One of the most important privacy cases this decade is currently in front of the Supreme Court: Carpenter v. United States. This decision will define how law enforcement interprets the Fourth Amendment regarding an individual’s cellphone. The decision hinges on whether law enforcement can use “third-party” doctrine dating from the 70s, which states that disclosing information to a third party does away with any expectation of privacy. We’ve already seen this doctrine in action. It allows law enforcement to compel cell-service providers to give historical cell-site records, without a warrant, to track down a serial cell phone thief. If SCOTUS upholds the current doctrine, then police would have free reign to monitor individuals’ cell phone location with little to no oversight.
Individuals have more than just law enforcement to worry them when thinking about phone privacy. Another large group of actors are advertising firms.
One challenge marketers face is how to match individuals across multiple devices to tailor user-specific marketing strategies. And this problem has potentially lucrative rewards for whoever can solve it. One study found that companies saw a $.04 revenue increase for each additional ad that a consumer was exposed to, which reinforces the importance of making multiple impressions on a consumer across multiple media platforms.
Privacy concerns, among others, have caused Apple and Google to change their practices to make it much more difficult for advertising agencies to pinpoint each individual’s (their customers’) online usage over the past five or so years. Both the IDFA (Apple) and AAID (Android) systems allow the user to opt out of its advertisement tracking system, which use these data points to otherwise keep track of individuals’ online mobile usage. These opt-outs cause a problem for advertisers, who can no longer rely on singular, definite data to track users.
To solve this issue, advertisers developed the current methodology for identifying an individual’s identity across devices – the User Level Device Graph. This method groups together different devices by either a deterministic or probabilistic method. A deterministic method will match different devices using concrete data: matching email, credit card, and or phone numbers. A probabilistic approach will use data make a probable assumption about who owns a set of devices from multiple indeterminate sources: specific Wi-Fi access points, usage times, and geographic tendencies. This might be the reason why you see the same ads on your phone and computer.
And even this may just be a stop-gap solution for advertisers. Domestic privacy concerns have been compounded by last April’s gutting of the FCC rules. Now, internet service providers can legally sell an individual’s browser history and usage data. Meanwhile, Europe has gone in the other direction. Last October, the Court of Justice of the European Union (EUCJ) ruled that IP addresses can be considered personal property in certain cases. Therefore, companies are prohibited from linking them to individual identities. The current US regime of IDFA/AAID might hold up under legislation akin to the EUCJ’s decision due to consumers being able to opt-out, and therefore give consent to the usage of their personal data via staying opted-in.
Regardless of how these systems would work if combined, change is on the horizon for how privacy, property, and our digital lives intermix. In a continuously more connected world, there may be a push in the market for uniformity in internet policy. The way that society decides to handle this issue may determine the foundation of privacy for generations to come.