Right now, there’s a good chance your digital life is multitudes bigger than it was just a few months ago. Over time, the global coronavirus pandemic has turned a lot of us—or at least everyone I know—into the type of person who dates digitally, mourns digitally, and attends everything from church to support groups behind some sort of screen. There’s also a good chance that you (again, like everyone I kn0w), are rightfully concerned about the digital paper trail you’re now leaving behind, either for data-hungry brokers or for national authorities.
This newfound sense of constant paranoia might come with the perk of helping you get that shit on lock, but it also brings the side effect of complete disillusionment. There’s just no more surprise to be felt about the new, shitty ways these groups come up with to monitor our every move.
Here’s an example: Earlier today, Vice got its hands on a pitch deck from a company offering federal agencies exclusive access to data mined from hacks and breaches across the web. The company in question, Spycloud, boasts that offering cops access to pilfered datasets—which might hold victims’ passwords, email addresses, credit card numbers, or, well, anything else that hackers might hack—is a way to “[turn] the criminals’ data against them.” Snooping inside these datasets, they explained, could, hypothetically, give law enforcement agencies a lead that they might not have considered before. And because Spycloud is a private company, these agencies can fudge the Fourth Amendment to get their hands on that data wherever they want, whenever they want, no warrant required.
Look, I don’t doubt that Spycloud—a pretty unassuming company whose primary pitch seems to be helping businesses keep tabs on their own breaches—has its heart in the right place here. As the company points out on its own site, getting access to a database, could, in theory, tip an enterprise or authority off about how this data got hacked, and which hacker did that hack in the first place. One prosecuting attorney told Vice that this sort of data—while not widely used—does, in fact, often “[connect] some data points that we didn’t have before.”
That’s great and all, but there’s still something about this service that makes me a bit uncomfortable. Maybe it’s because that same page on the Spycloud website boasts about how they could potentially be handing these cops “highly enriched PII” like “first and last names, addresses, phone numbers, dates of birth, SSNs,” and 150 other types of data. Maybe it’s because I’ve seen firsthand how easy it is for these sorts of data breaches to ruin someone’s life if they get into the wrong hands. Maybe it’s because I’ve been the victim of a data breach myself, and maybe you have, too.
There’s also the fact that agencies like the DOJ—a confirmed Spycloud customer—can get this data behind our backs. While warrantless collection of this sort of data is typically a major slap in the face to the Fourth Amendment, federal authorities in our country have a storied history of bypassing those pesky legal requirements by repurposing data that’s already available commercially to surveil anyone they want—even if those people have already been subjected to something as shitty as a data breach.
Right now, Utah is the only state that’s taken a stand against this sort of unfettered data collection. For now, those of us in every other state just need to settle into the discomfort of knowing the data created by our commutes, our protests, and the fronts of our doorsteps can be used to track our every move. Sometimes, that data just happens to be stolen.