Opinion | We Need to Take Back Our Privacy – The New York Times

Supported by
Zeynep Tufekci
Send any friend a story
As a subscriber, you have 10 gift articles to give each month. Anyone can read what you share.

Opinion Columnist
Over 130 years ago, a young lawyer saw an amazing new gadget and had a revolutionary vision — technology can threaten our privacy.
“Recent inventions and business methods call attention to the next step which must be taken for the protection of the person,” wrote the lawyer, Louis Brandeis, warning that laws needed to keep up with technology and new means of surveillance, or Americans would lose their “right to be let alone.”
Decades later, the right to privacy discussed in that 1890 law review article and Brandeis’s opinions as a Supreme Court justice, especially in the context of new technology, would be cited as a foundational principle of the constitutional protections for many rights, including contraception, same-sex intimacy and abortion.
Now the Supreme Court seems poised to rule that there is no constitutional protection for the right to abortion. Surveillance made possible by minimally-regulated digital technologies could help law enforcement or even vigilantes track down women who might seek abortions and medical providers who perform them in places where it would become criminalized. Women are urging one another to delete phone apps like period trackers that can indicate they are pregnant.
But frantic individual efforts to swat away digital intrusions will do too little. What’s needed, for all Americans, is a full legal and political reckoning with the reckless manner in which digital technology has been allowed to invade our lives. The collection, use and manipulation of electronic data must finally be regulated and severely limited. Only then can we comfortably enjoy all the good that can come from these technologies.
Brandeis’s concern about technology’s threat to liberty was stoked by the introduction, two years before his article, of a Kodak camera that was small enough to carry, cheap enough to afford, worked at the press of a button, and came loaded for 100 shots. This new portability meant that intrusions that would once have been impractical, were now easy.
The Constitution doesn’t mention cameras or wiretapping or cellphones or electronic data or artificial intelligence. But it does talk about protection of beliefs (First Amendment), the sanctity of the home (Third), the right against unreasonable searches of persons, houses, papers and effects (Fourth) and protection against self-incrimination (Fifth). Those were some of the pillars upon which Brandeis rested his argument that laws need to enforce our liberty against intrusion, even as technology morphed its shape.
In 1928, as a Supreme Court justice, Brandeis dissented from the majority that allowed the government to listen in on suspects’ telephone conversations without warrants. Brandeis pointed out that opening and reading a sealed envelope required a warrant, so wiretapping should also require a warrant.
In the latter half of the century, though, the court began to catch up with the need to more broadly protect privacy, and regulate technology.
In legalizing the right to contraceptives, in Griswold v. Connecticut in 1965, the court brought up the profound privacy violations that would arise from enforcing a ban: “Would we allow the police to search the sacred precincts of marital bedrooms for telltale signs of the use of contraceptives? The very idea is repulsive to the notions of privacy surrounding the marriage relationship,” Justice William O. Douglas wrote in his opinion for the majority, which also articulated the protection of privacy as a constitutional right.
Griswold was cited as precedent eight years later in Roe v. Wade, extending constitutional protection to abortion. Once again, the court highlighted privacy, not the importance of reproductive choice, as a right. Laws against same-sex intimate relationships would be struck down on similar grounds.
Other privacy protections were enacted, as well. In 1970, rules were made to regulate the use of information on creditworthiness. The Privacy Act of 1974 established protections for personally identifiable information that was collected or held by federal agencies. The government tightened oversight for wiretaps in 1967 and then in 1977, requiring warrants for domestic wiretaps.
But in the decades since then, there has been an explosion in technological advances and surveillance capabilities. So many more transactions and activities are carried out over digital networks, and billions of people carry pocket computers that leave constant footprints. All this can be scooped up by a vast apparatus of surveillance, to be analyzed by powerful computational techniques, along with images from cameras on streets, phones and satellites.
Legislators around the world have largely allowed all this to proceed, with the United States lagging even more.
Fears of how law enforcement and anti-abortion vigilantes could use such data to hunt down those who run afoul of new laws have illuminated a terrifying rabbit hole of privacy abuse.
After the Supreme Court’s draft opinion that could overturn Roe was leaked, the Motherboard reporter Joseph Cox paid a company $160 to get a week’s worth of aggregate data on people who visited more than 600 Planned Parenthood facilities around the country. This data included where they came from, how long they remained and where they went afterward. The company got this location data from ordinary apps in people’s phones. Such data is also collected from the phones themselves and by cellphone carriers.
That this was aggregated, bulk data — without names attached — should be of no comfort. Researchers have repeatedly shown that even in such data sets, it is often possible to pinpoint a person’s identity — deanonymizing data — by triangulating information from different sources, like, say, matching location data on someone’s commute from home to work, or their purchases in stores. This also helps evade legal privacy protections that apply only to “personally identifiable information” — records explicitly containing identifiers like names or Social Security numbers.
For example, it was recently revealed that Grindr, the world’s most popular gay dating app, was selling data about its users. A priest resigned after the Catholic publication The Pillar deanonymized his data, identified him and then outed him by tracking his visits to gay bars and a bathhouse.
Phone companies were caught selling their customers’ real-time location data, and it reportedly ended up in the hands of bounty hunters and stalkers.
In 2014 BuzzFeed News reported that an Uber executive had admitted to tracking at least one journalist who reported on the company. In 2012, the company had also posted data analyses on its blog revealing possible one-night stands people were having in major cities. In criticizing such practices in a piece I co-wrote at the time, I pointed out that such methods could also track visits to Planned Parenthood offices.
Very few companies would boast about such things anymore. But clearly, such data could be used to identify, for example, women meeting to arrange for access to abortion pills, and other women who might travel to get these pills or seek support.
To deflect these dangers, people are advised to leave their phone behind or use “burner” phones, or turn off certain settings.
None of these options works well.
For one thing, turning off settings in apps doesn’t stop the phone or the cellphone company from continuing to collect location data. It’s also not that reliable. I have turned off location tracking many times in reputable apps only to be surprised to notice later that it turned itself back on because I clicked on something unrelated that, the fine print might reveal, turns location tracking back on.
I gave up — and I have been coding since I was a tween, have a degree in computer programming, have worked in the software industry, and have been reading and writing about privacy and technology for my whole adult life. My impression is that friends with similar professional profiles have given up, too.
Using burner phones — which you use and discard — sounds cool but is difficult in practice. Matt Blaze, a leading expert on digital security and encryption, said that trying to maintain a burner phone required “using almost everything I know about communications systems and security,” and he still wasn’t sure he had completely evaded surveillance and identification.
How about leaving your phone behind? Let me just say, good luck.
Even if you don’t carry a digital device and only use cash, commercially available biometric databases can carry out facial recognition at scale. Clearview AI says it has more than 10 billion images of people taken from social media and news articles that it sells to law enforcement and private entities. Given the ubiquity of cameras, it will soon be difficult to walk anywhere without being algorithmically recognized. Even a mask is no barrier. Algorithms can recognize people from other attributes as well. In China, the police have employed “gait recognition” — using artificial intelligence to identify people by the way they walk and by body features other than their face.
Protections you think you have may not be as broad as you think. The confidentiality that federal health privacy law provides to conversations with a doctor doesn’t always apply to prescriptions. In 2020, Consumer Reports exposed that GoodRX, a popular drug discount and coupons service, was selling information on what medications people were searching or buying to Facebook, Google and other data marketing firms. GoodRX said it would stop, but there is no law against them, or any pharmacy, doing this.
That data becomes even more powerful whenmerged. A woman who regularly eats sushi and suddenly stops, or stops taking Pepto-Bismol, or starts taking vitamin B6 may be easily identified as someone following guidelines for pregnancy. If that woman doesn’t give birth she might find herself being questioned by the police, who may think she had an abortion. (Already, in some places, women who seek medical help after miscarriages have reported questioning to this effect.)
I haven’t even gotten to all the data collected on billions of people by giant technology platforms like Facebook and Google. “Well, don’t use them,” you might say. Again, good luck.
In 2019, when Kashmir Hill — now a reporter at The New York Times — tried to cut Google out of her online life, she found it everywhere. Apps like Lyft and Uber, which relied on Google maps, and Spotify, which relied on Google Cloud, wouldn’t work. The Times loaded very slowly (trying to load for Google analytics, Google Pay, Google News, Google ads and a Doubleclick, and then waiting for them to fail before proceeding). By the end of a week, her devices had tried to communicate with Google’s servers more than 100,000 times. Hill tried this for other big five tech companies too, and found them similarly hard to avoid.
There are many calls to boycott Facebook, but the reality is that it is much harder than many realize to fully avoid it. First, a large number of civic and local activities, particularly for disadvantaged people, are available solely through Facebook. Some important patient groups, for example, exist only on Facebook. I’ve even encountered situations where school districts sent updates on active shooter alerts on Facebook.
When my grandmother in Turkey was ill, the only app her caretaker knew how to use to communicate with me was a Facebook product. Telling people to not use these powerful platforms if they don’t want to be unreasonably surveilled is blaming the victim.
Facebook doesn’t just collect data on its two billion users, and it also doesn’t just collect it from what those people do while using its products. Billions of web pages (including those of The New York Times) and mobile apps contain code from the company — tracking pixels — that collect detailed data, and communicate them back to Facebook. They try to match this to existing Facebook users, but keep it even for nonusers, creating what’s called “shadow profiles.” Google’s tracking, too, is all over the web and in many apps through its ubiquitous ad products. “Just don’t use it” doesn’t get people too far.
Now let’s get to the truly scary stuff.
In his dissent against letting wiretaps operate without a warrant, Brandeis wrote how, when the Constitution was written, “force and violence” were once the only means by which a government could compel self-incrimination, but that governments now had more effective means “than stretching upon the rack, to obtain disclosure in court of what is whispered in the closet.”
Increasingly, though, artificial intelligence can use surveillance data to infer things that aren’t even whispered.
About a decade ago, The Times reported about a father whose teenage daughter suddenly started getting promotional materials for baby items from Target. The angry dad went to a Target store and got an apology from the manager, only to learn after confronting his daughter that … she was pregnant. Maybe it was something overt, like the girl purchasing a pregnancy test. However, increasingly, such predictions are made by analyzing big data sets with algorithms (often called “machine learning”) that can arrive at conclusions about things that aren’t explicitly in the data.
For example, algorithmic interpretations of Instagram posts can effectively predict a person’s future depressive episodes — performing better than humans assessing the same posts. Similar results have been found for predicting future manic episodes and detecting suicidal ideation, among many other examples. Such predictive systems are already in widespread use, including for hiring, sales, political targeting, education, medicine and more.
Given the many changes pregnancy engenders even before women know about it, in everything from sleep patterns to diet to fatigue to mood changes, it’s not surprising that an algorithm might detect which women were likely to be pregnant. (Such lists are already collected and traded). That’s data that could be purchased by law enforcement agencies or activists intent on tracking possible abortions.
Many such algorithmic inferences are statistical, not necessarily individual, but they can narrow down the list of, well, suspects.
How does it work? Even the researchers don’t really know, calling it a black box. How could it be regulated? Since it’s different, it would need new thinking. As of yet, few to no laws regulate most of these novel advances, even though they are as consequential to our Fourth Amendment rights as telephones and wiretaps.
Despite what my concerns might lead some to believe, I am not a technophobe. Like many others who study privacy and technology, I’m often an early adopter of tech, and get enthusiastic for its many potential uses.
But I’m also a sociologist studying authoritarianism, and our digital infrastructure has become the infrastructure of authoritarianism.
When I started saying this awhile back, many people would tell me that I was conflating the situation in China with that of Western countries where such surveillance is usually undertaken for commercial purposes and we have limits to what governments would want to do. I always thought: If you build it, they will come for it. Criminalization of abortion may well be the first wide-scale test of this, but even if that doesn’t come to pass, we’re just biding our time.
Many of our existing legal protections are effectively outdated. For example, law enforcement can obtain emails, pictures or any data you stored in the cloud without a warrant, and without notifying you, so long as it is older than six months. This is because when the initial law on email privacy was drafted in 1986, online, or what we now call cloud, storage was very expensive and people downloaded or deleted their email regularly. So anything older than six months was considered abandoned. Almost three decades later, it simply means years of personal digital history — which didn’t exist when the law was drafted — are up for grabs.
This doesn’t mean we should snuff out digital technology or advances in algorithms. Even if it were possible, it wouldn’t be desirable. The government should regulate these technologies so we can use them, and enjoy their many positives, without out-of-control surveillance.
Congress, and states, should restrict or ban the collection of many types of data, especially those used solely for tracking, and limit how long data can be retained for necessary functions — like getting directions on a phone.
Selling, trading and merging personal data should be restricted or outlawed. Law enforcement could obtain it subject to specific judicial oversight.
Researchers have been inventing privacy-preserving methods for analyzing data sets when merging them is in the public interest but the underlying data is sensitive — as when health officials are tracking a disease outbreak and want to merge data from multiple hospitals. These techniques allow computation but make it hard, if not impossible, to identify individual records. Companies are unlikely to invest in such methods, or use end-to-end encryption as appropriate to protect user data, if they could continue doing whatever they want. Regulation could make these advancements good business opportunities, and spur innovation.
I don’t think people like things the way they are. When Apple changed a default option from “track me” to “do not track me” on its phones, few people chose to be tracked. And many who accept tracking probably don’t realize how much privacy they’re giving up, and what this kind of data can reveal. Many location collectors get their data from ordinary apps — could be weather, games, or anything else — that often bury that they will share the data with others in vague terms deep in their fine print.
Under these conditions, requiring people to click “I accept” to lengthy legalese for access to functions that have become integral to modern life is a masquerade, not informed consent.
Many politicians have been reluctant to act. The tech industry is generous, cozy with power, and politicians themselves use data analysis for their campaigns. This is all the more reason to press them to move forward.
In his seminal dissent against warrantless wiretapping, Brandeis quoted an earlier justice, noting, “Time works changes, brings into existence new conditions and purposes. Therefore, a principle, to be vital, must be capable of wider application than the mischief which gave it birth.”
That core principle of liberty, the right to be free of intrusions and surveillance of this scope and scale, needs to be defended against the new technologies that have undermined it so gravely.
Otherwise, as Brandeis quoted in his dissent, “rights declared in words might be lost in reality.”
The Times is committed to publishing a diversity of letters to the editor. We’d like to hear what you think about this or any of our articles. Here are some tips. And here’s our email: [email protected].
Follow The New York Times Opinion section on Facebook, Twitter (@NYTopinion) and Instagram.


Enable Exclusive OK No thanks