Selling Surveillance as Convenience

Illustration: Em / Privacy Guides | Photo: Zeki Okur / Unsplash

Increasingly, surveillance is being normalized and integrated in our lives. Under the guise of convenience, applications and features are sold to us as being the new better way to do things. While some might be useful, this convenience is a Trojan horse. The cost of it is the continuous degradation of our privacy rights, with all that that entails.

As appalling as it is, the truth is the vast majority of software companies do not consider privacy rights and data minimization practices strongly enough, if at all. Most fail to implement the principles of Privacy by Design that should guide development from the start.

Whether this comes from ignorance, incompetence, greed, or malicious intent can be debated. It matters little, because the result is the same: Technologies collecting (and monetizing) a shameful amount of data from everyone.

This horrifying trend ends up facilitating and normalizing surveillance in our daily lives. It is the opposite direction of where we should be going.

The more we accept this normalized surveillance, the harder it becomes to fight back. It is critical that we firmly and loudly object to this banalized invasion of our privacy.

There are countless examples of this growing issue, but for now let's focus on three of them: Airport face scans, parking apps, and AI assistants.

Face scans in airports (and elsewhere)

Some airports and airlines around the world have started to install face scanning stations to screen travelers. This is supposedly a quick and convenient way to verify your identity when passing through airport security lines.

Facial scans and facial recognition data are biometric data. Biometric data is especially sensitive because once it's collected, there is no way for you to modify it later, ever.

Imagine having a password stolen a thousand times, yet there is no way for you to change it. This is the security system that biometric data collectors are building. When their database eventually leaks, and someone steals it to impersonate you, you cannot simply get a new face like you would generate a new password.

Moreover, facial data is the perfect tool to track you around without your consent. Systems using facial recognition are being installed in schools, sport stadiums, and other venues around the world.

Everyone should be extremely worried about sharing any biometric data with others, and should never do so simply for "convenience".

Sadly, many people do not know they might have a right to refuse.

Refusing to provide biometric data everywhere we can is crucial.

If people never refuse and simply accept surveillance without objection, we will soon lose any right we had to refuse. Without changes, this is the dystopia we are running towards.

If everyone said no instead of complying for convenience, these intrusive technologies would stop being imposed on us. We have a duty to say no when we can.

Parking apps

Parking applications might feel like a boring but necessary sacrifice. With the slow disappearance of parking meters and cash money, more parking facilities now require parking apps for registration and payment.

The problem is, these applications collect lots of sensitive information. Necessarily, they collect parking location, parking duration, license plate number, phone number, email, payment information, and often even your full legal name. This information can be shared across multiple applications and organizations (partners) to track a car's location even beyond the parking facility.

Despite how sensitive this data is, it's very likely most applications have not invested the time and effort to protect it properly. Inevitably, data breaches have already occurred.

Once this data is exposed, it can be challenging or impossible to change or delete it. People in vulnerable situations can be put in grave danger when such data becomes accessible to anyone looking for it.

Even without criminal breaches, security researcher Inti De Ceukelaire revealed in 2022 that some parking apps could allow anybody to track a car around. This is due to poor security practices which allowed anyone to register and track any car's license plate, whether it's their car or not.

Despite repeated warnings from privacy experts, parking applications remain largely under-regulated.

AI assistants and note-takers

Last but not least, AI assistant and note-taking applications have spawned in every corner of our lives for the past few years. Unfortunately, these AI applications are an absolute nightmare for data privacy.

Very few AI systems of this type provide data without also taking in data.

Most fresh AI startups simply utilize a subscription to OpenAI under the hood. This means it is likely any data you input into an AI assistant or note-taker will be shared back with OpenAI in the end. This includes any personal information you type and any photos you upload.

Some applications offer options to opt out of input sharing, but given the track record of tech companies asking for forgiveness rather than permission, can this really be trusted?

Additionally, regardless of the stated purpose for this data collection, nothing stops these companies from using it for another purpose down the road, or selling it to someone else.

AI note-taking applications that seem to be all the rage in remote meetings these days are no exception.

To provide a transcript then a summary, these applications will record the whole meeting, often including both audio and video. This data will be stored by the AI note-taking company, and maybe also shared with at least OpenAI, potentially with other third-parties as well.

This is incredibly intrusive, not to say straight out creepy.

Besides, it can even be illegal. If you use this kind of application with someone living in a region with a two-party consent law, recording without prior consent of all participants is criminal.

Even without this, any personal information collected by an AI system is still subject to the privacy regulation protecting its data subject. Nobody should take lightly the legal and moral obligations they have when using or developing such invasive technology.

Even if you don't care about sending your own personal data to these companies, you are still responsible for the data of others you input in these systems.

For organizations, using AI doesn't remove any legal obligations to comply with privacy laws. You are still responsible for any personal data collected by your usage of AI systems, even when delegating the task to OpenAI or any other subcontractor.

How to opt out?

There are multiple ways to opt out of surveillance disguised as convenience. The first thing of course is to avoid using any such technology whenever possible.

Before taking a plane, spend some time researching if your citizenship and the region you are visiting grant you opt-out rights. If it does, print this documentation and be ready to politely ask for a traditional identify verification instead of a face scan.

If you own a car, try to find a parking application that has been more thoughtful regarding security and privacy. Report any parking apps which infringe on your local privacy laws to your local Data Protection Authority or equivalent. If you go somewhere that could put you in danger if tracked — for example, because you are victim of domestic violence or stalking — consider renting a car with a different license plate, sharing a ride with a trusted friend, or parking at another location you can safely walk from.

Do NOT use any AI note-taker! This technology might seem convenient at first, but it is completely unnecessary (and also unreliable). If you use this technology carelessly without providing proper privacy notice, you could run into serious legal risks. Additionally, you risk eroding the trust of everyone communicating with you when the inevitable data breach occurs.

If someone invites you to a meeting using an AI note-taker, do not hesitate to refuse being recorded, and share your discomfort about this technology.

If you must use an AI assistant, try to find one that can run offline, and does not upload your inputs back to the company's server. When this isn't possible, make sure at least to never share any personal information with these systems. Be especially vigilant not to share any data related to other people, and especially children. This could lead to severe legal consequences for you down the road.

Why it is crucial to oppose everywhere we can

If we all do everything we can to opt out every time we can, it will become harder and harder to implement mass surveillance systems in our society.

The response provided when privacy experts raise the alarm is often to minimize concerns saying "it's only optional, and people can opt out".

But for how long will we keep the right to opt out if we never exercise this right? How many dark patterns and intimidation techniques are used to pressure people into saying yes, or to make sure they never know about their right to opt out?

Furthermore, write to your representatives about your concerns related to privacy rights and the rise of surveillance systems in our society. Discuss this with your family and your friends. Post about it on social media. Share your experience of surveillance with the press.

The more we are talking about this problem, the stronger the opposition becomes, and the more chances we have to keep our privacy rights alive.

If we do not stand firm to defend our rights, even when it's inconvenient to do, we might soon lose them.

Additional resources

• Facial scan at airport (United States): Protect Your Face Data

• Information on parking apps vulnerabilities: Not My Plate

• Information on AI note-takers

• How to remove/disable Microsoft's Windows Recall

---

Join our forum to comment on this article.

Thank you for reading, and please consider sharing this post with your friends. Privacy Guides is an independent, nonprofit media outlet. We don't have ads or sponsors, so if you liked this work your donation would be greatly appreciated. Have a question, comment, or tip for us? You can securely contact us at @privacyguides.01 on Signal.