Back to Prindle Institute

Sensorvault and Ring: Private-Sector Data Collection Meets Law Enforcement

closeup photograph of camera lens

Concerns over personal privacy and security are amplifying as more information surfaces about the operations of Google’s Sensorvault, Amazon’s Ring, and FamilyTreeDNA.

Sensorvault, Google’s enormous database, stands out from the group as a major player in the digital profiling arena. Since at least 2009, it has been amassing data and constructing individual profiles for all of us based on vast information about our location history, hobbies, race, gender, income, religion, net worth, purchase history, and more. Google and other private-sector companies argue that the amassment of digital dossiers facilitates immense improvements in their efficiency and profits. However, the collection of such data also raises thorny ethical concerns about consent and privacy.

With regard to consent, the operation of Sensorvault is morally problematic for three main reasons. First, the minimum age required for managing your own Google account in North America is 13, meaning that Google can begin constructing the digital profiles of children, despite the likelihood that they are unable to comprehend the Terms and Service agreement or its implications. Their digital files are thus created prior to the (legal) possibility of providing meaningful consent.

Second, the dominance of Google’s Search Engine, Maps, and other services are making it increasingly less feasible to live a Google-free life. In the absence of a meaningful exit option, the value of supposed consent is significantly diminished. Third, as law professor Daniel Solove puts it, “Life today is fueled by information, and it is virtually impossible to live as an Information Age ghost, leaving no trail or residue.” Even if you avoid using all Google services, your digital profile can and will still be constructed from other data point references about your life, such as income level or spending habits.

The operation of Sensorvault and similar databases also raise moral concerns about individual privacy. Materially speaking, the content in Sensorvault puts individuals at extreme risks of fraud, identity theft, public embarrassment, and reputation damage, given the detailed psychological profiles and life-patterns contained in the database. Google’s insistence that protective safeguards are in place is not particularly persuasive either in light of recent security breaches, such as Social Security numbers and health information of military personnel and their families being stolen from a United States Army Base.

More abstractly, these data collection agencies represent an existential threat to our private selves. Solove argues in his book “The Digital Person” that the digital dossiers amassed by private corporations are eerily reflective of the files that Big Brother has on its citizens in 1984. He also makes a comparison between the secrecy surrounding these profiles and The Trial, in which Kafka warns of the dangers of losing control over personal information and enabling bureaucracies to make decisions about our lives without us being aware.

The stakes are growing increasingly high as Google, Amazon, and FamilyTreeDNA move beyond using data collection for their own purposes and are now collaborating with law enforcement agencies. These private companies attempt to justify their practices on the grounds that they are a boon to policing practices and are effectively helping to solve and deter crime. However, even if you are sympathetic to their justification, there are still significant ethical and legal reasons to be concerned by the growing relationship between data collecting private-sector companies and law enforcement agencies.

In Google’s case, the data in Sensorvault is being shared with the government as part of a new policing mechanism. American law enforcement agencies have recently started issuing “Geofence warrants” which grant them access to the digital trails and location patterns left by individuals’ devices in a specific time and area, or “geofence.” Geofencing warrants differ significantly from traditional warrants because they permit law enforcement to obtain access to Google user’s data without probable cause. According to one Google employee, “the company responds to a single warrant with location information on dozens or hundreds of devices,” thus ensnaring innocent people in a digital dragnet. As such, Geofencing warrants raise significant moral and legal concerns in that they circumvent the 4th Amendment’s protection of privacy and probable cause search requirement.

Amazon’s Ring (a home surveillance system) is also engaged in morally problematic relations with law enforcement. They have partnered with hundreds of departments in the US to provide police with data from their customers’ home security systems. Reports suggest that Ring has shared the locations of their customers’ homes with law enforcement, is working on enabling police to automatically activate Ring cameras in an area where a crime has been committed, and that Amazon is even coaching police on how to gain access to user’s cameras without a warrant.

FamilyTreeDNA, one of the country’s largest genetic testing companies, is also putting consumers’ privacy and security at risk by providing its data to the FBI. FamilyTree has offered DNA testing for nearly two decades, but in 2018, it willingly granted law enforcement access to millions of consumer profiles, many of which were collected before users were aware of the company’s collaboration with law enforcement. While police have long been using public genealogy databases to solve crime, FamilyTree’s partnership with the FBI marks one of the first times a private-sector database has willingly shared the sensitive information of its consumers with governmental agencies.

Several strategies might be pursued to mitigate the concerns raised by these companies regarding consent, privacy, and law enforcement collaboration. First, the US ought to consider adopting safeguards similar to the EU’s General Data Protection Regulations which, for example, sets the minimum age of consent for Google Users at 16 and stipulates that Terms of Service “should be provided in an intelligible and easily accessible form, using clear and plain language and it should not contain unfair terms.” Second, all digital and DNA data collecting companies should undergo strict security testing to protect against theft, fraud, and the exposure of personal information. Third, given the extremely private and sensitive nature of such data, regulations ought to be enacted to prevent private companies like Family Tree from sharing profiles they amassed before publicly disclosing their partnership with law enforcement. Fourth, the US Congress Committee on Energy and Commerce should continue to monitor and inquire into companies as they did in their 2019 letter to Google. There needs to be greater transparency regarding what data is being stored and for what purposes. Finally, the 4th Amendment must become a part of the mainstream conversation regarding the amassing of digital dossiers, DNA profiles, and the access to such data by law enforcement agencies without probable cause.

Data Transparency: Knowing What Google Knows about You

photograph of iphone with image of an eye on screen

I use Google products for most things: I primarily use Gmail for my email, Google Calendar to keep myself organized, and Google Fit to feel guilty about not exercising enough. I’ll also use my Google credentials to log into other sites, or to use apps or services (sometimes apps on my phone want me to sign in with my Google account, and games want me to connect with Google Play). Of course, Google is not the only company to do this: if you have an iPhone and use whatever i-equivalents you have on your devices of choice, your data is being harvested just as much as mine is. While I am well aware of the fact that Google collects information about me, it’s not super-clear what, exactly, they are collecting, just how much information they are gathering, and what they are doing with that data.

Google has taken some strides towards greater transparency, however, having recently offered its users the ability to download an archive of all the data that the company has collected from you. If you’re  a Google products user, then you can visit the site, after which an archive will be created for you to download; you can also visit this site to see the profile that Google has created of you for the purpose of showing you ads it thinks you’ll like. People online have expressed varying degrees of surprise about how much Google in fact knows, and the kind of profile that it has built of you as a user, not to mention the sheer quantity of data that it has collected. While many have expressed that it is creepy that Google should know so much about them, are there legitimate ethical issues that underlie these feelings of creepiness?

Consider first what, exactly, Google knows about me: according to the profile it created, it knows that I’m male, 35-44 years old, Canadian, and that I like sports, cats, politics, and that I check the weather compulsively. It is not 100% accurate: for instance, it thinks I like blues music (which I really don’t), but overall it’s constructed a very accurate profile of my likes and dislikes. 

While this may seem relatively innocuous, things get real creepy real quick: for example, many have been surprised to find that whenever you search by voice for something instead of typing, Google keeps an audio recording of what you’ve said. In my own archive, I could listen to my recordings, most of which I had long forgotten their purpose. For example, a sample of mine included searches for:

“2.874 times two-thirds”

“198 grams in ounces”

“how to quickly soften brown sugar”

“ben…ben, dammit b-e-n, I said ben!”

“do NBA players wear cups?”

“what happened to Brendan Fraser?”

While these are all worthwhile questions, it was a little unsettling to discover that Google had saved a recording expressing my concern for the career of Brendan Fraser from over 3 years ago. People have also recently been creeped out after learning that various other devices that employ voice commands saving recordings, especially with regards to Amazon’s Alexa keeping recordings of voice commands. While it makes sense that some computer somewhere would need to record your voice in order to interpret what you’re saying, it’s somewhat unsettling to learn that these files are stored permanently.

I was also surprised to find that Google had logged the GPS coordinates of every place that I had used my phone or computer (you can see this data visualized after uploading the relevant file here after you’ve downloaded your own archive). For instance, Google had recorded my trip from Winnipeg to Brandon, Manitoba from 2017:

As well as the time I got a bit lost on a forest trail in Spain later that same year:

While it is perhaps less surprising that Google should keep a log of everywhere I’ve been than a recording of all the times I asked it to do baking conversions, it’s weird to think that it knows everywhere I’ve been, especially given that I don’t recall ever being told that it would do so.

So: some of this is weird, some is interesting, and some is creepy. Are there any ethical problems here?

Assuming that all of your information is, in fact, being kept private, and that you have, in fact, consented to letting Google collect all the information that it has collected, there is still reason to be worried about Google knowing so much about you. Consider first the degree of opacity with which a company like Google operates when it comes to what it knows about you. While it is certainly the case that Google will inform you that certain sites or apps that request access to your data are doing so, it is often not clear what that entails. Google does give you a breakdown of what it does with your data, especially when it comes to advertising. While the explanation is simple in theory – you are shown ads based on what Google thinks you’ll like to see, and they make money if you click on said ads – there is plenty that stays hidden, especially when it comes to which particular advertisers you are likely to be shown.

Google’s process of showing users ads in its search results has recently led to some problems: when some users searched for clinics that provided abortions, for example, Google provided targeted ads from anti-abortion organizations that were deliberately attempting to mislead users into visiting their sites, or in some cases leading them astray on Google maps. While Google is upfront about the fact that they use your data to tailor advertisements, they are far from forthcoming about which advertisements you’re likely to see, and if they are not diligent about their advertisers, advertisers with ulterior motives will be able to continue to be able to game the system.

One can take some steps to better control what information Google collects about you. But with these kinds of services having become so deeply ingrained into our everyday lives, it is more likely than not that Google will continue to be provided with plenty of data about its users. At the very least, it is worthwhile knowing what Google knows about you.