This year, popular Netflix docu-drama “The Social Dilemma” revealed how social media apps collect personal data to influence user’s screen time. What was shocking to most viewers was that this harvesting of personal data is often done without the full awareness of the user. A recent investigation, however, has brought to light perhaps a more concerning practice of personal data being sold on. This time, personal data is being sold to the military.
Last month, VICE media’s Motherboard published an article detailing how the military purchases private data from seemingly “ordinary” apps. Their investigation revealed how user location data–intended to be used for utilising certain apps like tracking steps or online dating–could be unknowingly purchased and passed on to third-parties. Often, these parties included defence contractors for a wide variety of uses, such as assisting special operations for counterterrorism, reconnaissance or to support intelligence analysts and operations.
Some of these apps are completely innocuous–users likely have no idea their private information would be sold on in this way. Although users do provide ‘consent’ to share their locations in order to use these apps, where users’ private information ends up, and if they are even aware it has been sold, is not transparent. In fact, a number of app developers themselves were unaware that location data harvested from their apps were being sold to military and defence organisations.
Some examples of these seemingly ‘normal’ or everyday apps include a step counting app, an app for tracking storms, dating apps and even a Craigslist type app. However, some even have extremely large sets of users, and hence, large sets of data. Some such app is Muslim Pro, a prayer app that utilises location data to inform users about what direction Mecca is in. It has been downloaded an impressive 50 million times on Google Play and over 98 million times from other platforms.
As society relies upon smart phones and apps more frequently, there are many concerns regarding the lack of transparency about how personal data is protected. Users may be disclosing sensitive and potentially identifying information without truly knowing how securely they are stored and used. Although many of the above apps are utilised for personal enjoyment or recreation, what happens when new apps that rely on sensitive data claim to be necessary for economic and national revival?
To this point, early in 2020, the Australian government revealed plans to launch the COVIDSafe App, a COVID-19 contact tracing program. At the time of launching, Australian Prime Minister Scott Morrison claimed the app would be integral to a COVID-safe Australia and a “liberated economy and society”. He called for widespread downloads, and likened it’s use to the importance of wearing sunscreen in Australia when outdoors.
Despite being downloaded over seven million times, concerns were raised about how personal data would be used and protected. To be clear, the app states it does not record location data, but rather links to nearby COVIDSafe App users via Bluetooth to compile a list a “close contacts”. Details of other users are encrypted, and only when a user tests positive for COVID may a state or territory official trace and contact users.
However, in November, it was reported that the COVIDSafe app had “incidentally collected data” for “one or more” of Australia’s intelligence agencies in its first six months. The Inspector-General of Intelligence and Security (IGIS) claimed there was “no evidence to suggest any of the data was decrypted, accessed or used” but would not indicate which agencies had collected the data. In addition, collecting data from “check-in apps” from restaurants and public venues, whilst tracking card payment data in COVID hotspots, is increasing. In the midst of an “app and data fuelled” COVID-safe response, there is a lack of general “rules” regarding the scope of private information being collected. As a result, it is a concerning point that a vast number of the public may be giving up “more personal information than necessary”.
Location data, in particular, heightens many fears about personal privacy, anonymity, freedom of movement, and increased government surveillance. Past protests staged by Google employees over military contracts indicate that even those who are aware of unintended uses of commercial technology are concerned. For individuals who enjoy apps for personal use–such as praying, tracking steps or helping to trace COVID–their data may be unknowingly exposed. More needs to be done to clarify to users how their sensitive information is being stored and used. This is especially true for apps that are intended to keep us “safe”. As “ordinary apps” are capitalised upon, and personal data is gathered as never before, transparency, privacy and peace of mind are quickly becoming the most valuable commodities of all.
Natasha Karner is a PhD Candidate at RMIT University where she researches emerging technology, weapons and security.