Privacy Isn’t Just Digital: What I Learnt In Private Investigations

Privacy Isn’t Just Digital: What I Learnt In Private Investigations

When you think about protecting your privacy, you probably think about your Facebook data or text messages. However, as I learnt while working for a private investigations company, most of us don’t fully understand how privacy works, how it extends beyond our browser history, or how we’re really vulnerable.

Pictures: Tara Jacoby, Dan Foy, Josh Hallett

Several years ago, I worked as a video editor for a private investigations company. I won’t name the company or where it operated, but I will say that the company investigated insurance claims for several major providers. Typically, if an insurance provider thought that someone was faking an injury, they’d hire my company to find out if they’re really as injured as they say.

I never actually went out on investigations personally, but worked with dozens of investigators who did. I would receive their reports and raw video, edit it down to the relevant portions, and send it to our clients for review. This meant I got an insight into how investigators operated and the strategies they used to get information on people. Here are a few of the lessons I took away from reviewing hundreds of these cases.

You’re Not as Self-Aware as You Think

Privacy Isn’t Just Digital: What I Learnt In Private Investigations

Snapchat was initially touted as a safe way to share pictures because they were deleted immediately and you couldn’t take a screenshot. People felt safe because everything they knew to watch out for was apparently taken care of. It didn’t take long for someone to shatter the illusion of safety.

There is often a very large gap between how safe you are and how safe you feel. But if you fancy yourself clever because you were suspicious of Snapchat from the start, my experience with private investigations would quickly change your mind. The investigators I worked with were typically tasked with following subjects around for several days, documenting everything they saw. In an overwhelming majority of the cases, the subjects never even noticed.

Most of us would like to think that if someone were following us for a week, we’d notice. But the truth is most people wouldn’t. Our investigators would follow a person from several car lengths back, then park at the far end of a parking lot or across the street. Zoom lenses meant they didn’t need to be close to record subjects. Sometimes, they would even park inside the subject’s neighbourhood. Few people can tell the difference between a suspicious car and when a neighbour has a visitor over. Moreover, most investigators would use mirrors to record subjects, so their vehicle would be pointing away from the subject. Even if a subject suspected a car might not belong, they still wouldn’t suspect that the car is surveilling them because it’s not “looking” at them. In short, if an investigator doesn’t want his car to be noticed, it probably wouldn’t be.

Investigators routinely avoided being spotted because no one was anticipating that they’d be followed by a stranger. Most people I’ve talked to in the years since don’t even know that insurance companies send out investigators to see if someone’s really injured. Since they don’t expect it, they can’t protect against it. Investigators (or scammers, or stalkers, or peeping toms) can take advantage of these blind spots.

This highlights a glaring weakness in how we protect our privacy: we can only protect ourselves from the threats we know about. We’ve known about the Patriot Act since 2001, but we didn’t know about the nature of the threat the NSA posed to our privacy until 2013. Relying on our ability to perceive threats before they happen tends to make us feel more invincible than we are. Since you can’t anticipate unknown threats, protecting yourself from the threats you do know about is important.

You’re Constantly Broadcasting Information, Even When You Think You Aren’t

Privacy concerns existed before the internet. I know it’s strange to think about now, but there used to be a time where if you wanted to protect your privacy, you built a fence around your house, rather than close your Facebook account again. However, in the rush to debate all the new ways our data can be tracked or shared, most of us forget that walking out our front door is broadcasting data.

We’ve already established that an investigator could probably follow you without you noticing. What would they learn from that, though? The reports and video I dealt with gave a pretty solid glimpse into people’s lives. Here’s just some of what the investigators were able to find out in just a few days:

  • Where you go: Presuming an investigator can start with a home address (not difficult when supplied by an insurance company), they can figure out where you work, where you shop, where your friends live, and where you hang out. And remember, location information leads to other information, as well. If you visit a bar four times a week, one could reasonably assume you’re an alcoholic.
  • Who you visit: The company I worked for didn’t do personal investigations — say, if someone suspected their spouse of cheating — but if they did, it would have been trivial to figure it out. You might delete all your text messages and keep your naughty pictures hidden, but if you visit your paramour’s house every weekend, it’s easy to figure out what’s going on.
  • What you do (when visible from the street): This is where my company made most of its money. If a person claimed that they injured their lower back, but then proceeded to jump on a trampoline in their front yard, that information went straight back to the insurer. The typical rules about photography rights applied to investigations as well. If they could see it, they could shoot it.

Just by following someone around for a few days, you could get a pretty good idea of what their life is like. Some of it might be innocuous (like going to Walmart) but there are certain things you might not want in an official report (like visiting an adult toy store). These reports would be viewed by myself and others in the company, sent to the insurance provider, and in very rare cases could end up in a courtroom. That’s a lot of people who could find out about your habits. Maybe stick to ordering those sex toys online if you don’t want others to know.

It’s easy to jump to the conclusion that you should just never leave your house because someone might be watching. However, that’s a pretty terrible way to live. Instead, we need to change our understanding of what privacy is. Before the internet, there was a pretty clear distinction between public and private: it was called your front door. If you wanted to protect your privacy, you’d close the door and pull down the blinds.

In the modern world, it’s a little more complicated, but the principle is the same. How you protect your privacy needs to take into account how you broadcast information. No one would tell you that you can’t view porn online, but they would give you tips on how to hide it. In real life, the same applies. If you don’t want to be seen doing something, don’t do it in view of the public. Don’t assume that you’ll be able to see anyone who’s watching either.

Being Careless Makes You Vulnerable

Privacy Isn’t Just Digital: What I Learnt In Private Investigations

Every video I ever edited at this company came along with a report that contained information about the person we were investigating. In many cases, some of that information was pulled from the subject’s Facebook profile. The company I worked for would, when necessary, use a fake Facebook profile to connect with a subject and view their otherwise private information.

This worked more often than it should, given that it relies on a Facebook friend request from an unknown person. We’ve talked a lot about how to protect your privacy on Facebook, but even if you haven’t read our guides, it should be common sense that adding someone you don’t know is careless. Most of us are taught from a young age to be suspicious of strangers. Yet, many subjects voluntarily gave up more information to an investigations company simply by clicking a button without much thought.

Being careless (or lazy) causes a lot of privacy vulnerabilities. Locking down your Facebook to the public does nothing if you accept friend requests from strangers. Other people may use lazy passwords and PINs. Many still don’t use two-factor authentication. Huge numbers of users don’t even lock their phone screen, much less take any of the other basic security features you should enable on your phone. Using a password manager is still more secure than using easy-to-remember passwords, yet it’s still an uphill battle to get average users to install them. All of these habits have two things in common: they protect you from basic vulnerabilities, and most people are too lazy, impulsive, or careless to follow them.

Taking precautions to protect your data and your privacy isn’t a chore invented by computer nerds to nag you. It’s a habit that’s supposed to protect you all the time. They’re supposed to make sure that you don’t fall victim to common problems. Having a PIN on your phone isn’t just there to protect you from foreign hackers. It ensures that someone you know can’t rifle through your private photos or messages. Locking down your Facebook profile helps make sure that a private investigations company can’t use your own profile against you. Digital privacy isn’t separate from the real world. It coincides with it.

More often than not, the investigations that my company carried out were only possible because of the carelessness of the subjects they were investigating. While investigating potential insurance fraud is a relatively on-the-level business, these same people were just as vulnerable to stalkers, scammers or themselves. Everything from accidentally texting sensitive photos of yourself to the wrong person to getting your phone stolen at a bar can, at least in part, be prevented with the basic protections so many of us refuse to take. You don’t need to be paranoid to protect yourself. You just need to cover the basics that are so frequently neglected.


  • If they can see it they can shoot it?

    I thought you were protected from that in your own home. Can they really take pics of you through windows?

    • Not quite. There is no restriction on taking photographs of people on private property from public property. According to Victoria Park Racing and Recreation Grounds Co Ltd v Taylor (1937) there is no freedom from view, so people who are photographed on their property from a public location have no legal claim against you if what is captured in the photograph can be seen from the street. The same applies to photographs taken from private land when you have permission to take photographs.

      However, it is an offence punishable by a fine or imprisonment to photograph a person to provide sexual arousal or gratification if the person is undressed or engaged in a private act in circumstances where a reasonable person would reasonably expect to be afforded privacy, and he or she has not consented to being filmed. A private act includes using the toilet, bathing and engaging in sexual activities not ordinarily done in public. Similarly, the Surveillance Devices Act 1999 (Vic) and Surveillance Devices Act 1998 (WA) make it an offence to photograph a “private activity” without the consent of the subject.

      So if somebody was, say, in their front lounge room, walking around with the blinds open and visible from the public footpath, it’s not illegal to photograph them.

      • So if somebody was, say, in their front lounge room, walking around with the blinds open and visible from the public footpath, it’s not illegal to photograph them.

        Would this not potentially amount to a private act with a reasonable expectation of privacy? There are a lot of people who don’t realise you can see into a room from the outside at night with the lights on (lived in an apartment block for six months and saw some pretty good shows going on in other apartments).

        • Not when private act is defined in the law, as I understand it. Don’t think it’s ever been tested at a mundane activity level (i.e. just sitting around – nothing you wouldn’t do in public) though.

  • When I did my security training, one of the instructors had done a fair bit of work in private investigations. Told us about his experience with compo cheats, insurance frauds, cheating spouses, suspicious in-laws, political muckraking, alimony/child-support dodgers, runaways…

    What I took away from his anecdotes, advice, and training was that if you want to lose your faith in humanity, private investigations seems like a pretty quick way to do it.

  • Had a woman hit my wifes car, admit fault at the scene, get home, talk to her husband, and try to get out of it and just ignore us. My wife had never been in an accident before, so only had the womans name and phone number, which wasn’t enough for our insurance to place a not at fault claim.

    A little bit of ground research from these two bits of information, I was able to find her place of employment, work email, work phone number, and address. All through the combination of talking to the right people, the publicly available electoral role, and internet searches. Her work phone number was the best part as I emailed her presumed work email address ([email protected]) from a fake address asking how she has been and hoping we could catch up soon, she quickly responded with her full signature pretending she knew who I was and that we should definitely catch up soon.

  • I am a PI. The intresting bluff which the writer has made is the fact that he mention his job is to edit the videos. Editing video is not legal. U r not allowed to delete or make unnecessary copy of the data. Few P I do it sneakingly, But I am sure no firm will hire a special man just to edit videos wjich is completely illegal. Besides a PI should know what he is repersenting so even if they want to edit PI should do it by themselves.

Show more comments

Comments are closed.

Log in to comment on this story!