Many of us sense that others are watching us, whether in the digital world or as we go about our daily lives. From the ads that follow us from website to website, the cameras at every intersection, to the trail left by our phones and credit cards: it’s clear people are watching. But who exactly is watching? For what purpose? How much can they see? What can they do with the information gleaned about us? Can I, as a “regular” person, control this at all or should I just relax and let it happen?
Answering these questions thoroughly is very difficult, which is all to the purpose of those that would like, for various reasons, to watch. But it’s possible to note some general trends and get a sense of the broad shape of what is happening. With that, it may be possible for an average person to make some decisions.
Let us first consider how much of our lives can be observed with cameras (we’ll consider other forms of surveillance later). As already noted, cameras are now everywhere: speed cameras, security cameras on homes and businesses, cameras on our phones and laptops, drones with cameras, self-driving cars with cameras, and on and on. If you live in a city, much of your life is within sight of one of these cameras. When you consider the cameras that we voluntarily invite into our lives on smartphones, laptops, tablets, and various home security devices, the potential for surveillance is nearly complete. From what we do in public to the most intimate moments in our homes, nearly everything is visible to one camera or another. But are these cameras being used to spy on us?
It is important to note that companies that make these devices have the power to turn on their corresponding cameras, whether the owners of the devices have authorized this or not. The devices have the capability of performing surveillance and uploading the results to the internet: it’s simply a matter of the software running on the devices in question. Moreover, the devices that surround us run the software that the creators of the devices decide that they should run. Early computers were tools in the hands of their owners, ready to be loaded with software of their choice or programmed from scratch. As our devices have increased in sophistication and have become used for financially lucrative tasks, many—including the device manufacturers, record labels, movie studios, video game companies, and large software vendors—have fought to control the software that runs on them. Device manufacturers and others seeking control over software on our devices have fought for and largely won this control against the owners of the devices themselves. An Apple iPhone is fundamentally under the control of Apple as Apple, not the device owner, makes the final decision about what software runs on that device. The owner might be able to select from the apps that Apple has approved to be in the Apple app store, but, at a fundamental level, Apple is in control. They approve every app and, more importantly, can add features to the system software of the iPhone that fundamentally alters its behavior. Apple is not alone in this. Android devices, various TVs, streaming devices, self-driving cars, security cameras, and the various “smart devices” in our homes are also very much under the control of their manufacturers.
The limit on surveillance is what the public will accept.
This is, admittedly, a confusing state of affairs. Cameras are everywhere, they are controlled by others, and are almost universally connected to the Internet—this all suggests that ubiquitous camera surveillance is possible. So, is it happening? If Apple and Samsung were turning on our smartphone cameras in bedrooms and bathrooms without our permission it surely would be generally known by now. So it is safe to say there is some measure of restraint by some companies. But it is also not hard to find overreach, whether it is Tesla filming in private spaces such as garages, Google Nest and Amazon Ring doorbell cameras forming nearly complete surveillance networks of neighborhoods that are then stored on their servers, or the Google maps street view feature capturing people leaving strip clubs and other sensitive places.
Often, at the heart of this tension is not, unfortunately, a principled debate over privacy. Undoubtedly individuals at some companies are concerned with the best interests of their customers and the general public. More often, though, companies’ self-interest is involved. The Google maps street view feature, for example, is useful and a strong differentiator for Google. Google maps, in general, is important to Google’s advertising business. Creating that feature requires capturing images of almost every place reachable by road on the planet and updating these continuously. This is surveillance on an unprecedented scale. That Google blurs some of the captured images as they release them online is a small concession, designed as much to make this large-scale surveillance acceptable as it is to genuinely protect privacy.
This pattern, where a company engages in as much surveillance as possible to create revenue and implements privacy features to make it acceptable, is the norm not the exception. It is impossible to know what each individual company is doing or might do in the future, but the general evolution within the technology industry has followed this course: The limit on surveillance is what the public will accept.
The answer to what can be seen then is: as much as companies feel they can get away with. This is true in the physical world where not just cameras, but microphones, cell radios, GPS receivers, and other sensors track us as we move about. It is even more true in the digital world where it is even easier for companies to track all that we do. Again, it is possible, but not always the case, that companies are tracking what is happening when we do things locally on our devices (e.g., when we play a video game on a game console, use accounting software installed on a PC, or send messages via encrypted messaging apps on our phones[1]). Online, most of what we do is seen and tracked, often by multiple parties. Those that own the services that we use, certainly, but also advertisers, search engines, and internet service providers among others. Many companies like to talk about security, but it is important to remember that this is typically the fox guarding the hen house. It is helpful that the foxes are keeping out the coyotes, mountain lions, and other “nasties” that would otherwise eat us, but can you really trust the fox?
At this point it may feel like we have answered who is watching, but the picture is not quite complete yet. What we have talked about is those that are gathering the information about us. Cell phone carriers are capable of gathering information about where we are by tracking which cell towers we connect to, but that information is too interesting, and too valuable, for them to keep it to themselves. Advertisers might want information about where people live and shop. Law enforcement might rather simply purchase information about people’s locations rather than going through the tedious process of obtaining warrants. Our intelligence agencies might want to gather all of the information, store it, and then implement their own internal processes to determine when they can look at that information to protect our national security.
Much of the vast amounts of information that is gathered about us is shared and sold by those companies who gather it and is often an important revenue stream for them. The advertising industry is perhaps the most prominent example, but it is far from the only one. In many ways, the most concerning players in the surveillance information business are various levels of government. In imagined dystopias with big brother-type broad surveillance, it is usually the government which directly gathers information on its citizens.[2] In actuality, federal, state, and local governments often rely on commercial companies to gather information and then enter into relationships—either straightforward commercial transactions or more complex contractual arrangements—to obtain it.[3] Doorbell cameras made by Ring are a good example of this. For many years, Ring proactively shared video footage with law enforcement, turning people’s front doors into de facto law enforcement outposts. (It should be noted that the company has in recent years taken a less proactive approach to sharing its video footage, but still makes it possible for users to easily share footage and responds to requests from law enforcement.)
This mixing of commercial and government interests has echoes of the Renaissance-era Age of Exploration, especially in the digital world. Just as the Netherlands, Spain, Portugal, and England granted vast powers to commercial enterprises such as the Dutch East India Company to explore, settle, and operate as a quasi-government within its settlements, governments have ceded vast authority in the online world. Companies such as Meta (previously Facebook) and Google operate online empires over which they exercise almost exclusive control. As these companies and others work to bring more of our lives online through AI and augmented and virtual reality, they will inevitably have more control over the digital world. Simultaneously, these same companies are working to blur the digital and physical worlds through computer control and automation, thus extending their control from the digital to the physical world. Within the digital sphere, these companies can implement surveillance that, if done by the government, would be neither legal nor acceptable to the public. Yet this surveillance is taking place as we speak, and the government can, through financial transactions, influence, or court orders, gain access to the vast amounts of data collected. Moreover, companies can govern our behavior within digital worlds, with the power to determine what behavior is acceptable, to remove users at their discretion, and even, as in the case of Meta, to set up complex governance structures outside of the legal and court structures of the countries in which it operates. Again, as the line between the digital and physical is blurred through augmented reality, home automation, self-driving vehicles, robots, and drones, the control of these major companies over what we can and cannot do will extend into the physical world. This control, though similar to the control that a traditional company might have over what its patrons can do in its stores, is different in that these companies hope to weave these services into our lives in unprecedented ways. The technology companies will then have control over both our digital and parts of our physical lives and that control will be available for the government to exploit.
Now that we have examined what can be observed and who is observing, the key question that remains is why. Going back to the example of what can be observed with cameras, if viewed with the mindset of a police stakeout or a Cold War spy agency, little of this makes much sense. In that mindset, surveillance had specific goals—e.g., get a photo of this specific criminal selling drugs—and was performed to obtain a specific piece of direct evidence to satisfy that goal. Much of modern surveillance only makes sense if it is in the context of the immense data processing that surrounds it. Instead of hoping to get a single valuable image, companies such as Google, Tesla, Amazon, and countless others collect vast quantities of images that they then use to train AI models or process with AI models. For images, those models might perform facial recognition to detect shop lifting, monitor shoppers to understand their behavior, hand out automated speeding tickets, determine whether employees are doing what they are supposed to be doing, or any other countless tasks. The processing of the images turns the images into a source of data, and those that create these systems have a deep belief in the power of data to help them understand and shape the world.
A similar process happens with our online behavior. All that we do—whether it is our purchases, financial information, website visits, web searches, or anything else—is turned into a stream of data that can be used to create models of us. These models can then be used to select ads relevant to us, predict our cost to an insurance agency, or assess whether we are involved in terrorist activity. We become not individuals with humanity, families, hopes, and dignity but rather statistical models that can be searched, probed, and evaluated en masse like bacteria on a slide under a microscope.
Having access to streams of data about our lives and behaviors means wielding immense power. For some, that power is used to turn our attention into ad revenue by understanding what we like and want. The stream of articles, posts, images, and videos served by Facebook, Instagram, TikTok, and Google, for example, are designed to enthrall us so that we can be shown ads. The way in which these companies know what to show us, whether it is content or ads, is based on the surveillance that they have performed and then processed to create a model of what exactly we are most likely to continue to watch or click on. The surveillance done on us and the resulting data give the digital giants the power to capture our attention. Others have more noble goals, such as national security. Their hope is that by collecting this data and then processing it they can see the threats and stop the attacks. There is a whole industry around this idea, from data analysis companies such as Palantir to classified cloud AI from Amazon Web Services, Google, and Microsoft. The US government has spent billions of dollars building massive data centers pursuing this idea. Many other uses are emerging, such as health insurers automating prior authorizations through AI.
What these organizations, whether public or private, all have in common is a reliance on vast streams of data. The techniques used to predict our preferences and behaviors increase dramatically in effectiveness the more data that is used in their training. That, to a large extent, explains the desire of many of the tech giants to collect so much information, and even their willingness to explore the limits of what consumers will accept and what is legal.
Those that are creating surveillance systems believe that they give them the ability to understand and control the world, whether that is for their gain or for the common good. Time will show whether what is gained is worth the loss of privacy and whether the potential for abuse is realized. We will see, also, whether what is ultimately built delivers the power that is promised.
In closing, then, let us turn to the final question of what a regular person may be able to do to avoid this surveillance. Is it possible, through reasonable choices, to avoid being surveilled and prevent tech companies from exerting control over us? As was detailed above, much of modern life, especially as it intersects with the digital world, involves surveillance. Avoiding surveillance, then, is often a matter of withdrawing from or limiting interaction with modern life. This can be done, as will be described below, but it requires making trade-offs, sometimes onerous trade-offs, and often requires both effort and technical knowledge. There is no simple, easy path that will curtail the activities of tech giants in our lives.
Companies themselves employ various tactics to make it hard and confusing to both use their services and select options that might enable additional privacy. For example, in 2023 Google deployed what they call a “Privacy Sandbox” to their Chrome web browser that, when presented to the user, appears to offer enhanced protection from user tracking and profiling. The reality is that this is simply a trade-off that allows Google to perform this tracking versus allowing third parties to do so. Understanding the implications of this single feature requires research into its technical aspects as well as de-obfuscating the seemingly misleading jargon used by Google to describe it. This is all too typical for tech companies and represents a kind of war of attrition against users. Many users will tire of researching these options and will simply accept the defaults.
If you desire to take more positive steps than simply selecting options presented by tech companies to enhance privacy, the process is more complex and onerous. The basic options are complete withdrawal and the use of alternative technologies. Sometimes complete withdrawal is not an option, as is the case with surveillance that is happening in the physical world. Cameras in public spaces, on roads, and in businesses cannot be avoided practically speaking.[4] Participation in the modern financial world of credit cards, loans, and online shopping will also leave a digital trail. Cash is, of course, an option. Crypto currencies were supposed to provide for anonymous online currency, though they have failed to become a widely accepted form of payment.[5] Since carrying a cell phone, even a “dumb phone,” will allow your location to be tracked in various ways, the most private option is to forego a cell phone completely. Avoiding the use of social media, online shopping, online media, video games, and other digital tools is an obvious step.
If you are willing to devote the time and effort, there is an active privacy-focused community within the free software community that provides alternative technologies to big tech. Free software is created cooperatively online and is freely available for use and modification. Linux, an alternative to Microsoft Windows or Apple MacOS, is perhaps the best-known example. It is not enough to simply use Linux as your operating system, however. While that does prevent Microsoft and Apple from performing some forms of tracking, any online activity done from Linux is still trackable. The truly devoted set up an entire online environment for themselves, including hosting software on servers connected to the Internet for services such as email, photo storage, and document storage. There are mobile options as well, such as the Android variant GrapheneOS. This parallel world of software is interesting and, with sufficient effort and technical knowledge, it is possible to avoid much of the surveillance. This is not, however, an option for most users.
When pursuing these alternative technologies it is important to remember how difficult it is to create something secure and be certain that you have succeeded. Modern hardware and software is enormously complex. When using something like GrapheneOS it is likely that you will use hardware, in the form of cellular modems in the phone, and software, such as device drivers and apps, that you do not fully control or understand. Any of those components can easily undo all of the work that you have put into creating a secure phone. It may be that GrapheneOS will reduce the intrusive surveillance by companies such as Google, but truly eliminating surveillance in the digital realm is enormously difficult. It is worth remembering that most of us have an intuitive grasp of the physical world and it is much easier to understand how to keep in-person conversations and physical documents private. For anything that we wish to keep truly private, the simplest and most foolproof option is likely the physical world.
[1]The overall security of end-to-end encryption systems, such as iMessage or Signal, is a broad topic, but the key to remember is that the messages must be decrypted at some point to be displayed to the user and, whatever device this decryption process happens on, has access to the message. This has led to real-world disclosures of end-to-end encrypted messages, including the large-scale release of celebrity nude photos in 2014. The bottom line: systems such as Signal and iMessage are relatively secure, but unless you understand and control all aspects it is best not to bet your life (literally) on the security of such a system.
[2] Interestingly, Snow Crash by Neal Stephenson, the book that gave us the term metaverse, imagined a world where much of the surveillance was done by commercial companies and sold to various parties, including the government.
[3] Some of the most detailed disclosure of these relationships and the flow of the data from commercial companies to the US Government came from the disclosures of Edward Snowden.
[4] For a while, facial recognition models were fooled by painting your face in the style of the band “Insane Clown Posse.” Readers can decide for themselves whether this is a step they are willing to take in the interest of privacy.
[5] It is unclear whether Bitcoin and similar crypto currencies are actually currencies according to some economists.
