Category: Uncategorized

Ying Cai

Information Privacy Law

Professor Ira Rubinstein

March 29, 2017

Following the passage by Senate last week of the resolution overturning an Obama-era FCC rule that required internet providers to get consumers’ permission before sharing their browsing history with other companies, the House of Representatives passed the same resolution in a 215-205 vote on March 28. Internet providers now only need a signature from President Trump before they’re free to take, share, and sell people’s web browsing history without prior permission.

It is reported that no Democrats in the House voted for the resolution, and 15 Republicans opposed it. A similar version squeaked through the Senate last Thursday on a party-line vote of 50-48. In view of the new political environment, it appears unlikely to be any new consumer privacy legislation in this vastly more pro-business Congress. And the FCC won’t be able to pass privacy restrictions protecting all web browsing history again under the Congressional Review Act. In this regard, people may start to question the future of consumer protection and privacy enforcement under the federal government.

Stacey Gray at Future of Privacy Forum believes that we are likely to see state legislatures and Attorneys General step in if no new consumer privacy legislation is to be generated or the ability of regulatory bodies to protect consumer privacy is limited. She says several states that have strong consumer privacy laws, such as California, may seek to fill the void and regulate digital marketing. She also expects there could be more private litigation seeking to protect and enforce consumer privacy.

In addition to resorting to public protection, consumers may need to seek self-protection. For instance, consumers may use computer software such as “Tor” to enable anonymous communication. “Tor” can direct Internet traffic through a free, worldwide, volunteer network consisting of more than seven thousand relays to conceal a user’s location and usage. However, the problems of using “Tor” include technical complexity and slower internet speed because service providers have been downgrading traffic they can’t sell adverts around.

Virtual Private Networks (VPNs) that set up a secure connection that runs traffic through their own servers may be another option. However, Jeremy Gillula, senior staff technologist at the Electronic Frontier Foundation, suggest avoiding free VPNs because it’s just passing the trust issue to another company. Additionally, VPNs have to work under the rules of their home country, and therefore it is not clear whether your data collected by the VPNs is subject for sale under the relevant law.

On the other side, the majority of the industry are applauding the congressional action to repeal the FCC rule. The Internet & Television Association and CTIA, formerly the Cellular Telecommunications and Internet Association, an advocacy group for the industry, issued statements after the vote, claiming that they would continue to follow ‘privacy-by-design’ principles and honor the FTC’s successful consumer protection framework. However, not all ISPs want to abolish the rule. Some small providers believe that such resolution is harmful to the industry in the long run given that one of the cornerstones of the business is respecting the privacy of the customers. And some small providers have said publicly that they won’t collect, store or sell their users’ data, in order to gain power in competition. Hopefully the market could eventually shake down the best solutions for people.

http://www.nbcnews.com/tech/security/house-set-vote-whether-isps-can-sell-your-data-without-n739166

https://martechtoday.com/changes-consumer-privacy-law-might-impact-marketers-martech-196664

http://www.vox.com/new-money/2017/3/28/15089396/house-republican-privacy-bill

https://www.theguardian.com/technology/2017/mar/28/internet-service-providers-sell-browsing-history-house-vote

https://www.theregister.co.uk/2017/03/28/so_my_isp_can_now_sell_my_browsing_history_what_can_i_do/

http://www.usatoday.com/story/tech/news/2017/03/28/wait-theres-no-rules-protecting-my-online-privacy/99754182/

http://www.cnbc.com/2017/03/28/congress-clears-way-for-isps-to-sell-browsing-history.html

Soo Hyun Chin

Information Privacy Law

Professor Ira Rubinstein

March 29, 2017

WhatsApp and Metadata Overlooked

On the website of the most popular mobile messenger, WhatsApp, the company states that “privacy and security is in our DNA, which is why we have end-to-end encryption in the latest versions of our app. When end-to-end encrypted, your messages, photos, videos, voice messages, documents, status updates and calls are secured from falling into the wrong hands.  . . . WhatsApp’s end-to-end encryption ensures only you and the person you’re communicating with can read what is sent, and nobody in between, not even WhatsApp.”

This encryption keeps the content of the user’s messages private as mentioned above, but not metadata like date, time, duration of communications, or location and contact information. Unlike the Signal messaging application that does not store metadata, WhatsApp retains metadata. Thus, WhatsApp needs to take more measures to protect the users’ privacy.

Most people do not think about metadata much and overlook the importance of metadata. Nevertheless, the role that metadata can play in privacy area is not smaller than the content of the communications itself.

For example, the court can order WhatsApp to install a pen register device to help the ongoing investigation. This kind of order is not rare. In May 2006, an Ohio court ordered WhatsApp 1) to track numbers calling and messaging, 2) to record the date, time and duration of communications, and 3) to provide details on any SMS text messaging WhatsApp had access to.

Those data do not include the content of the messages but as Neema Singh Guliani, legislative counsel with the American Civil Liberties Union mentioned in the article, “metadata is often enough to draw an informative map of a target’s life.” We already saw this in Smith v. Md., 442 U.S. 735, 99 S. Ct. 2577 (1979) where the police used the number dialed from the target’s telephone and other evidence to reveal that the target was the criminal. Metadata itself has a great importance. And with the combination of other evidence obtained, metadata can have even more power.

Unlike Facebook which is the parent company of WhatsApp, WhatsApp’s responses to the police requests were veiled in secrecy. Facebook has a transparency report which provide information about its response to law enforcement requests and has opened law enforcement guideline outlining how and when users’ information can be retrieved. However, we cannot find those information of WhatsApp from the transparency report, guideline or other materials.

Given the importance of metadata and growing attention to privacy, WhatsApp might want to consider the stance like Google’s active response to Guardian’s news on Prism program which tried to keep the users trust by publishing relevant information in the company’s transparent report.

https://www.forbes.com/sites/thomasbrewster/2017/01/22/whatsapp-facebook-backdoor-government-data-request/#462793711030

 

(About Google’s response to Prism news:

https://googleblog.blogspot.com/2013/06/asking-us-government-to-allow-google-to.html)

Thomas Chadenet

Information Privacy Law

Professor Ira Rubinstein

March 28, 2017

On Thursday, March 23rd, the U.S. Senate voted on a resolution to repeal a set of rules aimed to protect consumers’ online data from Internet service providers (ISP).

Under this set of rules, ISP would have had to disclose to consumers what information is being collected and how it is used or shared. For sensitive information, such as financial information, health information, web browsing history and geolocalisation, ISP would have needed to obtain consumer consent before using their online datas. Consumers would have been able to forbid ISP from sharing sensitive information by denying them their explicit consent.

This regulation was adopted by the Federal Communication Commission (FCC) in October, 2016 under President Obama term. It was supposed to enter into effect on March, 2^nd but the new FCC chairman, Ajit Pai, decided not to enforce these rules.  Finally, in a 50-48 vote, the Republican Senate decided to definitely repeal these rules that would have regulate ISP conduct. This joint resolution came from Senator Jeff Flake (Republican).

The new FCC chairman, nominated by Republican President Donald Trump said in October that these rules would give websites such as Google, Netflix or Facebook an unfair advantage. These Websites are ruled by a laxer set of privacy rules overseen by the Federal Trade Commission (FTC). Internet companies like Google don’t have to ask users’ permission to gather information about their online habits.

Consequently, there is an asymmetry in terms of regulation of companies that are in the same space. ISP like Comcast, AT&T and Verizon are currently racing to become online advertising giants as big as Facebook or Google. Having to get permission from customers to use their browsing histories would make it more difficult to create stronger ad businesses. With these information, ISP could sell targeted advertising or share this information with third party. Therefore, industry group welcomed the vote by the Senate. Without these FCC rules, ISP will be able to harvest more datas and then try to dominate the digital advertising sphere.

Consumer and privacy group condemned the resolution voted by the Senate. Neema Singh Giuliani, legislative counsel for the American Civil Liberties Union, said in a statement that “it is extremely disappointing that the Senate voted today to sacrifice the privacy rights of Americans in the interest of protecting the profits of major Internet companies, including Comcast, AT&T, and Verizon.” Democratic Senator Ed Markey argued that, “Republicans have just made it easier for American’s sensitive information about their health, finances and families to be used, shared, and sold to the highest bidder without their permission.”

After the vote at the Senate, the resolution will still need to go in front of the House of the Representative. It will then need to be signed by President Trump to become law. If it does, it would also prevent the FCC from setting similar rules again. The resolution was voted under the Congressional Review Act which allows Congress to overturn federal agencies regulations (such as the FCC). After a vote, federal agencies cannot adopt new rules to would be closely similar to the one overturned.

Jonathan Schwantes, senior policy counsel for advocacy group Consumers Union, concluded by saying that the vote “is a huge step in the wrong direction, and it completely ignores the needs and concerns of consumers.”

Sources:

https://www.nytimes.com/aponline/2017/03/23/us/politics/ap-us-congress-broadband-privacy-rules.html?_r=1

https://www.nytimes.com/reuters/2017/03/23/business/23reuters-usa-internet.html

http://www.npr.org/sections/thetwo-way/2017/02/24/517050966/fcc-chairman-goes-after-his-predecessors-internet-privacy-rules

https://www.washingtonpost.com/news/the-switch/wp/2017/03/23/congress-is-poised-to-undo-landmark-rules-covering-your-internet-privacy/?utm_term=.9dcad5f5d84b

http://fortune.com/2017/03/22/senate-vote-repeal-fcc-broadband-privacy/

http://money.cnn.com/2016/10/28/technology/fcc-broadband-privacy/index.html

Olaoluwa Oni

Information Privacy Law

Professor Ira Rubinstein

March 27, 2017

Between Etisalat Nigeria and Facebook Inc: The fate of Nigerians’ Right to Privacy.

Etisalat Nigeria, a telecommunications service provider, recently released a new data plan tagged “Facebook Flex” that permits its subscribers access to Facebook “free of charge”. According to press release which describes the company as the “most customer- friendly telecommunications company”, Etisalat is “treating its customers with another innovative service to stay connected with their friends and families on Facebook and access to other basic internet services at absolutely no cost.”; the press statements were sponsored by Etisalat.

The Director of Mobile Partnerships and Alliances at Facebook, Francisco Varela, also commented: “We are excited to partner with Etisalat to help improve connectivity among different communities of people across Nigeria by bringing access to Facebook and other basic internet services, like news, education and health information to people free of charge.”

However, contrary to the representations by the two companies, the Etisalat Facebook flex plan is not provided “at absolutely no cost” or “free of charge.” Subscribers are, without their knowledge, required to trade in their constitutionally guaranteed privacy rights for the bits and bytes it takes to access Facebook.

Section 37 of the Nigerian Constitution protects the rights of Nigerian citizens to the privacy of their communication.  The Constitution stipulates that: “The privacy of citizens, their homes, correspondence, telephone conversation, and telegraphic communications is hereby guaranteed and protected.”

Etisalat’s privacy policy is structured as a Contract of Adhesion, and its customers are not even required to indicate their acceptance of the website and online services Terms of Use (which contains the privacy policy) prior to subscription to the company’s services. The Terms of Use are not readily available to mobile users and have to be specifically searched for by website users. Accordingly, it is highly probable that Etisalat subscribers (who range from the educated to very illiterate) are unaware of the privacy policy of the company. The company ascribes to itself the right to collect and share intimately personal information of its subscribers “to conclude contracts and enable administration and management of services or products to which you intend to or have subscribed.” The privacy policy also provides that “the type of information collected will depend on the nature of the product or service demanded.” As such, Etisalat has now acquired the right to share intimate and personal information of its users to Facebook; Facebook is a company anchored largely on trading personally identifiable data.

Etisalat and Facebook’s collaboration acts to deprive Nigerian citizens of the most basic of human entitlements, and this violation is dressed up as beneficial to the victims. Even more, Etisalat Nigeria lays claim to vast entitlements from its Nigerian subscribers that are markedly different from the more protective privacy policy afforded its Saudi Arabia subscribers; Etisalat is headquartered in Saudi Arabia.

Etisalat customers are being encouraged to subscribe to a plan that exposes them online, in a way that the customers could not have contemplated, let alone acquiesced to. This sort of deceptive practice emphasizes the dangers of a reality where technology is in on the rise, especially in a developing country where the literacy levels leave much to be desired.

 

Sources:

1. https://www.bellanaija.com/2017/02/etisalat-launches-facebook-flex-which-gives-free-facebook-access-to-etisalat-subscribers/
2. http://etisalat.com.ng/website-online-services-terms-of-use/
3. http://www.etisalat.ae/en/generic/terms-and-conditions.jsp
4. The 1999 Constitution of the Federal Republic of Nigeria.

Aikaterini Skouteli

Information Privacy Law

Professor Ira Rubinstein

March 28, 2017

Post 9/11, the US government has been using deceptive methods through informants and undercover agents as a law enforcement technique. But what is remarkable is that these plans are sometimes the inspiration of the federal agents, which target suspects inspired by the Islamic State.

The most recent one involved the 25-year-old Robert Lorenzo Hester Jr. from Missouri, who was arrested and charged with attempting to provide material support to an Islamic State bombing attack on a train station in Kansas City on President’s Day.

The two men who appeared to be the masterminds of the bombing plan, were actually undercover FBI agents. According to the court documents, one of the agents befriended Hester on Facebook after identifying him as a suspect through his Facebook posts, which were evident of his: “conversion to Islam, his hatred for the United States and his belief that supposed US mistreatment of Muslims had to be put to an end”.

The FBI agents asserted that they were planning something “10 times more” than the Boston Marathon bombing and Hester approved and said “it felt good to strike back at the true terrorist”.

The federal agents disclosed the details of the plan and asked Hester to buy a list of items, including 9-volt batteries, duct tape, copper wire and roofing nails, which implicitly would be used to make a number of bombs. On February 17^th Hester was arrested.

This recent foil manufactured plot raises the issue of whether a privacy interest protected by the Fourth Amendment exists. The US Supreme Court established in Hoffa and Lewis that a person does not have a privacy interest in the loyalty of his/her friends. These cases deal with the situation where the undercover agent or informant uncovers an existing crime (for e.g. sale of narcotics). On the contrary, in the series of the cases discussed above, the FBI created “crime opportunities”. Nevertheless, the US courts have not dealt with similar complaints, mainly because the defendants raise the “entrapment” defense claim, which is usually rejected by the courts. A recent case that deals with privacy and Fourth Amendment violations is United States v. Mohamud, but the issue raised regards mainly the “third-party” doctrine and the disclosure of the defendant’s email communications with a third party.

Also, it is not clear whether Hoffa and Lewis could apply in theses cases, because, as a former federal prosecutor, David Raskin, explained: “There isn’t a business of terrorism in the United States. You’re not going to be able to go to a street corner and find somebody who’s already blown something up. Therefore, the usual goal is not “to find somebody who’s already engaged in terrorism but find somebody who would jump at the opportunity if a real terrorist showed up in town”.

Finally, these cases raise many concerns of justice, mainly because the FBI seems to be targeting the Muslim community. Critics say that in these fake plots, federal agents are somehow creating crimes and “making” terrorists by offering great sums of money to low-income and prone to criminal activities minorities. In many cases (in particular the highly debatable Newburgh Four case) the suspects have neither the know-how nor the materials to go through the plotted terrorist attacks, which are all provided by the undercover agents and informants. Is the FBI ignoring the real threat and allocating its sources in remote terrorist schemes?

Sources:

http://www.kansascity.com/news/local/crime/article135871988.html

http://www.cnn.com/2017/02/21/us/missouri-man-charged-isis/

http://www.chicagotribune.com/news/nationworld/sns-tns-bc-fbi-terrorplots-20170305-story.html

http://www.sunherald.com/news/nation-world/national/article135983268.html

Relevant Sources:

http://www.cnn.com/2017/02/21/us/missouri-man-charged-isis/

http://www.nytimes.com/2012/04/29/opinion/sunday/terrorist-plots-helped-along-by-the-fbi.html

Petros Vinis

Information Privacy Law

Professor Ira Rubinstein

March 23, 2017

In October 2015 a local judge in Kentucky cleared the “drone slayer” of all criminal charges, namely a person who had shot down a drone from his backyard, claiming protection of his sunbathing daughter’s privacy. In the meantime, in December 2015 CNN obtained the first ever exemption from the Federal Aviation Authority to operate a drone “over people”, while the FAA has long resisted the pressure to include privacy-related rules in its recommended legal framework.

Far from being a distant future possibility, the market for recreational drones is growing rapidly, with predicted growth to a value of around $4bn over the next five to ten years. As far as the commercial use of drones is concerned, Amazon has announced that it is going to initiate Amazon Prime Air, a service offering its subscribers the opportunity of a one-hour drone delivery. Nevertheless, and despite those developments and predictions, a consistent and fully-fledged regulatory framework addressing the (privacy) implications of drones does not currently exist.

Most of the legislatures around the globe have emphasized the safety aspect of drones, with the UK having drafted the “Dronecode” for hobbyists and mandated that operators of commercial drones would have to undergo flight tests. On the other hand, there are no legal provisions regulating recreational drones in the US, with the FAA only maintaining a registrar for commercial drone users.

But what about the privacy implications of drones, especially seen through the lens of Florida v. Reiley and the notion of “a reasonable expectation of privacy” when exposed in public? The Court in that case based its decision on the legitimate use of navigable air space by the state and the “naked-eye-observation” argument to deny any liability on behalf of the state authorities that surveyed the defendant’s house. Does that mean that as long as a drone flies within an FAA-approved air space, the reasonable expectation of privacy dissipates?

Moreover, Kyllo v. United States prohibited invasive surveillance techniques, as long as the device used for the surveillance was not “in general public use”. Following that logic, even if drones will ultimately be considered to be highly intrusive, can their predicted ubiquity absolve any form of liability? Finally, these cases address instances only of governmental intrusion and the only relevant legal precedent confronting an invasion of privacy by private individuals is currently only the Bulitt County District Court Judge.

If CCTV and surveillance cameras are able to claim an overweighing benefit of preserving public security, what kind of counter-justification exists to allow drones and their subsequent intrusion to privacy for the sake of recreation? An international legal framework is needed, perhaps in sound collaboration with technical protocols that should be able to block GPS-navigation when drones are approaching the private sphere of other individuals.

Related articles:

https://www.wired.com/2017/02/sky-net-illegal-drone-plan/

http://www.slate.com/articles/technology/future_tense/2016/05/drone_privacy_is_about_much_more_than_sunbathing_teenage_daughters.html

http://www.theverge.com/2015/10/28/9625468/drone-slayer-kentucky-cleared-charges

https://www.stanfordlawreview.org/online/the-drone-as-privacy-catalyst/

http://www.ibanet.org/Article/NewDetail.aspx?ArticleUid=BFAA24D5-9C1F-439E-9091-5F002CFB0CEB

Further reading on today’s discussion topics:

• On smart toys:
  • “Toys That Listen,” from University of Washington’s Tech Policy Lab
• On Zero Day Exploits:
  • Kim Zetter, Countdown to Zero Day
  • The Columbia SIPA report on the interagency Vulnerability Equities Process (VEP)
• Alexa, 1st and 4th amendment considerations:
  • The Tattered Cover decision discussed in Amazon’s brief
  • ACLU Blog Post on the dangers of “Always-On Microphones”

Thanks to Amanda Levendowski and Hugo Zylberberg for providing these links.

Emily Poole

Information Privacy

Prof. Ira Rubinstein

 Facial recognition Facebook app hoax terrifies the internet 

March 14, 2017

http://www.telegraph.co.uk/technology/2017/03/14/creepy-facial-recognition-app-users-find-strangers-facebook/

Earlier this week, news circulated on the Internet that a new app, Facezam, was able to identify the identity of strangers in a photograph by using facial recognition technology (FRT). While the news turned out to be a hoax, such use of FRT is not at all far-fetched. In fact, the use of FRT in a crowd was tested as early as 2001, when the technology was deployed in an attempt to detect security risks at the Super Bowl, and Facebook uses FRT to suggest photo tags for its millions of users. According to one estimate, the global facial recognition market is expected to rise to $9.6 billion by 2022, owing to its increasingly frequent use in both the commercial and law enforcement contexts.[1] Today, the government possesses a database of millions of photos, which it uses for law enforcement purposes, and millions more photos are posted to Facebook each day, creating an almost endless supply of photos to which FRT can be applied.

The rise of this technology poses many interesting privacy concerns, but the legal framework surrounding its use is far from clear. Fourth Amendment case law suggests that a person has either no or very little objective expectation of privacy when in public (owing to doctrines such as plain view, the third party doctrine, and the original Katz test). This suggests that a person would have a difficult time pushing back on the use of FRT when it is used to identify them while they are in public. On the other hand, recent cases have recognized that old frameworks might need to be adjusted in light of new technologies that have the potential to reveal an incredible amount of information about an individual (see O’Connor’s concurrence in Riley, as well as discussion of the Mosaic Theory in the Jones case). Many commentators support this movement in the courts, suggesting that the Supreme Court should abandon a rigid Fourth Amendment analysis in favor of a more flexible approach that focuses on the nature of the surveillance.[2]

Such tension in the doctrine may provide a potential source of hope for those who see the rise of FRT as a serious threat to privacy. Indeed, it is not hard to imagine a day in the near future when the use of FRT is so pervasive that it becomes impossible to walk outside without being recognized. One might argue, however, that such a growing threat to privacy may actually become enough to trigger a change in doctrine. Considering both recent Fourth Amendment case law, as well as cases in the First Amendment context that recognize the harmful chilling effects of intrusive surveillance (see the Philadelphia Yearly Meeting case), the courts may actually come to realize that action is necessary if the notion of anonymity is not to go extinct.

Related links:

https://www.usnews.com/news/articles/2014/07/08/fbi-may-seek-facebook-data-for-facial-recognition

http://www.npr.org/sections/alltechconsidered/2016/10/25/499176469/it-aint-me-babe-researchers-find-flaws-in-police-facial-recognition

https://www.scientificamerican.com/article/biometric-security-poses-huge-privacy-risks/

[1] https://www.alliedmarketresearch.com/facial-recognition-market

[2] See, e.g., Susan Freiwald, First Principles of Communications Privacy, 2007 Stan. Tech. L. Rev. 3, 9.

Leland Chang

Information Privacy  Law

Professor Ira Rubinstein

March 21, 2017

Alexa – Amazon’s internet connected home assistant device, man’s new best friend or law enforcement’s greatest spy.

Prosecutors in Arkansas have issued a warrant against Amazon to hand over data Alexa may have gathered its owner James Bates, a murder suspect. Amazon refused and has filed a motion to quash the search warrant; in a statement they said it “will not release customer information without a valid and binding legal demand properly served on us. Amazon objects to overbroad or otherwise inappropriate demands as a matter of course.”

This case puts the spotlight on several interesting issues. First is the implications of “always on” machines and the data they gather. Amazon insists “always on” is a misnomer, because while Alexa is always listening for the programmed wake words to activate, prior to activation the inputs it receives are not uploaded to the cloud nor are they recorded. However, as technology advances and more microphones are put into more devices operated through the Internet of Things, it seems more likely data will leak through. Second is how this changes a consumer’s reasonable expectation of privacy, especially in the sanctity of one’s own home (which is under the purview of 4^th amendment protection). Data is collected from physical conduct inside the house, but also collected and stored in the hands of a third party. Third is the precedent this case sets for digital rights. Amazon objects to the warrant that they deemed to be “overbroad”, but what then is the standard that prosecutors must meet? Technology companies, like Amazon, must learn to thread the needle between complying with legitimate warrants that will bear relevant evidence and protecting the data and rights of their consumers.

The Prosecutor intends to file a response to Amazon’s motion. Even though this case is about a murder, tech companies, privacy experts, and digital rights enthusiasts will be wise to follow closely

 

Related Links

• http://www.nbcnews.com/tech/internet/prosecutors-get-warrant-amazon-echo-data-arkansas-murder-case-n700776
• https://www.washingtonpost.com/news/the-switch/wp/2016/12/28/can-alexa-help-solve-a-murder-police-think-so-but-amazon-wont-give-up-her-data/?utm_term=.2e180fe85dfa
• http://www.cnn.com/2016/12/28/tech/amazon-echo-alexa-bentonville-arkansas-murder-case-trnd/
• http://www.snopes.com/2017/02/23/amazon-subpoena-alexa-data-murder

Joyce Chang

Information Privacy Law

Professor Ira Rubenstein

March 21, 2017

As part of a broader government reaction to recent eruptions of deadly violence in the region of Xinjiang, Chinese authorities have ordered all drivers there to install a Chinese-made satellite navigation system in their vehicles. Under this compulsory measure, all private, secondhand, and government vehicles as well as heavy vehicles such as bulldozers and big rigs in Bayingolin Mongol Autonomous Prefecture must install the navigation system by June 30, 2017. Drivers who refuse to do so will not be allowed to buy fuel at gas stations.

According to official announcements, the new requirement is intended to help the government “ensure social security and safety and promote social stability and harmony.” More specifically, the rule is aimed at helping authorities track people in a vast but sparsely populated region where ethnic tensions have given rise to regular terrorist attacks. Government officials have pointed to cars as a key means of transport for terrorists and a consistent weapon of choice when justifying the need to monitor and track all vehicles in the area.

Because this new measure will eventually affect hundreds of thousands of vehicles in the prefecture, the government will be able to add a large amount of personal data by way of tracked vehicle movements to its existing records of its citizens. The scope of this measure greatly increases the reach of government surveillance. The government’s ability to access and use the location and movement data is also guaranteed by the fact that the vehicle-tracking program will use China’s homegrown Beidou satellite navigation system instead of the U.S. Global Positioning System (GPS).

The intrusiveness of location tracking, especially of permanent long-term location and movement monitoring, is apparent, but individual privacy in China consistently cedes ground to security concerns. This issue is not limited to China alone as governments around the world struggle to strike a balance between privacy and security concerns. However, given China’s ability to pass and enforce security measures with relative ease and its recent investments into both low-tech and hi-tech methods of surveillance, it seems as if it is only a matter of time before there is little individual privacy, if any, left in the country.

Sources:

http://www.bbc.com/news/world-asia-china-39038364

https://www.nytimes.com/2017/02/24/world/asia/china-xinjiang-gps-vehicles.html?_r=0

https://chinadigitaltimes.net/2017/02/gps-car-tracking-military-rallies-follow-xinjiang-attack/

https://www.theguardian.com/world/2017/feb/21/china-orders-gps-tracking-of-every-car-in-troubled-region