Your Data is Being Used to Track You: How the IoT Became a Surveillance Network

The Expanding Web of Sensorveillance

Digital surveillance is no longer confined to what we actively share online. Increasingly, our everyday objects – from smartphones and cars to even bicycles – are collecting data that can be used to track our movements, and activities. This phenomenon, termed “sensorveillance” by law professor Andrew Guthrie Ferguson, is transforming the Internet of Things into a vast, always-on surveillance network. The implications for privacy and civil liberties are significant, as law enforcement gains access to unprecedented levels of personal data.

Ferguson, author of Your Data Will Be Used Against You: Policing in the Age of Self-Surveillance, details how this shift is occurring, and the tools being used to repurpose consumer technology for law enforcement purposes. The core issue isn’t necessarily the *collection* of data, but the ease with which it can be accessed and used against individuals, often without their knowledge or explicit consent.

From Bank Robberies to Accidental Alerts

The practical implications of sensorveillance are already evident in real-world cases. In Midlothian, Virginia, police investigating a bank robbery leveraged data from Google to identify potential suspects. By requesting information on all phones near the bank during the time of the crime, investigators were able to narrow down the list and ultimately charge Okelle Chatrie. The Department of Justice confirmed Chatrie’s sentencing in connection with the robbery.

Even seemingly innocuous features in our vehicles can contribute to this surveillance landscape. Cathy Bernstein learned this the hard way when her Ford, equipped with 911 Assist, automatically reported an accident to police after she struck another vehicle and left the scene. As reported by Business Insider, the car’s automated system effectively acted as an informant, leading to her arrest.

The Internet of Things and the Rise of Data Collection

The foundation of sensorveillance lies in the proliferation of the Internet of Things (IoT). Originally conceptualized by Kevin Ashton in the late 1990s, the IoT envisioned a network of everyday objects equipped with sensors and RFID tags capable of collecting and sharing data. Ashton’s initial vision focused on supply chain management and environmental monitoring, but the IoT has evolved to encompass a far wider range of devices and applications.

Today’s IoT devices utilize Wi-Fi, Bluetooth, cellular connections, and GPS to record data about movement, temperature, pressure, and location. This constant stream of information creates a detailed record of our lives, readily accessible to those with the means to collect and analyze it. The shift from “dumb” objects – like a simple bicycle – to “smart” objects capable of tracking and transmitting data represents a fundamental change in our relationship with the physical world.

Cellphone Surveillance and the Sensorvault

Cellphones are arguably the most pervasive and powerful tools in the sensorveillance arsenal. Cellphone companies track location through cell tower connections, creating a record of a user’s movements over time. This data, known as cell-site location information (CSLI), can be used to reconstruct an individual’s past travels. The Supreme Court addressed the constitutional implications of CSLI tracking in United States v. Carpenter (2018), ruling that obtaining long-term CSLI requires a warrant.

For years, Google’s Sensorvault served as a central repository for this type of location data, combining information from GPS, Bluetooth, cell towers, and Wi-Fi signals. Law enforcement agencies frequently sought warrants to access data from the Sensorvault, with Google receiving over 11,500 such requests in 2020. Though, in 2024, Google announced it would stop retaining all this data in the cloud, storing geolocation information on individual devices instead. While this change offers some increased privacy, it doesn’t eliminate the possibility of law enforcement access with a warrant.

Beyond Google’s services, even seemingly unrelated apps can collect location data. A case in Pennsylvania demonstrated how prosecutors used data from an iPhone flashlight app to prove a burglar’s presence at a crime scene, highlighting the hidden costs of “free” apps.

Vehicular Data and the Expanding Scope of Surveillance

Modern vehicles are becoming increasingly sophisticated data collectors. Beyond basic telemetry data like speed and braking information, connected cars can collect data on driving habits, entertainment preferences, and even potentially sensitive personal information. Companies like Stellantis and Nissan have privacy policies that reserve the right to collect extensive data, including information about “sexual activity” and “health diagnosis,” raising serious privacy concerns. Mozilla Foundation’s privacy review found that most car brands fail to adequately protect user privacy.

This data can be accessed through mobile extraction devices or directly through the vehicle’s telemetry system. The increasing prevalence of connected car technology means that vehicles are becoming a significant source of surveillance data.

The Fourth Amendment and the Law of Smart Things

The Fourth Amendment protects against unreasonable searches and seizures, but its application to data collected by smart devices is complex. The question of whether data generated by these devices constitutes an “effect” protected by the Fourth Amendment remains a subject of legal debate. The Supreme Court’s rulings in United States v. Jones and Carpenter have established some limits on government access to location data, but the legal landscape is still evolving.

The practice of law enforcement purchasing data from third-party brokers further complicates the issue. If the government simply buys data that has been voluntarily collected by private companies, it may be able to circumvent Fourth Amendment protections. This raises concerns about the potential for unchecked surveillance and the erosion of privacy rights.

What Comes Next: Balancing Security and Privacy

The rise of sensorveillance presents a fundamental challenge: how to balance the legitimate needs of law enforcement with the privacy rights of individuals. Technological solutions, such as localizing data processing on devices and strengthening data encryption, can facilitate mitigate some of the risks. However, these measures are not foolproof, and ongoing legal and policy debates are crucial to establishing clear boundaries for data collection and access. The future will likely involve a continued negotiation between innovation, security, and the fundamental right to privacy in an increasingly connected world.