This op-ed originally appeared on Center Squared.
In the past two years, two Utah state agencies have engaged in conduct undermining individual privacy and civil rights by seeking to obtain information from citizens without their consent. Examples from Utah’s law enforcement and its Department of Health show what can go wrong when agencies use poor practices when obtaining and disseminating citizen information.
In 2019, Utah’s Attorney General began working with AI-based company, Banjo, to investigate criminal activity at “hyperspeed.”
In their state contract, Banjo claimed their AI-based system could assist law enforcement by monitoring possible criminal activity in real-time through the aggregation of data from various sources including social media, 911 calls, automatic vehicle location (police, fire, EMS, planes, trains, etc.), traffic applications, weather, public cameras, satellites, traffic cameras, and alarm centers. This information would then provide real-time leads and information for law enforcement to work with when investigating crimes.
The constitutionality of such a system is unclear because the extent to which police can surveil the public is an undecided constitutional question. For example in 2019, the same year Banjo’s contract was signed, the Colorado Supreme Court ruled that police violated a defendant’s Fourth Amendment rights by using a video camera installed at the top of a utility pole to conduct continuous video surveillance of his backyard for over three months. Did Banjo’s aggregation of data cross the same lines? It’s hard to tell.
However, concerns about the legality of Banjo’s methods isn’t what sunk Banjo’s state contracts. It was the CEO’s past affiliation with neo-Nazi groups that led the state to rethink the contractual relationship, which was terminated in April 2020. Rescinding Banjo’s contract was the right thing to do – no one wants a former neo-Nazi sympathizer helping the government monitor citizens’ data. But this raises an important question: Do we want anyone to monitor citizens’ data in this way? Any company that does what Banjo does, regardless of their CEO’s past affiliations, uses technology of doubtful constitutionality.
Utah may have given Banjo the boot, but the underlying technology still exists, and there is no clear protection against government’s future use of similar software. Indeed, emerging technology is only becoming more invasive. Facial recognition, geolocation tracking, and public video surveillance are all becoming more widely used – not only by private companies but also by the government.
Unfortunately, the Banjo controversy represents only one example of a state agency misusing citizen data. In a case that does not involve digital data, the Utah Department of Health (DOH) required new parents to fill out a 100 question form before they could submit an application for their newborn’s birth certificate. This requirement would be troubling enough, but the state went further, barring mothers from being discharged from the hospital until the form was completed. Information from the survey was then provided to state educational institutions for research purposes.
Though media attention in late 2021 led DOH to reassess use of the survey, as of this writing, the public has no assurance that the use of this form has been abandoned. DOH has provided no timeline for when an alternative form will be released, nor has the department released any information regarding the limits of personal information the state can obtain when denying a new parents application for their child’s birth certificate.
The Banjo and DOH scandals differ in many ways, but they’re both examples of state agencies that sought to acquire and use private citizen information without consent. Individuals provide private details to third-parties at their own discretion every day. We post to social media, we take surveys, and we buy goods online. But there’s a big difference between consumers’ relationships to private companies and citizens’ relationships to their government. One is voluntary, the other isn’t.
Departmental failures involving state agencies undermine the public’s trust in government, which is a necessary ingredient to the healthy functioning of a free society.
Utah’s recent agency failures show mismanagement at the highest levels. Citizens are justified in their distrust of solutions that come from the very executive branch that’s guilty of abuse. Meaningful accountability requires more than agency mea culpas and rescinded contracts.
To guard against abuses of citizens’ private data, legislative solutions must be part of the equation. Statutes that protect the acquisition and use of citizen data must be enacted to ensure private information obtained by agencies either from contracts with private companies or direct agency action are rooted in individual consent.
Technology may be advancing, but the Fourth Amendment hasn’t changed. We need new laws to protect citizens’ data from unreasonable searches and seizures.