During the pandemic, our dependence on technology has increased more than ever. We use technology to attend school, go to work, communicate with family and friends, move supplies and merchandise, streamline medical processes, and much more. Technology is used to bring a level of convenience to our everyday lives as well as to provide companionship. Research studies indicate that by 2030 every smart device owner will own approximately 15 interconnected devices globally, which equates to about 125 billion devices . Among the many advantages we gain from technology are useful applications such as global positioning systems (GPS), smart cities, smartphones, and medical innovations. As technology becomes increasingly interconnected, however, several disadvantages arise, including information security risks, single points of failure, and privacy. These vulnerabilities can have vital impacts on society, as they can cause important systems to come to a complete standstill.
According to the Oxford English Dictionary, privacy is "the state or condition of being alone, undisturbed, or free from public attention, as a matter of choice or right; seclusion; freedom from interference or intrusion." In 1974, the United States Privacy Act was enacted as a federal law (Title 5, Section 552a, of the United States Code (5 U.S.C.552a)). Its intention was "to balance the government's need to maintain information about individuals with the rights of individuals to be protected against unwarranted invasions of their privacy resulting from the collection, maintenance, use, and disclosure of personal information."
→ Smart devices are rapidly expanding and invading consumers' privacy. They conduct surveillance.
→ As software and technology are created to advance society, the privacy of consumers should be carefully taken into consideration.
→ U.S. federal laws should be enacted to ensure that the transparency of technology is presented to consumers.
As individuals use technology, it collects data about them and their interactions. More than 2.5 quintillion bytes of data are created every day. (To envision this amount, imagine 2.5 quintillion pennies laid out flat. They would cover the Earth's surface five times.) Mathematician Clive Humby coined the phrase "data is the new oil," indicating that data is shaping the world in which we live. This insatiable desire of companies and corporations to access personal data might seem inconceivable to most people.
Various algorithms have been developed using software to parse massive amounts of data quickly. Artificial intelligence (AI) algorithms provide this capability. There are three main categories of AI: narrow AI, general AI, and super AI. Narrow AI, also referred to as weak AI, contains a narrow range of abilities, where singular tasks can be completed. Narrow AI can do things such as complete digital forms, make fight and hotel reservations, and perform facial and speech recognition. General AI, also known as strong AI, is more advanced. At this level, AI will be able to think, understand, and act more in the manner of human beings. In this category, the data that humans share through technology usage would not be considered private or subject to privacy. Lastly, super AI will be even more advanced than both narrow and general AI, exceeding all the abilities and intelligence of humans.
Official guidelines and standards should be established so that all users are aware of the data being collected about them.
Of the three AI categories, only narrow AI has been achieved. But as technology advances, what would happen if technology containing all these levels of AI becomes compromised and data breaches occur? This question should be thoroughly addressed before introducing new AI software and technology to society. As data amasses from users around the world, another question that we should strongly consider is, Do humans have privacy?
Smart speakers, where users say a keyword(s) to wake up the device and then issue commands, have been introduced to our society. This technology incorporates AI to automate user requests. For example, a user says, "Wake up, play 'I Smile' by Kirk Franklin" (the keywords here are wake up) and the smart speaker responds by searching for the song and playing it.
Several security and privacy issues have occurred with smart speakers. There have been reports of smart speakers recording conversations and sending them to individuals on the device owner's contact list without the owner's knowledge . There also have been reports of someone having access to another person's library of recordings connected to their smart speaker . Once another individual has access to this data, the user can't reverse the data breach unless the company makes the necessary modifications. Also, the user who experienced the data breach wouldn't know if the involved party has downloaded any of their data.
The patent applications of some major U.S. tech companies reveal how voice assistants via smart speakers are "spying" on users , as devices listen to or record whatever is in their vicinity. The recording is analyzed using AI techniques to intelligently decipher words; this information is used to send advertisements and other information to the device owner, using whichever account the owner is signed in to and using. Also, there have been reports of tech company employees analyzing the recorded data .
A privacy breach can be as simple as having GPS enabled on your cellphone. A major tech company is able to provide you with a history of all the places you've been over a period of time. This raises the question not only of privacy, but also of surveillance.
We are all vulnerable to surveillance through some form of technology. Take augmented and virtual reality, for example. Augmented reality (AR) permits the digital world to coexist with the real world; virtual reality (VR) takes place in a completely artificial environment. Both AR and VR are accessed through a headset and controllers that contain sensors that can collect users' biometric data, by which individuals can be identified according to their physical and behavioral characteristics. Captured biometric data can invite the tracking of individuals through the sale of their data to third-party vendors, or even in processing the data via AI. Though analysis is needed to gain a better understanding of such AR and VR products, users face privacy risks. If the company stores the data internally, it's possible a security breach could take place, which would put users at risk of surveillance via the compromised data.
Though technology has advanced immensely, bringing many benefits, users and administrators of technology have the ability to conduct surveillance on people. Governments have the ability to listen in on cellphone calls, use voice recognition to scan mobile networks, censor webpages, track the movement of citizens via GPS, read emails and text messages, and even change the content of an email while it's en route to a recipient . Major tech companies that sell smart speakers have the ability to listen to conversations via the devices . The installation of tools that contain malicious malware and spyware used by cybercriminals can enable the activation of deactivated webcams and microphones on devices without their owners' knowledge. After the information is filtered and organized, it is possible to spy on every person in the country .
A major U.S.-based tech company has integrated facial recognition technology into its company culture by using it to identify employees (approximately 20,000 people work at the company's headquarters alone) and visitors, including visitors' license plates . In addition to many other concerns about facial recognition technology , which has been banned in several U.S. cities , there are concerns about privacy in the event of a data breach. The company's policy is that visitors' faces will be retained for 30 days, but it will keep data on visitors who are denied access to a site for 30 years and store the data in its own data centers.
There are several issues with surveillance, including 1) the possibility of misidentification, 2) compromised biometric information, 3) controlled access, and 4) lack of freedom or privacy. There are additional areas of concern with surveillance from a data and end-user perspective, such as 1) device owners and users not being able to fully delete any data captured through the device, 2) device owners and users not having the ability to opt out of anything they don't agree with while continuing to use the technology or service, and 3) device users not being aware of all the components contained within the device that allow the user to be spied on.
Despite the continuing evolution of technology, federal laws in the U.S. have not yet been enacted to ensure the protection of citizens' privacy. Companies and organizations are not mandated to develop technology that abides by requirements based on an industry-wide standard or a federal mandate.
Official guidelines and standards should be established so that all users are aware of the data being collected about them. To ensure users are aware of the potential privacy risks, they should be informed of all sensors that are contained in each component of technology, including microphones, cameras, and other surveillance vectors. This should be mandated through policy and the enactment of federal laws for both public and private organizations. A grading system should be issued for each type of technology product and software application that companies develop around the world, but especially in the U.S. This system should inform users of potential security and privacy risks in the device and how these relate to them. Finally, the U.S. should have federal laws that govern U.S.-based software and technology companies about maintaining users' privacy. As we develop technology, we have to keep in mind both the benefits that are created through technological advances and the disadvantages that can be introduced.
But the most important question we need to consider is, How are we building a technologically advanced society where privacy is maintained?
I would like to thank the U.S. Department of Education under the Title III Historically Black Graduate Institutions Grant for their funding. A special thank you to the faculty in the Department of Computer Science and the Graduate College at North Carolina Agricultural and Technical State University, as well as fellow researchers in the Department of Computer Science.
1. Heslop, B. By 2030, each person will own 15 connected devices—Here's what that means for your business and content. ToolBox Marketing. Feb. 2, 2022; https://www.toolbox.com/marketing/iot-in-marketing/articles/by-2030-each-person-will-own-15-connected-devices-heres-what-that-means-for-your-business-and-content/
2. Sacks, E. Alexa privacy fail highlights risks of smart speakers. NBC News. May, 26, 2018; https://www.nbcnews.com/tech/innovation/alexa-privacy-fail-highlights-risks-smart-speakers-n877671
3. Dellinger, A.J. Amazon sends a user someone else's Alexa recordings by mistake. Digital Trends. Dec. 20, 2018; https://www.digitaltrends.com/home/amazon-alexa-sends-recordings-to-wrong-person/
4. How Google and Amazon are 'spying' on you. Consumer Watchdog; https://www.consumerwatchdog.org/privacy-technology/how-google-and-amazon-are-spying-you
5. O'Flaherty, K. Amazon staff are listening to Alexa conversations—Here's what to do. Forbes. Apr. 12, 2019; https://www.forbes.com/sites/kateoflahertyuk/2019/04/12/amazon-staff-are-listening-to-alexa-conversations-heres-what-to-do/?sh=5755733d71a2
6. Electronic Frontier Foundation. Surveillance technologies; https://www.eff.org/issues/mass-surveillance-technologies
7. Rogoway, M. Intel starts using facial recognition technology to ID workers, visitors. Oregon Live. Mar. 11, 2020; https://www.oregonlive.com/silicon-forest/2020/03/intel-starts-using-facial-recognition-technology-to-scan-workers-visitors.html
8. Martin, N. The major concerns around facial recognition technology. Forbes. Sep. 25, 2019; https://www.forbes.com/sites/nicolemartin1/2019/09/25/the-major-concerns-around-facial-recognition-technology/?sh=24bd9394fe3e
9. Miller, K. Facial recognition: Current uses, concerns, and state action. MultiState. Feb. 19, 2020; https://www.multistate.us/insider/2020/2/19/facial-recognition-current-uses-concerns-and-state-action
Janelle Mason received her B.S. and M.S. degrees in computer science from North Carolina Agricultural and Technical State University in Greensboro, NC, USA, where she is pursuing her Ph.D. in computer science. Her research interests include biometrics, cybersecurity, identity, and the Internet of Things. firstname.lastname@example.org
©2022 ACM 1072-5520/22/03 $15.00
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee.
The Digital Library is published by the Association for Computing Machinery. Copyright © 2022 ACM, Inc.