What does your digital trail say about you? Find out what can be tracked and who may be tracking it.
While the collection of private information by the National Security Agency is under scrutiny worldwide, a remarkable amount of your digital trail is also available to local law enforcement officers, IRS investigators, the FBI and private attorneys. And in some cases, it can be used against you.
This week, NPR and the Center for Investigative Reporting are documenting just how vivid the typical person's digital picture has become — and how easy it can be for others to see it.
Your Online Data
Even if you don't have a Facebook profile or Gmail account, virtually everyone has a digital identity that could be used against them. Consider these:
Names/addresses of people with whom you've exchanged snail mail
Talk shows or radio programs you've listened to on a smartphone app
Information for your online dating profile
Drug prescriptions you've filled
Credit card purchases you've made
Your monthly banking statements
ATM withdrawals you've made
Wire transfers you've sent
Your 2012 tax return
Read the full report at cironline.org/yourdata and tune in to the four-part series on All Things Considered starting tonight. The stories examine a day in the life of your data, how marketers track you, the power of the subpoena, and the larger consequences of living in a world of big data.
NPR and CIR found that there's a wide range of ostensibly private data that's obtainable even without court approval:
Law enforcement can create a map or timeline of a person's whereabouts by accessing data from license-plate scanners, toll-bridge crossings and mobile phone carriers and, without much trouble, access records on your power consumption, purchasing habits and even snail mail.
And while most of us know we're leaving behind a digital trail, consider how intricate that trail is and how easy it is for law enforcement, private investigators and marketers to paint a data portrait based on your actions throughout the day.
Examples from the series include online dating sites, like OKCupid.com. The report shows how profile questions on the site about things like drug use, religious beliefs and more were transmitted to a data tracking company, along with the user's IP address:
When you log in with a username and password to sites like Gmail, Amazon or OKCupid, your behavior can be linked to your real name or email address. [Software privacy specialist] Ashkan Soltani said personally identifying information also can unintentionally "leak" to third parties, even if companies say they have no need for such data; it's not clear what happens to the information once it falls into their hands.
The series also looks at your commute to and from work:
Has your digital data ever been used against you? The Center for Investigative Reporting and NPR want to know.
Surveillance cameras in subway stations and on city buses watch you board and depart.
To automatically identify celebrities and regular customers when they enter a store, some retailers reportedly are using another facial recognition technology originally developed in the U.K. for spotting terrorists and criminals.
Meanwhile, smart cards log when and where you travel using public transportation.
Police departments in the San Francisco Bay Area and elsewhere around the country have used license-plate scanners to identify stolen cars and outstanding warrants. But the devices are designed to photograph vehicles and record the location, date and time of everyone who passes by without discriminating between criminals and innocent people.
Many people don't know their medical records are available to investigators and private attorneys:
While many Americans are under the impression that their medical records are protected by privacy laws, investigators and private attorneys enjoy special access there, too.
There are three ways the government and civil attorneys can try to access personal information: a search warrant, which requires the government to convince a judge there's probable cause of a crime; a court order; and the easiest, a subpoena.
Exactly what kind of data can be obtained with a search warrant is still relatively uncertain. Schulz and Zwerdling cite, for example, a case in which police obtained seven months' worth of location data from the cellphones of two robbery suspects — without a warrant.
Even unopened emails are up for grabs:
The Electronic Communications Privacy Act of 1986 was designed to protect Americans who at the time were using the Internet increasingly to communicate. But the government has interpreted the law to mean that once your emails are opened or older than 180 days, no warrant is required.
Even if an investigator faces some hurdles with your inbox, such as Google insisting on a warrant, email is not entirely protected. With a court order that doesn't reach probable cause, Google will give up your name, IP address, the dates and times you're signing in and out, and with whom you're exchanging emails.
The takeaway? While there are some measures you can take to prevent the government and others from monitoring your data and movements, much of what we do online and in public spaces can be used, sold and shared to create a remarkably detailed portrait of our lives.