12 May 2020
Last week, concerns about privacy and cyber security were raised over the government’s plans to introduce a new health tracking app as part of a lockdown exit strategy. But there are already a number of apps out there behaving in a similar way, and having the effect users fear.
In this extract from Shoshana Zuboff’s Sunday Times bestselling The Age of Surveillance Capitalism, we learn about the health apps already in use, and how they are being used for surveillance capitalism.
Buy your copy | Download the ebook
Follow @ShoshanaZuboff on Twitter
From the chapter Rendition: From Experience to Data
It is eloquent testimony to the health care system’s failure to serve the needs of second-modernity individuals that we now access health data and advice from our phones while these pocket computers aggressively access us. M-health has triggered an explosion of rendition and behavioral surplus capture as individuals turn in record numbers to their fitness bands and diet apps for support and guidance.[47] By 2016, there were more than 100,000 mobile health apps available on the Google Android and Apple iOS platforms, double the number in 2014.[48] These rich data can no longer be imagined as cloistered within the intimate closed loops between a patient and her doctor or between an application and its dieters or runners. That bucolic vision has its holdouts, to be sure, but for surveillance capitalists this vision is but a faded daguerreotype.
In the US, most health and fitness applications are not subject to health privacy laws, and the laws that do exist do not adequately take into account either new digital capabilities or the ferocity of surveillance capitalist operations. Companies are expected to self-regulate by following guidelines suggested by the Federal Trade Commission (FTC) and other government agencies. For example, in 2016 the FTC issued a list of best practices for developers of mobile health applications aimed at increasing transparency, privacy, and security. Among these suggestions, developers are encouraged to “make sure your app doesn’t access consumer information it doesn’t need,” “let consumers select particular contacts, rather than having your app request access to all user contacts through the standard API,” and let users “choose privacy-protective default settings.” That year the Food and Drug Administration announced that it would also not seek to regulate health and fitness apps, citing their “low-level risk.” Instead, the agency released its own set of voluntary guidelines for software developers.[49]
The agencies’ well-meaning guidelines overlook the inconvenient truth that transparency and privacy represent friction for surveillance capitalists in much the same way that improving working conditions, rejecting child labor, or shortening the working day represented friction for the early industrial capitalists. It took targeted laws to change working conditions back then, not suggestions. Then as now, the problems to which these pleas for self-restraint are addressed cannot be understood as excesses, mistakes, oversights, or lapses of judgment. They are necessitated by the reigning logic of accumulation and its relentless economic imperatives.
A legal review of mobile health apps concludes that most of them “take the consumers’ private information and data without the consumers’ permission and . . . do not generally disclose to the user that this information will be sent to advertising companies.” These conclusions are borne out by a long queue of studies,[50] but let’s focus on a 2016 in-depth investigation by scholars from the Munk School of Global Affairs at the University of Toronto in association with Open Effect, a nonprofit focused on digital privacy and security. This study looked at the collection, processing, and usage activities associated with nine fitness trackers.[51] Seven were chosen for their popularity, one was made by a Canadian company, and the ninth was an app that specialized in women’s health. All but two apps transmitted every logged fitness event to the company’s servers, which enabled backup and sharing with one’s friends but also “data analytics” and distribution to third parties. Some of the trackers transmitted device identification numbers; others passively and continuously transmitted the user’s precise longitude and latitude coordinates. These identifiers “could link fitness and biographical data to a single mobile phone hardware, or single specific fitness wearable. ” None of this sensitive information was necessary for the tracker to operate effectively, and most of the privacy policies were opaque at best and allowed data to be “sold or exchanged with third parties.” As we know, once a third party captures your surplus, it is shared with other third parties, who share with other third parties, and so on.
The team also examined the trackers’ transmission of the Bluetooth Media Access Controller or “MAC” address that is unique to each phone. When this address is publicly discoverable, any third party with an interest in your movements—retailers who want to know your mall activity, insurers concerned about your compliance with an exercise regime—can “persistently” track your phone. Multiple data sets logged over time can be combined to form a fine-grained picture of your movements, enabling targeted applications and heightening the probability of guaranteed outcomes. The only real protection is when an app randomly but regularly generates a new MAC address for your phone, but of the nine trackers, only Apple’s performed this operation.
The report also identifies a general pattern of careless security as well as the ability to generate false data. The researchers observed that consumers are likely to be misled and confused, overestimating the extent of security measures and underestimating “the breadth of personal data collected by fitness tracking companies.” As they concluded, “We discovered severe security vulnerabilities, incredibly sensitive geolocation transmissions that serve no apparent benefit to the end user, and policies leaving the door open for the sale of users’ fitness data to third parties without express consent of the users.”
If you are inclined to dismiss this report because fitness trackers can be written off as toys, let’s consider a look at an incisive investigation into Android-based diabetes apps in a 2016 Journal of American Medicine research report and, with it, ample illustration of the frenzy of body rendItion. The researchers note that although the FDA approved the prescription of a range of apps that transmit sensitive health data, the behind-the-scenes practices of these apps are “understudied.” They examined 211 diabetes apps and randomly sampled 65 of them for close analysis of data-transmission practices.[52]
Among these apps, merely downloading the software automatically “authorized collection and modification of sensitive information.” The researchers identified a great deal of backstage action, including apps that modify or delete your information (64 percent), read your phone status and identity (31 percent), gather location data (27 percent), view your Wi-Fi connections (12 percent), and activate your camera in order to access your photos and videos (11 percent). Between 4 percent and 6 percent of the apps went even further: reading your contact lists, calling phone numbers found in your device modifying your contacts, reading your call log, and activating your microphone to record your speech.
Finally, the research team unearthed an even darker secret: privacy policies do not matter. Of the 211 apps in the group, 81 percent did not have privacy policies, but for those that did, “not all of the provisions actually protected privacy.” Of those apps without privacy policies, 76 percent shared sensitive information with third parties, and of those with privacy policies, 79 percent shared data while only about half admitted doing so in their published disclosures. In other words, privacy policies are more aptly referred to as surveillance policies, and that is what I suggest we call them.