Smartphone Surveillance and Data-Mining: Who is Protecting Us?

A man walks past an illuminated display outside an Apple store in Hong Kong on Nov. 20, 2012. (ANTHONY WALLACE/AFP/Getty Images)
By Rex M. Lee

Commentary

This article is part of a series on corporate surveillance highlighting civil liberty, privacy, cyber security, safety, and tech-product user exploitation threats associated with connected products that are supported by the Android (Google) OS, Apple iOS, and Microsoft Windows OS.

In my last article “Government Fails to Enforce Privacy, Telecommunication, and Consumer Laws Meant to Protect Citizens,” I discussed how telecommunication subscribers (smartphone owners) have numerous rights and are supposed to be protected by the constitution (U.S. citizens), the Federal Communications Commission (FCC), Federal Trade Commission (FTC), and state attorneys general from unwarranted surveillance and deceptive trade practices associated with smartphones and retail products.

I’ve also discussed how Verizon and T-Mobile have admitted that smartphones and connected products supported by the Android, Apple, and Microsoft Windows operating systems are not private, secure, or safe forms of telecommunications and computing due to pre-installed surveillance and data-mining technology supported by misleading and confusing terms of use.

In short, pre-installed and third-party content such as apps are nothing more than a legal form of malware supported by terms of use that are deceptive in nature due to unpublished legalese and product warnings that are hidden within the operating system (OS) of a device (e.g. smartphone), rather than being published online within terms and conditions contracts and privacy policies for users to access.

The intrusive terms of use can be described as “cyber-enslavement” agreements, enabling the content developers to exploit the product user for financial gain at the expense of the product user’s civil liberties, privacy, cybersecurity, and safety.

Data-Mining Onslaught

As previously discussed, due to pre-installed (“rooted”) surveillance and data-mining technology, as many as 15 or more multinational companies, including companies from China, are enabled to monitor, track, and data mine a single smartphone user for financial gain via addictive, intrusive, exploitative, and harmful technology.

Companies such as Google and Baidu, a nation-state company from China, have a partnership in which Google is distributing surveillance and data-mining technology (e.g. web browser and apps) developed by Baidu.

The intrusive Android Baidu content supports telecom-related products such as smartphones, resulting in Baidu being able to monitor, track, and data mine U.S. telecom subscribers and authorized device users for financial gain, posing huge civil liberty, privacy, cyber security, and safety threats to citizens, children, and business professionals.

An investigation of the terms of use on my Samsung Galaxy Note smartphone revealed uncontrollable pre-installed Baidu surveillance and data-mining technology associated with an email app.

Example: Pre-installed Android Baidu surveillance and data-mining technology, interactive application permission command string, Samsung Galaxy Note supported by the Android OS. (Screenshots and annotations via Rex M. Lee)
Example: Pre-installed Android Baidu surveillance and data-mining technology, interactive application permission command string, Samsung Galaxy Note supported by the Android OS. (Screenshots and annotations via Rex M. Lee)

I also discussed in my last article that filing formal complaints with all companies concerned, plus the FTC, FCC, and state attorneys general may result in obtaining some transparency in regards to some business practices, but will not result in protection against predatory surveillance and data-mining business practices employed by Google, Apple, Microsoft, Amazon, Facebook, and Baidu.

All of this leads us to two important questions:

  • Can we trust data-driven technology providers such as Google, Apple, Microsoft, Amazon, Facebook, and Baidu with our telecom-related personal and professional information (“digital DNA”)?
  • Can we trust the FTC, FCC, and state attorneys general to enforce existing telecom and consumer laws that are meant to protect the privacy of the telecom subscriber (“paying customer,” both individual and business) and authorized device user (spouse, child, employee, etc.) plus protect consumers from deceptive trade practices that may result in harm to the consumer, including children?

In short, no. I will explain why below.

Proof of Harm

People often ask me to provide proof that the predatory surveillance and data-mining business practices that I discuss pose harm to the smartphone and connected-product user, that is, you and me.

People also ask me to prove that smartphone and connected-product owners are being exploited for financial gain by way of misleading, confusing, and exploitative business practices employed by data-driven technology providers.

I like a good challenge, so I will address some harmful technology plus what I believe are unfair business and deceptive trade practices employed by data-driven technology providers below.

It should be noted that the civil liberty, privacy, cyber security, safety, and tech-product user exploitation threats associated with the Facebook–Cambridge Analytica scandal are systemic to all smartphones and connected-product users.

Don’t take my word for this claim: Let’s look at what other technology journalists have exposed in regards to negligence, abuse, and misuse of a person’s personal and professional information (digital DNA) resulting in harm.

Below are examples that have been reported in the news over the past year or so:

1. Google failed to disclose data breach associated with third-party apps regarding Google+: Intrusive third-party apps raided Google+ users’ personal and professional information—The Guardian and Wall Street Journal, October 2018.

2. Apple sold it users out to Google for billions of dollars: Apple users have to accept Google’s intrusive terms of use when accepting Apple terms of use due to a partnership with Google—Business Insider, September 2018.

(Screenshot via Rex M. Lee)

3. T-Mobile, Spotify, and Yelp use apps that can track users even after the apps are uninstalled: Several companies such as Adjust, AppsFlyer, MoEngage, Localytics, and CleverTap offer uninstall trackers; the information is then used to target ads at the uninstaller—Bloomberg, October 2018.

4. Fitness tracker app’s misuse of data associated with the U.S. military resulted in the exposure of classified information putting U.S. soldiers in harm’s way: Heat maps that were published online exposed confidential and protected location data, exposing the location of military installations and personnel—Fortune, January 2018.

5. Vulnerability in Apple mobile device management (MDM) tool exposes sensitive corporate data to bad actors: Apple MDM enrollment tool exposes sensitive corporate information – Threat Post, September 2018.

6. Verizon, AT&T, Sprint, and T-Mobile sold user location data to negligent data brokers putting millions of telecom subscribers, including children and business professionals, in harm’s way: Customers of the LocationSmart aggregator/broker were caught misusing telecom subscribers’ location data, potentially violating the user’s due process and Fourth Amendment rights, as user location information ended up being exposed to law enforcement. Also, a flaw in LocationSmart’s website was discovered that potentially enabled anyone to track a user’s cellphone location—Business Insider, June 2018 and Krebs On Security, May 18.

7. Google logged in users without consent while the FTC does not investigate deceptive trade practices employed by Google: Google was caught logging users into their Chrome web browser without user consent, potentially enabling tracking of users’ internet use—CNBC, September 2018.

8. Facebook data breach exposed millions of users’ personal and professional information to bad actors worldwide while the FTC and law makers accept yet another apology from Facebook: Facebook’s failure to protect their users from harm resulted in a data breach exposing more than 50 million users’ personal and professional digital DNA to hackers and/or bad actors—Forbes, September 2018.

9. Android (Google) apps could potentially launch DDoS attacks that threaten millions of businesses, hospitals, utilities, and government agencies worldwide: Hundreds of apps distributed via Google Play were removed due to the apps ability to launch distributed denial of service (DDoS) attacks—Gizmodo, August 2017.

10. Google tracking Android users without consent while the FTC and state attorneys general fail to enforce existing consumer laws associated with deceptive trade practices: Google is enabled to track connected-product users even when location services are turned off—Quartz, November 2017 and Associated Press, August 2018.

It is sad to say that I can continue pointing out real-world examples of harm, but we need to move on.

Who is Protecting Us?

Regarding other industries besides tech, companies that market products that bring harm or even death to the product user are forced by government to recall said products while paying out hundreds of millions of dollars in claims and fines to all parties harmed.

Executives of companies whose negligence results in harm to their customers and/or intentionally deceive their customers are prosecuted and sent to jail for lesser offenses than what other journalists and I have documented in this article.

However, when it comes to big tech, companies such as Google, Apple, and Facebook seem to be bulletproof, even though these companies are piling up a record of abuse, negligence, and harmful use of their paying customers’ personal and professional digital DNA.

Former Alphabet Inc. executive chairman Eric Schmidt, Facebook co-founder Sean Parker, and former Google designer Tristan Harris have publicly admitted that Google and Facebook intentionally develop addictive, intrusive, and harmful technology so that each company can exploit their product users for financial gain, yet the FTC, FCC, and state attorneys general will not even enforce existing consumer laws that are meant to protect the technology user’s privacy while protecting consumers from deceptive trade practices.

I cannot conclude that any company mentioned is actually violating any existing consumer laws, but the evidence provided might help you, as well as the FTC, FCC, state attorneys general, lawmakers, and legal professionals, decide if they are. I’m just the messenger.

To affirm: Losing privacy is bad enough, but to be exploited for financial gain at the expense of your civil liberties, privacy, cyber security, and safety should be unacceptable to anyone who has purchased a smartphone or connected product supported by the Android OS, Apple iOS, and Microsoft Windows OS.

It is time to hold the executives of these companies accountable rather than treating them like rock stars when they go on stage to sell us their snake oil.

Who is protecting us from predatory surveillance and data-mining business practices that can result in harm to the user?

How come the FTC, FCC, state attorneys general, and lawmakers are silent in light of so many examples of harm associated with social media platforms, smartphones, and connected products?

How did we get here, plus how is this legal?

I think we all agree that surveillance and data-mining business practices are out of control. It is time for citizens to take action by contacting their service providers, the FTC, FCC, state attorneys general, and lawmakers to demand protection.

In closing, I don’t know about you, but I’m tired of being exploited for financial gain at the expense of my civil liberties, privacy, cyber security, and safety via products of necessity such as a smartphone and PC.

It would be different if there were private, secure, and safe alternatives to choose from, but according to Verizon, people cannot even purchase a private, secure, or safe smartphone, tablet PC, or even a flip phone due to predatory surveillance and data-mining business practices employed by all companies concerned.

In the next three articles within this series, I will address the legality of the terms of use, privacy and cyber security threats associated with all products concerned, and a solution in the form of an Electronic Bill of Rights that I’ve proposed to law makers.

Rex M. Lee is a privacy and data security consultant and Blackops Partners analyst and researcher: www.MySmartPrivacy.com

Views expressed in this article are the opinions of the author and do not necessarily reflect the views of The Epoch Times.

Be the first to comment

Leave a Reply