where we can direct very high-resolution satellites to any point on Earth, easily identifying a person’s location or activities. Who will have access to this data? The police? Politicians looking for dirt on their opponents, or angry spouses with a vendetta? How will this data be used in courts — and who can be trusted to interpret it? The thought of potential misuses is chilling.”

    Researchers Detail Privacy-Related Legal, Ethical Challenges with Satellite Data (2019)Penn State University

    “Regulators, legislators and the public are largely unaware of the role that satellites play in the Internet of Things (IoT) universe, which the researchers label ‘the satellite-smart device information nexus.’ Society is rapidly embracing 5G platforms, smart cities, and the interconnected IoT universe, and the researchers demonstrate that commercial remote-sensing satellites provide the technical underpinnings and data that enable these systems to function. But the satellite-smart device information nexus is not currently part of the United States’ domestic privacy and electronic surveillance data framework.”

    According to researcher Anne Toomey McKenna, “an interdisciplinary and more transparent approach is needed to appropriately regulate satellites and the use and sale of satellite data in ways that are more secure in terms of both civil liberties and national security, as well as ethically correct and legally sound.”

    Global Counterspace Capabilities: An Open Source Assessment (2019)Secure World Foundation

    “Most leading subject matter experts maintain that across each of these areas, despite some increase in awareness of the threat in recent years, the state of cybersecurity for satellite infrastructure remains dismal. This, in turn, provides both state and non-state actors with a back door into a wide array of space- and ground-based critical infrastructures.”

    Smart Grid

    The U.S. electric power grid (“the grid”) is a vast and complex infrastructure network designed to generate, transmit and deliver on-demand electricity throughout the country. The smart grid – the application of the IoT to the grid – is a robust digital communication network consisting of millions of IoT technologies, including controls, computers, power lines and other equipment. Designed to automate the functions and processes of the grid by collecting massive volumes of data, it enables two-way communication between utility providers and customers and utilizes smart sensing systems along transmission lines.

    Privacy Risks of the Smart Grid

    The smart grid network is expected to become “100 or 1,000 times larger than the Internet” – this unprecedented flow of information and granular control over power usage creates new and serious privacy and surveillance threats.

    NIST Framework and Roadmap For Smart Grid Interoperability Standards, Release 4.0 (2019)National Institute of Standards and Technology (NIST)

    “The availability of high-frequency energy usage data collected for the purpose of energy monitoring may facilitate the unintentional release of private, confidential information.” This includes information about “an individual’s behavior, such as when he or she arrives home at night, and what are his or her general day-to-day interactions with CPS [cyber-physical systems] systems.”

    Critical Infrastructure Protection: Actions Needed to Address Significant Cybersecurity Risks Facing the Electric Grid (2019)Government Accountability Office (GAO)

    “The nation’s electric grid is becoming more vulnerable to cyberattacks—particularly those involving industrial control systems that support grid operations. Recent federal assessments indicate that cyberattacks could cause widespread power outages in the United States, but the scale of such outages is uncertain.”

    On the Benefits, Challenges, and Potential Roles for the Government in Fostering the Advancement of the Internet of Things (2016)Electronic Information Privacy Center

    “However, a Smart Grid’s capability to closely track consumer behavior poses a serious privacy risk. Information about consumer’s power usage schedules can reveal intimate, personal details about their lives, such as their medical needs, interactions with others, and personal habits. That concern is further exacerbated by the fact that Smart Grid meter data may track the usage of specific appliances within a person’s home. Thus, a consumer’s household activities could be determined as well, for instance whether the consumer uses medical equipment at night or the consumer’s personal hygiene habits.”

    McDaniel et al. (2009)IEEE Security & Privacy

    “Customers work closely with the utility to manage energy usage in the smart grid, requiring that they share more information about how they use energy and thus exposing them to privacy invasions. Moreover, because grid customers are connected over a vast network of computerized meters and infrastructure, they and the infrastructure itself become vulnerable to scalable network-borne attacks.”

    Smart Meters

    Smart meters are an IoT device and central feature of the smart grid designed to measure, monitor and transmit near real-time energy usage data to utility providers on a frequent and ongoing basis. According to The Edison Institute for Electric Innovation, over 135 million smart meters will be installed in the U.S. by the end of 2025, a 71% increase from 2017.

    Privacy Risks of Smart Meters

    The dramatic increase in smart meter data reveals intimate details about habits, movements and activities, which can be used to profile customers and ultimately restrict energy access.

    Smart Meter Resolution (2020)Trans Atlantic Consumer Dialogue

    “This scale of data storage and collection is vulnerable to both commercial and criminal interests – for example consumer profiling and targeting for marketing purposes, identity theft, real-time surveillance, targeted home invasions or unwanted publicity or embarrassment.”

    Security and Privacy Concerns in Smart Metering: The Cyber-Physical Aspect (2018)Institute Of Electrical And Electronic Engineers (IEEE) Smart Grid

    “Besides noted benefits, smart meters add some vulnerability to the household security. Since they are main communication hub between utilities and smart home appliances, they attract malicious actors’ (eavesdroppers and intruders) attention. From an attacker point of view, a smart meter is seen as a single point of failure. That is, once it is compromised, the attacker can both manipulate the utility by injecting fake consumption data and also take control of the home appliances by sending control commands like turn on and off.”

    Smart Grid Powers Up Privacy Worries (2015)Politico

    “But, despite the voluntary code, critics fear consumers will still be cajoled or conned into giving up their data, not just to power companies but to third-party data aggregators.” According to Miles Keogh, director of grants and research at the National Association of Regulatory Utility Commissioners, “I think the data is going to be worth a lot more than the commodity that’s being consumed to generate the data.”

    Data Access and Privacy Issues Related to Smart Grid Technologies (2010)Department of Energy

    “Advances in Smart Grid technology could significantly increase the amount of potentially available information about personal energy consumption. Such information could reveal personal details about the lives of consumers, such as their daily schedules (including times when they are at or away from home or asleep), whether their homes are equipped with alarm systems, whether they own expensive electronic equipment such as plasma TVs, and whether they use certain types of medical equipment.”

    McDaniel et al. (2009)IEEE Security & Privacy

    “Existing privacy laws in the US are in general a patchwork of regulations and guidelines. It’s unclear how these or any laws apply to customer energy usage.”

    Smart Traffic Lights

    Smart traffic lights are a traffic management system that uses several IoT technologies, such as cameras, sensors and communication networks, to continuously monitor vehicles, road conditions, intersections and pedestrian crossings. While traditional systems use fixed-time traffic lights, smart traffic light systems use large data sets and predictive algorithms to make real-time decisions about when to transition between the three phases of traffic lights (red, yellow and green). The smart traffic lights systems market is projected to grow from over 5 billion USD in 2023 to over 13 billion USD by 2030.

    Privacy Risks of Smart Traffic Lights

    While proponents claim that smart traffic light systems are designed to optimize and improve road services, such as reducing travel times and road accidents, evidence shows that they may have the opposite effect. Smart traffic light systems enable the continuous surveillance of vehicles, drivers, passengers and pedestrians and are a potential movement control mechanism.

    When Hackers Target Road Infrastructure: The Downside of Smart Cars and Traffic Lights (2023)University of Maryland College of Information Studies

    “By tampering with intelligent traffic lights and taking control of the brake, engine, and steering of intelligent vehicles, attackers can fragment road networks, disrupting movement of cargo and passengers. This can have serious safety implications–emergency vehicles can get stuck at an impasse, critical supplies can get deadlocked. Attackers can also send out fake alert messages telling people to avoid prominent city routes, thereby creating massive traffic jams.”

    Li et al. (2016)The Institution of Engineering and Technology (IET)

    “Security researchers have demonstrated ways to compromise the [intelligent] traffic lights to cause potential traffic disruption and public safety degradation.”

    Traffic FiltersOxfordshire County Council

    The UK has introduced plans to pilot traffic filters, under which license plate recognition cameras will be used to fine residents for passing outside their district, ultimately limiting the travel of private vehicles.

    Smart Street Lights

    A smart street light is a public lighting fixture that uses light-emitting diodes (LEDs) and IoT technologies to provide public lighting services and real-time monitoring, including pedestrian and vehicle traffic, air quality, criminal activity and “suspicious behavior.” Smart street lights are considered a critical feature in the development of smart cities and are said to play a central role in the widespread deployment of autonomous vehicles. They are projected to make up over 20 percent of the total street light market by 2029.

    Privacy Risks of Smart Street Lights

    Since smart street lights are designed to capture several aspects of their environment, they present numerous privacy and surveillance threats and may be used as a tool for social control.

    Alvarez et al. (2022) – Journal of Urban Technology

    “The challenge is to balance the pervasiveness that a large-scale infrastructure, such as street lights, allows for creating systems for data collection and spatialized intelligence that are both highly granular and function at urban scales; particularly when some sensors such as digital cameras, which can generate data for applications such as facial recognition, could be used as tools of social control and surveillance, in parallel with other applications such as traffic management and public safety.”

    Smart Streetlights are Casting A Long Shadow Over Our Cities (2022)Failed Architecture

    “On the one hand, they [smart sensors] reinforce streetlights’ function as a surveillance instrument, historically associated with light and visibility. On the other hand, in tandem with a wide range of sensors embedded in our everyday environment, they also enable for-profit data extraction on a vast scale, under the auspices of a partnership between local governments and tech corporations.”

    How to Stop ‘Smart Cities’ from Becoming ‘Surveillance Cities’ (2018)American Civil Liberties Union (ACLU)

    “In a city blanketed with cameras — including in LED light bulbs found in streetlights — it would be very easy for the government to track which political meetings, religious institutions, doctors offices, and other sensitive locations people go to and to focus its attention even more on traditionally over-policed communities.”

    Autonomous Vehicles

    Autonomous vehicles, also known as self-driving cars, are embedded with several IoT technologies, such as cameras and other sensors, to sense other vehicles, traffic signs, obstructions and pedestrians, enabling them to operate with little to no human involvement. They use the data gathered from sensors embedded inside and outside the car, including radio detection and ranging (RADAR), video cameras, light detection and ranging (LIDAR), ultrasound and others to create and maintain an accurate 3D map of the surrounding areas. According to projections, the global self-driving car market is expected to grow to over 60 million units by 2030.

    Privacy Risks of Autonomous Vehicles

    Evidence shows that autonomous vehicles reveal intimate details about private and public environments, including destinations frequently visited, pedestrian traffic and even sexual activity.

    The Impending Privacy Threat of Self-Driving Cars (2023) Electronic Frontier Foundation (EFF)

    “With innovations often come unintended consequences—one of which is the massive collection of data required for an autonomous vehicle to function. The sheer amount of visual and other information collected by a fleet of cars traveling down public streets conjures the threat of the possibility for peoples’ movements to be tracked, aggregated, and retained by companies, law enforcement, or bad actors—including vendor employees. The sheer mass of this information poses a potential threat to civil liberties and privacy for pedestrians, commuters, and any other people that rely on public roads and walkways in cities.”

    It’s Official: Cars are the Worst Product Category we Have Ever Reviewed for Privacy (2023)Mozilla Foundation

    A Mozilla Foundation study found that of the 25 car companies they reviewed, all 25 collected “more personal data than necessary,” including genetic information and sexual activity.

    Vehicle Data Privacy Report (2017)Government Accountability Office (GAO)

    “All selected experts agreed that tracking, loss of consumer control over personal information, and potentially insecure data were relevant privacy concerns. They emphasized that using location data to track individuals is particularly relevant in the context of vehicles. For example, one expert said location data could paint a picture of an individual’s life, revealing with whom they associate, the doctors they see, and the places they frequent. Experts also raised concerns about potentially inappropriate or illegal uses of location data, such as stalking.”

    Smart Home

    A smart home is the application of the IoT to the home consisting of several smart appliances and IoT devices such as smart meters, lighting and electrical devices, thermostats, alarm systems, refrigerators, dishwashers, media devices and virtual assistants to monitor the home environment remotely. The market for smart homes is projected to grow from approximately $88 billion to over $170 billion between 2022 and 2028. By 2026, half of all U.S. homes will use smart home technologies.

    Privacy Risks of Smart Homes

    Smart home devices capture and reveal personal data about users’ activities at home which can be misused and compromised.

    Smart Homes and Policy: Privacy, Data Use, and the Privacy Paradox (2022) Bipartisan Policy Center

    “For example, when paired with movement patterns from a mapping app, purchase data from a shopping app, and search data from a search engine, smart home data could grant companies immense knowledge and power to predict and profit off users’ lives. Each of these additional sources increases the predictive power and accuracy of these profiles and the models that they power.”

    “For consumers who do want to learn more about the ways that smart home data is used, such information is frequently buried in lengthy and complex terms of service documents that require considerable technical expertise to fully grasp.”

    Burdon et al. (2021)Surveillance & Society

    According to this study, smart homes achieve “continual behavioural modification and shape social norms.”

    Zeng et al. (2017)USENIX

    “Researchers have begun analyzing smart home platforms and devices. Findings include over-privileged applications on smart home platforms and vulnerable devices like locks and lightbulbs. Attacks have also occurred in the wild: the massive Mirai DDoS botnet attack disrupted the internet for millions of users a glitch in the Nest thermostat left users in the cold, a baby monitor was hacked and a vulnerability in Foscam cameras left thousands of users vulnerable to similar attack, and recent reports suggest that internet-connected smart TVs can be used to record conversations.”

    Smart Virtual Assistants

    Smart virtual assistants like Siri and Alexa are “always-on” devices that use natural language processing and other forms of artificial intelligence to understand speech commands and allow users to personalize the home environment to their preferences. Due to the connected nature of virtual assistants, they have access to large volumes of personal data such as contacts, payment information, calendar events, email correspondences, location data, and browsing and purchase history. An estimated 76% of the U.S. population used virtual assistants in 2022. In early 2023, Amazon announced that users had connected over 400 million smart home devices to Alexa and used Alexa “hundreds of millions of times each week to control those devices.”

    Privacy Risks of Smart Virtual Assistants

    Privacy advocates and lawmakers have expressed serious concern about the data collected by virtual assistant data regarding children’s privacy and parental consent.

    Valero et al. (2023) Future Generation Computer Systems

    “Of particular concern are attacks … which allow malicious actors to interact with the SPA [Smart Personal Assistant], access sensitive information, and even make purchases on behalf of the user. Particularly relevant in this paper are the findings” which imply “that an unauthenticated user can perform orders even without having a similar voice to the one registered. In fact, tests show that it does not even have to be a naturally reproduced human voice, the SPA device does not correctly differentiate between female human voices, male human voices, recorded and reproduced voices, and even simulated voices through an artificial generator.”

    Piñeiro-Martín et al. (2023)Electronics

    “One of the primary concerns associated with virtual assistants powered by LLMs [large language models] is the collection and storage of user data. These assistants heavily rely on data input from users to improve their performance, which raises questions about data privacy and security. There is a fear that personal and sensitive information shared with virtual assistants could be vulnerable to unauthorized access or misuse, leading to potential privacy breaches and identity theft. The risk is especially high for VAs for public health or public administration services, which deal with critical personal data (administration information, health data or education data).”

    Bolton et al. (2022)Sensors

    “The cloud service platforms which power VAs store a lot of data and, should that data fall into the wrong hands, a serious privacy risk is exposed. The fact that two of the bigger vendors of VAs—Amazon and Google—have skill stores which allow the uploading of malicious applications deliberately designed to access a user’s data means that the user is unable to rely on the fact that the skill they downloaded and use is safe—a serious security concern.”

    “‘Unwanted’ recordings—those made by the VA without the user uttering the wake word—occur in significant numbers.”


    Zhang et al. (2019)IEEE Symposium on Security and Privacy

    “Our study demonstrates that through publishing malicious skills, it is completely feasible for an adversary to remotely attack the users of these popular systems, collecting their private information through their conversations with the systems … Our analysis of existing skills susceptible to the threat further indicates the significant consequences of the attacks, including disclosure of one’s home address, financial data, etc.”

    Wearables

    Wearables are digital IoT devices worn on or in the body and equipped with sensors that capture biometric data. Inertial measurement unit (IMU), electroencephalography (EEG), radiofrequency identification (RFID), cameras and other sensors monitor heart rate, sleep quality, activity levels, body temperature, oxygen level, emotional states and other parameters in real time. According to the U.S. military, wearable devices like smartwatches, fitness trackers, ingestibles, virtual reality (VR) headsets and smart clothing can capture as many as 165 biomarkers. The wearable technology market is expected to grow to almost $186 billion by 2030 and several countries have used wearables for surveillance. For example, South Korea and other countries used wristbands to enforce quarantines and contact tracing during COVID-19 lockdowns.

    Privacy Risks of Wearables

    Wearable devices present serious privacy concerns related to the highly sensitive and personal data they generate. Biometric data can be used to monitor, influence and discipline individuals.

    Davos AM23 – Ready for Brain Transparency? (2023)World Economic Forum

    The annual WEF at Davos highlights the so-called benefits of using brain wave data collected by AirPods and other wearables to monitor employee productivity in the workplace, all under the guise of “brain transparency” and while admitting that “it could become the most oppressive technology we’ve ever introduced in a wide scale.”

    Dian et al. (2020)IEEE Access

    “The constant exchange of personal data such as vital health signals, dosage, and location between the wearable and the IoT hub can create an environment for privacy breaches. Typically, wearable IoT devices are on broadcast mode which makes them easily discoverable by other nodes in the network. Unauthorized nodes can steal the personal data if appropriate privacy policies are not applied. In such broadcast modes, the built-in hardware security technology of the IoT devices might not guarantee the protection of personal data against breaches.”

    Gross et al. (2020)The Edmond & Lily Safra Center for Ethics

    “As such, wearables are, for the most part, not subject to the same regulatory scrutiny and oversight as other medical devices and do not offer the same level of control and privacy protections individuals have come to expect with regard to their health data.”

    Sharon (2016) Philosophy & Technology

    “Mobile wireless devices that can collect biometric data anywhere and anytime and communicate it automatically to medical professionals wirelessly seem to offer an unprecedented opportunity on the part of public health officials to monitor and discipline people’s health and lifestyle behaviors, not just of patients’, but, in the aim of prevention, also those of healthy individuals.”

    “Post-Snowden, it has become clear that the ‘data traces’ left by unassuming individuals are of great value, for both national security agencies and for corporations … Along with the disciplinary effects of self-tracking and the idea that some types of self-tracking may become compulsory, these concerns greatly problematize the promise of empowerment put forward by advocates of self-tracking.”

    Biometrics & Digital ID

    Biometric surveillance devices capture physical and behavioral data like DNA, face scans, iris scans, fingerprints and voice signatures to verify identities in an automated manner. Biometric digital IDs link digital identities and biometric data with access to government and private services, including financing, healthcare and government services. As of late 2019, the US Department of Homeland Security (DHS) had the second-largest biometrics database in the world, second to India.

    Biometrics & Digital ID Privacy Risks

    Biometric data greatly reduces the possibility for anonymity or privacy and may be vulnerable to error, bias and abuse. Biometric data is uniquely vulnerable because one cannot change one’s face or DNA should that information be compromised, as has happened numerous times in China and other countries. The all-encompassing nature of digital IDs makes them a powerful tool for control.

    As Gates Doubles Down on Digital IDs, Critic Warns of ‘Gravest Technological Threat’ to Liberty (2022)The Defender

    “Of all the other means of identifying and tracking subjects, digital identity poses perhaps the gravest technological threat to individual liberty yet conceived.

    “It has the potential to trace, track and surveil subjects and to compile a complete record of all activity, from cradle to grave.” — Michael Rectenwald

    Turley (2020)Boston University Law Review

    “For decades, cinematic and literary works have explored worlds without privacy: fishbowl societies with continual, omnipresent surveillance. For those worried about a post-privacy world, facial recognition technology and other biometric technology could well be the expanding portal to that dystopia. These technologies are rapidly transforming a society predicated on privacy into a diaphanous society where identity and transparency are defining elements. Biometric technology is perfectly suited to evade current privacy protections and doctrines because it presents new challenges to the existing legal framework protecting privacy. The greatest threat of this technological shift is to democratic activities—the very reason that countries such as China have invested so heavily into biometric surveillance systems.”

    Is Your Identity at Risk from Biometric Data Collection? (2019) BeyondTrust

    “However, the most significant issue with biometric data is … the static nature of biometric data itself. When a password is compromised, you can defuse password re-use attacks simply by changing the password. However, you cannot change your biometric data, so once it’s compromised, it can persist as an identity-based threat. Your eyes, face, or fingerprints are forever linked to your identity … Any future hacks that solely rely on compromised biometric data can be an easy target for threat actors.”

    Facial Recognition Technology

    Facial recognition technology (FRT) is one example of biometric surveillance software used in the U.S. by law enforcement, national security and border security in cities and airports across the U.S. A 2021 Amnesty International investigation revealed the presence of over 15,000 FRT-enabled cameras in the Bronx, Brooklyn and Manhattan in New York City. FRT isolates faces and compares them to databases for identification or verification taken from several sources, including mugshots, driver’s licenses, police body cameras, public surveillance footage and even social media.

    Privacy Risks of Facial Recognition Technology

    Facial recognition technology fails to account for the informed consent of the individuals surveilled in public spaces. FRT may have a chilling effect on political activism and the freedom of expression.

    Facial Recognition Technology (Accessed 2023)American Civil Liberties Union (ACLU)

    “The biggest danger is that this technology will be used for general, suspicionless surveillance systems. State motor vehicles agencies possess high-quality photographs of most citizens that are a natural source for face recognition programs and could easily be combined with public surveillance or other cameras in the construction of a comprehensive system of identification and tracking.”

    7 Biggest Privacy Concerns Around Facial Recognition Technology (2022)The Civil Liberties Union for Europe (Liberties)

    “The way facial recognition technology is used is inherently invasive and intrusive. As it is done today, data collection is realized without the consent or the knowledge of the individuals: for instance, you can be filmed just walking down the street. Being recorded and monitored without one’s consent and even knowledge is a clear infringement of one’s individual privacy and freedom. It takes away the reassurance of being able to move and act freely without the fear of being constantly watched and surveilled. Being watched changes the way we behave and also affects our well being. Such a gaze may create a feeling of always being surveilled by people, which can lead to increased stress and decreased trust between the people and the government. If people fear their daily interactions and conversations are being monitored, they might avoid criticizing the government for fear of something happening to them or their loved ones.”

    “Facial recognition technology is of concern because of its potential to become a biometric mass surveillance tool. Surveillance, especially in the case of demonstrations, muzzles freedom of expression and chills activities such as political activism. These tools are used to monitor the population and, in countries where criticizing the government is not tolerated, to the arrest of those who oppose the government.”

    Facial Recognition Technology and Law Enforcement: Select Constitutional Considerations (2020)Congressional Research Service (CRS)

    “Some commentators have suggested that FRT-enhanced public surveillance may impermissibly chill the exercise of free speech and other rights protected by the First Amendment, if, for example, such surveillance enables the government to easily identify those participating in public demonstrations.”

    Digital Currencies

    Central bank digital currencies (CBDCs) are a centralized digital form of money issued by central banks with a fixed value. Central banks, governments, and private companies view CBDCs as the future of money. Of the Group of 20 (G20) nations, 19 were in advanced stages of CBDC development in 2023. Eleven countries have fully launched their CBDCs: Nigeria, the Bahamas, Jamaica, Anguilla, Saint Kitts and Nevis, Antigua and Barbuda, Montserrat, Dominica, Saint Vincent and the Grenadines, Saint Lucia and Grenada.

    Privacy Risks of Digital Currencies

    Being fully traceable and programmable, CBDCs put virtually complete control over transactions and financing in the hands of central governments.

    CBDCs Threaten Privacy (2023)International Banker

    “CBDCs are being developed precisely because they provide governments with increased control and power. This kind of threat to individual rights will naturally drive people toward private solutions, while governments are sure to work hard to thwart such alternatives since they undermine the increased government control and power CBDCs create.”

    “Some supporters still believe CBDCs can be designed so that privacy is protected, but this view is naïve because government officials would not be able to reap the supposed benefits of CBDCs if they enabled anonymous transactions. This view also ignores the fact that supposed CBDC benefits won’t be realised if people have alternative payment options. Governments would not be able to programme citizens’ spending, for instance, if people could use cash instead of CBDCs.”

    Central Banks Must Not Be Blind To The Threats Posed By CBDCs (2023) Financial Times

    “Central banks could be viewed as political agents if their visibility into payment transactions is used for law enforcement or surveillance purposes.”

    “What’s worse, authoritarian or even ostensibly benevolent governments could consider central bank money as a means to achieve their social objectives.”

    CBDCs Threaten Privacy (2023) Cato Institute

    “In fact, implementing a CBDC could exacerbate many of the existing privacy violations that are already built into the financial system. The United States is often heralded as a free country with substantial protections for civil liberties, but the reality often does not live up to such expectations or constitutional dictates. And this is especially true in the financial arena.”

    “Despite this regrettable situation, a CBDC would endanger financial privacy to an even greater degree. It would serve as the capstone for more than 50 years of expanding financial surveillance, making every financial transaction available to the government by default.”

    “In fact, Augustín Carstens, the general manager of the Bank for International Settlements (BIS), has bemoaned the privacy of paper currency by pointing out that with a CBDC, the central bank ‘will have absolute control on the rules and regulations that will determine the use of that expression of central bank liability, and also we will have the technology to enforce that.’ Bo Li, the deputy managing director of the International Monetary Fund (IMF), has advocated for the implementation of CBDCs because they will ‘allow government agencies and private sector players to program … targeted policy functions,’ such that ‘money can be precisely targeted for what people can own.’”

    Artificial Intelligence and Machine Learning

    Artificial intelligence (AI) refers to a machine’s ability to perform cognitive functions such as problem-solving, learning and reasoning. Machine learning (ML) is an application of AI that allows computers to learn through identifying patterns and trends rather than through explicit programmed instructions. AI and ML can analyze large amounts of data at efficiencies and computational powers significantly greater than that of humans. Put another way by Taiwanese computer scientist Kai-Fu Lee, “AI is basically run on data and fueled by data. The more data, the better the AI works.” The ChatGPT chatbot, for example, trained on over 45 terabytes of text on the internet, including Wikipedia and digitized books.

    Since the term was coined in the 1950s, AI has gone through periods of advancement and relative disinterest. However, in 2023, generative AI, an application of AI capable of independently generating unique images, texts and videos using ML, “exploded in popularity.” According to McKinsey’s Global Survey on AI, AI use globally more than doubled between 2017 and 2022. Companies are anticipated to invest $110 billion in AI in 2024, more than double the investment in 2020.

    Privacy Risks of Artificial Intelligence and Machine Learning

    Artificial intelligence relies on human-generated personal information to learn and improve. Frequently, the presence of AI on many applications and the associated implications are not made clear to consumers. Most people have used AI in their daily lives with AI assistants, customer service chatbots, ChatGPT, social media and streaming recommendations, or a whole host of other applications. All the while, AI has been learning by accessing the data we create on social media profiles, in private online venues, and elsewhere.

    Generating Harms: Generative AI’s Impact & Paths Forward (2023)Electronic Privacy Information Center

    “[I]t is clear that generative AI systems can significantly amplify risks to both individual privacy and to democracy and cybersecurity generally.”

    Generative Artificial Intelligence and Data Privacy: A Primer (2023)Congressional Research Service

    “Critics contend that such models [Generative AI] rely on privacy-invasive methods for mass data collection, typically without the consent or compensation of the original user, creator, or owner.”

    Protecting Privacy In An AI-Driven World (2020)Brookings

    “This charade of consent has made it obvious that notice-and-choice has become meaningless. For many AI applications—smart traffic signals and other sensors needed to support self-driving cars as one prominent example—it will become utterly impossible.”

    Zoom Is Using You to Train AI. So Will Everyone Else (2023)Rolling Stone

    “Zoom, the virtual communications platform that millions use for remote work, is facing backlash over an updated policy allowing it to train their AI products on customer data pulled from meetings. But experts say this not an isolated case — it’s a sign of how big tech plans to harvest and leverage your personal information going forward.”

    “But whatever the fallout for Zoom, they won’t be the last tech giant to train new AI products on user behavior — with or without the users’ knowledge. According to AI researchers, this is just the next phase of a process that is already widespread across the internet.”

    Statement for the Record for a Hearing on Recent Advances in the Creation and Distribution of Computer-Generated Images and Voice Cloning (2023)US House Committee on Oversight and Accountability

    “Deepfake technology has sometimes been harnessed for extortion, blackmail, and identity theft. Additionally, it has been used in non-consensual pornography, cyberbullying, and harassment, causing severe harm to individuals. Furthermore, the potential national security implications are grave. Deepfakes can be exploited to impersonate government officials, military personnel, or law enforcement, leading to misinformation and potentially dangerous situations. The creation of misleading videos that could lead to diplomatic crises or escalate international tensions is a real threat.”

    Robots & The Workforce

    Since about 2010, much academic literature has been published concerning AI replacing humans in many occupations. An MIT study found that between 1990 and 2007, “each additional robot added in manufacturing replaced about 3.3 workers nationally, on average.” Human interaction with robots in the workplace today also entails “virtual or augmented reality as part of their employment training, to assist them in performing their job, or to interact with clients. And lots of workers are under automated surveillance from their employers.”

    A 2017 McKinsey Global Institute report warned that the transition to automation “will be very challenging—matching or even exceeding the scale of shifts out of agriculture and manufacturing we have seen in the past.” The report predicts that “in about 60 percent of occupations, at least one-third of the constituent activities could be automated, implying substantial workplace transformations and changes for all workers.”

    Privacy Risks of Robots & The Workforce

    Robots in the workforce can be used to generate employee and customer analytics by monitoring performance, location, conversations and other personal information, oftentimes without their knowledge.

    Worker Protection Laws Aren’t Ready for the Automated Future of Work (2022)Fast Company

    “Emerging technologies like artificial intelligence, robotics, virtual reality, and advanced monitoring systems have already begun altering workplaces in fundamental ways that may soon become impossible to ignore.”

    “The monitoring that’s possible now will seem simplistic compared to what’s coming: a future in which robotics and other technologies capture huge amounts of personal information to feed AI software that learns which metrics are associated with things such as workers’ moods and energy levels, or even diseases like depression.”

    “… [E]merging technology permits far greater privacy intrusions. For instance, some employers already have badges that track and monitor workers’ movements and conversations. Japanese employers use technology to monitor workers’ eyelid movements and lower the room temperature if the system identifies signs of drowsiness. Another company implanted radio-frequency identification (RFID) chips into the arms of employee ‘volunteers.’ The purpose was to make it easier for workers to open doors, log in to their computers, and purchase items from a break room. But a person with an RFID implant can be tracked 24 hours a day. Also, RFID chips are susceptible to unauthorized access or ‘skimming’ by thieves who are merely physically close to the chip.”

    When Robots are Everywhere, What Happens to the Data They Collect? (2022)Brookings

    “Despite the rapid proliferation of robots and the unique threat that they pose to our privacy, there exists a remarkable lack of tailored privacy policies for robots and frameworks for the kind of information they are permitted to collect from human beings. That needs to change.”

    “But because robots are often … made to resemble humans and animals—they possess a unique ability to encourage people to give up sensitive data … Lulled by a robot’s resemblance to a human or animal, a person interacting with it is far less on guard than when dealing with the myriad other digital privacy threats they encounter on any given day.”

    “It is easy to underappreciate the privacy risks posed by robots that are more likely to be viewed as pets than data-hungry devices … But what happens with the data collected by robots such as these is far from clear.”

    Ebert et al. (2021)Big Data & Society

    “As a result, the monitoring of employees on a minute-by-minute basis increasingly affects employees across a range of industries.”

    “It is not difficult to imagine the ensuing risks of privacy infringement. A large range of industries aim to monitor and, to a certain extent, predict individual future behaviour using data analytics, e.g., to determine the employees’ mood and willingness to exert a task. Some companies, for example, use neural networks to connect and analyse large data sets. These techniques can convey profound insights about individual preferences and behaviour, but are often criticized as not being fully retraceable. Employee privacy is at stake throughout the entire life cycle of data …”

    There Will Be Little Privacy in the Workplace of the Future (2018)The Economist

    The article highlights a Silicon Valley restaurant in which: “Its employees mill around an office full of sunlight and computers, as well as beacons that track their location and interactions. Everyone is wearing an ID badge the size of a credit card and the depth of a book of matches. It contains a microphone that picks up whether they are talking to one another; Bluetooth and infrared sensors to monitor where they are; and an accelerometer to record when they move.”

    “It does not take much imagination to see that some companies, let alone governments, could take this information-gathering too far. Veriato, an American firm, makes software that registers everything that happens on an employee’s computer. It can search for signals that may indicate poor productivity and malicious activity (like stealing company records), and scans e-mails to understand how sentiment changes over time. As voiceenabled speakers become more commonplace at work, they can be used to gather ever more data.”

    Sign up for free news and updates from Children’s Health Defense. CHD focuses on legal strategies to defend the health of our children and obtain justice for those injured. We can't do it without your support.