Just last week, a new report published in Nature’s Scientific Reports confirmed what many already knew and some feared: mobile devices can be used to identify people regardless of whether the information was “anonymized.” That is right: your phone and its data, even if it is touted as “anonymous,” can be used to determine your location (a process known as geolocation). And then that data can be sold by the collector to a third party in order to turn a profit. Or worse.

The idea of privacy is nothing new. Derived from the Latin “privatus,” meaning “to withdraw from public life,” the idea of concealing a fact about oneself or patterns of one’s behavior from the free and wanton scrutiny of others is timeless. Whether it was leaving the walls of your Roman citadel for a few moments of unobserved adventure, wearing a hood in the market to conceal one’s identity while shopping in the marketplace, signing the Federalist Letters with a pen name, or opting out of geolocation tracking, the impulse to conceal one’s identity, thoughts, and behavioral patterns is timeless.

The report in Nature, “Unique in the Crowd: The Privacy Bounds of Human Mobility,” written by MIT’s Yves-Alexandre de Montjoye and three others, shows that this timeless desire is not matched by the technological capacity to protect that privacy. In fact, technological systems regularly and systematically intrude upon it. The process of data anonymization, long thought to be the great equalizer in a world of ever-increasing connectivity and information collection, may have fallen prey to technological advancement inasmuch as the Cray-1 supercomputer. After studying fifteen months of geolocation data for over one and a half million mobile device users, de Montjoye found that, given four spatio-temporal points (e.g., a user’s home, his children’s school, his work, and his church), it is possible to identify 95 percent of all of the 1.5 million users studied. And that accuracy comes despite the “anonymization” performed on the data.

So that begs the question, what brought about this result? Although the ability to compare geolocation data to other information already known about a user and thereby identify them is not new, the ability to compare that information to outside information being readily compiled by other social media and electronic services drastically changes the game. And because of the uniqueness of each anonymized source, “little outside information is needed to re-identify the trace of a targeted individual even in a sparse, large-scale, and coarse mobility dataset,” the researchers said.

So what is the solution? Many have been posited, and indeed a variety of bills have been introduced into Congress (for the most recent, see the Geolocation Privacy and Surveillance (GPS) Act), yet few if any ideas have stuck. Given that consumers, just like de Montjoye, are experiencing “growing concern,” something must be done. I wrote earlier that the best solution would be a Congressionally-enacted self-regulatory regime, and the same remains true today. Congress must act on behalf of consumers.

—Tim Van Hal

Image Source

8 Responses to Your Phone Just Called. It’s Tracking You.

  1. John says:

    Interesting post, Tim. I have to agree with Tim’s follow up comment regarding the dilemma that is being forced on consumers using modern technology. While complaining about keeping your Facebook or Four Square data private may be misplaced, there is certainly a distinction to be made between this information becoming public and allowing a third party to profit from that data.

  2. Colton Cline says:

    Great post, Tim. Some of this stuff is a bit creepy. Apparently your phone can still be used to track you even while powered off. A court actually just denied the government warrants to activate citizens’ laptop cameras to as surveillance devices. Since the government was actually asking for this permission, a more pessimistic observer might maintain that the government is probably already using these methods without judicial approval. Additionally, this is what many online activists have been concerned with regarding proposals like CISPA (which continues to occasionally rear its head in Congress).

  3. Tim Van Hal says:

    Great to see the thought-out responses.

    While I remain a proponent of the advancement of technology and its implementation in order to improve our daily lives, my primary response to the thoughts and questions posed here is that consumers should not be forced to face the dilemma of choosing between throwing away their privacy and unplugging from the modern world.

    It is true that consumers, including myself, choose to relinquish certain elements of their privacy in order to gain some of the benefits of Facebook, FourSquare, Google Maps, etc.. It is also true that geolocation services offer many benefits to their users. It is not those instances, however, that concern me. It concerns me when a mobile device, using GPS and Wifi Positioning System (WPS) to geolocate a mobile device’s information, sends that information to a collector who compiles that data with other information known about the mobile device user in order to construct a profile which the holder can sell to whomever they wish.

    There is no one to stop these market megaliths (Google and Apple the two largest). Reputation is hardly a restraint as on most occasions of geolocation data collection the consumer does not even realize he is supplying his data, or that the collector can sell his data to the highest bidder. Under the current structure, once a consumer “plugs-in” to the grid of cell phones and mobile devices, his information is ascertained. And it goes to the highest bidder.

    I would leave you with a survey. Wall Street Journal did a survey of apps to see of 101 apps how many collected and transmitted geolocation data to an outside company. 56 of the 101 had, without the user’s awareness or permission, transmitted the a mobile device’s unique geolocation ID to other companies.

    Do you know where your data has been? Maybe now is a good time to start asking.

  4. KM says:

    I really enjoyed reading this post, Tim–and the other comments, too. I agree with Swathi that privacy is in large part a choice we all make. When we post on sites like Facebook and Four Square, the expectation is that the post is going to be at least somewhat public–that is the entire point. In those situations, we have made the choice and taken affirmative steps to relinquish our privacy. What I find concerning is the number of other activities–like merely using an iPhone or swiping a debit card at the mall–where personal information is becoming less and less private. When people engage in these activities, I can hardly believe that their expectation or intention is to relinquish their privacy regarding personal information. Michael–isn’t it enough of a “serious concern” in and of itself that our privacy is being infringed upon when we have taken no affirmative steps to relinquish it? And isn’t it concerning that it is almost impossible to engage in everyday life activities–liking using a phone–without the threat or realty of our privacy being invaded? In some situations, we no longer have the choice–either forego using your phone or forego your privacy. As Tim’s original post suggests, I think privacy has a timeless quality that is to a degree intrinsic in our concepts of identify and liberty and I think it deserves protection as an ends in and of itself.

  5. Veronica says:

    Although I see where Swathi and Michael are coming from, I find myself more drawn to Tim’s point of view. While I agree that as consumers, we give up certain privacy rights for the benefits of the technology we purchase or the social media network we want to be a member of, I do not think that it necessarily follows that we have somehow already conceded on the privacy point altogether.

    I suppose my concern is about boundaries. Where do we drawn the line? When, if ever, should technological capabilities be limited for the protection of privacy?

  6. Michael Joshi says:

    For the most part, I agree with Swathi. We can’t have it both ways. From the telephone to facebook, widely useful and accepted technology creates a public network. We can certainly work to create privacy mechanisms (e.g., the do not call list), but using these technologies necessarily involves some sacrifice of privacy. But I bet Tim agrees with all this; the real question is Swathi’s last point. I imagine all this information primarily being used to send me more targeted advertising, which really doesn’t bother me. But what does it mean for the information to fall into the “wrong hands” and what are the associated harms? Outside of the countless far-fetched, movie-induced scenarios, I’d guess the biggest concern most people have is identity theft. Maybe I’m just missing something obvious, but I’d be interested to hear what other serious concerns there are. And I think it isn’t enough to say the concern is merely being identified through geolocation and other data unless we’re willing to stop “purposely living public lives” as Swathi put it.

  7. Swathi says:

    Good post. I don’t think this is a secret, though. We hear nearly every week from one source or another that our data is easily accessible and identified. The tension here is that we purposely permit our phones to use our locations for cell phone apps like Four Square, Facebook, Google Maps, etc., but then we cry foul when that data, which we purposely wanted the phone to use, pinpoints our location.

    I see what you’re saying — we should have more control over our privacy. But when we all purposely live public lives via social media and other platforms, I question whether we are speaking out of both sides of our mouth. I’ve come to accept that my use of my iPhone will subject me to certain privacy incursions that I might not previously have appreciated. But I accept the tradeoff, because I like the benefits my phone offers. So long as my data isn’t falling into the wrong hands, I’m not sure I have as much of a problem with it.

  8. Darla says:

    Our right to privacy is something that we always wanted to protect. But with all these tracking applications and software, our privacy is somehow being compromised.