Sensorvault and Ring: Private-Sector Data Collection Meets Law Enforcement

Concerns over personal privacy and security are amplifying as more information surfaces about the operations of Google’s Sensorvault, Amazon’s Ring, and FamilyTreeDNA.

Sensorvault, Google’s enormous database, stands out from the group as a major player in the digital profiling arena. Since at least 2009, it has been amassing data and constructing individual profiles for all of us based on vast information about our location history, hobbies, race, gender, income, religion, net worth, purchase history, and more. Google and other private-sector companies argue that the amassment of digital dossiers facilitates immense improvements in their efficiency and profits. However, the collection of such data also raises thorny ethical concerns about consent and privacy.

With regard to consent, the operation of Sensorvault is morally problematic for three main reasons. First, the minimum age required for managing your own Google account in North America is 13, meaning that Google can begin constructing the digital profiles of children, despite the likelihood that they are unable to comprehend the Terms and Service agreement or its implications. Their digital files are thus created prior to the (legal) possibility of providing meaningful consent.

Second, the dominance of Google’s Search Engine, Maps, and other services are making it increasingly less feasible to live a Google-free life. In the absence of a meaningful exit option, the value of supposed consent is significantly diminished. Third, as law professor Daniel Solove puts it, “Life today is fueled by information, and it is virtually impossible to live as an Information Age ghost, leaving no trail or residue.” Even if you avoid using all Google services, your digital profile can and will still be constructed from other data point references about your life, such as income level or spending habits.

The operation of Sensorvault and similar databases also raise moral concerns about individual privacy. Materially speaking, the content in Sensorvault puts individuals at extreme risks of fraud, identity theft, public embarrassment, and reputation damage, given the detailed psychological profiles and life-patterns contained in the database. Google’s insistence that protective safeguards are in place is not particularly persuasive either in light of recent security breaches, such as Social Security numbers and health information of military personnel and their families being stolen from a United States Army Base.

More abstractly, these data collection agencies represent an existential threat to our private selves. Solove argues in his book “The Digital Person” that the digital dossiers amassed by private corporations are eerily reflective of the files that Big Brother has on its citizens in 1984. He also makes a comparison between the secrecy surrounding these profiles and The Trial, in which Kafka warns of the dangers of losing control over personal information and enabling bureaucracies to make decisions about our lives without us being aware.

The stakes are growing increasingly high as Google, Amazon, and FamilyTreeDNA move beyond using data collection for their own purposes and are now collaborating with law enforcement agencies. These private companies attempt to justify their practices on the grounds that they are a boon to policing practices and are effectively helping to solve and deter crime. However, even if you are sympathetic to their justification, there are still significant ethical and legal reasons to be concerned by the growing relationship between data collecting private-sector companies and law enforcement agencies.

In Google’s case, the data in Sensorvault is being shared with the government as part of a new policing mechanism. American law enforcement agencies have recently started issuing “Geofence warrants” which grant them access to the digital trails and location patterns left by individuals’ devices in a specific time and area, or “geofence.” Geofencing warrants differ significantly from traditional warrants because they permit law enforcement to obtain access to Google user’s data without probable cause. According to one Google employee, “the company responds to a single warrant with location information on dozens or hundreds of devices,” thus ensnaring innocent people in a digital dragnet. As such, Geofencing warrants raise significant moral and legal concerns in that they circumvent the 4th Amendment’s protection of privacy and probable cause search requirement.

Amazon’s Ring (a home surveillance system) is also engaged in morally problematic relations with law enforcement. They have partnered with hundreds of departments in the US to provide police with data from their customers’ home security systems. Reports suggest that Ring has shared the locations of their customers’ homes with law enforcement, is working on enabling police to automatically activate Ring cameras in an area where a crime has been committed, and that Amazon is even coaching police on how to gain access to user’s cameras without a warrant.

FamilyTreeDNA, one of the country’s largest genetic testing companies, is also putting consumers’ privacy and security at risk by providing its data to the FBI. FamilyTree has offered DNA testing for nearly two decades, but in 2018, it willingly granted law enforcement access to millions of consumer profiles, many of which were collected before users were aware of the company’s collaboration with law enforcement. While police have long been using public genealogy databases to solve crime, FamilyTree’s partnership with the FBI marks one of the first times a private-sector database has willingly shared the sensitive information of its consumers with governmental agencies.

Several strategies might be pursued to mitigate the concerns raised by these companies regarding consent, privacy, and law enforcement collaboration. First, the US ought to consider adopting safeguards similar to the EU’s General Data Protection Regulations which, for example, sets the minimum age of consent for Google Users at 16 and stipulates that Terms of Service “should be provided in an intelligible and easily accessible form, using clear and plain language and it should not contain unfair terms.” Second, all digital and DNA data collecting companies should undergo strict security testing to protect against theft, fraud, and the exposure of personal information. Third, given the extremely private and sensitive nature of such data, regulations ought to be enacted to prevent private companies like Family Tree from sharing profiles they amassed before publicly disclosing their partnership with law enforcement. Fourth, the US Congress Committee on Energy and Commerce should continue to monitor and inquire into companies as they did in their 2019 letter to Google. There needs to be greater transparency regarding what data is being stored and for what purposes. Finally, the 4th Amendment must become a part of the mainstream conversation regarding the amassing of digital dossiers, DNA profiles, and the access to such data by law enforcement agencies without probable cause.