https://bit.ly/3HBVEJd January 24, 2022
Most comic book superheroes have a secret identity, usually to protect their friends and family from retribution. However, today’s computer technology would make it impossible for a superhero to maintain their secret identity.
Take Spider-Man, who has a habit of diving into an alley to change into costume. However, video cameras are pervasive in New York City, which could easily capture video of him donning his mask. The New York City Police Department operates over 15,000 surveillance cameras,1 but there are thousands more Webcams controlled by residents and commercial entities. Worse, many of these cameras are small and sometimes hidden in everyday objects, making them difficult to spot.
Drones pose a major risk for vehicle-based superheroes like Batman. Gorgon Stare is a “wide-area surveillance sensor system” in which a drone flies over a city and continuously captures images below.2 This makes it possible to track cars in real time, as well as trace their paths backward in time. Gorgon Stare was initially deployed in Iraq and Afghanistan for counter-insurgency purposes, but is believed to have already been deployed in the U.S. with little oversight. These and other citywide surveillance technologies would make it trivial for an organization with enough resources to track Batman back to the Batcave.
Superman faces risks from large-scale facial recognition technologies. There’s a humorous meme3 of Lois Lane uploading to Facebook a photo of Superman rescuing her, and is asked “Want to tag Clark Kent?” While Face-book recently shut down its face recognition,4 there are many other systems commercially available. Perhaps the most prominent is Clearview AI, which has caused a great deal of controversy by crawling social media sites to get pictures of millions of people’s faces without their consent.5
Ms. Marvel is a popular new superhero, but she doesn’t do herself any favors by carrying her cellphone with her. Every cellphone needs to connect to a nearby cell tower for service, and these connections are recorded. An analyst could easily filter these records based on confirmed sightings of Ms. Marvel and narrow down which cellphone is likely hers. In practice, many requests for cell-tower data are made by law enforcement agencies after a warrant is obtained. T-Mobile reported having 459,989 such requests for cell tower data in 2018.6
Many smartphone apps also collect GPS location data.7,8 Some apps have reasonable purposes, for example getting local weather or geotagging photos. However, a large number of apps collect data for advertising purposes, which are used by advertising companies in surprising ways. For example, one company used their data to create a map of people who were in Fort Lauderdale, FL, for spring break and where they went afterward to show how easily COVID could spread.9 In our team’s research, we found many app developers were unaware their own apps were collecting so much data, it being primarily collected by third-party advertising libraries those developers included.10,11 In fact, we found over 40% of requests for sensitive data by smartphone apps were because of third-party libraries.
Smartphone operating systems also collect location data. This location data is used to help map out cell towers and Wi-Fi networks, to help other smart-phones figure out where they are. However, this location data was collected without users’ consent or even awareness, which led to Apple and Google executives testifying to Congress.12
Wi-Fi and Bluetooth also pose risks for superheroes. Both Wi-Fi and Bluetooth have mostly unique MAC addresses, which can be used to track specific smartphones. Many smartphones periodically send out probe requests to connect to previously connected Wi-Fi networks, which leak those MAC addresses as well as the names of the Wi-Fi networks they are trying to connect to.13 A villain capturing this data might be able to figure out the name and possibly location of the superhero’s home Wi-Fi network.
Smartphones aren’t the only device superheroes need to watch out for. Apple’s new AirTags are small and inexpensive devices that use Apple devices worldwide to track those AirTags. While these devices were intended to help people find their keys and luggage, some individuals are using them to target expensive cars for theft or to stalk people.14 A villain might slip such a device onto a superhero’s costume or vehicle to track them. Iron Man would have enough technical savviness to detect these trackers, but Hawkeye probably would not. Apple has some counter-measures built in, for example, iPhones will notify their owners about possibly being tracked, but this only works for iOS and only after 8 hours.
Comic book fans love debates about almost-pointless topics, like who would win in a fight or who has the best sidekick. One could argue about how Superman could avoid this kind of face recognition, or how Spider-Man’s Spidey-sense would help him avoid that kind of tracking. But, this blog post isn’t really about superheroes, it’s actually about our current reality and just how widespread surveillance technologies are.
Superheroes worry about having their identities revealed, while the rest of us in the real world worry about surveillance technologies and how they can be easily abused.
Superheroes have to worry about having their identity revealed, but the rest of us in the real world have to worry about just how much surveillance technologies and information about us is out there, and how all of this can be easily abused—sometimes accidentally, sometimes intentionally—by advertisers, governments, employers, stalkers, criminals, and more.
These are not hypothetical concerns, either. There was a father that learned his teenage daughter was pregnant because of predictive ads.15 There was a priest that resigned because someone outed him as gay based on purchased location data.16 There was a Black man arrested due to a false positive in face recognition software.17 Domestic spying tools were used by police in Black Lives Matter protests—including drones, face recognition, automated license plate readers, and Stingray devices to capture cellphone data18—despite the vast majority of those protests being peaceful. There have been multiple cases of intimate-partner violence using smart technologies.19,20 There was NSO Group’s Pegasus spyware used against journalists and human rights activists.21 There are probably countless more technologies authoritarian governments deploy against their own citizens.
The challenge is that there are legitimate uses for many of these kinds of tracking technologies. However, despite a great deal of research and discussion, we still lack the user awareness, regulations, public policy, technical tools, auditing support, ethics, social norms, and economic incentives to steer us away from the worst uses. And, unlike comic books, there isn’t a Justice League or an Avengers that can save us. The problem is not an incursion by a cosmic being, or an alien invasion, or schemes by a Republic serial villain. This is a problem fully of our own making, and the only ones who can fix things is us.
Join the Discussion (0)
Become a Member or Sign In to Post a Comment