Location & IoT Privacy
LOCATION, CONTEXT, AND INTERNET OF THINGS (IoT) DATA PRIVACY NEWS AND ANALYSIS

The importance of the privacy and security of location information about wireless users has always been highly visible – it has been in the news in some form since the early 2000’s. Up until recently wireless carriers offering location-based services (LBS) always treated location data as sacrosanct; carriers and their vendors have gone to great lengths from software, network, and legal policy standpoints to preserve the integrity, security, and privacy of this kind of information, even when they were selling all sorts of other data. This protection of location data was driven from two standpoints: 1) a concern about legal liability over location data misuse, and 2) the fear that location privacy misdeeds would kill the LBS revenue golden goose before the eggs were laid.

Apparently both of these fears are no more – wireless carriers are now aggressively moving to capitalize on their customers’ location information as never before. They are now joining their less inhibited brethren Google, Facebook, and others who are looking to monetize customer data in any way possible. This should be a huge cause for concern about the potential for personal information abuse and even the eventual erosion of civil liberties.

Normally as a consultancy we try to avoid political opinions and other viewpoints that might antagonize future consulting customers, but we are drawing a line in the sand here. The potential use, misuse, and abuse of personal location information for marketing, monitoring, survelliance, and other purposes poses an extremely serious threat to personal privacy and liberties if not kept in check. This part of the website will track and opine on the developments in this space to keep you on top of the situation and potentially enable you to take action to address these threats before they become irreversible.

Key Privacy Links

American Civil Liberties Union
Consumer Reports (Tips on privacy)
Electronic Frontier Foundation
Information Commissioner’s Office (UK)
U.S. Legistlative Right of Privacy Bills Tracker
https://www.govtrack.us/congress/bills/subjects/right_of_privacy/5910
Moms with Apps
Privacy International
The Privacy Coalition
Our March 2020 Article on Facial Recognition: Good, Bad, or Ugly?

Digital Group Urges Controls on Flow of Cellphone Data to Government

Advertisers are asked to try to prevent identifications when supplying location material to authorities (The Wall Street Journal, June 24, 2020)

A national trade group representing the digital advertising industryhas advised member companies to put stricter controls on consumer mobile-phone location data they provide to government units such as public health authorities and law-enforcement and intelligence agencies.

The Network Advertising Initiative on Tuesday released a new set of best-practices recommendations designed to address the growing use of consumer location data by government entities, advising advertising companies to prevent governments from trying to identify individuals in such data sets as a condition of providing the data.

NAI, which has more than 100 member companies in the digital advertising industry, also recommended that companies that collect or sell location data drawn from mobile devices should provide more robust consumer disclosure about what their clients intend to do with the data and disclose if law-enforcement or other government entities are buying or using the data…

…NAI’s new guidelines are only advisory, however they represent one of the first industry efforts to grapple with the privacy implications of government acquisition of consumer location data drawn from cellphones. The data is often drawn from ordinary cellphone apps such as weather and games, for which consumers have explicitly allowed their location to be logged.

The Wall Street Journal has previously reported that such data has long been of interest to U.S. intelligence agencies surveilling targets abroad. In recent years, the U.S. government has grown interested in such data for law-enforcement purposes. The Journal reported this year that both the Department of Homeland Security and the Internal Revenue Service began buying such data in 2017 from a vendor called Venntel Inc.

In the case of the IRS, the agency’s criminal investigations division was trying to use the tool to identify and track individual suspects—a practice that NAI recommends be ended as a condition of providing governments with location information drawn from the marketing industry.

After the outbreak of Covid-19, the disease caused by the new coronavirus, government interest in mobile-phone location information surged, as public health authorities world-wide looked for ways to do contract tracing on those exposed to the virus and measure how effectively social-distancing orders were being followed.

The advertising industry collects the locations of millions of U.S. cellphones daily. Typically, an individual user is represented only by an alphanumeric string in those databases—with location records not linked to their name, phone number or other personal information.

However, in practice, the data is precise enough to reveal intimate details about individual users. The Journal was granted access to one such supposedly anonymized data set—which in most cases was granular enough to identity the home address of the phone’s owner.

For businesses, investors, advertisers and marketers, the information is most valuable in the aggregate. It can show the demographics of where a brand’s consumers live, how long people linger in a store and whether business is increasing or decreasing in a shopping mall.

However, for governments, the same set of data can be used in different ways. The IRS criminal investigations division said it was trying to identify whether any mobile phones were present at a crime scene and track those phones. DHS was using the data to detect potential illicit border crossings.

NAI’s new recommendations would encourage companies that broker such data to ban those kinds of activities in their contracts with government entities and prevent the government from merging those databases with other data sets in an attempt to identify individuals.

However, NAI doesn’t represent the entire location-data industry. Many location-data brokers aren’t members and location data is often bought and sold in bulk with little public insight into how it was collected and who it was sold to. Read More

Analysis: In a phrase: About Time! However, the details are a lot more nuanced. One, we suspect that this initiative was motivated in part by the anti-law enforcement backlash currently going on, which throws a bit of skepticism on what otherwise would seem an altruistic initiative. That said, we agree with the initiative, though as always the devil is in the details. See https://www.networkadvertising.org/sites/default/files/nai_nonmarketing-bestpractices-0620_final.pdf for the details on their initiative, which we will review and provide an update on our opinion very soon.

We are particularly concerned with two points made in the article. One: It IS possible to obtain personalized information via anonymized data – which should be a great concern for anyone. Two: as evidenced by the IRS example, we feel that whatever (mostly self) controls exist for government agencies with respect to location data, they are clearly inadaquate to control/dissuade government bureaucrats, spies, etc. from the temptation to “mine” location data. This is the primary reason for our “thumbs-down” regarding COVID-19 contract tracing (see below). Unless done correctly (see below for ideas), contact tracing has too many problems in our view to be worth the privacy risk, which is saying something since obviously contact tracing (in a perfect world with great privacy controls) would have great benefits. However, this article highlights the inadequacies of the current state of location data privacy protections.

_________________________

Google, Apple Struggle to Regulate Covid-19 Tracing Apps

With no national standards, technology giants become gatekeepers in market; ‘we’ve seen bad privacy practices’ (Wall Street Journal, June 5, 2020)

When users open the Contact Tracing app on their phones, they expect to see an alert saying where they were exposed to the new coronavirus.

Less expected: ads for a house roofer and a crossword game, based on their online activity.

The app, which lets users report virus test results and track contact with others, is a rare example of a developer earning ad revenue with a Covid-19 app.

Alexander Desuasido said he created the app in his free time after two earlier versions were rejected from app stores. The 44-year-old coding teacher in Foster City, Calif., said he was upfront with users about the ads and that they were his “only way of providing a free service to people.”

Apple Inc. AAPL -0.05% said that contact-tracing apps are prohibited from displaying ads or offering in-app purchases and that it is working with the developer to resolve the issue. Google, which removed the app from its store last month, said the ads don’t comply with its policy.

The listing of Mr. Desuasido’s app in Google and Apple app stores alongside apps produced by state health departments underscores a growing challenge: There is no national standard for how coronavirus apps should work or which details are shared, even as state governments reopening their economies turn to the apps to trace contacts of people who test positive for the coronavirus.

According to a new study of more than 100 apps in the Google app store by the International Digital Accountability Council, a watchdog group, and an analysis by The Wall Street Journal, some of the emerging contact tracers and symptom trackers aren’t transparent about what they are doing with user data, potentially allowing the use of private health-care data for advertising. Others share information such as location data with third-party services.

A Covid-19 tracker created by Medinin, a developer in India, has been transmitting user geolocation and phone numbers without proper security safeguards, potentially exposing the information to hackers, the IDAC researchers found. Medinin didn’t respond to a request for comment.

“We’ve seen bad privacy practices,” said Quentin Palfrey, president of the IDAC. “The fact that we have not yet observed those bad privacy practices translating into demonstrable ongoing harm doesn’t mean that the harm isn’t happening or might not be happening in the future.” … Read More

ANALYSIS: We’ve been hesitant to comment on the various trackers to wait and see how things developed. We had a STRONG inherent aversion to the general concept of a contact tracking app–the potential for abuse being enormous–but also had a reluctant acknowledgement of its potential benefit. The above article is an excellent catalyst for our “verdict” on such applications: 

  • USE AT YOUR OWN RISK;
  • Privacy Protections for location information, in the U.S. and especially in many other countries, are WAY behind what is needed even for commercial-oriented apps. Like so many other aspects of our lives, what protections exist are woefully inadaquate for something as broad-based as virus contact-tracing;
  • Ads for anything remotely resembling a contact tracer app needs to be BANNED (no matter how well-intentioned the developer);
  • Further, use of location information for anything other than the core purpose also needs to be banned. Commercialization is not just ads–it can be used for a variety of other marketing purposes. The collection and storage of such tracing data need to have “chinese walls” from any other data stored by the developer;
  • ANY location data collected for contact tracing purposes must be OFF LIMITS to law enforcement or any other non-virus management entity;
  • To work in most situations, there needs to be a critical mass of people who have the app (the same app or apps that can integrate to the same set of contact databases). Despite this, such apps need to be “opt-in” and be specifically authorized by the user. Further, they can not be “bundled” with other apps. The danger for misuse is too great;
  • Different app versions can be used for different types of populations, specific the density of population, e.g. a different app for urban, suburban, or rural areas, and/or aligned with the risk of outbreak and virus dissemination. For example, an app for New York City residents could be very different from one for Montana, for example. Or, as data seems to be supporting (https://www.wsj.com/articles/covid-19-households-spread-coronavirus-families-navajo-california-second-wave-11591553896?mod=searchresults&page=2&pos=3), the size of the household looks to be a direct risk factor (e.g. the more people that live together, the higher the risk, regardless of density of the area). These differences would be in everything from basic functionality to if/how/how long such contact tracing is stored. Such apps could even be regulated by population density/demographic (though that probably would be a practical nightmare).
What are some (other) alternatives? One: In future outbreaks, make such apps a highly-regulated cost center, like 9-1-1 is in the U.S. today. Many people do not realize that the 911 “network” is nearly completely separate from the networks that everyday users utilize.  Contact tracing needs to follow the same model. As part of this, any “approved” app has to adhere to a strict set of requirements and guidelines (just like wireless 9-1-1 does). 
 
Two: Develop apps that essentially “back into” the contacts of person AFTER they are diagnosed. This would eliminate the need for contact tracers as an active application. This is done all the time (albeit with a lot of leg work) in location forensics work in criminal cases. 
 
Three: Make it such that any contact tracing apps “self-destruct” after the pandemic has passed, AND any associated data collecte is anonymized (for post-pandemic analysis). If, in the future, there is a public safety need to find out specifically who had a virus, those records would need to be subpeoned. A HIPAA exception might be needed to carve out an ability to do so.I’m sure there are many other good ideas. However, the net of things are that, at least in the U.S., there are too many opportunities (still) for the misuse of the broad-based location data that can come with a contact tracer–a downside that to us unfortunately outweigh their benefits, at least currently.   
                         
____________________________

Tech Firms Seek to Head Off Bans on Facial Recognition

Microsoft, Amazon show support for some legislative measures (The Wall Street Journal, 3/8/20)

WASHINGTON—Amid rising calls for regulation, technology companies are pushing for laws that would restrict use of facial-recognition systems—and head off the more severe prohibitions some cities and states are weighing.

Microsoft Corp., Amazon.com Inc. and others stand to profit as government agencies and businesses expand use of the technology, which can require large investments in machine-learning and cloud-computing capacity.

That opportunity is threatened by campaigns to severely restrict its use.

San Francisco and six other cities have passed laws to block government use of facial recognition. Lawmakers in New York, Massachusetts, Hawaii and Michigan are considering some form of ban or strict limitation.

Pressed by advocacy groups, concert promoters LiveNation Entertainment Inc. and AEG Presents, which stages the Coachella Arts and Music Festival, say they don’t have plans to use facial recognition at their events.

More than 60 college campuses have also disavowed the technology, activists say—including the University of California, Los Angeles, which confirmed it nixed a proposal to link its security cameras to facial-recognition systems.

A coalition of 40 activist groups led by Fight for the Future is circulating “Ban Facial Recognition” petitions that call on lawmakers to block government agencies from any use of the technology. Erica Darragh of Students for Sensible Drug Policy, part of the coalition, says recruiting volunteers is a snap: “Facial recognition freaks people out.”…

…Against this backdrop, Microsoft is backing bills in Congress and in its home state of Washington permitting use of the technology with oversight…

“If we don’t move past the polarizing debates that have blocked progress, people will continue to be left without any protection under the law,” Microsoft President Brad Smith said in a statement…

….Privacy advocates view industry-supported regulations as ploys to conduct business as usual.

“They are effectively geared to allow these companies to continue selling and profiting from these technologies, more or less unhindered,” said Meredith Whittaker of New York University’s AI Now Institute.

…Supporters see facial recognition as a means to keep intruders out of buildings, speed up entry lines at stadiums and airline gates, identify criminal suspects and locate missing children.

Opponents fear it will usher in a surveillance state. Participants in street rallies or public protests would lose their anonymity. Retailers could identify people entering their stores, possibly using it to monitor people with shoplifting convictions.

In the wrong hands, the technology could be used to target victims for financial scams, extortion or other schemes.

Studies also show that some facial-recognition systems are less accurate on nonwhite and female faces than on white males, although accuracy has been improving as the technology advances.

So far, law-enforcement agencies are among the biggest early adopters….Read More

Analysis: Rather than paraphrase our view on this, we’re reprinting our article from last week:


Facial Recognition: Good, Bad, or Ugly? David H. Williams, President, E911-LBS Consulting

Facial Recognition technology is increasingly being drawn into clear opinion camps between pro- and anti-factions. One problem with these opinion camps is that they too often take an all (no restrictions)-or-nothing (a complete ban) view as to whether FR should be allowed or not, avoiding a more nuance discussion centered around specific uses and pros/cons of individual uses of the technology. An All-or-Nothing approach, depending on which side wins, leaves either a) a huge amount of opportunity (if banned), or b) enormous potential misuse (if allowed unrestricted) on the stakes table. An applications-based approach is the best compromise for realizing FR’s benefits while limiting misuse. First though we need to lay some groundwork, the point of this particular article.

Let’s first dismiss the “let’s allow any use of FR, it is all for the good” argument. Here China is the standard-bearer when it comes to mass deployment of hugely intrusive technologies, with FR technology starting to become the #1 enabling technology. China has or is in the process of using it for various types of surveillance: Internet (keyword-based censorship, content category-based prohibition), “social credit” (analyzing social behaviors and modifying them through use of a scoring system), and camera-based surveillance are a few of these technologies, with location and facial recognition technologies playing a major role in many of them.While in the U.S. there are many legal and regulatory restrictions already in existence that would prevent such a China-type system, that does not mean there is no risk of smaller-scale abuse, or (arguably) worse: incompetence. The hot-off-the-press breach of Clearview AI illustrates this. What many proponents of FR technology don’t understand (or don’t want to understand) is that a Facial Recognition breach is not the same as your typical financial-related hack. While you always get a new credit card, or change your account password, your facial profile is not going to change. Once it is hacked, it is hacked–Forever.

Furthermore, while many of the pro-FR pundits say FR technology is little different than the widespread surveillance-type technologies of today, such as location tracking of cell phones, there are two critical differences. One is that individuals choose to obtain and carry those devices with them, and also choose the applications that are on the phone, and hence are open to the potential being tracked, in some form. Second, the individual has the ability (even if not often used) to opt-out of being tracked, particularly with respect to location services. There are also other dimensions containing potential abuse, such as the courts increasingly ruling on the side of the individual on issues of personal privacy and the need for warrants and subpoenas to obtain such personal information.

In contrast, individuals have no control over the deployment of FR technology, and more importantly no control over when and where they are “recognized” nor in what subsequent applications the fact of their being at a certain place and time will be used. In addition, being facially-recognized on a widespread basis means that the individual’s “profile” is either on record within multiple individual systems databases, and/or kept in some sort of central facility that is vulnerable to hacking and use without permission, with applications of varying security accessing this information over networks of varying security. These multiple-point-of-access, many weak-links-in-the-chain system/network “architectures” are tailor-made for security breaches. Nor are there any limits on how long an individual’s profile and associated ID/location/activity records are kept. Once your face becomes known, it is always known, pending old age or plastic surgery.

Facial Recognition History, or could-be-history by itself raises numerous concerns supporting this “bad,” or at least “ugly” picture. In the very ugly world of politics (Kavanaugh hearings, Virginia state government executives) there have been assertions of being at a certain place at a certain time doing unsavory things going back many decades, with contested or no evidence at all of the accusations made against the persons involved. Now fast forward a few decades, and imagine investigators going through the FR records of a person’s entire life to try and “verify” certain accusations. A person’s presence at a certain place and time–even if confirmed–is by no means sufficient to convict them of an incident that happened while they were there. But sadly their mere presence, say at a party where a misdeed occurred, would be enough in today’s environment to convict them, or at least destroy their reputation. Do we really want to live in a world where not only we have to worry about being tracked everywhere we go, but also have our every activity tracked or at least inferred? If you think our society has been changed (and not always for the better) by mobile phones, this would be minuscule to how it would be changed if everyone had to act like they were being recorded in some fashion everywhere we go. Some may think it would be a good thing, that it would prevent “bad” behavior, but the laws of unintended consequences—things don’t always go the way you think they will, and often for the worst—say otherwise.

While there are numerous types of misuse of Facial Recognition, probably one of the scariest in terms of today’s societal discussion is with respect to profiling, especially racial profiling. Not only does FR technology enable individual identification, it of course recognizes various attributes that make up an individual’s facial profile, including of course the color of their skin. While there would be some obvious “good” that would come from ensuring such profiling does not happen, think about the potential for misuse. For example, Government entities could (ab)use it to demand profiles of a retail store’s customer traffic to see if somehow they were not “having” enough customers of color (though in practical terms there might be nothing that business can do to influence it), and use that to levy fines and enforce changes in business practices. Companies of course might not resist the temptation to find out about the racial makeup of their customers either, particularly for marketing practices. While that might be a “good” thing, e.g. more attention towards an under-served racial demographic, it is still profiling. With no technology-based regulations, there might even be the emergence of entrances to facilities for persons only of a certain skin-color—in effect technology-enablement for all sorts of possible biases, if not discrimination (though this might be prevented by existing anti-discrimination laws, at least in the U.S.). So clearly this kind of profiling has both good, bad, and ugly elements.

But there are many types of “profiling” beyond political and racial. The changing-by-the-minute Coronavirus (possible) pandemic would be a perfect example of the potential for FR-technology abuse. Since the victims (or even suspected victims) of the virus might as well have a “Scarlet-A” tattooed on their forehead, and because there appears to be the possibility of not fully being cured once you have it, imagine a society that gains access (legitimately or otherwise) to the medical records of all victims, including their facial profiles. With widespread FR technology, you could then “enable” the setting-off of alarms anytime a Coronavirus victim comes into your establishment, with them being turned away (or perhaps setting off a panic inside the establishment). With FR technology that person would become a societal outcast, literally branded for life, leper-like.

Farfetched? Not at all, particularly if there is a financial gain of some sort to be had. Other historically unlikely possibilities would be enabled by widespread usage of FR. For example, recipients of organ, sperm, or even blood might not want to just be satisfied with basic information about the individual. Instead the recipient may demand a detailed profile of a person’s life—a profile possible through reconstruction of records enabled by FR. However, in this circumstance such invasion of privacy might be justified considering the consequences involved.

The donor example is one illustrative of the “good” dilemma of many FR applications: they may have a great deal of positive benefits, but at the cost of some degree of invasion of personal privacy. Where (and How) do we draw the line?

________________________________

FCC Probe Finds Mobile Carriers Didn’t Safeguard Customer Location Data

AT&T, T-Mobile among companies facing hundreds of millions of dollars in fines, though they will likely fight decision (The Wall Street Journal, 2/28/20)

 

The Federal Communications Commission is seeking hundreds of millions of dollars in fines from the country’s top cellphone carriers after officials found the companies failed to safeguard information about customers’ real-time locations, according to people familiar with the matter.

The telecommunications regulator in recent weeks informed AT&T Inc., Sprint Corp., T-Mobile US Inc. and Verizon Communications Inc. of pending notices of apparent liability, the people said. Such notices aren’t final, and the companies can still argue they aren’t liable or should pay less. It would ultimately fall on the U.S. Justice Department to collect any penalties.

The proposed fines, which could total more than $200 million, are expected to be announced Friday, one of the people said. Last month, FCC chairman Ajit Pai notified members of Congress that an agency investigation had concluded that “one or more” carriers had apparently violated federal law by disclosing real-time location data.

The FCC moved after some of the carriers had continued sharing their subscribers’ coordinates even after they told members of Congress they were cutting off the middlemen companies from using their data feeds. Verizon has said it stopped sharing cellular location data in 2018. AT&T and T-Mobile said in early 2019 that they were cutting off some location data sharing.

The top U.S. wireless providers agreed to curb their data sharing after independent reporting found data aggregators were misusing feeds that provided subscribers’ real-time locations. Upon request, the carriers would pinpoint specific subscribers and share the result with middlemen companies, which then shared the information with hundreds of other businesses.

Some privacy advocates criticized the FCC action as overdue.

“Consumers have no choice but to share highly private information with a provider about everywhere they go” to obtain cellular service, said Laura Moy, associate director at the Center on Privacy & Technology at Georgetown Law. “Carriers are not allowed to turn around and sell that location information to anyone with a phone number and a few dollars to spend. But this has been a widespread practice, and the FCC has been slow to rein it in.”

Sen. Ron Wyden (D., Ore.), who wrote to carriers in 2018 after the location-sharing partnerships were revealed to ask about their data privacy practices, called the proposed fines inadequate. He said in a tweet that strong privacy legislation was needed.

Cellphone companies need to know their subscribers’ coordinates to route calls and data to the right place. That gives them a more consistent view of customers’ movements than app developers, which use global positioning systems, Wi-Fi and other data sources that users can shut off through their smartphone settings. Wireless carriers also sell anonymized location data to marketers.

Data aggregators LocationSmart Inc. and Zumigo Inc. told The Wall Street Journal they distributed real-time locations to legitimate clients, including bank fraud-detection departments and roadside assistance services. But others used the data feeds for what the carriers said were unauthorized purposes. One prison phone provider created a website that let law-enforcement agencies find the location of any cellphone user without obtaining a court order, the New York Times and Motherboard have reported.

The FCC didn’t offer the carriers any settlements, one of the people said. That might prompt some carriers to fight the charges against them through the commission’s administrative process… Read More

Analysis: Readers of this site will expect us to be cheering this news. But we’re not (or at least much). The reason: it will likely put location aggregators (the technical term for companies like LocationSmart and Zumigo) out of business. While they (the aggregators and the carriers) were obviously lax in who they allowed to do business with the aggregator, like the prison website cited above (and the notorious Bounty Hunter incident), the aggregators DO fufill a useful function. For example, there are many financial/retail transaction processors and related vendors who use location information to protect against fraud (e.g. are YOU at the same place as where you credit card is being used?). 

Second: this (the aggregators being killed off) will require anyone who wants to use carrier location information (vs. sources like crowdsourced location providers) to likely have to go through what’s called an “onboarding” process with each carrier. As I know from personal/professional experience, this can take many months and many thousands of dollars. Further, at least historically the carriers have “desired” (re: demanded) a revenue cut for such onboarded applications–a major change to practically anybody’s business model.

Thus, while on the surface these fines might seem a good thing, the reality (and its close cousin, the Law of Unintended Consequences) is not so clearcut.

________________________________

Washington Post Hacks Into Chevy To Show How Much Cars Are Spying On Owners (Daily Wire, 12/26/19)

The Washington Post hacked into a Chevy Volt several days ago with the help of a automotive technology expert to find out just how much automakers are spying on their owners and discovered that vehicles are recording their owners’ every move.

The Post used a 2017 Chevy Volt for its experiment and learned that the car collected a wide range of highly precise data ranging from the vehicles location to information about the driver’s cell phone, including call records — noting that many vehicles copy over personal data the moment that a smart phone is plugged into the vehicle.

The Post noted that the Chevy Volt did not inform drivers what information it was recording and did not make mention of it in the owner’s manual since there are no federal regulations protecting consumer’s privacy and data from automakers.

…After having to take a bit of the car apart to reach the computer, The Post found that Chevy collected the  following information:

There on a map was the precise location where I’d driven to take apart the Chevy. There were my other destinations, like the hardware store I’d stopped at to buy some tape.

Among the trove of data points were unique identifiers for my and Doug’s phones, and a detailed log of phone calls from the previous week. There was a long list of contacts, right down to people’s address, emails and even photos.

For a broader view, Mason also extracted the data from a Chevrolet infotainment computer that I bought used on eBay for $375. It contained enough data to reconstruct the Upstate New York travels and relationships of a total stranger. We know he or she frequently called someone listed as “Sweetie,” whose photo we also have. We could see the exact Gulf station where they bought gas, the restaurant where they ate (called Taste China) and the unique identifiers for their Samsung Galaxy Note phones.

The Post noted that GM would not reveal what information it was collecting on drivers and that the other computers in the vehicle, including the infotainment computer, collect far more information than what Mason was able to pull up.

The vehicle also collected information on “acceleration and braking style, beaming back reports to its maker General Motors over an always-on Internet connection,” The Post added. “Coming next: face data, used to personalize the vehicle and track driver attention.”

….Fears that vehicles could be hacked and taken over by someone outside the vehicle who has a sinister intent are not only legitimate, they are well-rooted in reality because it has happened.

In July 2015, The Washington Post reported on one such criminal instance:

The complaints that flooded into Texas Auto Center that maddening, mystifying week were all pretty much the same: Customers’ cars had gone haywire. Horns started honking in the middle of the night, angering neighbors, waking babies. Then when morning finally came, the cars refused to start.

The staff suspected malfunctions in a new Internet device, installed behind dashboards of second-hand cars, that allowed the dealership to remind customers of overdue payments by taking remote control of some vehicle functions. But a check of the dealership’s computers suggested something more sinister at work: Texas Auto Center had been hacked. …

… Police later reported more than 100 victims and charged a former dealership employee with computer crimes. …

…Widespread hacks on cars and other connected devices are destined to come, experts say, as they already have to nearly everything else online. It’s just a question of when the right hacking skills end up in the hands of people with sufficient motives.

Also in 2015, Andy Greenberg wrote at Wired about how his Jeep was completely taken over by Charlie Miller and Chris Valasek, who hacked the vehicle as part of an experiment to which Greenberg agreed….

…The hackers were able to completely kill the transmission on the vehicle from miles away as it drove on the freeway, which is less than they did to Greenberg two years prior in 2013 when they “disabled [the] brakes, honked the horn, jerked the seat belt, and commandeered the steering wheel” on a couple of  different vehicles that they had Greenberg drive.

WikiLeaks released a trove of documents in 2017 that revealed that the U.S. government has extremely sophisticated hacking tools that it can use to spy on people through televisions, smartphones, and even anti-virus software.

“Tucked into WikiLeaks’ analysis of a trove of documents allegedly from the Central Intelligence Agency is a stunning line: That the agency has looked into hacking cars, which WikiLeaks asserts could be used to carry out ‘nearly undetectable assassinations,‘” The Washington Post reportedRead More

* * *

Analysis: To us, the ability for cars (and by extension, car manufacturers, insurance companies, dealers, and whomever they want to sell the data to) to track nearly EVERYTHING going on within, in, and even around the car is scarier than any driverless car bugs that might cause an accident. As this article indicates, the engineers developing this technology have learned nothing from the missteps of Facebook and their overzealous data collection practices.

Left unchecked, these kind of practices have the following ramifications: 1) combined with other technologies (e.g. phones, Internet of Things), you will be well on your way to being tracked 24/7; 2) As such, your life will become an open book, not just annoyances like advertisers (and hackers), but also to companies that could make a dent in your pocketbook, notably insurance companies; and 3) if ANYthing goes wrong while in your car, all of this information becomes fair game for criminal and civil litigation. 

On point #3: already we are running into cases in our forensics practice that relies on information collected from vehicle navigation and entertainment systems. There are even specialized companies that offer (to law enforcement ONLY), the ability to extract data from more than seventy (70) individual computer systems in today’s cars equipped with sophisticated entertainment systems. These systems collect much of the data that this article describes, meaning you don’t have to have a cutting-edge/prototype system to worry about this kind of intrusion–it is possible in today’s everyday entertainment systems. So what you say–I’m not a crimnal! Well, there are also very few restrictions on the ability of an oppposing party in an accident dispute to gain access to YOUR car records, withOUT your permission! 

Needed: Serious regulation regarding privacy of ALL types of personal data collected by today’s (and tomorrow’s) vehicles. Location-related information is at the forefront of the concerns that need to be addressed (given the inherent mobile nature of cars), but it is not the only concern. As the article indicates, data can be collected on a wide variety of personal behaviors. Big Brother coming to a vehicle near you…

________________________________

Photo Roulette, the Hot App That Makes Teens Cringe and Parents Fret

Popular game draws images from players’ camera rolls at random, causing embarrassment, raising privacy concerns (The Wall Street Journal, 12/18/19)
A popular mobile game that randomly selects photos from players’ camera rolls is leading to some cringeworthy moments for teens and privacy panics for parents.

Photo Roulette, a free app for iOS and Android devices, came out a few years ago but only recently caught fire: In October, for the first time, it was the most downloaded iPhone game in the U.S.

Here’s how it works: A player invites up to 49 friends to join the game, and players grant the app access to their phones’ photo albums. The app selects a picture from one phone, totally at random, and displays it to everyone for five seconds; other players have to guess who it came from. The player with the most correct guesses after 15 rounds wins.

To adults, the risks might seem obvious. But to many kids, it’s just seen as a fun game—until a sensitive photo pops up.

Perhaps most troubling to teens are the suggestive photos, memes and texts that appear. Some teens told me that nude photos and screenshots of flirtatious text messages with other teens have popped up during games.

Sometimes, it’s personal data. Cadence Messier, a 17-year-old in Gilbert, Ariz., was invited by friends to play Photo Roulette about two weeks ago. “I was kind of freaked out by it so I went to my camera roll to make sure there wasn’t anything embarrassing and I didn’t see anything too bad,” she said.

But when she joined the game, the app displayed a photo of her Social Security number.  Cadence’s mom had once texted her a photo of it when she needed it to sign up for the SAT. Cadence hadn’t noticed it among her 10,000+ shots. When Cadence told her parents what happened, they were worried.

Her mother, Lori, said the episode made her rethink texting sensitive data, especially a picture. “It never dawned on me that anyone else could see it or share it,” she said. “It’s concerning not knowing who’s behind the app and what they are doing with the information.”…

…“We designed Photo Roulette for people to play with their close friends and family. We want everyone to have a fun and safe experience when playing and have multiple measures in place to ensure this,” the company’s statement read. This includes an age-16 requirement and explicit approval of new players in a user’s game. “As you point out in your article,” the statement continued, “we cannot control the photos that are shared during a round of Photo Roulette.”…

In addition to collecting players’ usernames, photos and the metadata from the photos (such as the year and location when photos were taken), the app also may collect information about players from public databases and social media profiles, according to its privacy policy. The app maker says it may share players’ information with third parties. A player’s photos are removed from other players’ devices after the game is over but can remain on the app developer’s servers for 24 hours…

…“Risk-taking is a part of childhood development, so there is something inherently fun in it. You’re also bonding over your devices and what’s on them, but I have never seen another game quite like this,” Ms. Elgersma said. “Maybe this is a new frontier of sharing stuff that’s on our phones.”

Emma Romney, a 20-year-old college student from Spokane, Wash., was playing Photo Roulette with her cousins, uncle and father during a road trip recently when a selfie she had taken a few years ago came up in the game. She was wearing tight jeans, with her back side facing a mirror. “I’m from a really conservative family and it was a little embarrassing,” Emma said. “When that picture came up, my dad looked at me a little funny.”

Regarding personal data, the company’s belated comment read, “Users’ photos are only used as part of the gameplay, and not shared with anyone outside the group of players. The photos are deleted from our servers as soon as the round is over. We do not monetize the photos or photo metadata in any way, nor will we ever do so.”..

…“Kids think it’s a fun game and they don’t think about the consequences,” …

…“The younger generation is more trusting and everything is open all the time,” (one) mother said. “I appreciate that they want to be open with each other but I think they need to be aware of security and privacy.”..

(One kid) said he isn’t too worried about possible privacy ramifications and that he’ll play it again. “In my situation it’s not concerning because I don’t have anything harmful to my reputation in my camera roll,” he said.

Still, there was one embarrassing moment in the game: A screenshot of a text exchange he’d had about a dispute with a friend came up. “It’s that awkward part of the game that makes it what it is,” he said. Read More

* * *

Analysis: This is scary on so many levels. But the main conceern is how oblivious that “children” (of all ages) are with respect to the potential for abuse of their privacy. This concern is exascerbated by the (high) likelihood that the concerns of “adults” will be dismissed because of their perceived technology cluelessness…

The best solution (as the parent of 8 children), is to convey the possibilities in the form of horror stories. There are a few mentioned here (social security #s, pimply faces). The kid’s comment that “there is nothing [bad] in my camera role” is a bit optimistic in that by the time they are adults a kid will likely accumulate many thousands of images. But these kinds of stories need to be accompanied by the message that such stories are PERMANENT, as NOTHING that gets on the Internet is ever fully deleted, European-type privacy laws notwithstanding…

Finally, if you think that the developers of this “game” won’t be monetizing the personal data captured in all this, we’ve got a bridge to sell you, no matter what they say otherwise.

________________________________

Adam Schiff Is Watching

Obtaining phone logs of political rivals is a stunning abuse of congressional power. (The WSJ, December 5, 2019)

Fanatics can justify any action, and House Intelligence Chairman Adam Schiff this week demonstrated where that mindset leads. In his rush to paint Donald Trump as a lawbreaker, Mr. Schiff has himself trampled law and responsibility.

That’s the bottom line in Mr. Schiff’s stunning decision to subpoena the phone records of Rudy Giuliani and others. Mr. Schiff divulged the phone logs this week in his Ukraine report, thereby revealing details about the communications of Trump attorneys Jay Sekulow and Mr. Giuliani, ranking Intelligence Committee member Devin Nunes, reporter John Solomon and others. The media is treating this as a victory, when it is a disgraceful breach of ethical and legal propriety.

If nothing else, Mr. Schiff claims the ignominious distinction of being the first congressman to use his official powers to spy on a fellow member and publish the details. His report also means open season on members of the press. Mr. Giuliani over months has likely spoken to dozens of political figures and reporters—and the numbers, dates and length of those calls are now in Democrats’ hot little hands. Who gets the Schiff treatment next? If you think politics is ugly now, imagine a world in which congressional partisans routinely track and expose the call lists of their political rivals and disfavored media.

If we’ve never had a scandal like this before, it’s in part because it is legally dubious. Federal law bars phone carriers from handing over records without an individual’s agreement. The statute makes some exceptions, including for federal and state law-enforcement agencies.

But not for lawmakers. “There does not appear to be any basis to believe that a congressional committee is authorized to subpoena telephone records directly from a provider—as opposed to an individual,” former Attorney General Michael Mukasey tells me.

Maybe that’s because no one would have conceived of Congress needing to peruse private phone records. Its mission is writing laws. Or it might have been in recognition that Congress has no outside check on its subpoena powers. Law-enforcement subpoenas generally entail court supervision, helping to ensure they have a valid purpose. Mr. Schiff, working in secret, unilaterally decided he was entitled to see the phone records of private citizens.

Mr. Mukasey notes that the legal problem is “compounded,” in that going after Mr. Giuliani “raises questions of work-product and attorney-client privilege.” Whatever his role in the Ukraine affair, Mr. Giuliani remains the president’s personal lawyer. Law enforcement must present a judge with powerful evidence to get permission to vitiate attorney-client privilege. Mr. Schiff ignored all that, and made himself privy to data that could expose the legal strategies of the man he is investigating…

…Mr. Schiff purposely kept that action secret. This guaranteed that the only entity involved with a decision over whether to release the records was AT&T. And that gave Mr. Schiff all the cards, since companies fear political retribution far more than violating their customers’ privacy…

“The subpoenas aren’t related to legitimate congressional oversight,” says constitutional lawyer David Rivkin. Because there’s “no conceivable legislative purpose to obtaining these call logs and publicly disclosing this information, Mr. Schiff would not be able to benefit from the Speech and Debate Clause immunity that otherwise protects members of Congress from civil and criminal liability.” Mr. Rivkin adds that any of the targets could sue Mr. Schiff under state law for invasion of privacy or intentional infliction of emotional distress, and potentially even compel Mr. Schiff to turn over documents in discovery.

Mr. Nunes has already said he’s weighing his legal options. Since House Democrats obviously won’t hold Mr. Schiff accountable for his abuses, let’s hope at least one of the targets demands a court review his tactics. No one should want to live in a world where Adam Schiff has unfettered power to spy on Americans. Read More

Analysis: This is an update to the below story.  In addition to the points made in that analysis, this article raises two additional points of emphasis about why this action is so scary: 1) The subpoena process and associated disclosures are generally under Court supervision. That supervision was absent here; and 2) Rep. Schiff publicly disclosed the contents of the phone logs. That is NEVER done in criminal proceedings, for obvious reasons: to protect the privacy of not just the individual under scrutiny, but also those persons that the scrutinized person was in contact with–private information contained in those records about what number, how long and (at least partially) where the parties were when contact between them was made. 

Thus, with these points in mind, a supposedly single person’s phone log expands–“exponentially”–to drag in a host of other people, to have their laundry (clean or dirty) aired, PUBLICLY, without any legal protections. This is a horrific abuse of power and MUST be stopped.

* * *

UPDATE to both analyses: various media has published portions of some of the call logs in question. It should be pointed out that these were not the original call logs provided by the phone companies, but processed (by someone other than the phone company) call logs. Someone took the original data, and via importing and/or manual effort put it into Excel format. Evidence: 1) AT&T provides call log data in PDF format (not Excel), and 2) Carriers NEVER disclose names in the call logs.

We work on a daily basis with these kinds of call logs on behalf of defendants. In our experience, it is a) very easy to make a mistake when attempting to modify/summarize/import/cleanup etc. the data into a “nicer” format, and b) it is even easier to “cherry pick” information from the logs and present them out of context.  Points a and b assume of course there is no deliberate modification or “elaboration” done during the processing–in this case in particular an assumption that should be challenged.

 

 

________________________________

Schiff’s Surveillance State

The Democrat demands, and then discloses, the call logs of his opponents. (The WSJ, Dec 4, 2019)

Democrats are trying to convince Americans that President Trump should be ousted for trying to “dig up dirt” on a rival. They’d have more credibility if they didn’t abuse their surveillance powers for drive-by smears of Republicans and a free press.

Adam Schiff’s 300-page House Intelligence impeachment report doesn’t include much new about Mr. Trump’s Ukrainian interventions. But it does disclose details of telephone calls between ranking Intelligence Republican Devin Nunes, Trump attorneys Rudy Giuliani and Jay Sekulow, reporter John Solomon, former Giuliani associate Lev Parnas, the White House, and others. The details are “metadata” about the numbers and length of the calls, not the content.

The impeachment press is playing this as if the calls are a new part of the scandal, but the real outrage here is Mr. Schiff’s snooping on political opponents. The Democrat’s motive appears to be an attempt to portray Mr. Nunes, a presidential defender and Mr. Schiff’s leading antagonist in Congress, as part of a conspiracy to commit impeachable offenses…

This is unprecedented and looks like an abuse of government surveillance authority for partisan gain. Democrats were caught using the Steele dossier to coax the FBI into snooping on the 2016 Trump campaign. Now we have elected members of Congress using secret subpoenas to obtain, and then release to the public, the call records of political opponents.

Our sources says Mr. Schiff issued a subpoena in September to AT&T, demanding call logs for five numbers—including Mr. Giuliani’s. Subsequent subpoenas to AT&T and Verizon demanded more details. Republicans were told of the subpoenas, yet under rules of committee secrecy couldn’t raise public objections.

Readers may recall that only a few years ago Democrats were in high dudgeon over the executive branch’s collection of metadata against terrorists. They claimed the National Security Agency was “spying” on Americans, and in 2015 Congress barred NSA from collecting bulk domestic metadata. Federal investigators must offer legitimate reasons to obtain metadata from telecom companies, and they are subject to restrictions on divulging it.

Yet here the companies appear to have handed over metadata based on little more than Mr. Schiff’s say-so—and in AT&T’s case in response to a request that was made before the House began a formal impeachment inquiry.

AT&T released a statement Wednesday saying it is “required by law to provide information to government and law enforcement agencies.” But AT&T can question the validity of subpoenas in court—and had grounds to do so given the highly political nature of these requests. Then again, maybe it felt it had no choice. We’ll leave it to legal experts to decide whether a powerful Congressman’s demands of a highly regulated company are extortion.

***

Mr. Schiff’s metadata disclosures hardly bear on his impeachment case. Mr. Giuliani had broadcast to the world that he wanted Ukraine to investigate Hunter and Joe Biden, but he is also Mr. Trump’s personal attorney. Does Mr. Schiff have a legal opinion saying he could ignore attorney-client privilege? Mr. Schiff published a select log of Mr. Giuliani’s calls, but he presumably has a record of everyone Mr. Giuliani spoke to for months. Imagine the political outrage if Republicans had snooped on Bill Clinton’s attorneys…

The press corps might also notice that Mr. Schiff’s targets include one of their own—Mr. Solomon, who was until recently a columnist at The Hill and whose reporting called attention to Ukraine’s involvement in the 2016 election. How is Mr. Solomon’s reporting trail relevant to impeachment? The media usually condemn government officials who use surveillance to track and intimidate the media, but here they are cheering Mr. Schiff on.

Mr. Schiff’s extraordinary and secret plunge into metadata, followed by its gratuitous public disclosure, is one more example of the partisan score-settling that motivates this impeachment exercise. In the cause of impeaching Donald Trump, anything goes. Read More

Analysis: While we try and avoid politics on this site like the plague, we can’t let this one go. Part of our practice is utilizing the “call logs” as described here in helping defendants against accusations based–in full or in part–on these call logs and associated metadata. What this article doesn’t mention is that these call logs typically include location data about the person whose call logs were subpoenaed. So, in this case, the Democrats could see (approximately) where each of the subpeonaed Republicans were when various calls, texts, or even data searches were made.  This is an abuse of Congressional Power, and should not be allowed.  It is more than the tip-of-the-iceberg as it relates to a Big Brother state.  (Also, the phone carriers should be ashamed of themselves for not contesting this subpeona.) 

Republican, Democrat, Independent, Pro-Trumper, Anti-Trumper, non-political bystander, AND The Media: you should be appalled, and afraid, of this kind of Governmental abuse of phone records.

________________________________

Silicon Valley-Baced App Lenders Use Phone Data to Hassle Borrowers

(The Wall Street Journal, November 28, 2019)

NEW DELHI—Silicon Valley venture capital is funding a wave of fintech startups in India that use data from borrowers’ cellphones to collect on debts in ways that are illegal in both India and the U.S.

The startups are providing much-needed credit in India, where consumer lending has been limited by a lack of credit scores and by banks that are reluctant to make personal loans. While the newcomers’ tactics are illegal, they are ignored by Indian regulators who want to encourage lending, according to analysts and company insiders. The startups also use personal data to make lending decisions.

It is the latest example of Silicon Valley pushing legal and ethical boundaries in a global race for customers and profit. Lured by the promise of massive populations of people who are just beginning to transact online, tech companies are moving into banking in emerging markets, where cultural norms are complex, regulations are often weak, and many consumers lack credit histories or even official identification.Last year, investors globally poured a record $9.6 billion into lending startups, with 83% of the money going outside the U.S., according to a Wall Street Journal analysis of Dow Jones VentureSource data.

A record $909 million of that went to India-based lending startups, making the country the third-biggest market behind China and the U.S. Last year, U.S. investors backed nearly 40% of the 65 India-based loan companies that completed a funding round.

Investors see India, home to 1.3 billion people, as the world’s largest untapped digital economyA boom in cheap smartphones and mobile data has allowed lenders to access a person’s income and spending patterns as well as location and gender. With that personal information, the lenders can determine creditworthiness on the fly. Lending apps also suck up contact information to help chase borrowers down if loans go sour…

…Dozens of PaySense customers have posted complaints online about aggressive collection tactics going back to 2017. Mr. Ranganathan said PaySense explicitly receives permission from users to access their smartphone contacts but uses them only rarely, when the borrower can’t be reached.

He said that outside debt collectors must sign a code of conduct for collections but that PaySense is taking steps to better monitor their activities. “This issue is not unique to us,” he said, adding that PaySense complies with all local laws and regulations…

…Countries including India are attractive to these lenders because the market in the U.S. is far more crowded and lenders can’t use such smartphone data as location, photographs and social networks to make lending decisions. These can be proxies for age, gender, ethnicity or place of residence, which can’t be used for lending decisions…

…In the Philippines, the National Privacy Commission is investigating hundreds of complaints from consumers about lending apps siphoning data and harassing users in that promising fintech market.

Another PaySense user, Akshay Yedke, who lives in Pune, India, said he took out a 121,000 rupee loan in 2017 to pay for his wedding. He said that he was a few days late on his 7,700 rupee monthly loan payment and that PaySense’s agents targeted Mr. Yedke’s closest contacts.

“They started calling my mom, my dad, they even called my grandmother,” demanding payment, he said. “They disclosed my loan details to all of them.”

In one audio recording reviewed by The Wall Street Journal, Mr. Yedke asks a collection agent who called him how she obtained his number. “You don’t have a right to ask any questions,” the woman said. “First pay your loan.”

Before the rise of fintech lenders, consumers in India turned to high-interest local lenders for cashCollection agents harassed borrowers and threatened them with physical harm.

But lenders’ newfound ability to leverage personal data from smartphones, which is often collected without users fully understanding how it will be used, gives startups powerful new tools to pursue them.

Aggressive collection tactics are illegal in India, according to Reserve Bank of India rules. But regulators, eager to bring more people into the financial system, haven’t enforced the rules…

…In the U.S., debt collectors can’t harass customers or speak with anyone other than their spouses or attorneys. Read More

Analysis – While the article does not reference using location to physically confront debtors, this is hardly impossible. In the U.S. earlier this year, several carriers shut down their operations (called “aggregators”) that allowed (for example) bounty hunters to track their targets. In India, with no restrictions, I anticipate debt collectors will up-the-ante in their collection efforts to physically conftont people (particularly if the debt amount is large enough).
Two key points: First, here in the U.S. we have to keep up our guard on the potential misuse of private information, particularly location information that can be used for physically-nefarious purposes. Second, what is going on in India is a perfect example of how lack of rules/enforcement of the protection of personal information can be misused. Advocates for facial recognition, for example, would be well-served to understand that if private information can be missued, it WILL be misused.

__________________________

Foursquare to Buy Location-Data Specialist Placed From Snapchat Parent (The Wall Street Journal – 6/10/19)
Former social-media darling aims to help advertisers track foot traffic to stores

Foursquare Labs Inc., the onetime social-media darling that has transformed into a specialist in providing location data to other companies, is buying another location-data powerhouse in a bid to dominate the business of helping advertisers track foot traffic to stores.

Foursquare on Thursday said it agreed to buy Placed, a company that specializes in measuring the effectiveness of advertising by tracking users’ whereabouts, from Snapchat parent Snap Inc….

…The deal comes two years after Snap purchased Seattle-based Placed for $135 million.

As a result of the latest transaction, Placed will be merged with Foursquare’s ad-effectiveness-measurement product and rebranded as “Placed powered by Foursquare.” Both companies help advertisers figure out how well their ads work by matching a list of people exposed to an ad to a panel of users who have opted in to have their location tracked and shared with an app, to discern whether the ads drove foot traffic to stores….

…Launched in 2009 as a social network that lets users log visits to their favorite coffee shop and share their location with friends, Foursquare pivoted toward providing location data and software to businesses after its consumer app’s growth stagnated. Today it is among the leading players in a field that provides detailed information about the way that mobile phones move through the physical world….

Foursquare gathers its first-party location data from a combination of its own consumer apps, Swarm and Foursquare City Guide, and a network of apps that use its software, such as AccuWeather and TripAdvisor. If users of these apps opt in to always-on sharing of their location—and Foursquare says about 30% to 40% of users do—they become part of Foursquare’s panel of about 25 million monthly active users who help it track store visits….

….The combination comes at a fraught time for the location-data industry as regulators around the world have begun passing privacy legislation that could make what Foursquare is trying to do harder….

For example, Europe’s General Data Protection Regulation requires that companies name the partners with whom they share data. Neither Foursquare nor Placed operates its advertising business in Europe. Similar legislation has been passed in California, and lawmakers in Washington, D.C., are debating national privacy legislation. Read More

Analysis: Historically Foursquare is pursuing a “reverse” strategy from that of typical LBS providers. Back in the 2000s, most LBS companies got their start in “infrastructure”, then migrated to providing applications. Here Foursquare (2 decades later) is doing the opposite – and probably wisely so. However, the strategic wild-card is whether – and in what form – a GDPR-type privacy model becomes standard (or not) in the U.S.
 

For Privacy Policy providers, this development is interesting in that it provides an “opportunity” to enact legistlation with something other than a herding-cats mentality, e.g. regulating the activities of many thousands of app providers. Intelligently written, a good GDPR-like policy with respect to location can focus on the “infrastructure” providers such as Foursquare, plus other platforms like the App Store(s), rather than (or in addition to) individual privacy actions of individual developers.

__________________________

Apple Touts New Privacy Features Amid Scrutiny of Tech Giants

 

Offerings include anonymous login system, tools to prevent location tracking by apps (The WSJ, June 4 2019)

 

SAN JOSE, Calif.— Apple Inc. AAPL 1.16% sought to tout itself as a digital-privacy crusader with an anonymous login system and tools that prevent apps from tracking a user’s location, a push that is designed to further differentiate it from Google and Facebook Inc.,which have built their fortunes on tracking user activity and behavior.

At a gathering Monday of about 6,000 software developers here, the iPhone maker said its mobile operating system coming this fall, iOS 13, will include an Apple sign-in capability that allows people to log into apps without revealing any personal information. It said users would be able to generate automated and random email addresses provided by Apple rather than provide their own.

“It’s a fast, easy way to sign in without all the tracking,” said Apple software chief Craig Federighi onstage at the company’s annual Worldwide Developers Conference. He showed the “Sign in with Apple” feature alongside similar offerings from Facebook and Google, which he said could share user information in a way that compromised privacy.

Apple Bets on Privacy

 

Apple has weaponized privacy over the past year, marketing it to combat threats posed by rivals increasingly elbowing into its core iPhone business…

 

…Apple is also seeking to further separate itself from its peers as the U.S. government ramps up its scrutiny of tech giants’ power. The Wall Street Journal reported Monday that the government’s antitrust enforcers, the Justice Department and Federal Trade Commission, are splitting up oversight of tech companies including Google and Facebook over competition concerns. Facebook already faces an FTC investigation over privacy issues…

 

…Apple Chief Executive Tim Cook has stressed privacy by criticizing Google, Facebook and other companies as cavalier in collecting user information. He has cast Apple as pro-privacy, saying it is in the business of selling devices while its peers are in the business of monetizing their customers by gathering data and selling ads….

 

…Facebook and Google have pushed back with privacy promises of their own. Facebook this year said it is going to provide encrypted messaging and encourage small-group chats. Google Chief Executive Sundar Pichai sniped at Apple in a New York Times editorial that “privacy cannot be a luxury good” available to people who buy expensive devices.

 

Apple said its newest mobile-operating system will give users more options for how they share location data with apps, including an option to only share location information once…

 

…It also said it is teaming up with security-camera companies to provide more private video tools for people who use cameras to monitor home security. Read More

 

Analysis – ANYthing that can be done to systemically address/help location data privacy issues is a good thing in our view, regardless of motivation or impact on the broader ecosystem. Certainly the global log-in push by Facebook and others has been a big contributor to the privacy mess we find ourselves in, so this action is welcome. The App Developer community will have to obtain our personal information (and especially location data) the old-fashioned way – by earning it!

 

__________________________

San Francisco Bans Facial Recognition Technology

The New York Times, May 14, 2019

SAN FRANCISCO — San Francisco, long at the heart of the technology revolution, took a stand against potential abuse on Tuesday by banning the use of facial recognition software by the police and other agencies.

The action, which came in an 8-to-1 vote by the Board of Supervisors, makes San Francisco the first major American city to block a tool that many police forces are turning to in the search for both small-time criminal suspects and perpetrators of mass carnage.

The authorities used the technology to help identify the suspect in the mass shooting at an Annapolis, Md., newspaper last June. But civil liberty groups have expressed unease about the technology’s potential abuse by government amid fears that it may shove the United States in the direction of an overly oppressive surveillance state.

[Facial recognition technology has stoked controversy over the years. Here’s a look back.]

Aaron Peskin, the city supervisor who sponsored the bill, said that it sent a particularly strong message to the nation, coming from a city transformed by tech.

“I think part of San Francisco being the real and perceived headquarters for all things tech also comes with a responsibility for its local legislators,” Mr. Peskin said. “We have an outsize responsibility to regulate the excesses of technology precisely because they are headquartered here.”

But critics said that rather than focusing on bans, the city should find ways to craft regulations that acknowledge the usefulness of face recognition. “It is ridiculous to deny the value of this technology in securing airports and border installations,” said Jonathan Turley, a constitutional law expert at George Washington University. “It is hard to deny that there is a public safety value to this technology.”…

…On Capitol Hill, a bill introduced last month would ban users of commercial face recognition technology from collecting and sharing data for identifying or tracking consumers without their consent, although it does not address the government’s uses of the technology.

Matt Cagle, a lawyer with the A.C.L.U. of Northern California, on Tuesday summed up the broad concerns of facial recognition: The technology, he said, “provides government with unprecedented power to track people going about their daily lives. That’s incompatible with a healthy democracy.”

The San Francisco proposal, he added, “is really forward-looking and looks to prevent the unleashing of this dangerous technology against the public.”

In one form or another, facial recognition is already being used in many American airports and big stadiums, and by a number of other police departments. The pop star Taylor Swift has reportedly incorporated the technology at one of her shows, using it to help identify stalkers.

The facial recognition fight in San Francisco is largely theoretical — the police department does not currently deploy such technology, and it is only in use at the international airport and ports that are under federal jurisdiction and are not impacted by the legislation.

Some local homeless shelters use biometric finger scans and photos to track shelter usage, said Jennifer Friedenbach, the executive director of the Coalition on Homelessness. The practice has driven undocumented residents away from the shelters, she said…

…The ban prohibits city agencies from using facial recognition technology, or information gleaned from external systems that use the technology. It is part of a larger legislative package devised to govern the use of surveillance technologies in the city that requires local agencies to create policies controlling their use of these tools. There are some exemptions, including one that would give prosecutors a way out if the transparency requirements might interfere with their investigations.

Still, the San Francisco Police Officers Association, an officers’ union, said the ban would hinder their members’ efforts to investigate crime.

“Although we understand that it’s not a 100 percent accurate technology yet, it’s still evolving,” said Tony Montoya, the president of the association. “I think it has been successful in at least providing leads to criminal investigators.”…

…But Dave Maass, the senior investigative researcher at the Electronic Frontier Foundation, offered a partial list of police departments that he said used the technology, including Las Vegas, Orlando, San Jose, San Diego, New York City, Boston, Detroit and Durham, N.C.

Other users, Mr. Maass said, include the Colorado Department of Public Safety, the Pinellas County Sheriff’s Office in Florida, the California Department of Justice and the Virginia State Police.

U.S. Customs and Border Protection is now using facial recognition in many airports and ports of sea entry. At airports, international travelers stand before cameras, then have their pictures matched against photos provided in their passport applications. The agency says the process complies with privacy laws, but it has still come in for criticism from the Electronic Privacy Information Center, which argues that the government, though promising travelers that they may opt out, has made it increasingly difficult to do so.

But there is a broader concern. “When you have the ability to track people in physical space, in effect everybody becomes subject to the surveillance of the government,” said Marc Rotenberg, the group’s executive director.

In the last few years, facial recognition technology has improved and spread at lightning speed, powered by the rise of cloud computing, machine learning and extremely precise digital cameras. That has meant once-unimaginable new features for users of smartphones, who may now use facial recognition to unlock their devices, and to tag and sort photos.

But some experts fear the advances are outstripping government’s ability to set guardrails to protect privacy.

Mr. Cagle and others said that a worst-case scenario already exists in China, where facial recognition is used to keep close tabs on the Uighurs, a largely Muslim minority, and is being integrated into a national digital panopticon system powered by roughly 200 million surveillance cameras.

American civil liberties advocates warn that the ability of facial surveillance to identify people at a distance, or online, without their knowledge or consent presents unique risks — threatening Americans’ ability to freely attend political protests or simply go about their business anonymously in public. Last year, Bradford L. Smith, the president of Microsoft, warned that the technology was too risky for companies to police on their own and asked Congress to oversee its useRead More

Analysis: In a word: Great!

Yes, there may (will) be lost opportunities with respect to criminal detection and prevention. But we’ve survived without it up to now, and we will continue to do so in the future. The risk of abuse is far too great to allow – just ask the millions under surveiliance in China. 

When you combine identity with location (location of course will naturally also be determined when facial recognition is deployed), a government or other entity has the core information to track every aspect of your life. And just imagine when (not if) facial recognition is built into everything with the advent of 5G and The Internet of Things. And it WILL be, if no regulatory constraints are enacted. This kind of power MUST not be allowed. 

Facial recognition bans – or at least strict limits with very precise legal guidelines – must be enacted at a national level, not just city level. Contact your Congress Person to ask them to support a bill severely constraining facial recognition!

____________________________

 

Why It’s So Easy for a Bounty Hunter to Find You

Wireless companies sell your location data. Federal regulators should stop them.(The New York Times, April 2, 2019)

When you signed up for cellphone service, I bet you didn’t expect that your exact location could be sold to anyone for a few hundred dollars. The truth is, your wireless carrier tracks you everywhere you go, whether you like it or not. When used appropriately, this tracking shouldn’t be a problem: location information allows emergency services to find you when you need them most.

But wireless carriers have been selling our data in ways that allows it to be resold for potentially dangerous purposes. For instance, stalkers and abusive domestic partners have used location data to track, threaten and attack victims. This industry wide practice facilitates “pay to track” schemes that appear to violate the law and Federal Communications Commission rules.

Companies are collecting and profiting from our private data in hidden ways that leave us vulnerable. As you carry your phone, your wireless carrier records its location so calls and texts can reach you. And you can’t opt out of sharing location data with your carrier, as you can with a mobile application. Your carrier needs this data to deliver service. But, according to recent news reports, this real-time phone location data has long been available to entities beyond your wireless carrier, for a price. In one alarming example, reported by Vice, a bounty hunter was able to pay to track a user’s location on a map accurate to within a few feet. In another case, a sheriff in Missouri used location data provided by carriers to inappropriately track a judge.

In other words, an ability that seems to come right out of a spy movie is now apparently available to just about anybody with your phone number and some cash. The pay-to-track industry has grown in the shadows, outside of the public eye and away from the watch of regulators.

Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret

Dozens of companies use smartphone locations to help advertisers and even hedge funds. They say it’s anonymous, but the data shows how personal it is.

Senator Ron Wyden, Democrat of Oregon, first raised the alarm last year, sending a letter to the F.C.C. on May 8 demanding an investigation into abuses by the pay-to-track industry. The Times reported on the issue the same week. Senator Wyden also demanded answers from the major wireless carriers. After that, the top wireless companies said that bounty hunters and others would no longer have access to their customers’ locations.

But months later the reports continueOther recent articles suggest that highly accurate GPS location information from our phones — which, according to F.C.C. rules, should be used to send help to 911 callers — is available on a location-data black market. Since then, wireless companies have said they’ll stop selling our location information completely — eventually.

The misuse of this data is downright dangerous. The harms fall disproportionately upon people of color. According to the Pew Research Center, people of color rely more heavily on smartphones for internet access, so they create more of this data, which makes them more vulnerable to tracking. Researchers also know that location data can be used to target them with misinformation or voter suppression tactics. It can also lead to assumptions about a person’s race or income level, assumptions that can feed into discriminatory automated decision making.

It is unquestionably the F.C.C.’s job to protect consumers and address risks to public safety. Our location information isn’t supposed to be used without our knowledge and consent and no chain of handoffs or contracts can eliminate the wireless company’s obligations. This is particularly true for the misuse and disclosure of GPS-based 911 location data — which is squarely against F.C.C. rules.

Geoffrey Starks is a member of the Federal Communications Commission. Read More

Analysis: While we agree with the general thrust of this article, e.g. location data HAS to be kept private, subject to the consumer’s proactive, deliberate decision to release it, the article itself is somewhat unusual and even misleading. First, the article strongly implies that GPS data is restricted to 911 use ONLY. This is not the case (and in fact GPS is only used for 911 purposes on certain carrier networks – Other carriers (particularly GSM-based network carriers) use a different (non-GPS) technology). Many apps use GPS data; indeed, practically ALL commercial location-based services today use GPS as their primary location-determination technology/method.

Second, while the ability for bounty hunters and others to obtain locaton information has been well known within the industry for years (see 3rd article below after this one), through location “aggregators,” such aggregators were/are a very deliberate channel set up by the carriers, and one that I would not call “black market,” which implies an abuse of existing channels. As the recent article below also indicates, the carriers, having been burned in the press about this recently, have rapidly backed away from allowing this – a development not fully acknowledged by the article. A development by the way that is likely decimating a whole industry by the way – the location aggregator industry.

Third, the article implies that the carriers are the root-of-all-evil with respect to location privacy. In my opinion, the much greater villan in this are application providers who make it very difficult to disable location; have abusive location data policies that you have to accept to use the app; and/or apps that continue to collect and use location information even when you think you have disabled/prevented them from doing so. While, yes, carriers have been selling location info, they have clearly been stung by the negative press and are are ceasing to do so, whereas app providers (particularly those whose business model is centered around collecting and selling personal information) will resist to the end any calls to cease collecting location and other highly personal data. I would argue that the people harmed by the carriers actions are miniscule to those harmed (and not yet knowing it) by the 3rd party apps.

Finally, law enforcement absolutely DOES need access to location information, IF done properly via valid channels and procedures. Carriers have specialized law enforcement-related departments dedicated to providing such location information, IF proper procedures and paperwork are followed. To imply that the carriers are providing such legal-related data outside legal channels is inappropriate and incorrect.

That said, again, I would agree with the general thrust of the article: improved protections ARE very much needed to protect against the inappropriate (re: not consumer-approved or legally-valid) obtaining and use of location data. Among other parameters, such protections should include a limit on how long location-history can be retained (no more than 3 months in my opinion). Another possibility is deliberately distorting the accuracy of any stored location data, with a correction key only accessible to the consumer or properly authorized legal entity.

______________________________

U.S. Orders Chinese Firm to Sell Dating App Grindr Over Blackmail Risk (The Wall Street Journal, March 27, 2019)

Beijing could exploit the app’s personal data for espionage, U.S. officials believe

U.S. national-security officials have ordered a Chinese company to sell gay-dating app Grindr, citing the risk that the personal data it collects could be exploited by Beijing to blackmail individuals with security clearances, according to people familiar with the situation.

The move by U.S. officials signals that a range of social-media companies and apps will now be off limits to Chinese buyers, alongside deals involving sensitive technology such as chips and weapons.

Beijing Kunlun Tech Co. Ltd., which acquired a majority stake in Grindr in 2016, would have no choice but to share information on Grindr users if demanded by the Chinese government, U.S. officials believe, according to the people familiar with the matter. That triggered the recent order from the Committee on Foreign Investment in the U.S., known as Cfius, to Kunlun to sell the asset, the people said.

Grindr said it is the largest social-networking app for gay, bi, trans and queer people, with “millions of daily users who use our location-based technology in almost every country in every corner of the planet.” The app also has messaging capabilities, including through photos and video, and gives users the option of disclosing their HIV status.

U.S. national-security experts said Chinese government knowledge of an individual’s usage of Grindr could be used in certain cases to blackmail U.S. officials and others with security clearances, such as defense contractors, and force them to provide information or other support to China.

They have also envisioned more elaborate scenarios. For example, one could use Grindr’s location data to discern that a certain user works at a telecommunications firm and pays regular visits to the same building in Northern Virginia that intelligence officials frequent. Chinese-intelligence officials could then determine that that individual is the telecommunications firm’s intelligence liaison, and they would know both whom to target and how to threaten that person with potentially compromising information. Read More

Analysis: The U.S. is absolutely right to be concerned about the potential for using location data to (re)construct a person’s daily activities and lifestyle overall. However, this concern should not be limited to foreign concerns; the potential for abuse exists regardless of ownership, and we need to have regulatory policies to reflect this reality. In addition to overall restrictions about the use of location data, one key policy that would prevent such “scenarios” as described above is a strict limitation on how long location history data is kept – preferably 90 days or less in our opinion. Doing so would greatly inhibit such activity/lifestyle data analysis and “reconstruction” regardless of who owns the data. It would also greatly limit the damage in the event the data is hacked.

 

_____________________________

You Give Apps Sensitive Personal Information. Then They Tell Facebook. (The Wall Street Journal, Feb 23-24, 2019)

Wall Street Journal testing reveals how the social-media giant collects a wide range of private data from developers; ‘This is a big mess’

Millions of smartphone users confess their most intimate secrets to apps, including when they want to work on their belly fat or the price of the house they checked out last weekend. Other apps know users’ body weight, blood pressure, menstrual cycles or pregnancy status.

Unbeknown to most people, in many cases that data is being shared with someone else:Facebook Inc.

The social-media giant collects intensely personal information from many popular smartphone apps just seconds after users enter it, even if the user has no connection to Facebook, according to testing done by The Wall Street Journal. The apps often send the data without any prominent or specific disclosure, the testing showed.

It is already known that many smartphone apps send information to Facebook about when users open them, and sometimes what they do inside. Previously unreported is how at least 11 popular apps, totaling tens of millions of downloads, have also been sharing sensitive data entered by users. The findings alarmed some privacy experts who reviewed the Journal’s testing…

…In the case of apps, the Journal’s testing showed that Facebook software collects data from many apps even if no Facebook account is used to log in and if the end user isn’t a Facebook member.

Apple Inc. and Alphabet Inc.’s Google, which operate the two dominant app stores, don’t require apps to disclose all the partners with whom data is shared. Users can decide not to grant permission for an app to access certain types of information, such as their contacts or locations. But these permissions generally don’t apply to the information users supply directly to apps, which is sometimes the most personal.

In the Journal’s testing, Instant Heart Rate: HR Monitor, the most popular heart-rate app on Apple’s iOS, made by California-based Azumio Inc., sent a user’s heart rate to Facebook immediately after it was recorded.

Flo Health Inc.’s Flo Period & Ovulation Tracker, which claims 25 million active users, told Facebook when a user was having her period or informed the app of an intention to get pregnant, the tests showed.

Real-estate app Realtor.com, owned by Move Inc., a subsidiary of Wall Street Journal parent News Corp sent the social network the location and price of listings that a user viewed, noting which ones were marked as favorites, the tests showed.

None of those apps provided users any apparent way to stop that information from being sent to Facebook.

Facebook said some of the data sharing uncovered by the Journal’s testing appeared to violate its business terms, which instruct app developers not to send it “health, financial information or other categories of sensitive information.” Facebook said it is telling apps flagged by the Journal to stop sending information its users might regard as sensitive. The company said it may take additional action if the apps don’t comply…

…At the heart of the issue is an analytics tool Facebook offers developers, which allows them to see statistics about their users’ activities—and to target those users with Facebook ads. Although Facebook’s terms give it latitude to use the data uncovered by the Journal for other purposes, the spokeswoman said it doesn’t do so.

Facebook tells its business partners it uses customer data collected from apps to personalize ads and content on Facebook and to conduct market research, among other things. A patent the company applied for in 2015, which was approved last year, describes how data from apps would be stored on Facebook servers where it could be used to help the company’s algorithms target ads and select content to show users.

Apple said its guidelines require apps to seek “prior user consent” for collecting user data and take steps to prevent unauthorized access by third parties. “When we hear of any developer violating these strict privacy terms and guidelines, we quickly investigate and, if necessary, take immediate action,” the company said.

A Google spokesman declined to comment beyond pointing to the company’s policy requiring apps that handle sensitive data to “disclose the type of parties to which any personal or sensitive user data is shared,” and in some cases to do so prominently….

..The Journal’s testing, however, showed sensitive information was sent with a unique advertising identifier that can be matched to a device or profile. A Flo spokeswoman subsequently said the company will “substantially limit” its use of external analytics systems while it conducts a privacy audit…

…The Journal tested more than 70 apps that are among the most popular in Apple’s iOS store in categories that handle sensitive user information. The Journal used software to monitor the internet communications triggered by using an app, including the information being sent to Facebook and other third parties. The tests found at least 11 apps sent Facebook potentially sensitive information about how users behaved or actual data they entered.

Among the top 10 finance apps in Apple’s U.S. app store as of Thursday, none appeared to send sensitive information to Facebook, and only two sent any information at all. But at least six of the top 15 health and fitness apps in that store sent potentially sensitive information immediately after it was collected.

Disconnect Inc., a software company that makes tools for people to manage their online privacy, was commissioned by the Journal to retest some of the apps. The company confirmed the Journal’s findings, and said Facebook’s terms allowing it to use the data it collected were unusual.

“This is a big mess,” said Patrick Jackson, Disconnect’s chief technology officer, who analyzed apps on behalf of the Journal. “This is completely independent of the functionality of the app.”…

…Apps often integrate code known as software-development kits, or SDKs, that help developers integrate certain features or functions. Any information shared with an app may also be shared with the maker of the embedded SDK. There are an array of SDKs, including Facebook’s, that allow apps to better understand their users’ behavior or to collect data to sell targeted advertising…
…Facebook’s SDK, which is contained in thousands of apps, includes an analytics service called “App Events” that allows developers to look at trends among their users. Apps can tell the SDK to record a set of standardized actions taken by users, such as when a user completes a purchase. App developers also can define “custom app events” for Facebook to capture—and that is how the sensitive information the Journal detected was sent.

Facebook says on its website it uses customer data from its SDK, combined with other data it collects, to personalize ads and content, as well as to “improve other experiences on Facebook, including News Feed and Search content ranking capabilities.”..

…Privacy lawyers say the collection of health data by nonhealth entities is legal in most U.S. states, provided there is sufficient disclosure in an app’s and Facebook’s terms of service. The Federal Trade Commission has taken an interest in cases in which data sharing deviates widely from what users might expect, particularly if any explanation was hard for users to find, said Woodrow Hartzog, a professor of law and computer science at Northeastern University…

…In the European Union, the processing of some sensitive data, such as health or sexual information, is more tightly regulated. The EU’s new privacy law usually requires companies to secure explicit consent to collect, process or share such data—and making consent a condition of using a service usually isn’t valid.

Some privacy experts who reviewed the Journal’s findings said the practices may be in violation of that law. “For the sensitive data, companies basically always need consent—likely both the app developer and Facebook,” said Frederik J. Zuiderveen Borgesius, a law professor at Radboud University in the Netherlands.

Facebook allows users to turn off the company’s ability to use the data it collects from third-party apps and websites for targeted ads. There is currently no way to stop the company from collecting the information in the first place, or using it for other purposes, such as detecting fake accounts. Germany’s top antitrust enforcer earlier this month ordered Facebook to stop using that data at all without permission, a ruling Facebook is appealing.

Under pressure over its data collection, Facebook Chief Executive Mark Zuckerberg said last year that the company would create a feature called “Clear History” to allow users to see what data Facebook had collected about them from applications and websites, and to delete it from Facebook. The company says it is still building the technology needed to make the feature possible.

Data drawn from mobile apps can be valuable. Advertising buyers say that because of Facebook’s insights into users’ behavior, it can offer marketers better return on their investment than most other companies when they seek users who are, say, exercise enthusiasts, or in the market for a new sports car. Such ads fetch a higher cost per click.

In a call to discuss the company’s most recent earnings, however, Chief Financial Officer David Wehner noted that investors should be aware that Apple and Google could possibly tighten their privacy controls around apps. That possibility, he said, is “an ongoing risk that we’re monitoring for 2019.” Read More

Analysis: Disturbing on many (obvious) levels. The most notable take-away of this article is that any privacy-related legislation should have strict limits on the sharing of information between 3rd party apps, including even if the apps are owned by the same company.

 

 

_____________________________

U.S. Orders Chinese Firm to Sell Dating App Grindr Over Blackmail Risk

Beijing could exploit the app’s personal data for espionage, U.S. officials believe (The Wall Street Journal, March 27, 2019)

U.S. national-security officials have ordered a Chinese company to sell gay-dating app Grindr, citing the risk that the personal data it collects could be exploited by Beijing to blackmail individuals with security clearances, according to people familiar with the situation.

The move by U.S. officials signals that a range of social-media companies and apps will now be off limits to Chinese buyers, alongside deals involving sensitive technology such as chips and weapons.

Beijing Kunlun Tech Co. Ltd., which acquired a majority stake in Grindr in 2016, would have no choice but to share information on Grindr users if demanded by the Chinese government, U.S. officials believe, according to the people familiar with the matter. That triggered the recent order from the Committee on Foreign Investment in the U.S., known as Cfius, to Kunlun to sell the asset, the people said.

Grindr said it is the largest social-networking app for gay, bi, trans and queer people, with “millions of daily users who use our location-based technology in almost every country in every corner of the planet.” The app also has messaging capabilities, including through photos and video, and gives users the option of disclosing their HIV status.

U.S. national-security experts said Chinese government knowledge of an individual’s usage of Grindr could be used in certain cases to blackmail U.S. officials and others with security clearances, such as defense contractors, and force them to provide information or other support to China.

They have also envisioned more elaborate scenarios. For example, one could use Grindr’s location data to discern that a certain user works at a telecommunications firm and pays regular visits to the same building in Northern Virginia that intelligence officials frequent. Chinese-intelligence officials could then determine that that individual is the telecommunications firm’s intelligence liaison, and they would know both whom to target and how to threaten that person with potentially compromising information…

..But there are many other social-media companies and apps that have access to personal data, and the Grindr action signals that the U.S. may block Chinese acquisitions of these as well, particularly those that process user preferences, geolocation and health data, the people said….

…U.S. officials also have concerns about social-media apps China is developing itself, such as TikTok, according to people familiar with the matter. In 2019 alone, nearly 10 million people in the U.S. downloaded TikTok, according to data provider Sensor Tower. “If Cfius only applies to companies China acquires from the U.S., and not companies China builds, what can it possibly solve?” said Geoffrey Cook, chief executive of the Meet Group, which is based in New Hope, Pa., and owns several dating apps. Read More

Analysis: We are not going to get into the politics here. What we ARE going to get into is that the fear(s) described here, particularly the ability to piece together someone’s entire life from location data, is something we’ve been afraid of since LBS (location-based services) started coming on the scene in the early 2000s. And its just going to get worse: while I can probably piece together 80% of a person’s life based just on their phone records, that number goes into the high 90% once 5G and the Internet of Things gets going.

I think the government (U.S.) is missing some of the point here. It’s not just Grindr/the Chinese who could do it (piece together someone’s life) – ANY location-based application can do it. As the article above (kindof) points out, if the concern for location data privacy is not applied across the board for all applications, it’s not going to matter just taking one app out of the game.

 

 

__________________________

Colleges Mine Data on Their Applicants

To determine ‘demonstrated interest,’ some schools are tracking how quickly prospective students open email and whether they click links (The Wall Street Journal, 1/28/2019)

Some colleges, in an effort to sort through a growing number of applications, are quietly tracking prospective students’ online interaction with the schools and considering it in deciding whom to admit.

Enrollment officers at institutions including Seton Hall University, Quinnipiac University and Dickinson College know down to the second when prospective students opened an email from the school, how long they spent reading it and whether they clicked through to any links. Boston University knows if prospective students RSVP’d online to an event—and then didn’t show.

Schools use this information to help determine what they call “demonstrated interest,” or how much consideration an applicant is giving their school. Demonstrated interest is becoming increasingly important as colleges face a rising number of applications and want to protect or improve their yields—the percentage of accepted applicants who enroll. Read More

Analysis: While this article doesn’t mention location, it is not much of a stretch, at all, to foresee schools monitoring applicants social media pages to see if they are visiting/mentioning other colleges, then using such visits/mentions as a negative mark against the student. As if young people needed another reason to control what they post!

UPDATE 3/15/19 – The breaking Pay-to-Play (and worse) college admissions scandal makes the above even more insideous, e.g. privacy violations (or at least ethically-iffy practices) are one more strike again the Higher Education system. Along with never-ending cost increases and other factors, the system has at least three strikes against it.

______________________________

T-Mobile, AT&T Pledge to Stop Location Sharing by End of March

Wireless carriers say they won’t share real-time data with aggregators after another report of misuse (The Wall Street Journal, January 22, 2019)

T-Mobile and AT&T Inc. said they would stop feeding individual customers’ real-time locations to data middlemen, after a report suggested the sensitive information is easy to pull without users’ consent.

Tech website Motherboard reported this week that it paid a bounty hunter $300 to locate a T-Mobile handset by tapping into a real-time feed that the carrier provided to an aggregator called Zumigo Inc.

T-Mobile Chief Executive John Legere said in a tweet earlier this week that the company is “completely ending location aggregator work” in March but will need time to “do it the right way to avoid impacting consumers who use these types of services for things like emergency assistance.”

AT&T also said this week it would cut off data aggregators’ access to the information by March. The company said it wound down most location sharing last year while still providing companies with customer information for services such as roadside assistance.

“In light of recent reports about the misuse of location services, we have decided to eliminate all location aggregation services—even those with clear consumer benefits,” the company said.

A spokesman for Verizon Communications Inc., which late last year added restrictions on its relationship with location-data brokers, said the carrier plans to end its remaining agreements with four roadside-assistance companies by the end of March.  “We have terminated all other such arrangements,” he said.

A Sprint Corp. spokeswoman said the company told Zumigo this week that it was terminating its contract. Sprint “determined that Zumigo violated the terms of our contract by not sufficiently protecting Sprint customer data in its relationship with MicroBilt,” a credit-reporting company used in the bounty hunter example to pinpoint a phone.

RELATED

 

Zumigo CEO Chirag Bakshi said his company cut off MicroBilt’s access to all cellphone locations after the Motherboard article published. “The incident that occurred was an illegal use of the data,” Mr. Bakshi said in an interview. “MicroBilt was supposed to be for lending…for a financial use case which was misused.”

MicroBilt said its contracts with clients require a customer’s explicit consent to access location data.

Sprint continues to share what it says are non-personally identifiable location data with Pinsight Media, the mobile data and advertising company it sold to InMobi last year, the spokeswoman said. It continues to share data with some other third parties.

 

Cellphone companies made similar promises to protect user data six months ago after reports of lax oversight prompted Sen. Ron Wyden (D., Ore.) to write the carriers seeking more information about their practices. The companies at the time said they shared device locations with users’ consent by outsourcing the work to aggregators like Zumigo. Those aggregators shared the information with dozens of other companies that provide services such as freight tracking, roadside assistance and bank fraud protection.

Wireless companies say they still collect and share groups of customers’ location histories for advertising after stripping away data that could identify individuals. That information is gathered through a separate process from the real-time pinpointing used when a customer would like to be found by a tow-truck company, for instance.

Carriers can’t provide wireless service without knowing their customers’ rough whereabouts, which are determined by measuring the distance to nearby cell towers. Mobile apps often get more precise location information through GPS, Wi-Fi and Bluetooth signals, though customers can toggle the sharing of some of that information on their smartphones.

Mr. Bakshi said his company will probably continue serving clients like banks by reporting users’ locations through app-based data collection and that users confirm their willingness to share that information by responding to text message requests. He said most Zumigo clients already seek consent through text messages. Read More

Analysis – Historically this is fascinating. When carriers first started getting into location-based services (in the mid 2000s), they viewed customer location privacy as sacred: both from a historical Bell System paranoia holdover, but more importantly as viewing location data as the key to monetizing much of the E911 infrastructure that there were being forced to implement. Fastforward to 2010, and competitve pressures started “forcing” them to expand how they could monetize that data. The solution: allowing location “aggregators” to serve as middlemen to the data. In this way many more applications could get access, and the carriers could get a cut of that revenue from a much broader set of players than they could have by themselves.

Now they are retreating, and in the process going backwards to their old model of providing location data directly to app providers. This is potentially good news for those with large privacy concerns about location data (like us), but it will SEVERELY impact those location aggregators, if not put them out of business.

 

________________________________

Watch how you walk — A.I.s [Artificial Intelligence] got you ID’s by gait (Washington Times, Nov 7, 2018)

China has just employed new “gait recognition” technology that can identify individuals by the way they walk.

This is police surveillance taken to a whole new level of frightening. Whispers are that America’s airports might make a decent testing ground to bring the artificial intelligence here.

That would open quite the can of worms now, wouldn’t it?

China, totalitarian nation as it is, doesn’t have to concern itself with piddly questions of civil rights and pesky matters of privacy infringements. As such, it’s been busily scooping up all the Big Data it needs to achieve technological breakthroughs, merrily speeding in the meanwhile toward global dominance in the artificial intelligence arena — as vowed..

China plans to dominate AI, with a vanguard of robotic doctors like ‘Biomind,’” the Los Angeles Times reported in July, in a story how Beijing had just pitted new machine-learned robotics against human physicians to interpret neuroimages — setting the stage for massive technology breakthroughs in the medical sector.

The pressure for America to keep ahead of the A.I. game is intense.

But America needs to tread carefully here.

Yes, the United States has to stay on the forefront of technology to remain competitive in the markets, and as means of defense and security. The challenge, though, is to accomplish this goal without becoming a China — without turning into an outright police state with Big Brother eyes watching all and Big Data fingers scooping and collecting and reporting everything. The responsibility of America’s powers-that-be is to meet this challenge.

In China, it’s this: “You don’t need people’s cooperation for us to be able to recognize their identity. Gait analysis can’t be fooled by simply limping, walking with splayed feet or hunching over, because we’re analyzing all the features of an entire body,” said Huang Yongzhen, the CEO of Watrix, the company that devised the gait surveillance system, ABC News reported.

In America, it’s this: “The right of the people to be secure in their persons, houses, papers, and effects … shall not be violated.” Read More

Analysis: The last sentence in this article says it all: “America must never allow itself to become a China — no, not even for national security reasons. This isn’t just a challenge for technological researchers; it’s a duty of America’s political gatekeepers.”

In general we are not a fan of regulation. However, I can absolutely guarantee that this type of technology WILL come to America in some form (say by helping people “improve” their walking style), with it slowly invading other types of applications (say social media, to recognize when a “friend” is walking nearby even if their phone is off – a clear violation of their Privacy), unless there are prohibitions against doing so. And, unfortunately, the biggest prohibitions will need to be on law enforcement, to prevent them using the technology as a way to get around the need for a court’s approval that is based on laws centered around well-established technologies (and sometimes not even then), not new ones.

 

_____________________________

 

 

Internet of Things our ‘biggest threat to privacy,’ expert warns (Global News)

Be careful what you say in front of the TV. It may be recording you. Where is that data going? We’re not sure.

If you think that’s crazy, your fridge, thermostat and wearable fitness device might be doing the same thing.

Smart appliances — part of the futuristic and vaguely defined Internet of Things — are designed to make our lives easier but they also have the potential to be intrusive in ways we’re only starting to imagine, experts warn.

“The Internet of Things is the biggest threat to privacy,” warns former Ontario privacy commissioner Ann Cavoukian.

The owners of these devices aren’t really in charge, she explains:

“At the beginning it will be a benign robot collecting data, theoretically allowing you to control it. But the reality is that the devices and sensors being built for the Internet of Things aren’t being built with that notion of control.”

The data the devices gather can be used to make an extraordinarily detailed portrait of our lives:

“People’s excitement, and manufacturers’ desire to get these things on to the market — when you combine those two, privacy is just a total secondary. Nobody is thinking about it, and they’re also thinking of it as discrete points. If you have discrete pieces of information, if they remain discrete and unconnected, it’s not a big deal. But all of these can be connected together in a networked way, putting the pieces of the puzzle together.” Read More

Analysis: Though this article is “old” (2/2016, versus today’s date of 10/16/18), it is prescient. The Internet of Things (IoT) IS the biggest threat to our privacy (though some may argue Connected Cars is bigger), particularly as individual devices become integrated together to provide a seamless monitoring of our location, activities, behavior, and even mindset! 

Lesson? Either buy “old” devices without internet connectivity (who needs to connect their bed or their refrigerator to the internet, anyway?), or make sure you have explicitly disabled such connectivty on such “smart” devices. Otherwise your every move may become known to the world (yes a bit of hyperbole, but not by much)!

 

____________________________

 

Amazon to Start Offering In-Car Deliveries (WSJ, Sept 29, 2018)

Amazon.com Inc. AMZN -0.50% is now delivering packages right to the car.

The company said Tuesday it has joined with General Motors Co. and Volvo Cars to start offering in-car deliveries, giving its couriers access to potentially millions of vehicles in 37 U.S. markets. The deal expands Amazon’s effort to get consumers comfortable with the idea of strangers entering their homes and cars as the company handles more packages.

The new delivery option is part of the Amazon Key program, launched last year, in which the company’s delivery drivers drop off packages inside homes. That system, which includes a so-called smart lock for the door and a security camera, currently costs about $220.

The car service is free for Amazon Prime members who own certain newer GM and Volvo models. Customers download the Amazon Key app and link an Amazon account with a connected car service, such as OnStar. A delivery driver unlocks the car—either the trunk or doors, depending on the vehicle—remotely through the wireless connection.

Customers are instructed to park in a “publicly accessible area,” such as a driveway, street or a surface-level lot within the delivery range. The day of the delivery, customers receive a four-hour delivery time window, as well as notifications when the car is unlocked and locked.

Amazon said it ensures an authorized driver is at the right location with the correct package before the vehicle is unlocked remotely. The delivery driver is required to lock the door before moving on, and as a fail-safe measure the doors will lock automatically after a certain period, Amazon said.

The entire Amazon Key program relies on customers allowing strangers to access their most personal spaces. But unlike with the home, where security cameras can record a delivery person’s entry and exit, there are no easy ways to view a delivery person’s interaction with vehicles and whatever items people store inside them. The program is also another way Amazon is trying to integrate itself into customers’ lives—particularly the more than 100 million people paying for its Prime service—and to control every step in the retail process.

Amazon has tens of millions of devices inside people’s homes, from voice-enabled Echo speakers to Dash tap-to-buy buttons, that make it easier for shoppers to choose Amazon over competitors.

Amazon Key would give the company control over the final step of dropping off packages. Read More

Analysis: Amazon already has a privacy/credibility issue with Alexis in the form of hacked private conversations (or, as Amazon claims, a “rare” combination of errors regarding speech recognition – both being just being a couple of examples of privacy problems forthcoming in the Internet of Things invasion). This new car delivery service provides a new potential opportunity for loss of privacy and (ab)use of location information, as Amazon will need to follow you/your car around, perhaps continually for high volume customers, in order to execute it.

Besides the real-time privacy issue, I suspect Amazon will retain your location history for some period of time – perhaps indefinitely – for future analysis or AI uses (e.g. “predicting” where you will be at a given time/day, then using that info for more advertising/promotion purposes, such as anticipating regular grocery store runs and preempting them with grocery/Whole Foods specials). Far-fetched? So was allowing strangers to enter your home to deliver packages when you are not home – a service Amazon already provides.

Solution? Think long and hard before signing up for this service. Do you really want Amazon knowing everything about you: What you Buy, When you are home, What you are saying and Why When you are, and Where you are When you are not? And if you use Alexa via your mobile device, then you are potentially being monitored/tracked by Amazon 24/7!

______________________

Yahoo still scans your emails for ads — even if its rivals won’t

Techcrunch, via The Wall Street Journal, 8-29-18

You’re not the only one reading your emails.

deep dive in The Wall Street Journal on Tuesday dug out new details on a massive email scanning operation by Oath, the Verizon-owned subsidiary that’s the combined business of AOL and Yahoo. The email-scanning program analyzes over 200 million AOL and Yahoo inboxes for data that can be sold to advertisers. (Disclosure: TechCrunch is owned by Verizon by way of Oath.)

The logic goes that by learning about its users, the internet giant can hone its ad-targeting effort to display the most relevant ads.

But where other major email providers have bailed from email scanning amid privacy scandals and security issues, Oath remains the outlier.

Google ended its ad-targeting email-scanning operation across its consumer Gmail service last year — a decision lauded after facing criticism for years over the practice — though the company still uses machine learning to help you reply to emails. Meanwhile, Microsoft told TechCrunch in a statement that it does “not use email content for ad targeting in any way, anywhere in Microsoft.” And Apple has never scanned its customers’ inboxes for advertising, though its privacy policy says it can access your data for law enforcement purposes or for more vague reasons like “issues of public importance.”

So it’s basically just Oath, then.

Scanning the inboxes of its hundreds of millions of email users is a gutsy move for the year-old internet giant, which prior to its rebranding was responsible for two data breaches at Yahoo  exposing more than thee billion users’ data and a separate breach at AOL in 2014…

…Although the email scanning program isn’t new — announced earlier this year — it does go deeper than Gmail’s scanning ever did.

“Yahoo mined users’ emails in part to discover products they bought through receipts from e-commerce companies such as Amazon.com,” said the WSJ. “In 2015, Amazon stopped including full itemized receipts in the emails it sends customers, partly because the company didn’t want Yahoo and others gathering that data for their own use.”

Although some content is excluded from the scanning — such as health and medical information — it remains to be seen how (or even if) Oath can exclude other kinds of sensitive data from its customers’ inboxes, like bank transfers and stock receipts.

Yahoo Mail’s privacy policy says email accounts are subject to “manual review,” which allows certain Oath employees access to inboxes…

…It should go without saying that email isn’t the most sensitive or secure communications medium, and inboxes should never be assumed to be private — not least from law enforcement and the companies themselves.

Deleting your account might be overkill, especially if you don’t want anyone to hijack your email address once it’s recycled. But if there’s ever been a time to find a better inbox, now might be it. Read More

Analysis – First, Kudos to Techcrunch for publishing this critique against their parent company (hope no one gets fired). Particularly since the last sentence is the best one – time to get a new InBox!

While this article doesn’t involve location data privacy, strictly speaking, it is hardly a stretch to think such informtion could easily be obtained. Info about an upcoming trip perhaps? Kid in the hospital (a scenario which would like “elude” their “rules” about not accessing medical information)? Or worse, using the email for confidential purposes. And this continues after the massive breach of 2015? It falls under the heading of “what could they possibly be thinking?”

We use Yahoo as a backup account to our main corporate email (not the best approach even without this news, we admit); rest assured we’ll be looking for a new provider….

________________________________

Siri, Why Do I Feel Like I’m Being Watched?

The Internet of Things will soon be ubiquitous. That means you can kiss your privacy goodbye. (The Wall Street Journal, August 11-12, 2018)

Megan and Michael Neitzel scratched their heads in confusion when a giant box containing a dollhouse and 4 pounds of sugar cookies was delivered to their Dallas home last year. The day before, their 6-year-old daughter, Brooke, had been chatting innocently with the family’s new digital personal assistant, the Amazon Echo. The little girl at first denied placing the $162 order, but eventually fessed up.

Voice-recognition tools like the Echo are the most common—and popular—example of a looming revolution in human-computer interaction known as the Internet of Things, which promises to redefine how we live, travel and work. The home of the very near future will be an always-listening, always-watching surveillance system designed to anticipate and fulfill your needs. Cars and offices will operate in much the same way.

It won’t be long before your new dishwasher will want the ability to talk to your Amazon Echo so that it can order more detergent. Your new bike will get annoyed if it can’t communicate with the map app on your smartphone. Your FitBit will have a relationship with your popcorn popper. They’ll all be sending reports back to Palo Alto or Mountain View or Cupertino, presuming they aren’t already.

Kiss privacy goodbye.

Any device that once had a purely analog function but can now be connected to the web—or to other devices through the web—is a potential part of the Internet of Things. The logic, typically, is commercial. The companies that develop and manufacture these networked devices seek better ways to reach consumers with products and advertising. If you have an Echo, you’ve already provided Amazon with your credit-card number, address, birthday and the names of all your children. You’ve also uploaded a “wish list” of products you’re interested in, and, quite possibly, your deodorant preferences, personal measurements, taste in movies and baby’s diaper size. Amazon knows more about us than we can imagine.

Funnily enough, market research shows that people don’t mind handing over such highly personal information—to the right company. According to Fortune, Amazon is one of the three most admired companies in the world, along with Apple and Google. Other Silicon Valley tech companies collect, store and sell personal information about their users to advertisers, but Amazon, Apple and Google are perceived as providing a valuable service in exchange for the right to monetize customers’ privacy. And if the Internet of Things has any purpose at all, it’s to monetize privacy…

…The grand bargain between Silicon Valley and the average person has always been this: You give up your privacy, and we’ll give you cool stuff. “If today’s social media has taught us anything about ourselves as a species, it is that the human impulse to share overwhelms the human impulse for privacy,” writes the technology guru Kevin Kelly in his 2016 book, “The Inevitable: Understanding the 12 Technological Forces That Will Shape Our Future.” So far, he adds, “at every juncture that offers a choice, we’ve tilted, on average, toward more sharing, more disclosure, more transparency. I would sum it up like this: Vanity trumps privacy.”

A surprise purchase of a dollhouse and some cookies might seem a fairly weak indictment of the threat to privacy posed by the Internet of Things. Consider a more disturbing scenario. A Washington state couple grew concerned a few years ago when their 3-year-old son developed anxiety about going to bed. They didn’t know whether to believe the child when he told them that someone was talking to him at night. “Wake up, little boy,” he claimed he’d heard a voice in the darkness say. “Daddy’s looking for you.” The couple thought he was having nightmares, until they went to check on him one night and heard the voice too. “Look, someone’s coming,” it said as they entered their son’s room. A hacker had taken control of their baby monitor, the kind you can check through an app on your smartphone.

The popularity of internet-connected security cameras, locks and home alarms has skyrocketed despite regular reports that the systems are easily hijacked. A family in Houston was horrified to learn that a live feed from the webcam in their 8-year-old daughters’ room had been streaming online. The girl’s mother found out only when a woman in Oregon happened across the livestream and decided to contact the family. A security company determined that hackers were able to gain access to the webcam while the young victim was playing the online videogame Minecraft.

Government spying is a further privacy concern raised by the Internet of Things. In early 2017, WikiLeaks released a trove of documents purportedly revealing the Central Intelligence Agency’s ability to hack your internet-enabled television and turn it into a listening device. The same document dump indicated that the CIA has targeted Apple, designing malware that can infect “factory fresh” iPhones and snoop on users’ texts, phone and FaceTime calls, and internet searches. “Siri, why do I feel like I’m being watched?” READ MORE

Analysis: If you thought the tracking of your cell phone’s location was an invasion of privacy, you ain’t seen nothing yet, as this article indicates. IoT (as the Internet of Things is abbreviated in the industry) will make plain-old location privacy concerns seem quaint in comparison. Just imagine that EVERYTHING you interact with, or are even nearby, will be able to monitor and track you, AND report that to practically anything or anyone else on the internet. Scared yet? If you are not, you should be.

How do deal with this threat? Three ways: 1) Regulatory, with something like Europe’s “intrusive” laws specifically addressing IoT concerns. Call your Congressperson!; 2) Buy “dumb” devices that can’t connect to the Internet, while you still can (you’ve got maybe a year at most before everything from refrigerators to office furniture becomes IoT-capable), and 3) Pay close attention to EVERY product and service provider’s Privacy Policy (including their Terms and Conditions) before you opt-in, register, or even just put your name on an email mailing list. All of these are a pain, for different reasons. But absolutely necessary if you don’t want to be tracked at every turn. We can already put together 80-90% of your life just from your cell phone records (a statistic I confirm every time I do a criminal case cell phone forensics analysis); with the Internet of Things it will become 98-99%.

As a last recommendation “bonus”: Assume every brand new product and service you sign up for from now on has the potential to monitor and track your behavior. It doesn’t have to be an Echo-type device (though it will be a cold day before I buy one of these no matter how convenient, because of these privacy concerns), though those are the most obvious–it can (and will be) ANYTHING.

________________________________

Defense Department bans geolocation features on tech devices due to security risk (ABCNews.com, August 6, 2018)

The Department of Defense is prohibiting personnel from using geolocation features on their devices while serving in certain locations after concerns that the information transmitted from such devices was jeopardizing the security of American forces around the world, including those deployed in classified or sensitive areas.

The new policy, which is effective immediately, follows reports from earlier this year that some wearable electronic devices, like the popular Fitbit, can convey users’ GPS coordinates in the form of publicly available online maps that display the most frequently trafficked routes of users who allowed their location to be shared.

“The rapidly evolving market of devices, applications, and services with geolocation capabilities presents a significant risk to the Department of Defense personnel on and off duty, and to our military operations globally,” the department said in a statement on Monday. “These geolocation capabilities can expose personal information, locations, routines, and numbers of Department personnel, and potentially create unintended security consequences and increased risk to the joint force and mission.”
GPS data shared by fitness apps has not compromised location of US troops: Pentagon
In January, a 20-year old Australian student named Nathan Ruser was exploring the online maps from Strava’s Global Heatmap when he found the location of U.S. troops inside Syria.

“The biggest concerns with the data is firstly it allows an unprecedented look at the geographic build of a lot of these bases,” Ruser told ABC News in January. “You can see the supply lines, you can see the patrol routes in some cases, and you can see the infrastructure within the bases. But more than that, one of the most important and disturbing elements of the map is that it’s possible to establish an understanding of how the base works.”

Journalists quickly started using the Global Heatmap to identify what they believed to be the locations of other U.S. personnel, including a suspected CIA base near Mogadishu, Somalia, and U.S. troops operating in the Sahel region of Africa…

Applicable devices include fitness trackers, smartphones, tablets, smartwatches, and related software applicationsaccording to a copy of the policy memo sent from Deputy Secretary of Defense Patrick Shanahan to top DoD leadership last week..

…Notably, the policy’s language allows service members to continue tracking their workouts on a device like a Fitbit, as long as the geolocation feature is turned off. READ MORE

Analysis – While this is primarily about security, its privacy implications are obvious, though in this case it is for groups, not necessarily individuals. It is not a stretch (pun intended) to envision a scenario where someone figures out a favorite running trail for female runners that tend to run singly, and potentially use that information to stalk them or worse. In this kind of scenario it is not the individual’s privacy that is at risk, but the individual’s person still is. 
 
Lesson? As much as you feel like you might be doing a public service by posting your exercise to the public, it may well not be  worth the risk. Keep your personal location information private in all scenarios, even those where your personally-identifiable information is supposedly anonymized.
________________________________

How Wireless Carriers Get Permission to Share Your Whereabouts

Industry outsources job of seeking approval to third-party firms (The Wall Street Journal, July 16, 2018)

Cellphone carriers usually ask for their customers’ blessing before listing their phone numbers, sharing their addresses or exposing them to promotional emails.

But seeking permission to share one particularly sensitive piece of information—a cellphone’s current location—often falls to one of several dozen third-party companies like Securus Technologies Inc. and 3Cinteractive Corp.

Carriers such as AT&T Inc. and T-Mobile US Inc. rely on those firms to vouch that they obtained users’ consent before handing over the data. The companies that pay to access this information use it for everything from preventing credit-card fraud to providing roadside assistance.

That arrangement embarrassed the wireless industry earlier this year after it was discovered that Securus, a prison phone operator, created a website that let law-enforcement agencies find the location of noninmates without their permission.

All four national carriers said in June that they would cut off two companies that handled the data Securus had accessed and promised new safeguards, though they didn’t detail how it would be done.

“This is just the tip of the iceberg,” Georgetown Law expert Laura Moy testified in a House subcommittee hearing last week on internet privacy. “We’re probably just seeing what could be the beginning of a massive investigation and a lot of privacy violations.”

Blake Reid, an associate clinical professor at the University of Colorado Law School, said this “chained consent” process likely violates Section 222 of the Telecommunications Act of 1996, which sets privacy standards for carriers, though there hasn’t been a strong case to test his theory.

Section 222 updated decades-old telecom law by making phone-call records subject to privacy protections. Congress hasn’t passed comprehensive privacy legislation since then, though it repealed Federal Communications Commission broadband privacy regulations enacted during the Obama administration.

Mr. Reid said Securus is the most flagrant example to come to light because the company used its website as an investigative tool with little oversight. Securus’ web portal let law-enforcement officials pull data by uploading an official document, though the system didn’t verify whether the document was actually authorization from a court or prosecutor. The file “could be a warrant, could be your grandma’s cookie recipe,” he said. “There’s no consent there.”

The FCC in 2007 imposed new broadband rules that left location data gathered from internet service outside of Section 222 strictures.

“That was a green light for telecommunications carriers to monetize customer-location data,” said Stanford University law professor Al Gidari, who helped draft the location-data guidelines that wireless industry group CTIA used to self-regulate. He said the FCC has been “woefully inadequate” at policing the carriers’ use of location information.

About 75 companies had access to Verizon Communications Inc. customers’ locations, the company said in a June letter to Sen. Ron Wyden (D., Ore.), who has pressured telecom companies to disclose more information about their data-protection measures. Verizon said it would wind down its relationship with the middlemen that serve those companies, though it was searching for an arrangement that could replace them…

…Sen. Wyden said in a statement that “middlemen are selling Americans’ location to the highest bidder without their consent, or making it available on insecure web portals.” READ MORE

Analysis – Up until about 2010, carriers were very protective about location data, at least in that they wanted to directly control (and monitize that control) who got access to it. Since then however the carrier’s “opened up” their location infrastructure to these “middlemen”, formally called “location aggregators”, so they could stop being the bottleneck to new location apps that ran on their network (re: so they could make more money). For a time this was a win-win for all involved, including consumers, in that it allowed now location apps to be launched without the formal approval of the carriers.

Now, however, it looks like the lack of privacy controls on all parties–aggregators, carriers, and regulators–have enabled a new set of privacy abuses. Big surprise…

_______________________________

5 Ways Companies Use Your Cellphone Location Data

U.S. wireless carriers said they would cut off two middlemen, but they aren’t the only firms using your location data (The Wall Street Journal, July 15, 2018)

The smartphones at the center of consumers’ lives generate vast streams of data on where they live, work and travel, and how wireless giants like AT&T Inc. and Verizon Communications Inc. use that personal data and share it with other companies has come under increased scrutiny.

The four major U.S. carriers said in June that they would stop selling access to the locations of individual customers to two companies—LocationSmart and Zumigo—following accusations that a LocationSmart customer misused the information. (The Federal Communications Commission has referred the LocationSmart issue to its enforcement division, a spokesman said.)

But those two middlemen aren’t the only companies that have had or continue to rely on access to the locations of cellphone users to make money.

Location data controlled by carriers is different from the data collected by popular applications such as Uber or Facebook . Because those apps get location data directly from a consumer’s phone—and not from wireless carriers—consumers opt into sharing their location in exchange for or as part of receiving a service. (Read about how other companies get permission to use your data.)

Here’s a look at five scenarios in which companies or carriers have relied on or considered using cellphone location data.

1. Roadside Assistance

John gets a flat tire and pulls over to the side of a highway to call for roadside assistance.

The American Automobile Association in the past partnered with LocationSmart, according to a company press release. Members of the auto club had the opportunity to opt out of sharing their location information when they made a service call and instead describe nearby road markings or intersections, an AAA spokeswoman said…

2. Traveling Abroad

Susan attends a conference in London and then spends a week in Paris. While she is in those countries, her mobile phone relies on local wireless networks.

Tampa-based Syniverse Technologies LLC helps wireless carriers around the world square up on customer roaming charges between their networks. As a result, the company sees which country a mobile user is in, which network they receive service from, the quality of that service and what types of communication a traveler has used, a Syniverse spokeswoman said…

3. Fraud Prevention

Ted buys a pair of sneakers while he is traveling in Germany.

Syniverse, owned by private-equity giant Carlyle Group , in the past worked with Mastercard Inc. on fraud-prevention services that would match a traveler’s location with where he or she was making purchases. A spokesman for the credit-card company said work on location-based fraud… prevention products stopped last year.

4. City Planning

A city-planning board is considering creating a new bus route and wants to know how many people live in a given neighborhood and commute downtown for work.

Companies such as Teralytics AG plot the travel patterns of wireless subscribers for use in infrastructure, public transportation and other urban-planning projects.

Teralytics works with one of the major U.S. carriers and receives an “anonymized representative sample” of location data, a spokeswoman said. The company typically needs a representative sample of 15% to 30% of the population, she said…

5. Shopping

A retailer wants to know how many people walk past each of its locations.

Pinsight Media, a subsidiary of Sprint Corp. , uses anonymized data on how the wireless carrier’s subscribers shop, use apps and travel in the U.S. to give retailers, financial services companies and other firms data on their tastes and habits.

Apps also partner with Pinsight to serve targeted advertisements and must get consent from their users to collect and use information about them.

Another digital advertising unit owned by a carrier, Verizon’s Oath, also includes a team focused on using subscriber location data to deliver targeted advertisements. READ MORE

Analysis: None of these (ab)uses are new, or surprising. What is (mildly) surprising was the ability/allowing of the “location aggregators”–LocationSmart and Zumigo–to have such lax controls on the access to the data. (See more on these companies being dropped by carriers here. In a nutshell being dropped is a death blow for these companies, another reason to be surprised that they did not take privacy more seriously…)

I use the word “mildly” not to diminish the seriousness of the activity (it was VERY serious), but rather to point out surprise that more companies have been not (yet) being caught doing something similar. Until there is significant progress on the privacy regulator front, this kind of abuse will not only continue to occur, but get worse as more location-capable devices (e.g. IoT) enter the market. Or we can hope that public backlash, such as has been occuring with here and Facebook, erupts more frequently as investigators such as this one point out major “flaws” in individual companies’ policies and processes. 

In the meantime, the best defense is assuming that every company will be tempted to abuse your data, limited only by their view on how likely they will be caught doing so…

__________________________

Potential Spy Devices Which Track Cellphones, Intercept Calls Found All Over D.C., Md., Va. (NBCWashington.com, May 18, 2018)

The technology can be as small as a suitcase, placed anywhere at any time, and it’s used to track cell phones and intercept calls.

The News4 I-Team found dozens of potential spy devices while driving around Washington, D.C., Maryland and Northern Virginia. “While you might not be a target yourself, you may live next to someone who is. You could still get caught up,” said Aaron Turner, a leading mobile security expert.

The device, sometimes referred to by the brand name StingRay, is designed to mimic a cell tower and can trick your phone into connecting to it instead. The News4 I-Team asked Turner to ride around the capital region with special software loaded onto three cell phones, with three different carriers, to detect the devices operating in various locations.

“So when you see these red bars, those are very high-suspicion events,” said Turner.

If you live in or near the District, your phone has probably been tracked at some point, he said.A recent report by the Department of Homeland Security called the spy devices a real and growing risk. And the I-Team found them in high-profile areas like outside the Trump International Hotel on Pennsylvania Avenue and while driving across the 14th Street bridge into Crystal City. The I-Team got picked up twice while driving along K Street — the corridor popular with lobbyists….

…Every cellphone has a unique identifying number. The phone catcher technology can harness thousands of them at a time. DHS has warned rogue devices could prevent connected phones from making 911 calls, saying, “If this type of attack occurs during an emergency, it could prevent victims from receiving assistance.”

“Absolutely. That’s a worry,” said D.C. Councilwoman Mary Cheh, adding that the spy technology should be a concern for all who live and work in the District.

The I-Team’s test phones detected 40 potential locations where the spy devices could be operating, while driving around for just a few hours. Read More

Analysis: Two major points here. First, and most obvious is of course the potential for rampant survelliance on non-warranted subscribers. 

The second is one mentioned here, but deserves more emphasis: the possibility that a 911 call may not go through. Though it is not 100%, we suspect very strongly that these spy-sites are NOT appropriately connected to the 9-1-1 system, as that system is extremely complicated and requires a large number of workarounds to operate correctly. This is particularly true for AT&T and T-Mobile, carriers that whose 9-1-1 locating systems are “network-based” and use the location of the cell tower as part of the location determination process. It is highly unlikely that these fake towers have an active operating agreement and setup that allow them to integrate with the 911 infrastructure. One more privacy-related timebomb waiting to happen…

_____________________________

What Your Facebook ‘Likes’ Say About Your Personality

(The New York Times, March 21, 2018, embedded in broader article about Facebook security chief)

Researchers at Stanford University and Cambridge University’s Psychometrics Center built a model that could assess a person’s personality using Facebook “likes” alone. The model can use the likes to score a person’s openness, conscientiousness, extraversion, agreeableness and neuroticism. [Examples include:]

MOST OPEN
LEAST OPEN

Tom Waits musician

Cheryl Cole musician

“A Clockwork Orange” movie

Adidas Football brand

Writing hobby

Jason Aldean musician

MOST CONSCIENTIOUS

LEAST CONSCIENTIOUS

Running hobby

Bring Me the Horizon musician

Traveling hobby

“Adventure Time” TV show

Cooking hobby

Minecraft Game

MOST EXTROVERTED

LEAST EXTROVERTED

DJ Pauly D musician
Anime

JWoww TV star

Video Games hobby

Gucci Mane musician

Drawing hobby

MOST AGREEABLE
LEAST AGREEABLE

Casting Crowns musician

Marilyn Manson musician

The Bible

Rammstein musician

Relient K musician

“Californication” TV show

The model, the researchers said, was particularly adept at “predicting life outcomes such as substance use, political attitudes and physical health.” The real-world efficacy of the approach, however, has been called into question.
Read More

Analysis: It is becoming obvious that we have (finally) encountered the major privacy disaster that we’ve been predicting/anticipating/dreading for sometime with the Facebook–Cambridge Analytica disclosures. The above “Likes Analysis” is similar to numerous other articles that have been written recently, but are only now getting major media time. 

While the article, and analysts themselves, calls into question about the accuracy of drawing conclusions based on certain Likes, these examples help illustrate the dangers associated with the lack of protections with respect to social media data, and particularly location data. Put another way, while you “Liking” pictures of exotic destinations may or may not indicate that you love traveling, posts of you in several different destinations (or alternatively, in common scenes but with exotic location stamps) make it far more likely to be true (with the added bonus of giving potential burglars a heads-up on your propensity to be out-of-town). This is even more problematic when you consider that FB and other apps commonly track your location even when you are not using the app, or, as the articles below indicate, when you don’t even use the app or have it loaded on your device at all! 

Some examples of behaviors or mindsets that can be inferred with a decent degree of accuracy with just a few location stamps include:

  • Multiple trips to the liquor store in a week/month = Alcoholism for you or a family member
  • Frequent trips to a church = Religious (and perhaps Republican)
  • Frequent trips to AA/NA meetings = Recovering Alcoholism/Drug Addiction
  • Numerous trips to hospital/doctors offices = Health problems (for you or your family. Other data could be used to pinpoint exactly who and the affliction involved)
  • Attendance at Far-Right or Far-Left speaker/rally = Indicating being very politically active, and perhaps other political leanings and “community membership”
  • More than 3 (pick a number) of baseball games attended each season = Cardinals fan (or perhaps a Cubs fan if you only go when Cubs are in town)

Some of the above conclusions can be derived just with location data, while others (such as being a Cubs fan or attending Alcoholics Anonymous/Narcotics Anonymous) needing to be meshed with other data sets such as those games/organization meeting days/times. Some will likely need multiple data points within a certain timeframe to have a high degree of confidence in the “conclusion”, whereas others may only require a few or even one or two data points to draw meaningful conclusions.  The Far-Right/Left example above would likely only need one instance to be indicative of a certain mindset, though in which direction may require other data. 

Some of the above examples could be life altering–even destroying, once such “conclusions” are arrived at and publicized (or hacked) in some manner.  Historically it is only the people that get photographed/publicized at some of these events or situations that get the life-altering exposure. With location data and a widely used/abused app (re: FB), it is possible that anyone and everyone could be exposed. No matter what your life situation or political leanings, isn’t everyone entitled to protection from this kind of damage? There is no due process involved, nor mitigating knowledge about the particular context/background of the individual. 

BOTTOM LINE: It is critical that ALL location data be protected, no matter what else comes out of legislative and corporate privacy policy changes from the Facebook-CA disclosures.
_______________________________

Facebook and Cambridge Analytica: What You Need to Know as Fallout Widens 
(The New York Times, March 20, 2017)

Our report that a political firm hired by the Trump campaign acquired access to private data on millions of Facebook users has sparked new questions about how the social media giant protects user information.

Who collected all that data?

Cambridge Analytica, a political data firm hired by President Trump’s 2016 election campaign, gained access to private information on more than 50 million Facebook users. The firm offered tools that could identify the personalities of American voters and influence their behavior.

Cambridge has been largely funded by Robert Mercer, the wealthy Republican donor, and Stephen K. Bannon, a former adviser to the president who became an early board member and gave the firm its name. It has pitched its services to potential clients ranging from Mastercard and the New York Yankees to the Joint Chiefs of Staff. On Monday, a British TV news report cast it in a harsher light, showing video of Cambridge Analytica executives offering to entrap politicians.

Read more about how Cambridge Analytica and the Trump campaign became linked.

Behind the data: How researchers use Facebook “likes” to sway your thinking.

What kind of information was collected, and how was it acquired?

The data, a portion of which was viewed by The New York Times, included details on users’ identities, friend networks and “likes.” The idea was to map personality traits based on what people had liked on Facebook, and then use that information to target audiences with digital ads.

Researchers in 2014 asked users to take a personality survey and download an app, which scraped some private information from their profiles and those of their friends, activity that Facebook permitted at the time and has since banned.

The technique had been developed at Cambridge University’s Psychometrics Center. The center declined to work with Cambridge Analytica, but Aleksandr Kogan, a Russian-American psychology professor at the university, was willing.

Dr. Kogan built his own app and in June 2014 began harvesting data for Cambridge Analytica.

He ultimately provided over 50 million raw profiles to the firm, said Christopher Wylie, a data expert who oversaw Cambridge Analytica’s data harvesting. Only about 270,000 users — those who participated in the survey — had consented to having their data harvested, though they were all told that it was being used for academic use.

Facebook said no passwords or “sensitive pieces of information” had been taken, though information about a user’s location was available to Cambridge. Read More

Analysis: Facebook continues to not inspire confidence in how it uses location data. If this was truly a “one-off” incident, we would not be that concerned. But FB continues to exhibit the strategic intent of monitezing every bit of personal data as possible. Other related articles elaborate on how data associated with this “breach” was used (really, a legal use as defined within their bryzantine and continually changing privacy policies) and indicate an even more worrisome aspect: “leveraging” (re: using well beyond what most people understand) potentially anyone’s use of Facebook login credentials to login onto other apps to obtain their personal Facebook-related data, even if those other person’s do not have that (non-Facebook) app. This type of “leveraged” personal data use is extremely concerning. 

If for example you (Person B) don’t subscribe to a dating site, but Person A does, and Person A and B (you) are friends, and/or you (Person B) Like something Person A posted, Facebook could (and apparently did in some cases) use your (Person B’s) data to help Person A’s dating app in some way, such as extending its understanding of Person A’s profile based on their relationships with Person B (you). One more BIG reason to NEVER use Facebook login-credentials to login to ANY app other than Facebook: there is just no way of understanding how the cross-app data will be used. But since there is a growing body of evidence that practially every scrap of personal data (including location data–check-ins in particular) are heavily monetized, it is probably wise to assume that every possible personal behavior and interest that Facebook can extract from the use of these other apps will be monetized as well. Facebook is not going to stop using this data because of this uproar–it is the core of their business model

________________________ 

Drones Are Watching: Railroad Irks Workers With Unmanned Aircraft

Workers say drones are a distraction; the railroad says the program will coach employees in correcting behaviors that could cause serious injury (The Wall Street Journal, 3/15/18)

Union Pacific Corp. UNP 0.83% riled employees recently when it started flying drones over some of its railroad yards to ensure workers were following safety guidelines.

The aerial spotters were looking for any number of behaviors that deviate from the railroad’s rule book, from passing between railcars that are less than 100 feet apart to climbing off moving equipment.

The response from the railroad workers’ union? Urging the rank and file to flood Union Pacific’s safety hotline with complaints that the drones make their jobs more dangerous.

Workers say that rather than promote safety, the drones create a hazard by distracting them when they should be laser-focused while around 200-ton locomotives and railcars moving along the tracks, according to Steve Simpson, general chairperson with the International Association of Sheet Metal, Air, Rail and Transportation Workers. “They are no longer looking ahead or at their task at hand,” he said. “They’re looking up.”

Mr. Simpson, whose general committee represents 1,600 conductors, engineers and other rail workers in the southern U.S., also advises members on complaints to the Federal Aviation Administration and Federal Railroad Administration. He said there is no way to distinguish a drone flown by Union Pacific from one operated by an unauthorized party….

—Mr. Simpson said he suspects safety isn’t the company’s only motivation. Workers see drones as a means to discipline them, he said, with escalating penalties that can lead to termination. There is no indication anyone has been fired for an infraction spotted from up to 400 feet in the air, but Mr. Simpson said workers have been cited for violations as a result.

Ms. Espinoza said Union Pacific has been using drones to conduct federally mandated field testing and will coach employees to correct behavior that could cause serious injury. “We are finding drones are valuable tools that can help us reach our ultimate goal of operating in an incident-free environment and ensure employees go home safely,” Ms. Espinoza said. She added that the company hotline has received only one complaint about the use of drones...

…Drone use is still in its infancy in the railroad industry. Companies have sought to incorporate it into operations to inspect bridges and track, assess damage after natural disasters and map their networks. Other proposed or active uses have included spotting trespassers, air-quality tests and aerial photography.

Earl Lawrence, who runs the FAA’s drone-integration office, said he was unaware of any other industries where employers are using drones to enforce safety rules. “Every day we see inventive ways of using aerial platforms,” he said.

Berkshire Hathaway Inc.’s BNSF railroad, which, like Union Pacific, operates in the Western U.S., has worked closely with the FAA to find ways to incorporate drones into its operations. After obtaining waivers to fly drones outside the line of sight of their operators, BNSF in 2015 flew an unmanned, fixed-wing aircraft over 270 miles in New Mexico to inspect tracks. The railroad said it was the first commercially operated drone to fly beyond its pilot’s line of sight within the lower 48 states.

Since then, BNSF has received permission to conduct tests on more than 2,000 miles of track, including at night.

Norfolk Southern Corp. uses drones only for bridge inspections, a spokeswoman said. CSX uses the aircraft to monitor its rail network, collect data and conduct security checks. Drones also have been used as part of installing so-called positive train control, a new, federally mandated safety system, a spokesman said.

Union Pacific first received FAA approval to use drones in 2015. It now has 126 employees on staff certified to fly them and has used them to inspect bridges and flood damage, among other uses. Union Pacific plans to have as many as 250 trained drone pilots by the end of 2018 and is also looking into self-flying drones.

Union Pacific first deployed drones to monitor employees in December 2017 at a rail facility in Ste. Genevieve, Mo., later expanding to 14 locations. While railroads already make use of fixed cameras to monitor operations, aerial footage provides a new vantage point for yardmasters in facilities that can be more than 100 tracks wide and scattered with visual obstacles like cars and equipment.

“It’s a useful tool,” said Mr. Simpson, the railroad union leader. “But it’s being used as a discipline tool and that worries me.” Read More

Analysis: The concerns expressed here by the union closely resembles the criticisms from workers in the early days of mobile phone-based location-based services business apps, with assertions of privacy violations and unwarranted tracking of workers. Like those apps–now fully accepted as a management tool–I suspect the backlash will also die down, even if it takes a few years. 

However, the article mentions an area of likely to be great concern as drone use grows: being able to discern (or not) between “authorized” drones (drones sanctioned by the railway/applicable business entity) and unauthorized ones (anybody else’s drone, including competitors, reckless hobbyists, or even thieves). How do you determine if a drone is one or the other? And what do you do when you know something is unauthorized? Call the police? Try and shoot it down? Equip railyards with jammers? While the privacy/worker tracking issue will die down, we predict the “unauthorized use” issue will become a major one in the years ahead.

__________________________

Facebook Really Is Spying on You, Just Not Through Your Phone’s Mic (The Wall Street Journal, March 6, 2018)

How to limit the amount of data Facebook and advertisers are collecting about you

“Can I try the Cole Haans in a size 8?”
Later that night on Facebook: An advertisement for Cole Haan pumps.

OK, maybe a coincidence.

“What’s the best high-tech scale?” my wife asks aloud.
Five minutes later on Instagram: An ad for scales.

Wait, are they listening?

“Get the little red Sudafed pills,” my mom says after I sneeze.
That afternoon: An advertisement for Sudafed PE.

Yep, they’ve even wiretapped my bodily functions.

A conspiracy theory has spread among Facebook and Instagram users: The company is tapping our microphones to target ads. It’s not.

“Facebook does not use your phone’s microphone to inform ads or to change what you see in News Feed,” says Facebook.

Yeah, sure, and the government swears it isn’t keeping any pet aliens at Area 51. So I contacted former Facebook employees and various advertising technology experts, who all cited technical and legal reasons audio snooping isn’t possible.

Uploading and scanning that much audio data “would strain even the resources of the NSA,” says former Facebook ad-targeting product manager Antonio Garcia Martinez. “They would need to understand the context of what you are saying—not just listen for words,” says Sandy Parakilas, a former Facebook operations manager.

I believe them, but for another reason: Facebook is now so good at watching what we do online—and even offline, wandering around the physical world—it doesn’t need to hear us. After digging into the various bits of info Facebook and its advertisers collect and the bits I’ve actually handed over myself, I can now explain why I got each of those eerily relevant ads. (Facebook ads themselves offer limited explanations when you click “Why am I seeing this?”)

Advertising is an important staple of the free internet, but the companies buying and selling ads are turning into stalkers. We need to understand what they’re doing, and what we can—or can’t—do to limit them. [Article describes tracking what you bought, and other elements, picking back up with location tracking, next. Strongly urge you to read this too though this section is not about location. However the overall recommendation is either don’t use loyalty cards, or register them to an email address or phone number you don’t use.]

Where You’ve Been

What could be better than your purchase history? Location, location, location. Did you stop by a shop? This ad will remind you to come back! Are you close to one of our stores? Here’s a coupon!

My colleague Christopher Mims detailed in his recent column how advertisers are using all sorts of location signals—your phone’s GPS, Wi-Fi access points around you, IP addresses, etc.— to follow your breadcrumbs….

Do this: Limit Facebook from knowing where you are. In the mobile app (iOS and Android), go to Settings > Account Settings > Location and turn off location tracking. Disable location history, too….

Other apps can pinpoint your location and serve you ads back through Facebook. Before granting any app location access, think it throughOn the iPhone, go to Settings > Privacy > Location Services and go through the apps you’ve granted location access. (They should all say “Never” or “While Using”—not “Always.”) On Android, go to Settings > Location. Read More

Analysis – Do the above. If not the “Never” option, then at least “While Using”. NEVER do the “Always” option, unless…well, there is no unless.

__________________________

 

Your Location Data Is Being Sold—Often Without Your Knowledge

 

Location-based ads are growing, which means the industry has more ways than ever to track you (The Wall Street Journal, March 3, 2018)

As location-aware advertising goes mainstream—like that Jack in the Box ad that appears whenever you get near one, in whichever app you have open at the time—and as popular apps harvest your lucrative location data, the potential for leaking or exploiting this data has never been higher.

It’s true that your smartphone’s location-tracking capabilities can be helpful, whether it’s alerting you to traffic or inclement weather. That utility is why so many of us are giving away a great deal more location data than we probably realize. Every time you say “yes” to an app that asks to know your location, you are also potentially authorizing that app to sell your data.

Dozens of companies track location and/or serve ads based on this data. They aim to compile a complete record of where everyone in America spends their time, in order to chop those histories into market segments to sell to corporate advertisers.

Marketers spent $16 billion on location-targeted ads served to mobile devices like smartphones and tablet computers in 2017. That’s 40% of all mobile ad spending, research firm BIA/Kelsey estimates, and it expects spending on these ads to double by 2021.

The data required to serve you any single ad might pass through many companies’ systems in milliseconds—from data broker to ad marketplace to an agency’s custom system. In part, this is just how online advertising works, where massive marketplaces hold continuing high-speed auctions for ad space.

But the fragmentation also is because of a very real fear of the public backlash and legal liability that might occur if there were a breach. Imagine the Equifax breach, except instead of your Social Security number, it’s everywhere you’ve been, including your home, your workplace and your children’s schools.

The fix, at least for now, is that with most individual data vendors holding only parts of your data, your complete, identifiable profile is never all in one place. Giants like Facebook and Alphabet ’s Google, which do have all your data in one place, say they are diligent about throwing away or not gathering what they don’t need, and eliminating personally identifying information from the remainder.

Yet as the industry and the ways to track us expand, the possibility that our whereabouts will be exposed multiplies. If you’ve ever felt clever because an app on your phone asked to track your location and you said no, this should make you feel a little less smug: There are plenty of ways to track you without getting your permission. Some of the most intrusive are the easiest to implement.

The spy in your pocket

Your telco knows where you are at all times, because it knows which cell towers your phone is near. In the U.S., how much data service providers sell is up to them.

Another way you can be tracked without your knowing it is through any open Wi-Fi hot spot you might pass. If your phone’s Wi-Fi is on, you’re constantly broadcasting a unique address and a history of past Wi-Fi connections. Retailers sometimes use these addresses to identify repeat customers, and they can also use them to track you as you go from one of their stores to another. Read More

Analysis: We’ve been saying for almost 2 decades (yes, we’ve been around that long) that Privacy and Security are the single most important elements of location-based services. Put another way, together they are the biggest single vulnerabilities with respect to LBS consumer adoption. While there have been many location-data breaches, they have been piecemeal so far. But it will only take one big one, e.g. the location-equivalent of the Equifax breach, to change this – in the form of a hack, or even worse, over-the-top abuse by a major service provider. The article offers some good ideas, but here are the overall keys in our opinion: 

1) Lobby Congress to pass (finally) a location-protection bill (a long-shot but a good bill would fix alot of the problems), 

2) Wean yourself off the more egregeous abusers of your data (legal and self-preservation prevents us from naming them, but they are not hard to figure out),

3) Clear your tracking cookies frequently (weekly), 

4) Consider installing Privacy software (review on candidates coming soon), 

5) DON’T login to every free Wi-Fi spot you find just to save a bit on data usage, and 

6) Make sure you opt-OUT (since most provides assume a non-response is an opt-in, or they bury it in the Ts&Cs) of location tracking on every application you have (usually in Settings function), or, alternatively if you must have location, turn OFF the location tracking feature seeting that allows tracking you even when the app is not loaded/open. 

Finally, try and make your online life as fragmented as possible, as this article suggests. It’s counter-intuitive, and somewhat inefficient, but necessary to avoid a breach from ruining your entire online life (instead of only a piece of it). Avoid the temptation to link applications together, and/or funnel all logins/passwords through one source like Facebook, which is a virtual Byzantine with respect to privacy – but one thing you can count on is that they are using every scrap of data they can get on you, and reselling it as well.

__________________________

Cops, Cellphone and Privacy at the Supreme Court (The New York Times, November 26, 2017)

How hard should it be for the police to get hold of reams of data showing every place you’ve been for months?

The Supreme Court will confront that question on Wednesday when it hears oral arguments in one of the biggest Fourth Amendment cases in years.

In 2013, Timothy Carpenter was convicted of being the ringleader behind a series of armed robberies of cellphone stores in and around Detroit, and was sentenced to almost 116 years in prison. His conviction was secured in part based on 127 days of location data that his cellphone service provider turned over to the police, showing that his phone had been in the vicinity of several of the robberies.

The police got those phone records without a warrant, which the Fourth Amendment generally requires, and which would have forced them to show they had probable cause to believe that Mr. Carpenter had committed a crime. Instead they relied on a federal law with a lower standard: “reasonable grounds to believe” that the records “are relevant and material to an ongoing criminal investigation.”

Mr. Carpenter appealed his conviction as violating the Fourth Amendment’s ban on unreasonable searches and seizuresHe argues that the police should have to get warrants to collect long-term location data, which reveal a huge amount of private information. As a federal judge in a separate case put it, “A person who knows all of another’s travels can deduce whether he is a weekly churchgoer, a heavy drinker, a regular at the gym, an unfaithful husband, an outpatient receiving medical treatment, an associate of particular individuals or political groups — and not just one such fact about a person, but all such facts.” Read More

Analysis: We do mobile forensic data analysis on both sides of criminal cases, so in general believe we are impartial. But we have to side with Mr. Carpenter on this one: long-term location data can reveal a huge amount about a person – an amount far above whatever is likely needed for arrest and prosecution, with the exception (perhaps) of conspiracy charges. But even then a warrant should be required.

___________________

The End of Privacy (The New York Times, October 5, 2017)

We learned on Tuesday that three billion Yahoo email accounts were compromised in 2013. In early September, it was Equifax’s 143 million credit reports. Just a few months before that, we learned 198 million United States voter records were leaked online in June.

Given the constant stream of breaches, it can be hard to understand what’s happening to our privacy over time. Two dates — one recent and one long ago — help explain this: Dec. 15, 1890, and May 23, 2017, are the two most important days in the history of privacy. The first signifies its creation as a legal concept, and the latter, while largely overlooked at the time, symbolizes something close to its end.

On Dec. 15, 1890, the future Supreme Court Justice Louis Brandeis and the attorney Samuel Warren published an article in the Harvard Law Review, “The Right to Privacy,” which argued for the recognition of a new legal right to, in their words, “be let alone.” The article was spurred by a new technology called the instantaneous photograph, which made it possible for anyone walking down the street to find their image in the newspaper the next day.

That argument forms the basis for the way we approach our rights to privacy to this day. The proposed right to “be let alone” made a fundamental distinction between being observed, which can accompany any act made in public, versus being identified, a separate and more intrusive act. We consent to be observed constantly; we rarely consent to be identified.

Today, however, this distinction has eroded, thanks to the rapid advance of digital technologies and the accompanying rise of the field broadly called data science. What we have thought of as privacy is dying, if not already dead.

For example, in 2012, the United States Supreme Court in U.S. v. Jones evaluated the constitutionality of police investigators’ placement of a GPS tracker on the Jeep of a suspected drug trafficker to monitor his movements for a month without a warrant. The court determined that this tracking of the defendant’s public movements had crossed the line from public observation to private identification and had therefore violated his expectations of privacy. It held that sustained monitoring, even in public, exceeded the bounds of simple observation and that the government’s surveillance was therefore unconstitutional.

Just five years later, this argument makes much less sense: “Sustained monitoring” is now a part of our digital lives. And that’s why what happened on May 23, 2017, is so important.

On that day, Google announced that it would begin to tie billions of credit card transactions to the online behavior of its users, which it already tracks with data from Google-owned applications like YouTube, Gmail, Google Maps and more. Doing so allows it to show evidence to advertisers that its online ads lead users to make purchases in brick-and-mortar stores. Google’s new program is now the subject of a Federal Trade Commission complaint filed by the Electronic Privacy Information Center in late July.

Google may be the first to formally make this link, but it is hardly alone. Among technology companies, the rush to create comprehensive offline profiles of online users is on, driven by the need to monetize online services offered free.

In practice, this means that we can no longer expect a meaningful difference between observability and identifiability — if we can be observed, we can be identified. In one recent study, for example, a group of researchers showed that aggregate cellular location data — the records generated by our cellphones as they anonymously interact with nearby cell towers — can identify individuals with 73 percent to 91 percent accuracy.

And even without these advanced methods, finding out who we are and what we like and do has never been easier. Thanks to the trails created by our continuous online activities, it has become nearly impossible to remain anonymous in the digital age.

So what to do?

The answer is that we must regulate what organizations and governments can actually do with our data. Simply put, the future of our privacy lies in how our data is used, rather than how or when our data may be gathered. Excepting those who opt out of the digital world altogether, controls on data gathering is a lost cause.

This is part of the approach now being taken by European regulators. One of the cornerstones of the European Union’s new regulatory framework for data, known as the General Data Protection Regulation, or G.D.P.R., is the idea of purpose-based restrictions on data. In order for an organization or public authority to use personal data gathered in the European Union, it must first specify what that data is going to be used for. The G.D.P.R. sets forth six broad categories of acceptable purposes, including when an individual has directly consented to a specific use for the data to when data processing is necessary for the public interest. If data is issued for an unauthorized purpose, legal liability ensues. The G.D.P.R. is far from perfect, but it is on to something big.

This method stands in stark contrast to the way data is protected in the United States, which might best be characterized as a “collect data first, ask questions later” approach. Sure, American technology companies disclose their privacy policies in a terms-of-service statement, but these disclosures are often comically ambiguous and widely misunderstood.

Many privacy advocates will no doubt find it hard to stomach that the way we think about protecting our data is outdated. But if we are to maintain the ability to assert control over the data we generate, we must also admit that our past ideas of what it means to be “let alone” no longer apply. Read More

Analysis – The advent of the Internet of Things and facial recognition softwqre will make this scary prospect outright horrifying. The cycle wll not stop with “if we can be observed, we can be identified”. It will progress to “if we can be identified, we can be tracked” – not just with location data, but with sensors that capture every element of our lives from what we do to how we act, and finally to what we think and even why we think it (e.g. interprolating our motivations, which is easier than you think). Our lives will be the proverbal open book to anyone who can capture our image electronically, unless we adopt an European-type attitude and regulatory structure.

_______________________

Cars Suck Up Data About You. Where Does It All Go? (The New York Times, July 27, 2017)

Cars have become rolling listening posts. They can track phone calls and texts, log queries to websites, record what radio stations you listen to — even tell you when you are breaking the law by exceeding the speed limit.

Automakers, local governments, retailers, insurers and tech companies are eager to leverage this information, especially as cars transform from computers on wheels into something more like self-driving shuttles. And they want to tap into even more data, including what your car’s video cameras see as you travel down a street.

Who gets what information and for what purposes? Here is a primer.

What Can Be Collected?

Government rules limit how event data recorders — the black boxes in cars that record information such as speed and seatbelt position in the seconds before, during and after a crash — can be used. But no single law in the United States covers all the data captured by all the other devices in automobiles.

Those devices include radar sensors, diagnostic systems, in-dash navigation systems and built-in cellular connections. Newer cars may record a driver’s eye movements, the weight of people in the front seats and whether the driver’s hands are on the wheel. Smartphones connected to the car, and those not connected to the car, can also track your activities, including any texting while driving.

There are few rules or laws in the United States that govern what data can be collected and used by companies. (An exception is medical information.) The United States generally does not ensure that companies strip out names or other personal details, or stipulate how such information should be used, for example. Read More

Analysis – No long-winded analysis of this one. Bottom Line: Connected cars means your EVERY move will be tracked.

____________________________

Spyware Sold to Mexican Government Targeted International Officials (The New York Times, July 10, 2017) – NOTE: This is a followup to a June 19th article, also below)

MEXICO CITY — A team of international investigators brought to Mexico to unravel one of the nation’s gravest human rights atrocities was targeted with sophisticated surveillance technology sold to the Mexican government to spy on criminals and terrorists.

The spying took place during what the investigators call a broad campaign of harassment and interference that prevented them from solving the haunting case of 43 students who disappeared after clashing with the police nearly three years ago.

Appointed by an international commission that polices human rights in the Americas, the investigators say they were quickly met with stonewalling by the Mexican government, a refusal to turn over documents or grant vital interviews, and even a retaliatory criminal investigation.

Now, forensic evidence shows that the international investigators were being targeted by advanced surveillance technology as well. (Read More of NYTimes article)

Analysis: The “forensics evidence shows” link has this passage: “Once infected, the Pegasus implant on the phones phones would connect with Pegasus’ Command and Control (C2) servers, enabling the NSO customer to invisibly control the phone’s microphone and camera, as well as collect all of the contacts, e-mails, messages, geolocation, and other personal information on the phone.” What is the lesson here?

First, there are NO limitations on the use of this technology once obtained. Second, the only “protection” the vendors of these tools offer is “limiting” their purchase to government entities, along with a toothless request/”mandate” that they be used only for legal purposes. Third, these tools can collect EVERYTHING on a phone, including real-time location – an incredibly scary prospect for investigators in semi-lawless countries.

Is there a solution? Not sure – perhaps a back door disabling capability that the vendors can use to disable tools being used against the terms and conditions of the purchase. But would they use it, in the process likely destroying their relationship with a whole country? Unlikely. This problem is only going to get worse, people.

____________________________

Using Texts as Lures, Government Spyware Targets Mexican Journalists and Their Families (The New York Times, June 19, 2017)

MEXICO CITY — Mexico’s most prominent human rights lawyers, journalists and anti-corruption activists have been targeted by advanced spyware sold to the Mexican government on the condition that it be used only to investigate criminals and terrorists.

The targets include lawyers looking into the mass disappearance of 43 students, a highly respected academic who helped write anti-corruption legislation, two of Mexico’s most influential journalists and an American representing victims of sexual abuse by the police. The spying even swept up family members, including a teenage boy.

Since 2011, at least three Mexican federal agencies have purchased about $80 million worth of spyware created by an Israeli cyberarms manufacturer. The software, known as Pegasus, infiltrates smartphones to monitor every detail of a person’s cellular life — calls, texts, email, contacts and calendars. It can even use the microphone and camera on phones for surveillance, turning a target’s smartphone into a personal bug.

The company that makes the software, the NSO Group, says it sells the tool exclusively to governments, with an explicit agreement that it be used only to battle terrorists or the drug cartels and criminal groups that have long kidnapped and killed Mexicans.

But according to dozens of messages examined by The New York Times and independent forensic analysts, the software has been used against some of the government’s most outspoken critics and their families, in what many view as an unprecedented effort to thwart the fight against the corruption infecting every limb of Mexican society.

“We are the new enemies of the state,” said Juan E. Pardinas, the general director of the Mexican Institute for Competitiveness, who has pushed anti-corruption legislation. His iPhone, along with his wife’s, was targeted by the software, according to an independent analysis. “Ours is a society where democracy has been eroded,” he said.

The deployment of sophisticated cyberweaponry against citizens is a snapshot of the struggle for Mexico itself, raising profound legal and ethical questions for a government already facing severe criticism for its human rights record. Under Mexican law, only a federal judge can authorize the surveillance of private communications, and only when officials can demonstrate a sound basis for the request.

It is highly unlikely that the government received judicial approval to hack the phones, according to several former Mexican intelligence officials. Instead, they said, illegal surveillance is standard practice. Read More

Analysis: Unfortunately, this is the kind of government invasion of privacy we’ve been worried about for years. While the article doesn’t specifically refer to location information, current and historical location is the kind of information that can be obtained by these tools. We’ve used the (legal) output of similar tools in forensics cases in the past, and they can extract everything on your phone, whether deleted or not.

While this article is about Mexico, not the U.S., the key in both countries is the rule of law AND its enforcement. Any gray area in the law, or in the processes involved in legally obtaining cell phone information, will be exploited. Even where/when the law is supposedly “up-to-date”, rest assured it is not, as technology advances are far faster than legal protections. Worst, the privacy invasion represented here is only going to get exponentially worse, as connected cars and the Internet of Things potentially provides literally billions of new opportunities for illegal and/ unethical survelliance.

___________________________

Companies Look to Make a Quantum Leap With New Technology (The Wall Street Journal, May 6, 2017)

Quantum mechanics has fascinated, confounded and even alarmed scientists for nearly a century with the notion that particles can exist in two states at once and communicate with each other across vast distances. The underlying science that Albert Einstein famously called “spooky” could soon become one of modern computing’s core tenets.

 

Computers that utilize quantum mechanics are moving beyond pure scientific research and inching toward the commercial sector, with companies such as Volkswagen AG beginning to harness their unprecedented power to solve complex problems in nanoseconds.

 

“This technology is not futuristic,” said Martin Hofmann, Volkswagen chief information officer, who oversees information technology for the group’s 12 brands including Audi , Porsche and Bentley. “It’s a question of years until it’s commercialized, and investing right now in the technology is a big competitive advantage.”

While traditional computers use binary digits, or bits, which can either be 0s or 1s, quantum computers use quantum binary digits, or qubits, which represent and store information in both 0s and 1s simultaneously. This means the computers have the potential to sort through a vast number of possibilities within a fraction of a second to come up with a probable solution.

Volkswagen put that speed to use for a recent traffic-optimization project. Working on a $15-million D-Wave quantum computer over the cloud, a team of five in-house data scientists took GPS data from 10,000 taxis in Beijing and simulated specific routes that would allow each car to travel from downtown Beijing to the nearest airport, about 20 miles away, in the fastest time possible without creating a traffic jam.

After six months and several attempts, Dr. Hofmann and his team in March came up with an algorithm for the computer that optimized the routes for each taxi within a fraction of a second. A normal computer would have taken about 45 minutes to complete the same task, he said.

Dr. Hofmann’s next project is a navigation-based mobile app for drivers in Barcelona that will harness the power of quantum computing and machine learning, a part of artificial intelligence, to predict traffic jams and immediately send alternate routes. The first iteration is expected to debut by the end of the year, though Dr. Hofmann declined to go into more detail about the project. “If our project succeeds and in six to eight years the technology is where it should be, then traffic jams won’t happen anymore,” he said.  Read More

Analysis: It is very interesting that the two key examples in this article of the potential of quantum computing (QC) are in the LBS space. More broadly, QC’s potential in location and context big data analysis that will come from IoT’s ability to collect data on us anywhere, anytime, is staggering, and frightful. Imagine the ability to predict with a high degree of certainty where we will go and what we will do tomorrow based on our past behavior, before we even know it ourselves! A long-term issue yes, but “long-term” is now 5-10 years, not 20-50, so the time to start planning for (and protecting ourselves from) this capability is now. 

_________________________

Shopping Malls Are Tracking Your Every Move (The Wall Street Journal, March 14, 2017)

Add another category to the growing list of companies monitoring their customers: shopping-mall landlords.

As more shoppers tote smartphones while browsing in stores, shopping-center owners are tracking their movements and spending habits to try to figure out how best to arrange stores and mall layouts to boost shopping activity.

Some landlords measure how long people stay in the mall, how long they linger in particular stores or displays, and where they were before and after heading to the mall. That gives them a better idea of which stores benefit from being in proximity to one another.

Landlords also match shoppers’ location data against their social media or email accounts and channel personalized advertisements to them…

…To use a shopping center’s Wi-Fi or app, customers typically have to agree to terms and conditions that disclose its privacy policy before they can log in.

Mobile games also are starting to appeal to landlords looking for other ways to deliver incentives directly to shoppers.

Some landlords include a screen at a corner of the food court and designate that area as a place where customers can compete with each other at games played on their phones, with the images projected on the screen.

People have to provide basic information to play, such as their age, email address, and you’ve instantly captured these customers,” said Steve Ridley, chief executive officer of FunWall, a social and tournament gaming company. The data help the mall’s marketing team improve loyalty programs, including promotions such as gift certificates or free drinks.

In The Shops at South Town in Utah, owner Pacific Retail Capital Partners invested millions to renovate the shopping center to add beacons, which emit signals to smartphones or tablets in the vicinity, and multimedia wall displays that include digital art and advertising.

The Los Angeles-based real-estate developer also included a 13-by-6-foot interactive wall in the dining terrace where children can play a custom-developed emoji game that draws families and increases their mall time…

..Some malls have been using beacons not only to offer personalized coupons to the shopper’s smartphone but also to get data on how often shoppers pass by the store and how often they use their phones to make calls or pay for purchases. Read More (Subscription may be required)

Analysis – This covers many different issues: Privacy policies,  future trends (e.g. wearables), using mobile games as personal data acquisition mechanisms, and–implicitly–the potential for data abuse and hacking, particularly with children and young adults. 

While this article does not discuss the details of privacy policies, it’s an easy bet that you are accepting a free-for-all in terms of data access and usage. Since most people (particularly children and young adults) are always on the lookout for a free hotspot, it is likely they will accept a mall’s Ts&Cs in a heartbeat, not knowing what data access they are providing. And malls are not particularly stringent when it comes to security–on the contrary, the easier to access their hot spot and any apps the better. The gaming angle is both innovative and concerning, since again its the younger generation most likely to sign on without caring about security or privacy. It’s just a matter of time before some enterprising hacker taps into this…

Longer-term, as wearables and multi-use beacons become more prevalent, the more data that will become available to retailers, and along for the ride the higher for potential hacking and abuse. Malls and retailers are salivating at the prospect, understandably. But the first (publicized) breach will likely result in a significant financial hit for the retailer/mall responsible. Lesson to retailers: be proactive in beefing up your security, even if it doesn’t include credit card #s.

_____________________________

Court: Warrant needed to search car’s ‘black box’

How Uber Used Secret Greyball Tool to Deceive Authorities Worldwide (NY Times, March 3, 2017)

SAN FRANCISCO — Uber has for years engaged in a worldwide program to deceive the authorities in markets where its low-cost ride-hailing service was being resisted by law enforcement or, in some instances, had been outright banned.

 

The program, involving a tool called Greyball, uses data collected from the Uber app and other techniques to identify and circumvent officials. Uber used these methods to evade the authorities in cities such as Boston, Paris and Las Vegas, and in countries like Australia, China, Italy and South Korea.

 

Greyball was part of a broader program called VTOS, short for “violation of terms of service,” which Uber created to root out people it thought were using or targeting its service improperly. The VTOS program, including the Greyball tool, began as early as 2014 and remains in use, predominantly outside the United States. Greyball was approved by Uber’s legal team…

…This is where the VTOS program and the use of the Greyball tool came in. When Uber moved into a new city, it appointed a general manager to lead the charge. This person would try to spot enforcement officers using a set of technologies and techniques.

One method involved drawing a digital perimeter, or “geofence,” around the authorities’ offices on a digital map of the city that Uber monitored. The company watched which people were frequently opening and closing the app — a process known internally as eyeballing — near such locations as evidence that the users might be associated with city agencies.

Other techniques included looking at a user’s credit card information and determining whether the card was tied directly to an institution like a police credit union.

Enforcement officials involved in large-scale sting operations meant to catch Uber drivers would sometimes buy dozens of cellphones to create different accounts. To circumvent that tactic, Uber employees would go local electronics stores to look up device numbers of the cheapest mobile phones on sale — often the ones bought by city officials working with budgets that were not sizable.

In all, there were at least a dozen or so signifiers in the VTOS program that Uber employees could use to assess whether users were regular new riders or likely to be city officials.

If such clues were not enough to confirm a user’s identity, Uber employees would search social media profiles and other information available online. If users were identified as being connected to law enforcement, Uber Greyballed them by tagging them with a small piece of code that read “Greyball” followed by a string of numbers.

When someone tagged this way called a car, Uber could scramble a set of ghost cars inside a fake version of the app for that person to see, or show no cars available at all. If a driver accidentally picked up someone tagged as an officer, Uber occasionally called the driver with instructions to end the ride.

Uber employees said the practices and tools were born out in part of safety measures meant to protect drivers in some countries. In Franchwe, India and Kenya, for instance, taxi companies and workers targeted and attacked new Uber drivers. Read More.

Analysis: This is one of the most fascinating – and complex – stories involving location privacy that we’ve seen. It has everything: the clash of private and public motivations, dueling use of technologies, questionable law enforcement techniques, and of course the possible abuse of location data privacy. But the possible “abuse” comes with the question: what is more ethical: to invade the privacy of individuals (though acting in an official capacity), or to misrepresent oneself (even if acting in an official capacity, though without court sanction)? 

I would like to say there is a clear winner here but there isn’t one. Uber was likely trying to prevent being “caught” by cities where it had not yet been approved. However, the original purpose of the program – to protect driver safety – was laudable. Cities clearly have a right to regulate as they see fit, but do they have a right to so obviously misrepresent themselves (particularly when using non-law enforcement city employees) in trying to catch offenders of their regulations? No easy answer.

More generally however, Greyball’s use of personal geofencing (which may or may not be a privacy intrusion, legally or ethically) along with its “meshing” of that data with more clearly private information (credit card numbers and to some degree social media) illustrates a location data privacy conundrum that will only get worse as location data collection mechanisms and opportunities increase and the ability to combine it with other information creates the great potential for abuse. Any privacy regulations will likely always be behind what technology can do – it is up the nasceant privacy protection industry to step up its game and provide real alternatives to individuals who don’t want their data to be used in this manner.

                                                                _______________________

States Wire Up Roads as Cars Get Smarter

Planners say ‘smart roads’ will unlock benefits from self-driving cars, curb accidents, but costs are high (The Wall Street Journal, January 2, 2017)

On a crowded interstate outside Washington, D.C., large digital signs over four westbound lanes flashed messages lowering the speed limit by 10, then 20 miles an hour.

Drivers slowed just as a fast-moving thunderstorm unleashed sheets of rain that drenched the road and reduced visibility to a few dozen yards. There was no abrupt braking, no swerving and none of the fender-benders that can tie up traffic for miles.

The signs, installed last year, are a first step toward what highway planners say is a future in which self-driving cars will travel on technology-aided roads lined with fiber optics, cameras and connected signaling devices that will help vehicles move as quickly as possible—and more safely.

Transit planners say these so-called smart roads will unlock bigger benefits from self-driving cars, including fewer accidents, faster trips and fuel savings. Read More

Analysis: We’re at the top of the list recognizing the potential for driverless cars. But the potential is a double-edged sword–the most obvious downside being the potential for being hacked. However, there is an even bigger potential–and legal–downside: the potential for user (e.g. the owner/passenger of the vehicle) information being misused by government and other entities, via the infrastructure being put in place as described in this article. Worst case, such infrastructure will allow EVERY person on the road to have their movements tracked – not just by insurance companies, advertisers, and the like, but by law enforcement and other big-brother type entities that have a real (or invented) interest in tracking every movement of an individual. The potential for abuse is embryonic at this point, but ENORMOUS in the longer term.

    ____________________________

911 centers struggle to find callers on cellphones, and results can be deadly (Foxnews.com December 28, 2016)

Commercial apps, such as Facebook and Uber, can pinpoint your exact location using your smartphone’s built-in GPS. But that’s not necessarily the case when you call 911.

That’s because most 911 centers determine a mobile caller’s location based on technology that was adopted two decades ago — before cellphones were equipped with GPS. So, instead of obtaining location information directly from the phone, the 911 center estimates the caller’s location based on which cell tower is in use.

AFTER HUSBAND DISAPPEARED, APP LED WOMAN TO HIS BODY

The problem is, the tower your phone pings may be miles away, or even in another jurisdiction. Read More

Analysis – While this column generally focuses on location data privacy, this article is worth commenting on. Getting fast, accurate location information to the correct 911 center is extremely complex, at least how it has been implemented for the last 10+ years. There is fault to be found everywhere – the 911 centers, the wireless carriers, the FCC, even our tax system and how technology companies approach privacy. However, this article is off on 2 fronts: 1) It grossly simplifies the 911 process, including providing little detail on the myriad of issues involved, and 2) It uses the north Atlanta area to be representative of 911 problems faced nationwide. 

Regarding point #2: As anyone intimately familiar with location technology in the Atlanta area can tell you, Atlanta is “messed-up” due to the presence of “super-towers” – rogue cell towers with greater height and strength than other surrounding towers. This causes cell phones to connect to them even though they are further away than other closer “normal” towers. This can screw  up the 911 process big-time, since wireless 911 uses the location of the cell tower to which it is connected as a means to quickly identify which PSAP (911 center) to route the call to – speed being an essential requirement in the 911 process. So, when a further-away tower is the one being used, then naturally a further-away 911 center (the one servicing that cell tower’s area) will be selected. This process has been well established for over a decade – thus any such incorrect 911 center selection fault likely lies at the feet of the owner(s) of the towers–e.g. their not properly calibrating the towers’ power to appopriately integrate with the surrounding towers–minimizing coverage overlap and confusion. PSAPs could also be culpable here, by not taking steps to minimize 911 center jurisdiction overlaps/confusion by correcting mapping sofware and establishing exception processes.

Bottom Line: In general, since these rogue-towers are relatively rare, using the northern Atlanta area as a basis for extrapolating widespread erroneous 911 center selection problems is ignorant at best, and grossly misleading at worse. Few other areas of the country have problems with routing 911 calls to the wrong 911 center. Their (much bigger and very valid) issues generally revolve around the precision and timing of the cell phone location reported to the (nearly always correct) PSAP. This article does a disservice and distraction to these real problems by implying that a core issue is the 911 center selection process. Not true–except in Atlanta and a few other places…

_______________________

Attention iOS Players: Pokemon Go Has Total Control Over Your Google Account (CSO, July 11, 2016)

Last week, Pokemon Go was officially released in the U.S. and players downloaded the application in droves. Overall, games are reporting a mostly positive experience, after a few server issues, but security experts warn that the app isn’t without its risks. …

 

 

In order to play the game, the user will need to have an acoount. There are two ways to authenticate, a Polemon.com account or Google. Most players, due to a halt in new signups on Pokemon.com have opted to use their Google account.

 

 

Typically, when Google is used as the authentication method, the user is shown the level of permissions the application is going to need. But in the case of Pokemon Go, the authentication is nearly instant and the user is redirected to the login screen – with no permissions notice.

 

[Adam Reeve, a Princpal Architect at RedOwl, said Pokemon Go now has full access to his Google account. “Let me be clear – Polemon Go can now: Read all your email; Send email as you; Access all your Gogle drive documents (including deleting them); Look at your search history and your Maps navigation history, access any private photos you may store in Google Photos, and a whole lot more.” Reeve explained…

 

 

Anyone playing htis game is sharing metadata – at the very least – which means details on who they are, where they live, locations they frequent, who they associate with, time spent in each location,etc. Read More

Analysis: Besides the obvious location privacy (e.g. lack thereof) issues, this raises several issues regarding permissions, privacy policy, and design approaches. As the article implies, it is possible, even unlikely, that the designers intended on such wide access to personal information – a great deal of it is not needed for the game. But I can see an advertising bonanza coming down the pipe in future version. I can also see how such insecure design can open the door for others to obtain info through the app via holes in the app security design. I predict some Pokemon Go privacy horror stories coming down the pipe… 
_________________________

Facebook  To Put Maps In Ads, Measure Store Visits.(June 14, 2016, USAToday)

Facebook’s new ads will track which stores you visit so the giant social network can show marketers that its online ads result in offline purchases.

In the new ads, Facebook advertisers  can include an interactive map detailing the locations of stores so that Facebook users can visit them. Facebook will then use the Facebook users’phones to track how many of them who saw the ad wound up visiting the store – information it will share with marketers. Facebook is working on tying in-store purchases to ads seen on Facebook. Read More

Analysis: While I totally understand the business case for this, it is scary as hell as a potential invasion of privacy. Assuming FB does its usual make-it-near-impossible-to-understand-how-to-change-privacy-settings, millions of people will now be that much closer to having their daily lives completely monitored.

 __________________________

The Location Privacy Protection Act (Sponsor: Senator Al Franken) January 7, 2016

This bill, after a long stall and rewrite, was referred to committee on November 10, 2015. Some highlights include:

  1. Requires that companies get individuals’ consent before collecting location data off of their smartphones, tablets, or in car navigation devices, and before sharing it with others. This rule doesn’t apply to parents tracking kids, emergencies, and similar scenarios;

  2. Stymies GPS stalking by preventing companies from collecting location data in secret;

  3. Requires that any company that collects the location data of 1,000 or more devices publicly disclose the data they’re collecting, what they do with it, who they share it with, and how people can stop that collection or sharing.;

  4. Bans the development, operation, and sale of GPS stalking apps and allows law enforcement to seize the proceeds of those sales; and

  5. Requires that the federal government gather more information about GPS stalking, facilitate reporting of GPS stalking, and prioritize training grants for law enforcement. Read More or follow via Government Bill Tracking

Analysis: This is an excellent start in the pushback to location privacy violations. I have some concerns about Item #4, particularly in the definition and scope of a “stalking app.” As with most things government, the devil is in the details. The problem is that many if not most location-related devices and applications can be “repurposed” for stalking purposes, whether it is children apps or asset tracking devices. As far as I am aware all stalking incidents to date were done by such repurposed apps/devices. I would encourage all readers of this blog to contact Sen. Franken’s office and offer your (qualified) support on this bill – hopefully it can get to a vote this time!

* * * * *

How you can be tracked anywhere in the world 
(The Washington Post, 10/26/15, derived from a 2014 article)

Surveillance companies are marketing systems to governments worldwide that are capable of pulling location data out of global cellular networks, even if you are traveling in another country. These systems are designed so that neither cellphone users nor their carriers detect the tracking. That could allow government officials to potentially sidestep court review or other systems designed to protect the rights of people targeted for surveillance.

Types of information that can be collected

Computerized maps can show where you are, which direction you are traveling and how quickly, by plotting the cell towers your phone is using, even when you are not on a call. Tracking systems can also trigger an alarm if a person crosses an international border or approaches a designated area — such as a presidential palace — or gets close to another person under surveillance.

How cellular carriers track their customers

Every time a phone gets a call, text or Internet data, it must connect to a nearby cellular towerCarriers keep track of which tower their customers are using — even when they are roaming — in order to route services. This information is stored incarrier databases and, in certain conditions, shared with other carriers.

When you roam between networks

When a phone connects to a cell tower, it updates databases within the carrier’s network of the user’s location. That information can then be shared with other companies, such as the home carrier of a phone using roaming services.

How someone can find you

Advanced tracking systems can send computer queries to carriers’ databases, prompting them to reveal what cell towers customers are using at the time. That provides real-time location information that’s reasonably precise — within a few blocks in an urban area or a few miles in a rural one.

How someone can track you

Other surveillance systems called IMSI catchers can then be deployed to find the person’s exact location by collecting the signals that all phones emit.

What this means for you

Security experts say it may be possible for hackers, sophisticated criminal gangs and nations under sanctions to potentially gain access to this technology, which operates in a legal gray area. Read graphical short story, or full original story.

Analysis – Unfortunately the way wireless carrier supporting IT arcthitectures were originally designed were NOT with security in mind – rather they were and are focused on network speed and optimization. Gaining access to the data described in this article is as simple and straightforward as gaining access to two specific databases: the Home Location Register (HLR) and the Visitor Location Register (VLR). These 2 databases contain the “Cell ID” of the cell tower a user is connected to at any given time (as long as the phone is turned on).  Many if not most location-related applications that need some sort of backup location data (in cases where the GPS on the phone does not work, like indoors) usually can access this data directly from the carrier or indirectly via an approved gateway. Restictions to the data are only as good as the carrier security protocol with those 3rd party application providers; such restrictions are generally at the subscriber account level, not the underlying network level. As such anyone who knows how to penetrate one or two layers of carrier IT security can theoretically gain access to all of a carrier’s subscriber location data.

The “fix” for this is similar to that for financial systems – more wireless carrier strategic focus on protecting customer data security. Unfortunately, as below articles indicate – not only has protecting subscriber data become less of a cornerstone of the carrier-customer relationship, it is going the opposite direction with carriers’ trying to sell your location data. Anytime that kind of strategic technology reversal happens then it is going to open all kinds of potential security holes. Also, if better privacy legislation was passed – including limiations on access to customer location data, how long location information can be stored, and in particular major penalties for location data breaches – it would go a long way to re-elevating customer privacy as a carrier priority.

* * * * * * * *

 

Verizon’s zombie cookie gets new life

 

Verizon’s tracking supercookie joins up with AOL’s ad tracking network. (Arstechnica, 10/7/2015)

 

Verizon is giving a new mission to its controversial hidden identifier that tracks users of mobile devices. Verizon said in a little-noticed announcement that it will soon begin sharing the profiles with AOL’s ad network, which in turn monitors users across a large swath of the Internet.

That means AOL’s ad network will be able to match millions of Internet users to their real-world details gathered by Verizon, including “your gender, age range and interests.” (Author’s Note: This includes location information) AOL’s network is on 40 percent of websites, including on ProPublica.

AOL will also be able to use data from Verizon’s identifier to track the apps that mobile users open, what sites they visit, and for how long. Verizon purchased AOL earlier this year.

Privacy advocates say that Verizon and AOL’s use of the identifier is problematic for two reasons: not only is the invasive tracking enabled by default, but it also sends the information unencrypted, so that it can easily be intercepted.

“It’s an insecure bundle of information following people around on the Web,” said Deji Olukotun of Access, a digital rights organization.

Verizon, which has 135 million wireless customers, says it will share the identifier with “a very limited number of other partners and they will only be able to use it for Verizon and AOL purposes,” said Karen Zacharia, chief privacy officer at Verizon.

In order for the tracking to work, Verizon needs to repeatedly insert the identifier into users’ Internet traffic. The identifier can’t be inserted when the traffic is encrypted, such as when a user logs into their bank account.

Previously, Verizon had been sending the undeletable identifier to every website visited by smartphone users on its network, even if the user had opted out. But after ProPublica revealed earlier this year that an advertising company was using the identifier to recreate advertising cookies that users had deleted, Verizon began allowing users to truly opt-out, meaning that it won’t send the identifier to subscribers who say they don’t want it.

Verizon users are still automatically opted into the program.

“I think in some ways it’s more privacy protective because it’s all within one company,” said Verizon’s Zacharia. “We are going to be sharing segment information with AOL so that customers can receive more personalized advertising.”

A recent report by Access found that other large carriers such as AT&T and Vodafone are also using a similar technique to track their users.

In order for Verizon users to opt-out, they have to log into their account or call 1-866-211-0874.

Analysis – This is another indicator of carriers’ playing fast and loose with your location information. Not only does it open the door to unwanted advertising and spam, any loosening of controls on location information gives rise to unwarranted tracking and survellience, and/or wholesale hacking. It is good that there is at least an opt-out now, but it should be opt-in as the default. In general this is one more example of the deterioration of consumer data protections in this country, and the need for a more robust legislative solution.

* * * * * * * 

Car-jacking hackers are driving Nokia Here acquisition (Fortune, July 23, 2015)

Daimler CEO wants more control over the platform that enables autonomous driving.

How much is security against car hackers worth? For Daimler Group AG, owner of Mercedes-Benz, it’s somewhere in the ballpark of $2.4 billion to $3.29 billion.

Earlier this week, when reports that a coalition of German carmakers — Daimler, Audi, and BMW — had agreed to acquire Nokia’s HERE and its mapping technology, much of the analysis focused on the deal’s importance in helping develop autonomous cars. Earlier reports, said the purchase price was about $2.71 billion.

It turns out, that concerns about hackers attacking connected cars is at least part of the reason for the acquisition, according to Daimler CEO Dieter Zetsche.

During a call with reporters Thursday to discuss Daimler’s second-quarter earnings, Zetsche acknowledged that the company along with its competitors is trying to buy Nokia Here to have better, more secure control over the platform that enables autonomous driving, according to a Reuters report.

“We have the goal of designing security into the software,” Zetsche said.

A recent car-hacking of a Jeep Cherokee not only showed the weakness of this particular SUV’s digital defenses, it also raised questions about what, if anything, are other connected car manufacturers doing to protect their vehicles?

Major automakers want and need a steady, uninterrupted flow of mapping data. Data, and who has access to it, is in part, driving the pursuit of Nokia’s maps businessHighly detailed mapping is also necessary for self-driving cars to function. Without it, self-driving cars can’t move beyond a few dozen test vehicles to the mainstream.

Connected cars equipped with driver assistance systems (and more advanced automated tech) are meant to reduce accidents caused by inattentive driving. And yet, this push towards connected cars also increases their vulnerability to nefarious hackers.

Despite security concerns, automakers aren’t backing away from connected cars or the push to automated driving. Daimler is highly interested, and has invested heavily in making sure it’s at the forefront of connected cars. Read More

Analysis: Like early Location-Based Services, two of the biggest Achilles’ Heel’s for driverless cars will be map data (both static and dynamic) availability/accuracy and the privacy/security of the related applications/systems that utilize it. Unlike today’s navigation-related applications, which generally rely on 2-dimensional static data (e.g. roads, speed limits, etc) and less so on dynamic data (e.g. traffic, weather), driverless cars will require both much more precise (and 3D) static data and in particular up-to-the-second dynamic data in all locations and conditions. This will be a tremendous undertaking to collect, process, integrate, and keep up-to-date, and Daimler and partners should be applauded for seeing the upcoming essential need. With such a critical dependency, car makers would be short-sided if they did not take some steps to achieve a reliable, controllable navigation “supply-chain.”

However, as this article alludes to, having a driverless car opens up a Pandora’s Box of possibilities for hacking. There are multiple “hackable” dimensions in a navigation system, starting with the map data (particularly embedding malicious s/w in dynamic data updates); access to and updates for various navigation apps/car support subsystems; and the wireless connections that will be used by the car to get these updates (which presumably will be vulnerable to whatever security flaws exist in the Wi-fi/bluetooth networks used by the car for navigation and/or entertainment purposes).


Also, presumably other devices like smartphones will be able to access these car systems (e.g. to turn it on, remotely set the interior tempature, setup entertainment links, etc.), opening up vulnerabilities from that angle. It’s a potential security nightmare. Not to mention the potential abuse of privacy by those with “legitimate” access to the car/car data, particularly its location. 

Even if driverless cars are a few years away, design for these security/privacy issues need to start NOW. 
    ______________________________

A Police Gadget Tracks Phones? Shhh! It’s Secret

The New York TImes, March 15, 2015

A powerful new surveillance tool being adopted by police departments across the country comes with an unusual requirement: To buy it, law enforcement officials must sign a nondisclosure agreement preventing them from saying almost anything about the technology.

Any disclosure about the technology, which tracks cellphones and is often called StingRay, could allow criminals and terrorists to circumvent it, the F.B.I. has said in an affidavit. But the tool is adopted in such secrecy that communities are not always sure what they are buying or whether the technology could raise serious privacy concerns.

 

The confidentiality has elevated the stakes in a longstanding debate about the public disclosure of government practices versus law enforcement’s desire to keep its methods confidential. While companies routinely require nondisclosure agreements for technical products, legal experts say these agreements raise questions and are unusual given the privacy and even constitutional issues at stake. Read More

Analysis: While we generally support tools that allow the good guys to catch the bad guys, history teaches us that secret survelliance programs can be and often are abused. That this technology is so “secret” that entities essentially have to buy it to find out what it can do (and then are forbidden to discuss it) does not bode well for privacy advocates. Combined with a generally weak privacy protection proposal by the White House, and of course the recent overreaches by the NSA and other law enforcement agencies, this technology fuels the continued weakening of privacy protections in favor of institutional survelliance abilities. A cause for concern. 

_____________________________

 

U.S. Spies on Millions of Drivers

 

DEA Uses License-Plate Readers to Build Database for Federal, Local Authorities (The Wall Street Journal, January 26, 2015)

 

WASHINGTON—The Justice Department has been building a national database to track in real time the movement of vehicles around the U.S., a secret domestic intelligence-gathering program that scans and stores hundreds of millions of records about motorists, according to current and former officials and government documents.

 

The primary goal of the license-plate tracking program, run by the Drug Enforcement Administration, is to seize cars, cash and other assets to combat drug trafficking, according to one government document. But the database’s use has expanded to hunt for vehicles associated with numerous other potential crimes, from kidnappings to killings to rape suspects, say people familiar with the matter.

 

Officials have publicly said that they track vehicles near the border with Mexico to help fight drug cartels. What hasn’t been previously disclosed is that the DEA has spent years working to expand the database “throughout the United States,’’ according to one email reviewed by The Wall Street Journal.

 

Many state and local law-enforcement agencies are accessing the database for a variety of investigations, according to people familiar with the program, putting a wealth of information in the hands of local officials who can track vehicles in real time on major roadways.

 

The database raises new questions about privacy and the scope of government surveillance. The existence of the program and its expansion were described in interviews with current and former government officials, and in documents obtained by the American Civil Liberties Union through a Freedom of Information Act request and reviewed by The Wall Street Journal. It is unclear if any court oversees or approves the intelligence-gathering.

 

The DEA program collects data about vehicle movements, including time, direction and location, from high-tech cameras placed strategically on major highways. Many devices also record visual images of drivers and passengers, which are sometimes clear enough for investigators to confirm identities, according to DEA documents and people familiar with the program.

 

The documents show that the DEA also uses license-plate readers operated by state, local and federal law-enforcement agencies to feed into its own network and create a far-reaching, constantly updating database of electronic eyes scanning traffic on the roads to steer police toward suspects. Read More

 

Analysis: This is beyond scary. As with most such programs, the “pure” intent is understandable – in this case combating drug trafficking. But of course the potential for abuse is enormous, and real, as anyone who has read the other articles below will recognize. Put together, tracking our vehicles’ locations along with our cell phone locations, particularly in aggregate and over time, will allow anyone in a position of “authority” to construct a picture of our daily lives that will probably be at least 90% accurate. From where we go it is possible to closely deduce what we do, when we do it, who we do it with, even what we DON’T do. From there it is easy to make reasonable assumptions as to what our beliefs are from a political, cultural, societal, religious, and even “moral” basis, not to mention our personal habits and hobbies. Who knows what this information can do in the hands of an unprincipled, unchecked government bureaucrat with their own agenda?

 

Congress needs to get a jump on this uncontrolled collection of data before it further intrudes on our personal and professional lives.

 

_________________

Protecting Data Privacy at School and at Play (The New York Times, December 2, 2014)

Like many parents, Michelle Finneran Dennedy, who lives with her family in the Bay Area, likes to keep tabs on what her children and their friends are doing online.

She intervened, for instance, when she overheard a conversation in the back of her car between her daughter and a friend about Instagram, the photo-sharing site. While Ms. Dennedy has told her daughter not to accept online friend or follower requests from strangers, the other girl, who frequently posted images of herself on Instagram, declared that she had more than 2,000 followers.

Ms. Dennedy is particularly attuned to the risk that identity thieves or other online predators may obtain and exploit children’s information because she is the chief privacy officer of McAfee, the computer security service owned by Intel. So she quickly contacted the girl’s parents to offer her concerns and advice.

“We have to look over each other’s children’s shoulders,” Ms. Dennedy said.

Parents trying to protect their child’s privacy and data security online are grappling with two main concerns — information-sharing by children and data-mining by companies — only one of which they may have some meaningful control over.

With the growing use of mobile devices and apps at home and in school, an increasing number of companies are compiling and analyzing details about children’s online activities. Some sites that offer video games featuring cartoon characters, for instance, track children’s activities around the web with the aim of tailoring advertisements to them. Some apps popular with children can collect information like their whereabouts or phone numbers.

A federal law, the Children’s Online Privacy Protection Act, or Coppa, is designed to provide some online safeguards. It requires online operators to obtain a parent’s consent before collecting personal details from a child under 13.

Unfortunately for concerned parents, that law applies only to sites and apps specifically directed at young children — and not to general-audience sites frequented by adults and children. A recent article in The Wall Street Journal, for instance, reported that digital marketing companies are scouring, storing and analyzing the images people post on Instagram and Pinterest, another photo-sharing site, to help advertisers hone their pitches.

In a recent research project, he and his team studied the types of information collected by a number of animated game apps. Then they assigned each a privacy grade based on the kinds of data the app collected that a user might not have expected. Their ratings are available at www.privacygrade.org.

The researchers reported, for instance, that Fruit Ninja, a free fruit-slicing game, collected information about a user’s location, phone number and the phone’s unique identification code, apparently for the purposes of tailoring ads to users. The app received a D grade in privacy.

“Personally, as a parent, I would not like my kid’s location to be tracked, even by advertisers,” said Dr. Hong. “It’s sort of a judgment call what your comfort level is with this.” Read More

Analysis: This serves as yet another wakeup call (still mostly unheeded) for parents to be hyper-vigilant about their children’s privacy, especially their mobile location. You know it’s coming – a child abducted due to hacked or carelessly protected location information. Technology is changing too fast for laws to keep up with it, and there are too many cracks in (and outright not caring about) mobile app security to take location data security for granted. 

Americans’ Cellphones Targeted in Secret U.S. Spy Program

Devices on Planes that Mimic Cellphone Towers Used to Target Criminals, but Also Sift Through Thousands of Other Phones (11/13/14, The Wall Street Journal)

The Justice Department is scooping up data from thousands of mobile phones through devices deployed on airplanes that mimic cellphone towers, a high-tech hunt for criminal suspects that is snagging a large number of innocent Americans, according to people familiar with the operations.

The U.S. Marshals Service program, which became fully functional around 2007, operates Cessna aircraft from at least five metropolitan-area airports, with a flying range covering most of the U.S. population, according to people familiar with the program.

Planes are equipped with devices—some known as “dirtboxes” to law-enforcement officials because of the initials of the Boeing Co. unit that produces them—which mimic cell towers of large telecommunications firms and trick cellphones into reporting their unique registration information.

AT&T ends tracking of customers by “supercookie” (USAToday, 11/14/14)

AT&T appears to have ended a controversial program that used hidden “super cookies” to track smart phone users as they surfed the web.

The year-long program added a hidden and undeletable tracking number into all the Web traffic on a users’ cell phone.

The news site ProPublic reported Friday that AT&T had ended the practice. The company did not immediately respond to a USA TODAY request for confirmation.

Verizon Wireless, the country’s largest mobile firm, said Friday it still uses this type of tracking. There has been no evidence that Sprint and T-Mobile have used such codes.

The AT&T codes appear to have been in place to track cell phone users’ web surfing for the past year but only become public in late October.

The unique identifier code marks each website a subscriber visits. This allows the company–and advertisers–to build up a profile of everything the subscriber does online, by following the trail of sites he or she has visited.

It’s a problem because people with AT&T smart phone accounts didn’t know their every move was being tracked and because cell phones have become many people’s “second brain,” said Jacob Hoffman-Andrews, a senior staff technologist with theElectronic Frontier Foundation in San Francisco.

“If you have a question or you’re wondering about something, pretty soon you’re typing it into a web browser on your phone to answer it. You don’t want everything that goes through your mind being indexed by advertisers and used to sell things to you later,” he said.

AT&T said the change came because its period of testing was completed. Others believe the intense public outcry when the tracking was revealed led to the shift.

“AT&T is reacting to consumer pressure and they’re now doing the right thing,” said Rob Shavell, CEO of Abine, an online privacy company.

Verizon should note that too, he said.

“If companies like Verizon continue to ignore consumers’ rights to privacy and choice in how their information is able to be accessed, they’ll be subject to hugely increased government regulation,” Shavell said.

Verizon spokeswoman Debra Lewis told the Associated Press that business and government customers don’t have the code inserted, only consumers.

“As with any program, we’re constantly evaluating, and this is no different,” Lewis said, adding that consumers can ask that their codes not be used for advertising tracking. But that still passes along the codes to websites, even if subscribers say they don’t want their data being used for marketing purposes. Read More

Analysis: This is disturbing on a number of levels. First is that AT&T viewed this as just a “test” that they could do at anytime. Second is that they did not inform customers. Third, from a location perspective, is that it is very likely that location data was included in this tracking (though the article does not say so specifically). And finally, that while AT&T seems to at least been “shamed” into stopping the program (for now), Verizon thinks that continuing it is no big deal.

 

With Apple Pay and Smartwatch, a Privacy Challenge

The New York Times, September 10, 2014

No one has considered Apple a serious data company, until now.

For years, Apple has offered Internet services like email and online calendars. But Tuesday, with the introduction of health-monitoring technology and a new service that will allow people to buy things wirelessly with some Apple devices, the Cupertino, Calif., company positioned itself as a caretaker of valuable personal information, like credit card numbers and heart rates.

Talk about unfortunate timing. Just last week, a number of celebrities, including the Oscar-winning actress Jennifer Lawrence, discovered that hackers broke into their Apple accounts, stole nude or provocative photos, and posted those photos on the Internet. Even though Apple found no widespread breach of its online service, the company’s ability to protect its customers’ private information — for perhaps the first time — was openly questioned.

Against that background, Apple faces two threats to its new services: one from hackers always looking for clever ways to steal financial information, and another from regulators increasingly interested in ensuring that information gleaned from health monitoring devices stays private.

So Apple executives, in a two-hour presentation and in media interviews Tuesday, were careful to explain what the company planned to do with the information users were sharing through the health-monitoring capabilities of a smartwatch called the Apple Watch, which will be available next year, and its new payment service, Apple Pay.

Timothy D. Cook, Apple’s chief executive, said in an interview that in contrast to companies like Amazon and Google that relied on tracking user activity to serve ads or sell things, Apple still primarily made money from selling hardware. With Apple Pay, which will be available next month,

Apple does not store any payment information on the devices or on Apple’s servers. It simply acts as a conduit between the merchant and bank.

“We’re not looking at it through the lens that most people do of wanting to know what you’re buying, where you buy it at, how much you’re spending and all these kinds of things,” he said. “We could care less.”

Jeff Williams, Apple’s head of operations, noted that for the Apple Watch, Apple is forbidding app developers from storing any health information on cloud computing servers. He added that all health information logged by the watch would be encrypted on the device and users would decide which apps had access to the data. Read More

Analysis – At first glance, this looks like a very good start regarding location data privacy and wearable technology. I view the recent icloud privacy breach as actually a good thing, as it has hightened public awareness of cloud privacy issues, and by extension of this announcement, the potential for privacy breaches with respect to wearable technology.

As positive as this news is however, it is a certainty that others will not be privacy concious. After all, Apple by its own admission has the “luxury” of making its money primarily by hardware. Almost everyone else will have to do it via applications and by extension data and ultimately advertising. This is where the problems will occur. Now that the NSA privacy debacle seems to be coming to a relatively satisfactory end, wearable technology privacy will become our primary privacy worry.

European Court Lets Users Erase Records on Web

May 13, 2014. The New York Times

 

Europe’s highest court said on Tuesday that people had the right to influence what the world could learn about them through online searches, a ruling that rejected long-established notions about the free flow of information on the Internet.

A search engine like Google should allow online users to be “forgotten” after a certain time by erasing links to web pages unless there are “particular reasons” not to, the European Court of Justice in Luxembourg said.

The decision underlined the power of search companies to retrieve controversial information while simultaneously placing sharp limits on their ability to do so. It raised the possibility that a Google search could become as cheery — and as one-sided — as a Facebook profile or an About.me page.

Jonathan Zittrain, a law and computer science professor at Harvard, said those who were determined to shape their online personas could in essence have veto power over what they wanted people to know.

“Some will see this as corrupting,” he said. “Others will see it as purifying. I think it’s a bad solution to a very real problem, which is that everything is now on our permanent records.” Read More

Analysis – This ruling is fascinating on many fronts, and may come to be viewed as a watershed moment in privacy protections, including those for location data privacy.

While I agree that it not a great solution to a very real – and very serious – problem, I also believe the pendulum for exploiting private information had swung too far from the consumer in favor of commerical interests. This ruling grabs the pendulum and flings it back to the other side. Neither is good: a balance is needed.

In the narrow case of location data privacy, it is the timeframe of how long the data is stored that is most revelant. This ruling – while not addressing location privacy at all – could be interpreted in the coming years to prevent long-term storage of location data, just as the plainiff in this case wanted to expunge a long-ago bankruptcy.

Some other interesting side predictions. One is that more niche non-Google search engines will ignore this ruling and still provide the kinds of links at issue here. Second, there will be a kind of concatenation of search algorithms that will allow a search to get to the home page of the website that has this informattion, but not the complete link to it. This will result in a proliferation of mini-search engines on the site itself, which a Google can argue they cannot control. Finally, this kind of patchwork ruling (and already nightmarish implementation) will cause a great deal of short-term chaos both from a regulatory and technology viewpoint, but in the long-term it will be very helpful to ultimately getting to the right balance when it comes to consumer privacy protections vs commercial interests.

* * * * *

Revelations of N.S.A. Spying Cost U.S. Tech Companies (The New York Times, March 21 2014)

Microsoft has lost customers, including the government of Brazil.

IBM is spending more than a billion dollars to build data centers overseas to reassure foreign customers that their information is safe from prying eyes in the United States government.

And tech companies abroad, from Europe to South America, say they are gaining customers that are shunning United States providers, suspicious because of the revelations by Edward J. Snowden that tied these providers to the National Security Agency’s vast surveillance program.

Even as Washington grapples with the diplomatic and political fallout of Mr. Snowden’s leaks, the more urgent issue, companies and analysts say, is economic. Technology executives, including Mark Zuckerberg of Facebook, raised the issue when they went to the White House on Friday for a meeting with President Obama. Read More

Analysis – At the end of the day, money is what is going to dissuade companies (not government) from abusing our private information. While there are few companies out there right now who are making a business out of protecting mobile information, there are encouraging signs that more will be joining the fight soon, if only so they can make some money. I would far rather pay someone to ensure my data privacy – including location data – then let someone else make a mint off it for free.

* * *

NSA tracking cellphone locations worldwide, Snowden documents show (Washington Post, 12/5/13)

The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world, according to top-secret documents and interviews with U.S. intelligence officials, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable.

The records feed a vast database that stores information about the locations of at least hundreds of millions of devices, according to the officials and the documents, which were provided by former NSA contractor Edward Snowden. New projects created to analyze that data have provided the intelligence community with what amounts to a mass surveillance tool.

(Video: How the NSA uses cellphone tracking to find and ‘develop’ targets) 

 

 

 

The NSA does not target Americans’ location data by design, but the agency acquires a substantial amount of information on the whereabouts of domestic cellphones “incidentally,” a legal term that connotes a foreseeable but not deliberate result.

One senior collection manager, speaking on the condition of anonymity but with permission from the NSA, said “we are getting vast volumes” of location data from around the world by tapping into the cables that connect mobile networks globally and that serve U.S. cellphones as well as foreign ones. Additionally, data are often collected from the tens of millions of Americans who travel abroad with their cellphones every year.

In scale, scope and potential impact on privacy, the efforts to collect and analyze location data may be unsurpassed among the NSA surveillance programs that have been disclosed since June. Analysts can find cellphones anywhere in the world, retrace their movements and expose hidden relationships among the people using them.

(Graphic: How the NSA is tracking people right now)

U.S. officials said the programs that collect and analyze location data are lawful and intended strictly to develop intelligence about foreign targets.

Robert Litt, general counsel for the Office of the Director of National Intelligence, which oversees the NSA, said “there is no element of the intelligence community that under any authority is intentionally collecting bulk cellphone location information about cellphones in the United States.”

The NSA has no reason to suspect that the movements of the overwhelming majority of cellphone users would be relevant to national security. Rather, it collects locations in bulk because its most powerful analytic tools — known collectively as CO-TRAVELER — allow it to look for unknown associates of known intelligence targets by tracking people whose movements intersect.

Still, location data, especially when aggregated over time, are widely regarded among privacy advocates as uniquely sensitive. Sophisticated mathematical tech­niques enable NSA analysts to map cellphone owners’ relationships by correlating their patterns of movement over time with thousands or millions of other phone users who cross their paths. Cellphones broadcast their locations even when they are not being used to place a call or send a text message.  Read Entire Story

Analysis – This is surprising to us not at all.  Since the Snowden affair broke we have surmised that location data is at the top of the NSA’s priority list.  The aggregation part is particularly bad: think about it as you leaving little breadcrumb trails of location data everywhere you go, and the NSA coming along behind you and analysing all of them.  They can develop a VERY comprehensive picture of your life.  

The consequences of this revelation will be both good and bad:  Good in that it will force location data privacy to the forefront of the privacy discussion.  Bad in that it will accelerate the development of ways to mask or even “spoof” a person’s location, which will make implementing location-based services significantly more complicated. 

     _________________________

FBI Taps Hacker Tactics to Spy on Suspects (The Wall Street Journal, 8/3/13)

Law-Enforcement Officials Expand Use of Tools Such as Spyware as People Under Investigation ‘Go Dark,’ Evading Wiretaps

Law-enforcement officials in the U.S. are expanding the use of tools routinely used by computer hackers to gather information on suspects, bringing the criminal wiretap into the cyber age.

Federal agencies have largely kept quiet about these capabilities, but court documents and interviews with people involved in the programs provide new details about the hacking tools, including spyware delivered to computers and phones through email or Web links—techniques more commonly associated with attacks by criminals.

People familiar with the Federal Bureau of Investigation’s programs say that the use of hacking tools under court orders has grown as agents seek to keep up with suspects who use new communications technology, including some types of online chat and encryption tools. The use of such communications, which can’t be wiretapped like a phone, is called “going dark” among law enforcement.

The FBI develops some hacking tools internally and purchases others from the private sector. With such technology, the bureau can remotely activate the microphones in phones running Google Inc.’s Android software to record conversations, one former U.S. official said. It can do the same to microphones in laptops without the user knowing, the person said. Google declined to comment.

The bureau typically uses hacking in cases involving organized crime, child pornography or counterterrorism, a former U.S. official said. It is loath to use these tools when investigating hackers, out of fear the suspect will discover and publicize the technique, the person said.

A search warrant would be required to get content such as files from a suspect’s computer, said Mark Eckenwiler, a senior counsel at Perkins Coie LLP who until December was the Justice Department’s primary authority on federal criminal surveillance law. Continuing surveillance would necessitate an even stricter standard, the kind used to grant wiretaps.

But if the software gathers only communications-routing “metadata”—like Internet protocol addresses or the “to” and “from” lines in emails—a court order under a lower standard might suffice if the program is delivered remotely, such as through an Internet link, he said. That is because nobody is physically touching the suspect’s property, he added.  Read More

Analysis – There are a couple of important points here.  First, while I have no problem using this technology to catch criminals, there is some gray area when it comes to “metadata.”  While the metadata reference above does not specifically include location data, location data IS generally regarded as metadata, and thus could be included in a “lower standard” as discussed above.

Second, it illustrates the growing danger of malware and other type programs infiltrating our phones.  As those phones become more sophisticated, and the underlying operating systems become more complex yet open (e.g. Android) to all developers, the opportunities for hacking will increase greatly.  This hacking can include of course location information, such that more and more hackers will likely try to access your private data in the months and years ahead.  When location data becomes more prevalent in financial security (such as verifying the location of your phone is being used in your “regular” location area as part of verifying a mobile wallet transaction via your phone), you can expect hackers to become increasingly interested in tracking your movements.

State Farm Is There: As You Drive

Insurers Use Big Data to Track Drivers, Offering Discounts as Lure, But Privacy Advocates See Dangers (The Wall Street Journal, August 4 2013)

As soon as Ed Scharlau of Austin, Texas, pulls out of his driveway in his Ford Expedition, a computer starts keeping score. It keeps track of how fast he accelerates, how abruptly he brakes and how far he drives.

The prize if he scores high enough: a substantial discount on his car insurance.  “This is a step in the right direction,” the 74-year-old former manufacturing executive said. “How I drive should affect my insurance premium.” Mr. Scharlau is on the leading edge of a revolutionary shift in how insurers price car insurance, one that has tantalized the $167 billion industry for more than a decade.

But what many insurers see as a smart application of Big Data, some customers and privacy advocates view as a worrisome encroachment by Big Brother.

The conventional methods for pricing car insurance involve pooling customers on the basis of characteristics such as age, gender and history of speeding tickets and crashes, all of which actuaries have correlated with loss potential.  Insurers acknowledge those methods are imprecise.

More than 1.4 million drivers have signed up for Progressive’s “Snapshot” program since 2008, and the insurer said discounts of up to 30% have topped $125 million.  State Farm’s discounts run as high as 50%.

Still, the programs have critics because of the voluminous  data they collect on customers. “It’s a slippery slope,” said Paul Stephens, an official with the Privacy Rights Clearinghouse, speaking generally. While insurers say they don’t track routes driven, Mr. Stephens fears that as programs expand and get more commonplace, insurers may wind up with “a very detailed log of your whereabouts throughout the day.”

And the data, he said, might be obtained by law-enforcement authorities for criminal probes and parties in civil litigation.

Allstate, State Farm and Progressive said they share data as required by law and that they disclose this to customers. Allstate and Progressive said their devices don’t have Global Positioning System functions. State Farm said it receives information “about the broad geographic areas” in which a vehicle is driven, measuring about 40 square miles, but not “the exact vehicle location.”

Brent Allen, who is Mr. Scharlau’s State Farm agent, said some clients have no interest in the program because of “the Big Brother thing,” but others are eager for discounts.  Mike Hatch, a Minneapolis lawyer who is a former Minnesota attorney general, said more consumers should be wary. “People ought to be more cautious” about allowing such inroads into privacy, he said.

One day recently, Mr. Scharlau logged onto his State Farm account to learn he so far had earned “A+” grades for left-hand turns and for not topping 80 miles per hour, but only “B+” for braking, acceleration and time of day his Expedition was on the road.  Mr. Scharlau said he and his wife now find themselves chatting “about our own driving and what we see around us: ‘Oops, did we just lose points?'”  Read MoreAnalysis – This is an area where you definitely have to weigh the tradeoffs between $ and privacy for yourself.  No question it has the potential to save you money, particularly if you are a good driver yet are lumped into a generally bad category of drivers because of your age, type of car, where you live, long-ago bad driving experiences, etc.  But the privacy concerns are very real; not just the feeling that big brother is watching you but the one that makes you feel that you are continually taking a Drivers Ed class.  I find that the tracking is not that precise somewhat comforting, but have no illusions that more precise tracking will be coming soon as insurers try and refine their actuarial table algorithms (or however the hell they price things).

More importantly (for me anyway) I did/do not like the  potential for survellience that comes with it – lawful or otherwise.  This data IS supeonable in criminal/civil lawsuits I am told.  I personally tried this “usage-based” insurance for a few months (not by State Farm) and indeed did save some money, but in the end I did not like being monitored nor did I like the potential for invasion of privacy, at least at this point in time with the details of what kind of information can be collected, when it is collected, how, and how long is still so muddled legally.  Not to mention not knowing for certain who can see it – law enforcement, third parties, my eX…

* * * * *

Consumers, not tech firms,should control data, documentary filmmaker says (The Washington Post, July 27 2013)

Filmmaker Cullen Hoback was about a year into working on a film on how technology is changing society when he realized that his footage was actually leading him in a different direction — the erosion of online privacy.

“I started out by asking the question of how technology is changing us,” Hoback told The Washington Post in an interview. “I interviewed all these people and was really dissatisfied with my answer. I realized that I had to look at what was behind the technology.”

The result was “Terms and Conditions May Apply,” a new documentary on the tech industry, the current state of online privacy and the role the government plays in data collection. The movie opened in select cities around the country last week, could hardly have come at a more opportune time in light of the disclosures about National Security Agency surveillance programs that collect data on foreigners and average Americans from prominent technology firms.

“It is kind of like a horror film,” Hoback said in describing his work. “I was able to look back and distill how we got here and really break down the relationship between the corporations and the government.”

Hoback draws a line between the shifts in Web users’ online privacy and laws that encourage data retention for national security concerns.

“There were over 10 bills on the floor [of the House and Senate] that were supposed to embed some sort of privacy rights. Then 9/11 happened, and that all got washed away,” he said.

But, as is clear from Hoback’s film, he doesn’t believe that the blame rests solely with the government. “Just because these laws exist, it doesn’t mean that companies [that have provided the data to the government] couldn’t have sat up and tried to change them,” he said. “It seems in­cred­ibly convenient for them, getting an incredible amount of our data. They could be potentially building these systems with privacy at the forefront. It’s really more like the corporations had a lot to gain and the government had a lot to gain.”

He said major technology firms — Google, Facebook and LinkedIn are all featured prominently in the film — have not only taken steps to boost their data collection and retention but have also made it difficult for consumers to parse their lengthy terms and conditions statements for online privacy. Those agreements, which many users approve without reading, are so complicated that they may as well be invisible, he said.

“They’re designed not to be looked at, designed to be scoffed at,” Hoback said. “It’s a joke.”

Hoback said he wanted to make the film to make more lawmakers and Web users aware of online privacy issues, and to show that most people want explicit control over their own data. As part of that effort, Hobart has worked with Internet activist group Demand Progress to set up a Web site — trackoff.us — that directs people to contact their congressional representatives with privacy concerns.

To illustrate his point in the film, Hoback intercepted Mark Zuckerberg as he walked to work — after failing to reach him through official channels — to ask the Facebook chief executive about online privacy. When Zuckerberg asked Hoback to stop filming the conversation with his main camera, the filmmaker complied but continued to record with a camera concealed in his glasses.

The reason for filming that exchange, Hoback said, was to prove that privacy matters to everyone. “We don’t want to be recorded just as much as you don’t want to be recorded,” he said. “With that [scene] I said, Mark, I’m opting you in even though you didn’t necessarily want that.” Based on the reaction he’s seen to his film, he said, he believes there’s plenty of popular support for stronger privacy laws and regulations.

“People are scared and angry, and they want to do something,” he said. But those efforts won’t be simple or easy. The technology industry moves fast, making it harder to form regulations quickly enough for new gadgets such as wearable technologies, he said.

“As these technologies get closer and closer to our bodies, the privacy protections will be more difficult,” to put in place Hoback said. “But the power is in the information.” Hoback said that a recent vote in Congress defeating a provision that would have curbed NSA data collection shows that the fight for privacy is just beginning. But he also said that he believes his film dovetails nicely with the privacy concerns raised by NSA leaker Edward Snowden and will help people better understand what, exactly, they’re consenting to when they hit the “I agree” button.  Read More

Analysis: Great article, and gets to two important points.  First, the Terms & Conditions in most “privacy policies” are a total joke – they are not designed to protect you, but to protect the companies when they do practically anything with your data.  Second, this problem is only going to get worse.  A LOT worse, as ever more personal technologies such as wearable technologies become more prevalent.  Without some sort of major response by consumers and/or legislative bodies, our entire lives – down literally to our underwear – will become open to all to see.

* * * * * *

License plate cameras track millions of Americans (Washington Post, July 17 2013) 

The spread of cheap, powerful cameras capable of reading license plates has allowed police to build databases on the movements of millions of Americans over months or even years, according to an American Civil Liberties Union report released Wednesday.

The license-plate readers, which police typically mount along major roadways or on the backs of cruisers, can identify vehicles almost instantly and compare them against “hot lists” of cars that have been stolen o

But the systems collect records on every license plate they encounter — whether or not they are on hot lists — meaning time and location data are gathered in databases that can be searched by police. Some departments purge information after a few weeks, some after a few months and some never, said the report, which warns that such data could be abused by authorities, and chill freedom of speech and association.

“Using them to develop vast troves of information on where Americans travel is not an appropriate use,” said Catherine Crump, a staff attorney at the ACLU and one of the authors of the report, “You are Being Tracked: How License Plate Readers Are Being Used to Record Americans’ Movements.”

The use of license-plate readers is common in the Washington area, where concerns about terrorism have fueled major investments in the equipment, with much of the money coming from federal grants. Agreements among departments and jurisdictions allow sharing of the location information, with data typically retained for at least a year.

(Story: License plate readers: A useful tool for police comes with privacy concerns)

Such details, say police and law enforcement experts, can help investigators reconstruct suspects’ movements before and after armed robberies, auto thefts and other crimes. Departments typically require that information be used only for law enforcement purposes and require audits designed to detect abuse.

But the ACLU argues that data collection by most police departments is unnecessarily broad. In an analysis of data collected in Maryland, the report found that license-plate readers recorded the locations of vehicle plates 85 million times in 2012.

Based on a partial-year analysis of that data, the ACLU found that about one in 500 plates registered hits. In the overwhelming majority of cases, it said, the alleged offenses were minor, involving lapsed registrations or failures to comply with the state’s emission-control program.

For each million plates read in Maryland, 47 were associated with serious crimes, such as a stolen vehicle or a wanted person, the report said. Statistics collected by the ACLU in several other jurisdictions around the country also found hit rates far below 1 percent of license plates read.

Maryland officials have defended their program, which collects data from departments across the state in a fusion center, which shares intelligence among federal, state and local agencies. In a recent three-month period, state officials said, license-plate readers contributed to 860 serious traffic citations and the apprehension of 180 people for crimes including stolen autos or license plates.

The center deletes the data one year after they are collected, in what officials said was a compromise between investigative needs and privacy rights.

The license-plate readers are also widely used in Northern Virginia and the District, which has them mounted on many of the major roadways entering and exiting the city. A D.C. police spokeswoman did not immediately comment on the ACLU report.

Private companies also are using license-plate-reading technology to build databases, typically to help in repossessing cars.  Read More

Analysis – While not technically a mobile phone issue, it is very indicative of how tracking technology – in whatever form – can be used to essentially “profile” Americans.  I do not use that term lightly; profiling by law enforcement is not just an issue of race, but increasingly one of behavior patterns (e.g. where you go, when you go, how you go – car – and ultimately why you go).   

While there seems to be a valid law enforcement reason for this particular concept (essentially finding and tracking criminals), how it is being practiced is very disturbing – an example of too broad data collection and in particular way too long retention of the data.  It should not be any longer than 24 hours at the most – unless there is a “hit” during that time and for only those hits retaining data for longer periods.

How Kid Apps Are Data Magnets (adapted from The Wall Street Journal, June 27 2013)

While 7-year-old Eros ViDemantay played with a kid’s app on his father’s phone, tracing an elephant, behind the scenes a startup company backed by Google was collecting information from the device—including its email address and a list of other apps installed on his phone.

“My jaw dropped,” says Lee ViDemantay, Eros’s father and a fifth-grade teacher at the Los Angeles Unified School District. “Why do they need to know all that?” The app, called “How to Draw—Easy Lessons,” also sent two of the phone’s main ID numbers.

A Wall Street Journal examination of 40 popular and free child-friendly apps on Google’s Android and Apple  Inc.’s  iOS systems found that nearly half transmitted to other companies a device ID number, a primary tool for tracking users from app to app. Some 70% passed along information about how the app was used, in some cases including the buttons clicked and in what order.

Some three years after the Journal first tested data collection and sharing in smartphone apps—and discovered the majority of apps tested sending details to third parties without users’ awareness—the makers of widely used software continue to gather and profit from people’s personal information.

Data transmissions related to child-friendly apps will be subject to greater government scrutiny after July 1, when the Federal Trade Commission’s new rules on children’s online privacy take effect. The rules, which were adopted in December and outline how the FTC enforces the Children’s Online Privacy Protection Act, or Coppa, expand the types of information considered “personal” and, hence, protected.

These rules could upend the business of some kid-friendly apps that rely on data-driven advertising to bring in money.

Among other things, the new rules will govern collection of location data and certain types of phone ID numbers. The FTC isn’t banning collection of this information altogether. But app developers—and all online services—won’t be able to use it in as many ways as before without receiving explicit parental consent.

The majority of apps—28 of 40—sent data to other companies that provide analytics services that track the ways people use particular apps. The data can range from simple details—for example, when a user opens or closes an app—to complex behavioral patterns. Developers use this information to decide how to improve their games, for example, or what in-game products they might be able to sell to users.

The new Coppa rules count “persistent identifiers” as “personal information” protected under the act. Developers will be allowed to collect the IDs for “activities necessary to [maintain] or analyze the functioning” of the app. But to use the identifiers for behavioral advertising or for targeting individual children, they must obtain “verifiable parental consent.”

In Apple’s iOS operating system, apps don’t request any particular permissions before being downloaded. Instead, Apple segregates user data into three categories: data, such as certain phone identifiers, available to all apps; data available upon in-app request, such as geolocation; and data off-limits to all apps, such as email addresses. Apps that want emails have to ask people to type them in.  Read More

Analysis – Well done  FTC!  Now if we can apply this level of concern for privacy to all Americans.  As a side note, Apple continues to be called out on its lack of privacy protections, including (the lack of those) for location data (see below for more related Apple location privacy articles and analysis.

Trying to capture data related to and synethsizing it to understand complex behavior patterns is one of the next big “things” in location-based services and related technology (it is also referred to as “contextual awareness” and “ambient awareness”). 

Instead of “just” understanding where you are, this kind of data capture/analysis seeks to understand what you are doing, what you were doing, and what you will be doing.  It essentially will be putting together all the pieces of data about you that can be collected via technology – kind of pieces of the jigsaw puzzle of your life – together to figure out not just  Where you are, but What you are doing, When you are doing it, Why you are doing it, and How you are doing it.  Change the word”are” to “were” or “will be” and you get the idea. 

Location technology can clearly capture the “where” (and a portion of “when”) components; “why” can be captured by monitoring what you are doing it on your phone around that time frame (e.g. searching for a place to eat); and from that synethesize the “why.” In one example  you could be driving (the Where and How inferred from location data points relatively far apart in a short period of time) in a retail area (meshing your data points with point-of-interest maps); that it is nearing lunchtime (the data captured was between 1130 and 1330 hours); and that you were doing a search on restaurants in the area during that time period.  From all that data you can easily deduce an accurate Why. 

No big deal you say?  Maybe not in that example, but the point is that this same data capture and analysis can be used to deduce a far more sophisticated portrait of your life, including complex behavior patterns that you might prefer to be kept to yourself.  Watch out!

* * * * *.

U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program (Excerpts from The Washingon Post, June 7 2013)

The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets, according to a top-secret document obtained by The Washington Post.

The program, code-named PRISM, has not been made public until now. It may be the first of its kind. The NSA prides itself on stealing secrets and breaking codes, and it is accustomed to corporate partnerships that help it divert data traffic or sidestep barriers. But there has never been a Google or Facebook before, and it is unlikely that there are richer troves of valuable intelligence than the ones in Silicon Valley.

Jameel Jaffer, deputy legal director of the American Civil Liberties Union, said: “I would just push back on the idea that the court has signed off on it, so why worry? This is a court that meets in secret, allows only the government to appear before it, and publishes almost none of its opinions. It has never been an effective check on government.”

Several companies contacted by The Post said they had no knowledge of the program, did not allow direct government access to their servers and asserted that they responded only to targeted requests for information.

The technology companies, whose cooperation is essential to PRISM operations, include most of the dominant global players of Silicon Valley, according to the document. They are listed on a roster that bears their logos in order of entry into the program: “Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”

 

Sens. Ron Wyden (D-Ore.) and Mark Udall (D-Colo.), who had classified knowledge of the program as members of the Senate Intelligence Committee, were unable to speak of it when they warned in a Dec. 27, 2012, floor debate that the FISA Amendments Act had what both of them called a “back-door search loophole” for the content of innocent Americans who were swept up in a search for someone else.

As it is written, there is nothing to prohibit the intelligence community from searching through a pile of communications, which may have been incidentally or accidentally been collected without a warrant, to deliberately search for the phone calls or e-mails of specific Americans,” Udall said.

The Obama administration points to ongoing safeguards in the form of “extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.”

And it is true that the PRISM program is not a dragnet, exactly. From inside a company’s data stream the NSA is capable of pulling out anything it likes, but under current rules the agency does not try to collect it all.

Analysts who use the system from a Web portal at Fort Meade, Md., key in “selectors,” or search terms, that are designed to produce at least 51 percent confidence in a target’s “foreignness.” That is not a very stringent test. Training materials obtained by The Post instruct new analysts to make quarterly reports of any accidental collection of U.S. content, but add that “it’s nothing to worry about.” Even when the system works just as advertised, with no American singled out for targeting, the NSA routinely collects a great deal of American content. That is described as “incidental,” and it is inherent in contact chaining, one of the basic tools of the trade. To collect on a suspected spy or foreign terrorist means, at minimum, that everyone in the suspect’s inbox or outbox is swept in. Intelligence analysts are typically taught to chain through contacts two “hops” out from their target, which increases “incidental collection” exponentially. The same math explains the aphorism, from the John Guare play, that no one is more than “six degrees of separation” from any other person.

Like market researchers, but with far more privileged access, collection managers in the NSA’s Special Source Operations group, which oversees the PRISM program, are drawn to the wealth of information about their subjects in online accounts.  According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms. may be troubled by the menu available to analysts who hold the required clearances to “task” the PRISM system.

There has been “continued exponential growth in tasking to Facebook and Skype,” according to the PRISM slides. With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an analyst obtains full access to Facebook’s “extensive search and surveillance capabilities against the variety of online social networking services.”

Firsthand experience with these systems, and horror at their capabilities, is what drove a career intelligence officer to provide PowerPoint slides about PRISM and supporting materials to The Washington Post in order to expose what he believes to be a gross intrusion on privacy. “They quite literally can watch your ideas form as you type,” the officer said.  Read Full Story

Analysis – This is just as frightening as the NSA call collection of all VZW calls (and likely ALL calls, see next story analysis), as it gets into full interception of content, not just metadata.  While this news article does not single out location, you can be sure that the location of the source and recipient of the content is being captured. 

Even more disturbing is the potential for abuse from cross-indexing this content data with the metadata being captured from the wireless carriers.  In combination, both of these types of data sets can easily be used to develop a complete picture – including names, numbers/addresses (telephone and IP addresses), physical location of tranmission, physical location of recipients, and finally all types of content.  In other words, EVERYTHING.  It would represent an end-around the direct requirement of a warrant to get this information from a single court order, by using the two (and who knows what other orders are out there) and capitalizing on “gray areas” within and between the seperate orders to obtain information that a single order could not.

For those of you who might say “they wouldn’t do that,” I beg to differ.  The temptation to do this would be incredible, particularly by “collection managers” who with a few clicks would have all of this information at their fingertips.  Having these managers/analysts file quarterly reports on “accidental” data collection while telling them it is “nothing to worry about” is not only NOT a deterrent, it is an enabler to give in to the temptation of all this power at their fingertips.

As a humorous aside, it is greatly amusing to see how this issue has scrambled the normal partisan lines.  The New York Times – Obama’s #1 supporter – has become its harshest critic on this issue.  At the same time, Obama’s #2 opponent, The Wall Street Journal, is a big fan of this survellience.  In the mean time O’s #1 opponent, Fox News, is in effect siding with the Times but in general can hardly contain its glee with all this scandal.  Gotta find humor where you can in all this mess because there is not much of it to find…

 * * * * *

NSA collecting phone records of millions of Verizon customers daily Exclusive: Top secret court order requiring Verizon to hand over all call data shows scale of domestic surveillance under Obama (The Guardian, June 6 2013)

The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America’s largest telecoms providers, under a top secret court order issued in April.The order, a copy of which has been obtained by the Guardian, requires Verizon on an “ongoing, daily basis” to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries.

The document shows for the first time that under the Obama administration the communication records of millions of US citizens are being collected indiscriminately and in bulk – regardless of whether they are suspected of any wrongdoing.

The secret Foreign Intelligence Surveillance Court (Fisa) granted the order to the FBI on April 25, giving the government unlimited authority to obtain the data for a specified three-month period ending on July 19.

Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.  Read More

Analysis:  Where to begin – this is so disturbing on many levels.  While the data collection supposedly did not include actually listening/looking at the actual content involved, the metadata involved – including location data – is hugely invasive.  And it covered ALL calls for ALL users – the “limitation” to metadata allowed blanket access to personal information that otherwise requires a warrant.

There are so many unanswered questions in and about this order.  Here is a starter list: Does it cover wireless calls? Is it just Verizon?  How long will they keep the data?  Did Verizon have to comply?

 

Does it cover wireless calls? – While the order doesn’t say, and if read narrowly it could be limited to a Verizon subsidiary, I would say there is virtually no chance that it does NOT include wireless calls.  Grandma sitting at home calling her friend next door on their landlines is not going to do the NSA any good – it is the potential terrorists using cell phones that are the target.

 

Is it just Verizon? – No, terrorists don’t have a VZW family plan, making them only use Verizon connections.  OF COURSE it is not just Verizon – a certainty is AT&T, likely Sprint and T-Mobile, and who knows how many Tier 2 carriers.

 

How long will they keep the data? – This is one of the incredibly scary parts.  Initial reports indicate that it could be indefinitely, as the order contains no “mitigation clause” that requires the NSA or FBI to destroy data that they were not using or not relevant.  Think about it: five years from now a government agency can go back and trace your everyday movements (using location data) over that time to see how often you were at work, home, play, church, gun shows, a bar, a “friend”, a “good friend”, visiting public officials (listen up AP and Fox News journalists)…. you get the idea.  They could use this “big data” to zero in on behavior patterns they deem threatening, then to individuals matching the patterns.  The IRS targeting groups based just on their name would be nothing compared to the potential abuse here.

 

Did Verizon have to comply? – While I have no reason to doubt that Verizon had no recourse but to abide by the court order (in stark contrast to its selling of customer data – see below story), I do wonder if they had and tried to use any legal  recourse to prevent it or limit its scope.  Also, I wonder how much they are getting paid for doing this.  It can’t be for free – this would be a huge undertaking costing mega-bucks to implement.  I just wonder if they are just covering their costs, or making a profit on it… 

Bottom Line – I am probably biased, but I suspect that the location data is at the top of what the NSA is looking for.  If they can’t monitor the actual content, then tracking the physical activity – e.g. the location – of individuals is the next best thing.  Erosion of civil liberties – here we come.

* * * * *

Assessors Use Google’s Street View Photos to Find Signs of Undeclared Wealth (adapted from The WSJ, 5/31/13)

VILNIUS, Lithuania—One day last summer, a woman was about to climb into a hammock in the front yard of a suburban house here when a photographer for the Google Inc. Street View service snapped her picture.

The apparently innocuous photograph is now being used as evidence in a tax-evasion case brought by Lithuanian authorities against the undisclosed owners of the home.

Some European countries have been going after Google, complaining that the search giant is invading the privacy of their citizens. But tax inspectors here have turned to the prying eyes of Street View for their own purposes.

After Google’s car-borne cameras were driven through the Vilnius area last year, the tax men in this small Baltic nation got busy. They have spent months combing through footage looking for unreported taxable wealth.  Read More

Analysis – If you don’t think this kind of nightmare combination of invasion of privacy and taxes isn’t coming to a country and town near you, you are fooling yourself. 

I can forsee (unfortunately) a time in the near future when building your dream home includes specific design elements to hide what you have from satellite and street cameras.  Kind of like trying to hide your own nuclear program a la Iran.  God help us if we get to this point, but we will without specific legal protections and prohibitions.

Apple’s Cook Hints at Wearable Devices (The Wall Street Journal May 23 2013)

Chief Executive Tim Cook, defending the company’s prowess as a tech trend-setter, hinted that wearable devices may play a role in future product plans.

Mr. Cook praised devices such as Nike Inc.’s FuelBand, an activity tracker worn on the wrist. He said such wearable products “could be a profound area for technology,” while expressing less excitement about Google Glass, Google Inc.’s high-tech eyeglasses that serve as a kind of heads-up display to view Internet content. He said it’s “tough to see” Google’s product having mass-market appeal.

The Wall Street Journal reported in February that Apple is experimenting with designs for a watch-like device that would perform some functions of a smartphone, according to people briefed.  Read More

Analysis – While useable, practical wearable devices would definitely fall into the “cool” category a la Dick Tracy, it should be fairly obvious about the potential for huge levels of abuse.  

One possible endgame would be being able to detect and track everything on your person, from the earrings on your ears to the shoes on your feet, and in turn feeding that info (along with its location) to eager retailers chomping at the bit to ever more personalize its ads.  A kind of reverse customer showrooming of sorts.

Phone Companies Selling Personal Information (Fox News, May 22, 2013, adapted from The Wall Street Journal)

 

Big phone companies have begun to sell the vast troves of data they gather about their subscribers’ locations, travels and Web-browsing habits.

The information provides a powerful tool for marketers but raises new privacy concerns. Even as Americans browsing the Internet grow more accustomed to having every move tracked, combining that information with a detailed accounting of their movements in the real world has long been considered particularly sensitive.

The new offerings are also evidence of a shift in the relationship between carriers and their subscribers. Instead of merely offering customers a trusted conduit for communication, carriers are coming to see subscribers as sources of data that can be mined for profit, a practice more common among providers of free online services like Google and Facebook.

When a Verizon Wireless customer navigates to a website on her smartphone today, information about that website, her location and her demographic background may end up as a data point in a product called Precision Market Insights. The product, which Verizon launched in October 2012 after trial runs, offers businesses like malls, stadiums and billboard owners statistics about the activities and backgrounds of cellphone users in particular locations.  Read more

Analysis:  This should scare the hell out of anybody who uses location-based services.  It is not just that it is being done, it is who is doing it – Verizon Wireless. 

A direct descendent of the old Bell system, Verizon was once the most conservative of a bunch of conservative companies when it came to the protection of customer information.  Verizon Wireless actually delayed launching LBS services until the mid 2000’s due to concerns about the sensitivity and legal liability associated with location information.  Now it is actively marketing that data!  So what if it is “aggregated” and “anonymized” – it is a small step from doing that on a “micro” basis (which is the level described in this article) to being able to determine the actual identity of the user.  Ironically, VZW last year had a news release touting their commitment to the protection of personal data while touting how selling your “de-identified” data would be good for you…

If the carriers – the last bastion of customer data protection – are doing this, then ALL bets are off when it comes to your privacy.

* * * * *

F.T.C. Suggests Privacy Guidelines for Mobile Apps (NY Times February 1, 2013)

In a strong move to protect the privacy of Americans as they use the Internet on their smartphones and tablets, the Federal Trade Commission on Friday said the mobile industry should include a do-not-track feature in software and apps and take other steps to safeguard personal information.

The staff report, which was approved by the commission, is not binding, but it is an indication of how seriously the agency is focused on mobile privacy. As if to emphasize that, the commission on Friday separately fined Path, a two-year-old social networking app, $800,000. It charged the company with violating federal privacy protections for children by collecting personal information on underage users, including almost everyone in users’ address books.

Together the actions represent the government’s heightened scrutiny of mobile devices, which for many Americans have become the primary way of gaining access to the Internet, rather than through a laptop or desktop computer.

“We‘ve been looking at privacy issues for decades,” said Jon Leibowitz, the F.T.C. chairman. “But this is necessary because so much commerce is moving to mobile, and many of the rules and practices in the mobile space are sort of like the Wild West.”  Read More

Analysis: Wild West Indeed.  While the article only briefly mentions location, it is quickly becoming the largest body of data (in type and volume) being collected and used.  Its potential for abuse is enormous.  While we are not a big fan of government regulation, this is clearly one area where government needs to take leadership.  The article rightly mentions that this lack of guidance and standards is impacting how companies are using or not using personal wireless information.  The collection of personal information CAN play a very positive role in users’ lives under the right conditions and with the knowledge and consent of the user.  In the wrong conditions and without the knowledge and consent of the user the results can be irritating at best and potentially even horrific at worst.  In any event it is a legal and application design gray area to put it mildly.  The government needs to accelerate its efforts in this area.

Data-Gathering via Apps Presents a Gray Legal Area (NY Times October 28, 2012)

Angry Birds, the top-selling paid mobile app for theiPhone in the United States and Europe, has been downloaded more than a billion times by devoted game players around the world, who often spend hours slinging squawking fowl at groups of egg-stealing pigs.

While regular players are familiar with the particular destructive qualities of certain of these birds, many are unaware of one facet: The game possesses a ravenous ability to collect personal information on its users.

When Jason Hong, an associate professor at the Human-Computer Interaction Institute at Carnegie Mellon University, surveyed 40 users, all but two were unaware that the game was storing their locations so that they could later be the targets of ads (emphasis added).

The shift has brought consumers into a gray legal area, where existing privacy protections have failed to keep up with technology. The move to mobile has set off a debate between privacy advocates and online businesses, which consider the accumulation of personal information the backbone of an ad-driven Internet.

In the United States, the data collection practices of app makers are loosely regulated, if at all; some do not even disclose what kind of data they are collecting and why. Last February, the California attorney general, Kamala D. Harris, reached an agreement with six leading operators of mobile application platforms that they would sell or distribute only mobile apps with privacy policies that consumers could review before downloading.  Read More

Analysis: This is a legal storm building, and when it bursts (likely in some sort of horrific media event) it is going to be huge. 

* * * * *

 

Police Are Using Phone Tracking as a Routine Tool (NY Times March 31, 2012)

Law enforcement tracking of cellphones, once the province mainly of federal agents, has become a powerful and widely used surveillance tool for local police officials, with hundreds of departments, large and small, often using it aggressively with little or no court oversight, documents show.

The practice has become big business for cellphone companies, too, with a handful of carriers marketing a catalog of “surveillance fees” to police departments to determine a suspect’s location, trace phone calls and texts or provide other services. Some departments log dozens of traces a month for both emergencies and routine investigations.

With cellphones ubiquitous, the police call phone tracing a valuable weapon in emergencies like child abductions and suicide calls and investigations in drug cases and murders. One police training manual describes cellphones as “the virtual biographer of our daily activities,” providing a hunting ground for learning contacts and travels.

But civil liberties advocates say the wider use of cell tracking raises legal and constitutional questions, particularly when the police act without judicial orders. While many departments require warrants to use phone tracking in nonemergencies, others claim broad discretion to get the records on their own, according to 5,500 pages of internal records obtained by the American Civil Liberties Union from 205 police departments nationwide.

The internal documents, which were provided to The New York Times, open a window into a cloak-and-dagger practice that police officials are wary about discussing publicly. While cell tracking by local police departments has received some limited public attention in the last few years, the A.C.L.U. documents show that the practice is in much wider use — with far looser safeguards — than officials have previously acknowledged.

The issue has taken on new legal urgency in light of a Supreme Court ruling in January finding that a Global Positioning System tracking device placed on a drug suspect’s car violated his Fourth Amendment rights against unreasonable searches. While the ruling did not directly involve cellphones — many of which also include GPS locators — it raised questions about the standards for cellphone tracking, lawyers say.

The police records show many departments struggling to understand and abide by the legal complexities of cellphone tracking, even as they work to exploit the technology.

In cities in Nevada, North Carolina and other states, police departments have gotten wireless carriers to track cellphone signals back to cell towers as part of nonemergency investigations to identify all the callers using a particular tower, records show.

In California, state prosecutors advised local police departments on ways to get carriers to “clone” a phone and download text messages while it is turned off.

In Ogden, Utah, when the Sheriff’s Department wants information on a cellphone, it leaves it up to the carrier to determine what the sheriff must provide. “Some companies ask that when we have time to do so, we obtain court approval for the tracking request,” the Sheriff’s Department said in a written response to the A.C.L.U.

And in Arizona, even small police departments found cell surveillance so valuable that they acquired their own tracking equipment to avoid the time and expense of having the phone companies carry out the operations for them. The police in the town of Gilbert, for one, spent $244,000 on such equipment.

Cell carriers, staffed with special law enforcement liaison teams, charge police departments from a few hundred dollars for locating a phone to more than $2,200 for a full-scale wiretap of a suspect, records show.

Most of the police departments cited in the records did not return calls seeking comment. But other law enforcement officials said the legal questions were outweighed by real-life benefits.

The police in Grand Rapids, Mich., for instance, used a cell locator in February to find a stabbing victim who was in a basement hiding from his attacker.

“It’s pretty valuable, simply because there are so many people who have cellphones,” said Roxann Ryan, a criminal analyst with Iowa’s state intelligence branch. “We find people,” she said, “and it saves lives.”

Analysis:  I have absolutely no problem with police using location information to track criminals or finding missing persons.  In the latter case time is of the essence and no time needs to be wasted on bureaucratic proceedings.  In the former I do have concerns with law enforcement using tracking devices without court appoval, and applaud the Supreme Court’s ruling. 

But there is still alot of legal gray area that needs to be cleared up.  I have a huge problem with police departments getting their own tracking equipment – this is just begging to be abused.  I also have a big problem with this being a profit center for carriers – it needs to be a cost center just like 911.  Being a profit center might make them a bit too over-eager when a gray area comes up.

GPS AND POSITIONING DEVELOPMENTS

Massive GPS Jamming Attack by North Korea (GPS World, May 23, 2012

Large coordinated cyber attacks from North Korea near its border with South Korea produced electronic jamming signals that affected GPS navigation for passenger aircraft, ships, and in-car navigation for roughly a week in late April and early May. To date, no accidents, casualties, or fatalities have been attributed to jammed navigation signals aboard 337 commercial flights in and out of South Korean international airports, on 122 ships, including  a passenger liner carrying 287 people and a petroleum tanker. One South Korean driver tweeted “It also affects the car navigation GPS units.  I am getting a lot of errors while driving in Seoul.” Read More

Analysis: Besides giving us one more reason to despise North Korea, it provides one more reason to have redundant location technologies whenever possible, particularly for safety related applications.

 

Google Satellites Can Track Every Ship At Sea — Including US Navy; Detailed Maps Planned of Sea Bottom

aol.com By  and  May 17, 2012

VIRGINIA BEACH, VA: Google has launched a pair of low-cost satellites that can track virtually every ship at sea, giving the current location and identity even of American warships. While the company is consulting with the Navy and others about security issues, it plans to go public with the data soon.  Read More

Analysis: This is one of those inventions that will have 101 uses – including ones not even on Google’s radar screen.

GPS Robots Swarm California Rivers

GPS World May 15, 2012

Swarms of robots equipped with GPS and sensors were released May 9 into California rivers to measure water flow, salinty levels, and pollution, reports OurAmazingPlanet.com. The Floating Sensor Network is intended to change the way water quality and flows are monitored in the Sacramento-San Joaquin river system.  Read More

Analysis: LBS knows no bounds!  Besides the slightly scary aspect regarding GPS robots, it’s an excellent example of various location technologies being used in new and exciting ways – particularly in this case, the unique use cases and combination with other sensors.

LightSquared Nears Bankruptcy  (Update – It did file on May 15th)

May 13, 2012 The Wall Street Journal By MIKE SPECTOR And GREG BENSINGER

Hedge-fund manager Philip Falcone’s LightSquared Inc. venture was preparing Sunday to file for bankruptcy protection after negotiations with lenders to avoid a potential debt default faltered, said people familiar with the matter.

LightSquared and its lenders still have until 5 p.m. Monday to reach a deal that would keep the wireless-networking company out of bankruptcy court, and there were some indications over the weekend that a final decision hadn’t yet been reached on its fate. Still, the two sides remained far apart, and people involved in the negotiations expected LightSquared to begin making bankruptcy preparations in earnest.  Read More

Analysis: What a mess.  You’ve never seen a regulatory battle like this one since the breakup of AT&T.  (Obvious) Lesson – Don’t put all your eggs in one basket, and make sure you have plenty of Plan B’s, C’s, D’s…

GPS Monitoring of Sex Offenders Can Cut Recidivism

LBS Zone May 10, 2012

WASHINGTONMay 10, 2012 — The United States Department of Justice’s National Institute of Justice (NIJ) recently released a study that evaluated the use of global positioning systems (GPS) technology to monitor high-risk sex offenders on parole in California.

Offenders in the GPS group demonstrated significantly better outcomes than offenders who were monitored in traditional ways.  The evaluation showed that risk for a sex-related violation was nearly three times greater for offenders who received traditional parole supervision, than offenders who received GPS supervision. The risk of committing an offense that resulted in an arrest was twice as high for offenders who received traditional parole supervision than for offenders in the GPS group.

When compared to traditional supervision, the study found that GPS monitoring costs approximately $8.51 more per day.  The outcomes of GPS monitoring, however, are significantly better. Read More

Analysis: Good news on many fronts.  Interesting cost estimate.  Full report can be found at this link

__________________________

LBS LEGAL AND PRIVACY NEWS

 

New Jersey judge rules texter not liable for driver’s car crash (Fox News May 26th, 2012)

 

A woman who texted her boyfriend while he was driving cannot be held liable for a car crash he caused while responding, seriously injuring a motorcycling couple, a judge ruled Friday in what is believed to be the first case of its kind in the country.

A lawyer for the injured couple argued that text messages from Shannon Colonna to Kyle Best played a role in the September 2009 wreck in Mine Hill. But Colonna’s lawyer argued she had no control over when or how Best would read and respond to the message.  Read More

Analysis: Thank God! As we noted earlier (see below a couple articles), if this lawsuit was allowed to stand it would have tremendous implications, not the least of which for location information – and NOT in a good way.  Our faith in the the justice system got an uptick!

 

58% Use Location-based Apps Despite Privacy Concerns  LBS Zone April 9, 2012

ROLLING MEADOWS, Ill.–(BUSINESS WIRE)–Fifty-eight percent of consumers who have a smart device use location-based applications, despite concerns about safety and use of their personal information for marketing purposes, according to a survey from nonprofit global information security association ISACA.

“Location-based apps can be tremendously convenient, but also risky. People should educate themselves to understand how their data is being used or know how to disable this feature”

A telephone poll of 1,000 Americans shows that many people are concerned about geolocation, which uses data from a computer or mobile device to identify a physical location:

  • Top concerns include third-party use of personal information for marketing purposes (24%) and strangers knowing too much about people’s activities (24%)
  • Personal safety is the next biggest concern (21%)
  • 43% of people do not read the agreements on apps before downloading them, and of those who do read the agreements, 25% believe these agreements are not clear about how location information is being used  Read More

Analysis: No surprise here, but good quantitative reinforcement to have privacy at the top of mind when designing LBS apps.

Despite dangers U.S. teens text and drive: poll

By Chris Michaud Reuters | Mon May 14, 2012 1:08am EDT

Nearly half of the teenagers polled in an AT&T-commissioned survey released today said they had engaged in texting activity while driving; most of the respondents added that it was also common for their friends and parents to do so. Separately, a New Jersey judge is hearing a case in which a couple injured in a car accident has sued both the receiver and sender of the text message that allegedly distracted the driver who caused the crash. The judge will rule on whether the person who sent the message can be held liable for damages. 
Reuters (5/14), CNET

Analysis: The potential that the sender of the text message could be sued is absolutely terrifying.  While it’s conceivable that location technology could be incorporated into the overhead of a text message sending process, it would be complicated, time consuming, and costly.  Let’s hope the judge realizes how ridiculous this is – what’s the difference between someone who calls you as opposed to texting?  It’s you as the receiver of whatever type of message to make a good judgement. 

Wireless Carriers Who Aid Police Are Asked for Data

WASHINGTON — A leading House Democrat is demanding information from the country’s biggest cellphone companies about their role in helping local police departments conduct surveillance and tracking of suspects and others in criminal investigations.

In his letter, Mr. Markey sought data from the cellphone carriers on the number of requests for help they have received from law enforcement officials in cell tracking and surveillance operations, their policies on whether they require the authorities to secure court warrants, the use of cellphone surveillance in nonemergencies, the fees they charge the police and other information.

His letter was prompted by an April 1 article in The New York Times on the routine use of cellphone surveillance by local police departments, even in nonemergency situations.  Read More

Analysis: The big issue here is a lack of consistency and a standard application of law.  The article notes “gray areas” that allow individual police departments to set their own policies.  While we are a big proponent of law enforcement (and not thrilled with Congress getting involved with everyday life), this is just asking for trouble.

FACEBOOK NEWS

Facebook’s Mobile Miscalculation (The WSJ – May 23, 2012)

The Social Network Plays Catch-Up After Ignoring Its App; One Frustrated Game Maker Bows Out

As Facebook Inc. begins life as a public company, it is confronting heightened concern about its business. One of the biggest question marks is its mobile strategy.

Facebook’s recent experience with app developer CrowdStar Inc. shows just how deep its mobile problems are rooted. CrowdStar was an active developer of social games on Facebook in 2010, with 50 million daily active users playing its games like “Happy Aquarium” and “Happy Pets,” said CrowdStar Chief Executive Peter Relan.

But last month, CrowdStar stopped making new games for Facebook. Instead, the Burlingame, Calif., company plans to focus on creating games for mobile … Read More (Note it is subscription access only)

Analysis: Essentially the WSJ says that Facebook screwed up by not developing a sophisticated mobile app for the site; instead, having users access the site via their mobile web browser.  We concur.  This is preventing many apps such as games from being able to be used on mobile devices.

Bankers Under Fire as Facebook Slips 11%

NEW YORK—Facebook Inc. FB -10.99% shares skidded on their second day on the stock market to well below their offer price, leaving some investors who bought in the social network’s public offering in the red and raising questions about whether the company and its lead banker, Morgan StanleyMS -1.20% botched the deal.

The slump is likely to turn up the heat on Facebook to boost its performance by generating more revenue from its user base, which includes more than 900 million active users. The company’s earnings fell 12% in the first quarter amid surging expenses.

Revenue slipped compared with the fourth quarter, a decline the company blamed on “seasonal trends” in the advertising business and growth in markets where Facebook generates less revenue per user, according to a regulatory filing last month. Read More

Analysis: While this is location news site, not a financial analysis one, the fact that they are under so much pressure to add revenue – and that a critical element for this is mobile (see next article) – indicates major initiatives to come, including in the LBS space, given the importance of location in mobile advertising and mobile social networking in general.

Facebook’s Zuckerberg says mobile first priority

(Reuters) – Facebook CEO Mark Zuckerberg, whose limited role in promoting the No. 1 social network’s market debut has drawn criticism, laid out its growth strategy to investors on Friday, saying that transforming its mobile and advertising experience are top priorities in 2012.

Integrating online apps more strongly into Facebook is also a major goal, he told hundreds of investors at an event that capped the first week of Facebook’s cross-country “roadshow” to pitch its highly anticipated initial public offering. Read More

Analysis: Certainly this is desireable – the question is in the execution.  The current consensus amoung people I interact with has the mobile UI for Facebook being horrible.  Throwing a bunch of additional apps into the mix without fundemantally improving the overall mobile platform is begging for trouble.

 ________________________________

M2M NEWS

 

Verizon CTO: Industry needs standard M2M platform

 

May 9, 2012 — 3:37pm ET | By  Fierce Wireless

NEW ORLEANS–Verizon Communications (NYSE:VZ) CTO Tony Melone said the industry needs a common, shared architecture for machine-to-machine connections, arguing that the industry’s current approach toward the issue has created fragmentation.

______________________________

UNUSUAL LBS APPS

Buy Me a Drink App to Launch in Asia on May 16 at the Butter Factory LBS Zone May 11, 2012

Buy Me A Drink’s Chief Party Officer Silvana Carpanelli-Hayes said “It’s official, we are ready to party in Asia! On May 16th not only we will celebrate crossing over from NYC to Singapore but we will also release Buy Me A Drink to Android users for the very first time.”

The May 16th event will also see the exclusive worldwide launch of the Android version of the App allowing users of the world’s most popular Smartphone platform to finally access the Ultimate Nightlife App.

Celeste Chong Co-founder and Marketing Director at The Butter Factory says “We are really excited to be the exclusive Asian launch partner for the Buy Me a Drink App here at The Butter Factory in Singapore, we are looking forward to partying with them on May 16th!”

About Buy Me A Drink
Buy Me A Drink is a nightlife-socializing App that helps you meet new people everywhere you party over your favorite drinks and rewards you with free music downloads just for using the App. The App is now available on iPhone and Android and holds offices both in NYC and Singapore.

Analysis: Curious about the privacy functionality, if it exists at all.

___________________________

RETAIL/MOBILE LOCAL SEARCH

Why are cellphone-equipped shoppers halting in-store purchases? CTIA Smartbrief May 17, 2012
More than half of in-store shoppers who use their cellphones to shop have abandoned their purchases, according to an Interactive Advertising Bureau study that also found that 30% of those who opted against buying in the store said they found the items cheaper online using their handsets. “Fighting this trend is certainly going to be a losing strategy, so I predict that savvy marketers will learn to live with, and even court, these newly empowered consumers, who can and do leave a store if they discover a better deal somewhere else,” said the IAB’s Joe Lazlo. MobileCommerceDaily.com (5/17)

Analysis: Absolutely agree that fighting this trend is going to be a losing strategy.  Effective use of location and creative ways to find out what the customer is actually shopping for will be critical.  See next article.

Can Texting Save Stores?

‘Geofencing’ Lets Retailers Offer Deals to Nearby Customers, Fight Price-Shopping

Retailers are trying to make smartphones work for them instead of against them.

Take Maurices. The women’s clothing chain last month started sending promotions to the phones of people who come within a few hundred yards of its stores. Consumers who opt in to the service are sent messages about in-store sales. There is little evidence that sort of marketing actually works, but Maurices wants to give it a shot, in hopes of drawing people to the chain’s bricks and mortar locations.

Retailers desperately hope the technology—called “geofencing”—can be at least one successful response to the dreaded “showrooming,” where a shopper comes into a store to see an item but then makes the purchase online after finding a better price via smartphone.

The idea behind geofencing is to target consumers when they are nearby—and the promotions can get hyper-local, like beaming a special on umbrellas to people within a 10-mile radius during a rainstorm, or touting a markdown on aisle 6 when a customer is walking down aisle 3.  Read More

Analysis: The word “desperately” is quite appropriate, particularly for big box stores.  The key trick however is in knowing what the customer is actively looking for. If they can figure this out on a high volume basis they will have a winner. 

MEDICAL LBS NEWS

RFID medical records management pilot in India could track 100K residents (RFID 24-7, May 23, 2012)

The humanitarian benefits of deploying RFID have been making headlines over the last 12 months. While the inventory accuracy gains enjoyed by retailers from deploying RFID are breathtaking, they take a back seat when it comes to the technology’s ability to save lives.

From solutions designed to monitor drugs given to cancer patients to tagging dead bodies with RFID tags to add visibility to the organ donor supply chain, RFID is improving patient care — and saving lives — around the globe.

The RFID-based ID system is allowing health care workers to track patients in the city. Dr. Ali Zalzala, an IEEE volunteer and lead for the project, tells RFID 24-7 that the project — which distributes RFID-enabled ID cards to citizens — is improving patient care and saving lives every day.

“Prior to the system, physicians would not always remember what happened with a [patient] a week or so ago, and mistakes did happen with medication and diagnosis,” he says. “Holding patient records is making a huge change and saving life. Physicians now can look at the entire history of a patient and know if drug interaction or previous episodes may cause issues.” Read More

Analysis: One more example of how location technology can make a major difference beyond just reducting costs.

 

Exploring the Role of Mobile Technology as a Health Care Helper

The New York Times  By STEPHANIE NOVAK Published: May 13, 2012

Two decades ago, a woman having a difficult birth in a Ugandan village would have had few options to get life-saving treatment if there was not a nearby health clinic. But today, mobile technology can help her get advice from a doctor in Kampala over the telephone, alert a community health worker about her situation, or even get her to a hospital.

Mobile technology is changing the landscape of health care delivery across the developing world by giving people who live in rural villages the ability to connect with doctors, nurses and other health care workers in major cities.

“Now, a phone call can compress the time that it would have taken before to come to that decision point and get the woman care more often and quickly,” said Dr. Alain Labrique, a professor of International Health and Epidemiology at Johns Hopkins University, in Baltimore.  Read More

Analysis: While there is no specific mention of location in this article, I think it is pretty apparent as to how LBS could be incorporated into this area.  For example doctors/care givers could much more readily locate patients – particularly important in situations where minutes can make all the difference – and visa versa.  It is well know that critical medical equipment and supplies are in short supply in many areas of Africa – GPS tags could make the management and availability of these critical assets much easier.  This is probably the tip of the iceburg.

 

San Francisco Bans Facial Recognition Technology

The New York Times, May 14, 2019

SAN FRANCISCO — San Francisco, long at the heart of the technology revolution, took a stand against potential abuse on Tuesday by banning the use of facial recognition software by the police and other agencies.

The action, which came in an 8-to-1 vote by the Board of Supervisors, makes San Francisco the first major American city to block a tool that many police forces are turning to in the search for both small-time criminal suspects and perpetrators of mass carnage.

The authorities used the technology to help identify the suspect in the mass shooting at an Annapolis, Md., newspaper last June. But civil liberty groups have expressed unease about the technology’s potential abuse by government amid fears that it may shove the United States in the direction of an overly oppressive surveillance state.

[Facial recognition technology has stoked controversy over the years. Here’s a look back.]

Aaron Peskin, the city supervisor who sponsored the bill, said that it sent a particularly strong message to the nation, coming from a city transformed by tech.

“I think part of San Francisco being the real and perceived headquarters for all things tech also comes with a responsibility for its local legislators,” Mr. Peskin said. “We have an outsize responsibility to regulate the excesses of technology precisely because they are headquartered here.”

But critics said that rather than focusing on bans, the city should find ways to craft regulations that acknowledge the usefulness of face recognition. “It is ridiculous to deny the value of this technology in securing airports and border installations,” said Jonathan Turley, a constitutional law expert at George Washington University. “It is hard to deny that there is a public safety value to this technology.”…

…On Capitol Hill, a bill introduced last month would ban users of commercial face recognition technology from collecting and sharing data for identifying or tracking consumers without their consent, although it does not address the government’s uses of the technology.

Matt Cagle, a lawyer with the A.C.L.U. of Northern California, on Tuesday summed up the broad concerns of facial recognition: The technology, he said, “provides government with unprecedented power to track people going about their daily lives. That’s incompatible with a healthy democracy.”

The San Francisco proposal, he added, “is really forward-looking and looks to prevent the unleashing of this dangerous technology against the public.”

In one form or another, facial recognition is already being used in many American airports and big stadiums, and by a number of other police departments. The pop star Taylor Swift has reportedly incorporated the technology at one of her shows, using it to help identify stalkers.

The facial recognition fight in San Francisco is largely theoretical — the police department does not currently deploy such technology, and it is only in use at the international airport and ports that are under federal jurisdiction and are not impacted by the legislation.

Some local homeless shelters use biometric finger scans and photos to track shelter usage, said Jennifer Friedenbach, the executive director of the Coalition on Homelessness. The practice has driven undocumented residents away from the shelters, she said…

…The ban prohibits city agencies from using facial recognition technology, or information gleaned from external systems that use the technology. It is part of a larger legislative package devised to govern the use of surveillance technologies in the city that requires local agencies to create policies controlling their use of these tools. There are some exemptions, including one that would give prosecutors a way out if the transparency requirements might interfere with their investigations.

Still, the San Francisco Police Officers Association, an officers’ union, said the ban would hinder their members’ efforts to investigate crime.

“Although we understand that it’s not a 100 percent accurate technology yet, it’s still evolving,” said Tony Montoya, the president of the association. “I think it has been successful in at least providing leads to criminal investigators.”…

…But Dave Maass, the senior investigative researcher at the Electronic Frontier Foundation, offered a partial list of police departments that he said used the technology, including Las Vegas, Orlando, San Jose, San Diego, New York City, Boston, Detroit and Durham, N.C.

Other users, Mr. Maass said, include the Colorado Department of Public Safety, the Pinellas County Sheriff’s Office in Florida, the California Department of Justice and the Virginia State Police.

U.S. Customs and Border Protection is now using facial recognition in many airports and ports of sea entry. At airports, international travelers stand before cameras, then have their pictures matched against photos provided in their passport applications. The agency says the process complies with privacy laws, but it has still come in for criticism from the Electronic Privacy Information Center, which argues that the government, though promising travelers that they may opt out, has made it increasingly difficult to do so.

But there is a broader concern. “When you have the ability to track people in physical space, in effect everybody becomes subject to the surveillance of the government,” said Marc Rotenberg, the group’s executive director.

In the last few years, facial recognition technology has improved and spread at lightning speed, powered by the rise of cloud computing, machine learning and extremely precise digital cameras. That has meant once-unimaginable new features for users of smartphones, who may now use facial recognition to unlock their devices, and to tag and sort photos.

But some experts fear the advances are outstripping government’s ability to set guardrails to protect privacy.

Mr. Cagle and others said that a worst-case scenario already exists in China, where facial recognition is used to keep close tabs on the Uighurs, a largely Muslim minority, and is being integrated into a national digital panopticon system powered by roughly 200 million surveillance cameras.

American civil liberties advocates warn that the ability of facial surveillance to identify people at a distance, or online, without their knowledge or consent presents unique risks — threatening Americans’ ability to freely attend political protests or simply go about their business anonymously in public. Last year, Bradford L. Smith, the president of Microsoft, warned that the technology was too risky for companies to police on their own and asked Congress to oversee its useRead More

Analysis: In a word: Great!

Yes, there may (will) be lost opportunities with respect to criminal detection and prevention. But we’ve survived without it up to now, and we will continue to do so in the future. The risk of abuse is far too great to allow – just ask the millions under surveiliance in China. 

When you combine identity with location (location of course will naturally also be determined when facial recognition is deployed), a government or other entity has the core information to track every aspect of your life. And just imagine when (not if) facial recognition is built into everything with the advent of 5G and The Internet of Things. And it WILL be, if no regulatory constraints are enacted. This kind of power MUST not be allowed. 

Facial recognition bans – or at least strict limits with very precise legal guidelines – must be enacted at a national level, not just city level. Contact your Congress Person to ask them to support a bill severely constraining facial recognition!

____________________________

 

Why It’s So Easy for a Bounty Hunter to Find You

Wireless companies sell your location data. Federal regulators should stop them.(The New York Times, April 2, 2019)

When you signed up for cellphone service, I bet you didn’t expect that your exact location could be sold to anyone for a few hundred dollars. The truth is, your wireless carrier tracks you everywhere you go, whether you like it or not. When used appropriately, this tracking shouldn’t be a problem: location information allows emergency services to find you when you need them most.

But wireless carriers have been selling our data in ways that allows it to be resold for potentially dangerous purposes. For instance, stalkers and abusive domestic partners have used location data to track, threaten and attack victims. This industry wide practice facilitates “pay to track” schemes that appear to violate the law and Federal Communications Commission rules.

Companies are collecting and profiting from our private data in hidden ways that leave us vulnerable. As you carry your phone, your wireless carrier records its location so calls and texts can reach you. And you can’t opt out of sharing location data with your carrier, as you can with a mobile application. Your carrier needs this data to deliver service. But, according to recent news reports, this real-time phone location data has long been available to entities beyond your wireless carrier, for a price. In one alarming example, reported by Vice, a bounty hunter was able to pay to track a user’s location on a map accurate to within a few feet. In another case, a sheriff in Missouri used location data provided by carriers to inappropriately track a judge.

In other words, an ability that seems to come right out of a spy movie is now apparently available to just about anybody with your phone number and some cash. The pay-to-track industry has grown in the shadows, outside of the public eye and away from the watch of regulators.

Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret

Dozens of companies use smartphone locations to help advertisers and even hedge funds. They say it’s anonymous, but the data shows how personal it is.

Senator Ron Wyden, Democrat of Oregon, first raised the alarm last year, sending a letter to the F.C.C. on May 8 demanding an investigation into abuses by the pay-to-track industry. The Times reported on the issue the same week. Senator Wyden also demanded answers from the major wireless carriers. After that, the top wireless companies said that bounty hunters and others would no longer have access to their customers’ locations.

But months later the reports continueOther recent articles suggest that highly accurate GPS location information from our phones — which, according to F.C.C. rules, should be used to send help to 911 callers — is available on a location-data black market. Since then, wireless companies have said they’ll stop selling our location information completely — eventually.

The misuse of this data is downright dangerous. The harms fall disproportionately upon people of color. According to the Pew Research Center, people of color rely more heavily on smartphones for internet access, so they create more of this data, which makes them more vulnerable to tracking. Researchers also know that location data can be used to target them with misinformation or voter suppression tactics. It can also lead to assumptions about a person’s race or income level, assumptions that can feed into discriminatory automated decision making.

It is unquestionably the F.C.C.’s job to protect consumers and address risks to public safety. Our location information isn’t supposed to be used without our knowledge and consent and no chain of handoffs or contracts can eliminate the wireless company’s obligations. This is particularly true for the misuse and disclosure of GPS-based 911 location data — which is squarely against F.C.C. rules.

Geoffrey Starks is a member of the Federal Communications Commission. Read More

Analysis: While we agree with the general thrust of this article, e.g. location data HAS to be kept private, subject to the consumer’s proactive, deliberate decision to release it, the article itself is somewhat unusual and even misleading. First, the article strongly implies that GPS data is restricted to 911 use ONLY. This is not the case (and in fact GPS is only used for 911 purposes on certain carrier networks – Other carriers (particularly GSM-based network carriers) use a different (non-GPS) technology). Many apps use GPS data; indeed, practically ALL commercial location-based services today use GPS as their primary location-determination technology/method.

Second, while the ability for bounty hunters and others to obtain locaton information has been well known within the industry for years (see 3rd article below after this one), through location “aggregators,” such aggregators were/are a very deliberate channel set up by the carriers, and one that I would not call “black market,” which implies an abuse of existing channels. As the recent article below also indicates, the carriers, having been burned in the press about this recently, have rapidly backed away from allowing this – a development not fully acknowledged by the article. A development by the way that is likely decimating a whole industry by the way – the location aggregator industry.

Third, the article implies that the carriers are the root-of-all-evil with respect to location privacy. In my opinion, the much greater villan in this are application providers who make it very difficult to disable location; have abusive location data policies that you have to accept to use the app; and/or apps that continue to collect and use location information even when you think you have disabled/prevented them from doing so. While, yes, carriers have been selling location info, they have clearly been stung by the negative press and are are ceasing to do so, whereas app providers (particularly those whose business model is centered around collecting and selling personal information) will resist to the end any calls to cease collecting location and other highly personal data. I would argue that the people harmed by the carriers actions are miniscule to those harmed (and not yet knowing it) by the 3rd party apps.

Finally, law enforcement absolutely DOES need access to location information, IF done properly via valid channels and procedures. Carriers have specialized law enforcement-related departments dedicated to providing such location information, IF proper procedures and paperwork are followed. To imply that the carriers are providing such legal-related data outside legal channels is inappropriate and incorrect.

That said, again, I would agree with the general thrust of the article: improved protections ARE very much needed to protect against the inappropriate (re: not consumer-approved or legally-valid) obtaining and use of location data. Among other parameters, such protections should include a limit on how long location-history can be retained (no more than 3 months in my opinion). Another possibility is deliberately distorting the accuracy of any stored location data, with a correction key only accessible to the consumer or properly authorized legal entity.

____________________________

U.S. Orders Chinese Firm to Sell Dating App Grindr Over Blackmail Risk (The Wall Street Journal, March 27, 2019)

Beijing could exploit the app’s personal data for espionage, U.S. officials believe

U.S. national-security officials have ordered a Chinese company to sell gay-dating app Grindr, citing the risk that the personal data it collects could be exploited by Beijing to blackmail individuals with security clearances, according to people familiar with the situation.

The move by U.S. officials signals that a range of social-media companies and apps will now be off limits to Chinese buyers, alongside deals involving sensitive technology such as chips and weapons.

Beijing Kunlun Tech Co. Ltd., which acquired a majority stake in Grindr in 2016, would have no choice but to share information on Grindr users if demanded by the Chinese government, U.S. officials believe, according to the people familiar with the matter. That triggered the recent order from the Committee on Foreign Investment in the U.S., known as Cfius, to Kunlun to sell the asset, the people said.

Grindr said it is the largest social-networking app for gay, bi, trans and queer people, with “millions of daily users who use our location-based technology in almost every country in every corner of the planet.” The app also has messaging capabilities, including through photos and video, and gives users the option of disclosing their HIV status.

U.S. national-security experts said Chinese government knowledge of an individual’s usage of Grindr could be used in certain cases to blackmail U.S. officials and others with security clearances, such as defense contractors, and force them to provide information or other support to China.

They have also envisioned more elaborate scenarios. For example, one could use Grindr’s location data to discern that a certain user works at a telecommunications firm and pays regular visits to the same building in Northern Virginia that intelligence officials frequent. Chinese-intelligence officials could then determine that that individual is the telecommunications firm’s intelligence liaison, and they would know both whom to target and how to threaten that person with potentially compromising information. Read More

Analysis: The U.S. is absolutely right to be concerned about the potential for using location data to (re)construct a person’s daily activities and lifestyle overall. Howeveer, this concern should not be limited to foreign concerns; the potential for abuse exists regardless of ownership, and we need to have regulatory policies to reflect this reality. In addition to overall restrictions about the use of location data, one key policy that would prevent such “scenarios” as described above is a strict limitation on how long location history data is kept – preferably 90 days or less in our opinion. Doing so would greatly inhibit such activity/lifestyle data analysis and “reconstruction” regardless of who owns the data. It would also greatly limit the damage in the event the data is hacked.

 

 

_____________________________

You Give Apps Sensitive Personal Information. Then They Tell Facebook. (The Wall Street Journal, Feb 23-24, 2019)

Wall Street Journal testing reveals how the social-media giant collects a wide range of private data from developers; ‘This is a big mess’

Millions of smartphone users confess their most intimate secrets to apps, including when they want to work on their belly fat or the price of the house they checked out last weekend. Other apps know users’ body weight, blood pressure, menstrual cycles or pregnancy status.

Unbeknown to most people, in many cases that data is being shared with someone else:Facebook Inc.

The social-media giant collects intensely personal information from many popular smartphone apps just seconds after users enter it, even if the user has no connection to Facebook, according to testing done by The Wall Street Journal. The apps often send the data without any prominent or specific disclosure, the testing showed.

It is already known that many smartphone apps send information to Facebook about when users open them, and sometimes what they do inside. Previously unreported is how at least 11 popular apps, totaling tens of millions of downloads, have also been sharing sensitive data entered by users. The findings alarmed some privacy experts who reviewed the Journal’s testing…

…In the case of apps, the Journal’s testing showed that Facebook software collects data from many apps even if no Facebook account is used to log in and if the end user isn’t a Facebook member.

Apple Inc. and Alphabet Inc.’s Google, which operate the two dominant app stores, don’t require apps to disclose all the partners with whom data is shared. Users can decide not to grant permission for an app to access certain types of information, such as their contacts or locations. But these permissions generally don’t apply to the information users supply directly to apps, which is sometimes the most personal.

In the Journal’s testing, Instant Heart Rate: HR Monitor, the most popular heart-rate app on Apple’s iOS, made by California-based Azumio Inc., sent a user’s heart rate to Facebook immediately after it was recorded.

Flo Health Inc.’s Flo Period & Ovulation Tracker, which claims 25 million active users, told Facebook when a user was having her period or informed the app of an intention to get pregnant, the tests showed.

Real-estate app Realtor.com, owned by Move Inc., a subsidiary of Wall Street Journal parent News Corp sent the social network the location and price of listings that a user viewed, noting which ones were marked as favorites, the tests showed.

None of those apps provided users any apparent way to stop that information from being sent to Facebook.

Facebook said some of the data sharing uncovered by the Journal’s testing appeared to violate its business terms, which instruct app developers not to send it “health, financial information or other categories of sensitive information.” Facebook said it is telling apps flagged by the Journal to stop sending information its users might regard as sensitive. The company said it may take additional action if the apps don’t comply…

…At the heart of the issue is an analytics tool Facebook offers developers, which allows them to see statistics about their users’ activities—and to target those users with Facebook ads. Although Facebook’s terms give it latitude to use the data uncovered by the Journal for other purposes, the spokeswoman said it doesn’t do so.

Facebook tells its business partners it uses customer data collected from apps to personalize ads and content on Facebook and to conduct market research, among other things. A patent the company applied for in 2015, which was approved last year, describes how data from apps would be stored on Facebook servers where it could be used to help the company’s algorithms target ads and select content to show users.

Apple said its guidelines require apps to seek “prior user consent” for collecting user data and take steps to prevent unauthorized access by third parties. “When we hear of any developer violating these strict privacy terms and guidelines, we quickly investigate and, if necessary, take immediate action,” the company said.

A Google spokesman declined to comment beyond pointing to the company’s policy requiring apps that handle sensitive data to “disclose the type of parties to which any personal or sensitive user data is shared,” and in some cases to do so prominently….

..The Journal’s testing, however, showed sensitive information was sent with a unique advertising identifier that can be matched to a device or profile. A Flo spokeswoman subsequently said the company will “substantially limit” its use of external analytics systems while it conducts a privacy audit…

…The Journal tested more than 70 apps that are among the most popular in Apple’s iOS store in categories that handle sensitive user information. The Journal used software to monitor the internet communications triggered by using an app, including the information being sent to Facebook and other third parties. The tests found at least 11 apps sent Facebook potentially sensitive information about how users behaved or actual data they entered.

Among the top 10 finance apps in Apple’s U.S. app store as of Thursday, none appeared to send sensitive information to Facebook, and only two sent any information at all. But at least six of the top 15 health and fitness apps in that store sent potentially sensitive information immediately after it was collected.

Disconnect Inc., a software company that makes tools for people to manage their online privacy, was commissioned by the Journal to retest some of the apps. The company confirmed the Journal’s findings, and said Facebook’s terms allowing it to use the data it collected were unusual.

“This is a big mess,” said Patrick Jackson, Disconnect’s chief technology officer, who analyzed apps on behalf of the Journal. “This is completely independent of the functionality of the app.”…

…Apps often integrate code known as software-development kits, or SDKs, that help developers integrate certain features or functions. Any information shared with an app may also be shared with the maker of the embedded SDK. There are an array of SDKs, including Facebook’s, that allow apps to better understand their users’ behavior or to collect data to sell targeted advertising…

…Facebook’s SDK, which is contained in thousands of apps, includes an analytics service called “App Events” that allows developers to look at trends among their users. Apps can tell the SDK to record a set of standardized actions taken by users, such as when a user completes a purchase. App developers also can define “custom app events” for Facebook to capture—and that is how the sensitive information the Journal detected was sent.

Facebook says on its website it uses customer data from its SDK, combined with other data it collects, to personalize ads and content, as well as to “improve other experiences on Facebook, including News Feed and Search content ranking capabilities.”..

…Privacy lawyers say the collection of health data by nonhealth entities is legal in most U.S. states, provided there is sufficient disclosure in an app’s and Facebook’s terms of service. The Federal Trade Commission has taken an interest in cases in which data sharing deviates widely from what users might expect, particularly if any explanation was hard for users to find, said Woodrow Hartzog, a professor of law and computer science at Northeastern University…

…In the European Union, the processing of some sensitive data, such as health or sexual information, is more tightly regulated. The EU’s new privacy law usually requires companies to secure explicit consent to collect, process or share such data—and making consent a condition of using a service usually isn’t valid.

Some privacy experts who reviewed the Journal’s findings said the practices may be in violation of that law. “For the sensitive data, companies basically always need consent—likely both the app developer and Facebook,” said Frederik J. Zuiderveen Borgesius, a law professor at Radboud University in the Netherlands.

Facebook allows users to turn off the company’s ability to use the data it collects from third-party apps and websites for targeted ads. There is currently no way to stop the company from collecting the information in the first place, or using it for other purposes, such as detecting fake accounts. Germany’s top antitrust enforcer earlier this month ordered Facebook to stop using that data at all without permission, a ruling Facebook is appealing.

Under pressure over its data collection, Facebook Chief Executive Mark Zuckerberg said last year that the company would create a feature called “Clear History” to allow users to see what data Facebook had collected about them from applications and websites, and to delete it from Facebook. The company says it is still building the technology needed to make the feature possible.

Data drawn from mobile apps can be valuable. Advertising buyers say that because of Facebook’s insights into users’ behavior, it can offer marketers better return on their investment than most other companies when they seek users who are, say, exercise enthusiasts, or in the market for a new sports car. Such ads fetch a higher cost per click.

In a call to discuss the company’s most recent earnings, however, Chief Financial Officer David Wehner noted that investors should be aware that Apple and Google could possibly tighten their privacy controls around apps. That possibility, he said, is “an ongoing risk that we’re monitoring for 2019.” Read More

Analysis: Disturbing on many (obvious) levels. The most notable take-away of this article is that any privacy-related legislation should have strict limits on the sharing of information between 3rd party apps, including even if the apps are owned by the same company.

 

 

____________________________

U.S. Orders Chinese Firm to Sell Dating App Grindr Over Blackmail Risk

Beijing could exploit the app’s personal data for espionage, U.S. officials believe (The Wall Street Journal, March 27, 2019)

U.S. national-security officials have ordered a Chinese company to sell gay-dating app Grindr, citing the risk that the personal data it collects could be exploited by Beijing to blackmail individuals with security clearances, according to people familiar with the situation.

The move by U.S. officials signals that a range of social-media companies and apps will now be off limits to Chinese buyers, alongside deals involving sensitive technology such as chips and weapons.

Beijing Kunlun Tech Co. Ltd., which acquired a majority stake in Grindr in 2016, would have no choice but to share information on Grindr users if demanded by the Chinese government, U.S. officials believe, according to the people familiar with the matter. That triggered the recent order from the Committee on Foreign Investment in the U.S., known as Cfius, to Kunlun to sell the asset, the people said.

Grindr said it is the largest social-networking app for gay, bi, trans and queer people, with “millions of daily users who use our location-based technology in almost every country in every corner of the planet.” The app also has messaging capabilities, including through photos and video, and gives users the option of disclosing their HIV status.

U.S. national-security experts said Chinese government knowledge of an individual’s usage of Grindr could be used in certain cases to blackmail U.S. officials and others with security clearances, such as defense contractors, and force them to provide information or other support to China.

They have also envisioned more elaborate scenarios. For example, one could use Grindr’s location data to discern that a certain user works at a telecommunications firm and pays regular visits to the same building in Northern Virginia that intelligence officials frequent. Chinese-intelligence officials could then determine that that individual is the telecommunications firm’s intelligence liaison, and they would know both whom to target and how to threaten that person with potentially compromising information…

...But there are many other social-media companies and apps that have access to personal data, and the Grindr action signals that the U.S. may block Chinese acquisitions of these as well, particularly those that process user preferences, geolocation and health data, the people said….

…U.S. officials also have concerns about social-media apps China is developing itself, such as TikTok, according to people familiar with the matter. In 2019 alone, nearly 10 million people in the U.S. downloaded TikTok, according to data provider Sensor Tower. “If Cfius only applies to companies China acquires from the U.S., and not companies China builds, what can it possibly solve?” said Geoffrey Cook, chief executive of the Meet Group, which is based in New Hope, Pa., and owns several dating apps. Read More

Analysis: We are not going to get into the politics here. What we ARE going to get into is that the fear(s) described here, particularly the ability to piece together someone’s entire life from location data, is something we’ve been afraid of since LBS (location-based services) started coming on the scene in the early 2000s. And its just going to get worse: while I can probably piece together 80% of a person’s life based just on their phone records, that number goes into the high 90% once 5G and the Internet of Things gets going.

I think the government (U.S.) is missing some of the point here. It’s not just Grindr/the Chinese who could do it (piece together someone’s life) – ANY location-based application can do it. As the article above (kindof) points out, if the concern for location data privacy is not applied across the board for all applications, it’s not going to matter just taking one app out of the game.

 

 

__________________________

Colleges Mine Data on Their Applicants

To determine ‘demonstrated interest,’ some schools are tracking how quickly prospective students open email and whether they click links (The Wall Street Journal, 1/28/2019)

Some colleges, in an effort to sort through a growing number of applications, are quietly tracking prospective students’ online interaction with the schools and considering it in deciding whom to admit.

Enrollment officers at institutions including Seton Hall University, Quinnipiac University and Dickinson College know down to the second when prospective students opened an email from the school, how long they spent reading it and whether they clicked through to any links. Boston University knows if prospective students RSVP’d online to an event—and then didn’t show.

Schools use this information to help determine what they call “demonstrated interest,” or how much consideration an applicant is giving their school. Demonstrated interest is becoming increasingly important as colleges face a rising number of applications and want to protect or improve their yields—the percentage of accepted applicants who enroll. Read More

Analysis: While this article doesn’t mention location, it is not much of a stretch, at all, to foresee schools monitoring applicants social media pages to see if they are visiting/mentioning other colleges, then using such visits/mentions as a negative mark against the student. As if young people needed another reason to control what they post!

UPDATE 3/15/19 – The breaking Pay-to-Play (and worse) college admissions scandal makes the above even more insideous, e.g. privacy violations (or at least ethically-iffy practices) are one more strike again the Higher Education system. Along with never-ending cost increases and other factors, the system has at least three strikes against it.

____________________________

T-Mobile, AT&T Pledge to Stop Location Sharing by End of March

Wireless carriers say they won’t share real-time data with aggregators after another report of misuse (The Wall Street Journal, January 22, 2019)

T-Mobile and AT&T Inc. said they would stop feeding individual customers’ real-time locations to data middlemen, after a report suggested the sensitive information is easy to pull without users’ consent.

Tech website Motherboard reported this week that it paid a bounty hunter $300 to locate a T-Mobile handset by tapping into a real-time feed that the carrier provided to an aggregator called Zumigo Inc.

T-Mobile Chief Executive John Legere said in a tweetearlier this week that the company is “completely ending location aggregator work” in March but will need time to “do it the right way to avoid impacting consumers who use these types of services for things like emergency assistance.”

AT&T also said this week it would cut off data aggregators’ access to the information by March. The company said it wound down most location sharing last year while still providing companies with customer information for services such as roadside assistance.

“In light of recent reports about the misuse of location services, we have decided to eliminate all location aggregation services—even those with clear consumer benefits,” the company said.

A spokesman for Verizon Communications Inc., which late last year added restrictions on its relationship with location-data brokers, said the carrier plans to end its remaining agreements with four roadside-assistance companies by the end of March.  “We have terminated all other such arrangements,” he said.

A Sprint Corp. spokeswoman said the company told Zumigo this week that it was terminating its contract. Sprint “determined that Zumigo violated the terms of our contract by not sufficiently protecting Sprint customer data in its relationship with MicroBilt,” a credit-reporting company used in the bounty hunter example to pinpoint a phone.

 

Zumigo CEO Chirag Bakshi said his company cut off MicroBilt’s access to all cellphone locations after the Motherboard article published. “The incident that occurred was an illegal use of the data,” Mr. Bakshi said in an interview. “MicroBilt was supposed to be for lending…for a financial use case which was misused.”

MicroBilt said its contracts with clients require a customer’s explicit consent to access location data.

 

Sprint continues to share what it says are non-personally identifiable location data with Pinsight Media, the mobile data and advertising company it sold to InMobi last year, the spokeswoman said. It continues to share data with some other third parties.

Cellphone companies made similar promises to protect user data six months ago after reports of lax oversight prompted Sen. Ron Wyden (D., Ore.) to write the carriers seeking more information about their practices. The companies at the time said they shared device locations with users’ consent by outsourcing the work to aggregators like Zumigo. Those aggregators shared the information with dozens of other companies that provide services such as freight tracking, roadside assistance and bank fraud protection.

Wireless companies say they still collect and share groups of customers’ location histories for advertising after stripping away data that could identify individuals. That information is gathered through a separate process from the real-time pinpointing used when a customer would like to be found by a tow-truck company, for instance.

Carriers can’t provide wireless service without knowing their customers’ rough whereabouts, which are determined by measuring the distance to nearby cell towers. Mobile apps often get more precise location information through GPS, Wi-Fi and Bluetooth signals, though customers can toggle the sharing of some of that information on their smartphones.

Mr. Bakshi said his company will probably continue serving clients like banks by reporting users’ locations through app-based data collection and that users confirm their willingness to share that information by responding to text message requests. He said most Zumigo clients already seek consent through text messages. Read More

Analysis – Historically this is fascinating. When carriers first started getting into location-based services (in the mid 2000s), they viewed customer location privacy as sacred: both from a historical Bell System paranoia holdover, but more importantly as viewing location data as the key to monetizing much of the E911 infrastructure that there were being forced to implement. Fastforward to 2010, and competitve pressures started “forcing” them to expand how they could monetize that data. The solution: allowing location “aggregators” to serve as middlemen to the data. In this way many more applications could get access, and the carriers could get a cut of that revenue from a much broader set of players than they could have by themselves.

Now they are retreating, and in the process going backwards to their old model of providing location data directly to app providers. This is potentially good news for those with large privacy concerns about location data (like us), but it will SEVERELY impact those location aggregators, if not put them out of business.

 

___________________________

Watch how you walk — A.I.s [Artificial Intelligence] got you ID’s by gait (Washington Times, Nov 7, 2018)

China has just employed new “gait recognition” technology that can identify individuals by the way they walk.

This is police surveillance taken to a whole new level of frightening. Whispers are that America’s airports might make a decent testing ground to bring the artificial intelligence here.

That would open quite the can of worms now, wouldn’t it?

China, totalitarian nation as it is, doesn’t have to concern itself with piddly questions of civil rights and pesky matters of privacy infringements. As such, it’s been busily scooping up all the Big Data it needs to achieve technological breakthroughs, merrily speeding in the meanwhile toward global dominance in the artificial intelligence arena — as vowed..

China plans to dominate AI, with a vanguard of robotic doctors like ‘Biomind,’” the Los Angeles Times reported in July, in a story how Beijing had just pitted new machine-learned robotics against human physicians to interpret neuroimages — setting the stage for massive technology breakthroughs in the medical sector.

The pressure for America to keep ahead of the A.I. game is intense.

But America needs to tread carefully here.

Yes, the United States has to stay on the forefront of technology to remain competitive in the markets, and as means of defense and security. The challenge, though, is to accomplish this goal without becoming a China — without turning into an outright police state with Big Brother eyes watching all and Big Data fingers scooping and collecting and reporting everything. The responsibility of America’s powers-that-be is to meet this challenge.

In China, it’s this: “You don’t need people’s cooperation for us to be able to recognize their identity. Gait analysis can’t be fooled by simply limping, walking with splayed feet or hunching over, because we’re analyzing all the features of an entire body,” said Huang Yongzhen, the CEO of Watrix, the company that devised the gait surveillance system, ABC News reported.

In America, it’s this: “The right of the people to be secure in their persons, houses, papers, and effects … shall not be violated.” Read More

Analysis: The last sentence in this article says it all: “America must never allow itself to become a China — no, not even for national security reasons. This isn’t just a challenge for technological researchers; it’s a duty of America’s political gatekeepers.”

In general we are not a fan of regulation. However, I can absolutely guarrentee that this type of technology WILL come to America in some form (say by helping people “improve” their walking style), with it slowly invading other types of applications (say social media, to recognize when a “friend” is walking nearby even if their phone is off – a clear violation of their Privacy), unless there are prohibitions against doing so. And, unfortunately, the biggest prohibitions will need to be on law enforcement, to prevent them using the technology as a way to get around the need for a court’s approval that is based on laws centered around well-established technologies (and sometimes not even then), not new ones.

 

___________________________

 

 

 

Internet of Things our ‘biggest threat to privacy,’ expert warns (Global News)

Be careful what you say in front of the TV. It may be recording you. Where is that data going? We’re not sure.

If you think that’s crazy, your fridge, thermostat and wearable fitness device might be doing the same thing.

Smart appliances — part of the futuristic and vaguely defined Internet of Things — are designed to make our lives easier but they also have the potential to be intrusive in ways we’re only starting to imagine, experts warn.

“The Internet of Things is the biggest threat to privacy,” warns former Ontario privacy commissioner Ann Cavoukian.

The owners of these devices aren’t really in charge, she explains:

“At the beginning it will be a benign robot collecting data, theoretically allowing you to control it. But the reality is that the devices and sensors being built for the Internet of Things aren’t being built with that notion of control.”

The data the devices gather can be used to make an extraordinarily detailed portrait of our lives:

“People’s excitement, and manufacturers’ desire to get these things on to the market — when you combine those two, privacy is just a total secondary. Nobody is thinking about it, and they’re also thinking of it as discrete points. If you have discrete pieces of information, if they remain discrete and unconnected, it’s not a big deal. But all of these can be connected together in a networked way, putting the pieces of the puzzle together.” Read More

Analysis: Though this article is “old” (2/2016, versus today’s date of 10/16/18), it is prescient. The Internet of Things (IoT) IS the biggest threat to our privacy (though some may argue Connected Cars is bigger), particularly as individual devices become integrated together to provide a seamless monitoring of our location, activities, behavior, and even mindset! 

Lesson? Either buy “old” devices without internet connectivity (who needs to connect their bed or their refrigerator to the internet, anyway?), or make sure you have explicitly disabled such connectivty on such “smart” devices. Otherwise your every move may become known to the world (yes a bit of hyperbole, but not by much)!

 

 

____________________________

Amazon to Start Offering In-Car Deliveries (WSJ, Sept 29, 2018)

Amazon.com Inc. AMZN -0.50% is now delivering packages right to the car.

The company said Tuesday it has joined with General Motors Co. and Volvo Cars to start offering in-car deliveries, giving its couriers access to potentially millions of vehicles in 37 U.S. markets. The deal expands Amazon’s effort to get consumers comfortable with the idea of strangers entering their homes and cars as the company handles more packages.

The new delivery option is part of the Amazon Key program, launched last year, in which the company’s delivery drivers drop off packages inside homes. That system, which includes a so-called smart lock for the door and a security camera, currently costs about $220.

The car service is free for Amazon Prime members who own certain newer GM and Volvo models. Customers download the Amazon Key app and link an Amazon account with a connected car service, such as OnStar. A delivery driver unlocks the car—either the trunk or doors, depending on the vehicle—remotely through the wireless connection.

Customers are instructed to park in a “publicly accessible area,” such as a driveway, street or a surface-level lot within the delivery range. The day of the delivery, customers receive a four-hour delivery time window, as well as notifications when the car is unlocked and locked.

Amazon said it ensures an authorized driver is at the right location with the correct package before the vehicle is unlocked remotely. The delivery driver is required to lock the door before moving on, and as a fail-safe measure the doors will lock automatically after a certain period, Amazon said.

The entire Amazon Key program relies on customers allowing strangers to access their most personal spaces. But unlike with the home, where security cameras can record a delivery person’s entry and exit, there are no easy ways to view a delivery person’s interaction with vehicles and whatever items people store inside them. The program is also another way Amazon is trying to integrate itself into customers’ lives—particularly the more than 100 million people paying for its Prime service—and to control every step in the retail process.

Amazon has tens of millions of devices inside people’s homes, from voice-enabled Echo speakers to Dash tap-to-buy buttons, that make it easier for shoppers to choose Amazon over competitors.

Amazon Key would give the company control over the final step of dropping off packages. Read More

Analysis: Amazon already has a privacy/credibility issue with Alexis in the form of hacked private conversations (or, as Amazon claims, a “rare” combination of errors regarding speech recognition – both being just being a couple of examples of privacy problems forthcoming in the Internet of Things invasion). This new car delivery service provides a new potential opportunity for loss of privacy and (ab)use of location information, as Amazon will need to follow you/your car around, perhaps continually for high volume customers, in order to execute it.

Besides the real-time privacy issue, I suspect Amazon will retain your location history for some period of time – perhaps indefinitely – for future analysis or AI uses (e.g. “predicting” where you will be at a given time/day, then using that info for more advertising/promotion purposes, such as anticipating regular grocery store runs and preempting them with grocery/Whole Foods specials). Far-fetched? So was allowing strangers to enter your home to deliver packages when you are not home – a service Amazon already provides.

Solution? Think long and hard before signing up for this service. Do you really want Amazon knowing everything about you: What you Buy, When you are home, What you are saying and Why When you are, and Where you are When you are not? And if you use Alexa via your mobile device, then you are potentially being monitored/tracked by Amazon 24/7!

____________________________

Yahoo still scans your emails for ads — even if its rivals won’t
Techcrunch, via The Wall Street Journal, 8-29-18

You’re not the only one reading your emails.

deep dive in The Wall Street Journal on Tuesday dug out new details on a massive email scanning operation by Oath, the Verizon-owned subsidiary that’s the combined business of AOL and Yahoo. The email-scanning program analyzes over 200 million AOL and Yahoo inboxes for data that can be sold to advertisers. (Disclosure: TechCrunch is owned by Verizon by way of Oath.)

The logic goes that by learning about its users, the internet giant can hone its ad-targeting effort to display the most relevant ads.

But where other major email providers have bailed from email scanning amid privacy scandals and security issues, Oath remains the outlier.

Google ended its ad-targeting email-scanning operation across its consumer Gmail service last year — a decision lauded after facing criticism for years over the practice — though the company still uses machine learning to help you reply to emails. Meanwhile, Microsoft told TechCrunch in a statement that it does “not use email content for ad targeting in any way, anywhere in Microsoft.” And Apple has never scanned its customers’ inboxes for advertising, though its privacy policy says it can access your data for law enforcement purposes or for more vague reasons like “issues of public importance.”

So it’s basically just Oath, then.

Scanning the inboxes of its hundreds of millions of email users is a gutsy move for the year-old internet giant, which prior to its rebranding was responsible for two data breaches at Yahoo  exposing more than thee billion users’ data and a separate breach at AOL in 2014…

…Although the email scanning program isn’t new — announced earlier this year — it does go deeper than Gmail’s scanning ever did.

“Yahoo mined users’ emails in part to discover products they bought through receipts from e-commerce companies such as Amazon.com,” said the WSJ. “In 2015, Amazon stopped including full itemized receipts in the emails it sends customers, partly because the company didn’t want Yahoo and others gathering that data for their own use.”

Although some content is excluded from the scanning — such as health and medical information — it remains to be seen how (or even if) Oath can exclude other kinds of sensitive data from its customers’ inboxes, like bank transfers and stock receipts.

Yahoo Mail’s privacy policy says email accounts are subject to “manual review,” which allows certain Oath employees access to inboxes…

…It should go without saying that email isn’t the most sensitive or secure communications medium, and inboxes should never be assumed to be private — not least from law enforcement and the companies themselves.

Deleting your account might be overkill, especially if you don’t want anyone to hijack your email address once it’s recycled. But if there’s ever been a time to find a better inbox, now might be it. Read More

Analysis – First, Kudos to Techcrunch for publishing this critique against their parent company (hope no one gets fired). Particularly since the last sentence is the best one – time to get a new InBox!

While this article doesn’t involve location data privacy, strictly speaking, it is hardly a stretch to think such informtion could easily be obtained. Info about an upcoming trip perhaps? Kid in the hospital (a scenario which would like “elude” their “rules” about not accessing medical information)? Or worse, using the email for confidential purposes. And this continues after the massive breach of 2015? It falls under the heading of “what could they possibly be thinking?”

We use Yahoo as a backup account to our main corporate email (not the best approach even without this news, we admit); rest assured we’ll be looking for a new provider….

____________________________

Siri, Why Do I Feel Like I’m Being Watched?

The Internet of Things will soon be ubiquitous. That means you can kiss your privacy goodbye. (The Wall Street Journal, August 11-12, 2018)

Megan and Michael Neitzel scratched their heads in confusion when a giant box containing a dollhouse and 4 pounds of sugar cookies was delivered to their Dallas home last year. The day before, their 6-year-old daughter, Brooke, had been chatting innocently with the family’s new digital personal assistant, the Amazon Echo. The little girl at first denied placing the $162 order, but eventually fessed up.

Voice-recognition tools like the Echo are the most common—and popular—example of a looming revolution in human-computer interaction known as the Internet of Things, which promises to redefine how we live, travel and work. The home of the very near future will be an always-listening, always-watching surveillance system designed to anticipate and fulfill your needs. Cars and offices will operate in much the same way.

It won’t be long before your new dishwasher will want the ability to talk to your Amazon Echo so that it can order more detergent. Your new bike will get annoyed if it can’t communicate with the map app on your smartphone. Your FitBit will have a relationship with your popcorn popper. They’ll all be sending reports back to Palo Alto or Mountain View or Cupertino, presuming they aren’t already.

Kiss privacy goodbye.

Any device that once had a purely analog function but can now be connected to the web—or to other devices through the web—is a potential part of the Internet of Things. The logic, typically, is commercial. The companies that develop and manufacture these networked devices seek better ways to reach consumers with products and advertising. If you have an Echo, you’ve already provided Amazon with your credit-card number, address, birthday and the names of all your children. You’ve also uploaded a “wish list” of products you’re interested in, and, quite possibly, your deodorant preferences, personal measurements, taste in movies and baby’s diaper size. Amazon knows more about us than we can imagine.

Funnily enough, market research shows that people don’t mind handing over such highly personal information—to the right company. According to Fortune, Amazon is one of the three most admired companies in the world, along with Apple and Google. Other Silicon Valley tech companies collect, store and sell personal information about their users to advertisers, but Amazon, Apple and Google are perceived as providing a valuable service in exchange for the right to monetize customers’ privacy. And if the Internet of Things has any purpose at all, it’s to monetize privacy…

…The grand bargain between Silicon Valley and the average person has always been this: You give up your privacy, and we’ll give you cool stuff. “If today’s social media has taught us anything about ourselves as a species, it is that the human impulse to share overwhelms the human impulse for privacy,” writes the technology guru Kevin Kelly in his 2016 book, “The Inevitable: Understanding the 12 Technological Forces That Will Shape Our Future.” So far, he adds, “at every juncture that offers a choice, we’ve tilted, on average, toward more sharing, more disclosure, more transparency. I would sum it up like this: Vanity trumps privacy.”

A surprise purchase of a dollhouse and some cookies might seem a fairly weak indictment of the threat to privacy posed by the Internet of Things. Consider a more disturbing scenario. A Washington state couple grew concerned a few years ago when their 3-year-old son developed anxiety about going to bed. They didn’t know whether to believe the child when he told them that someone was talking to him at night. “Wake up, little boy,” he claimed he’d heard a voice in the darkness say. “Daddy’s looking for you.” The couple thought he was having nightmares, until they went to check on him one night and heard the voice too. “Look, someone’s coming,” it said as they entered their son’s room. A hacker had taken control of their baby monitor, the kind you can check through an app on your smartphone.

The popularity of internet-connected security cameras, locks and home alarms has skyrocketed despite regular reports that the systems are easily hijacked. A family in Houston was horrified to learn that a live feed from the webcam in their 8-year-old daughters’ room had been streaming online. The girl’s mother found out only when a woman in Oregon happened across the livestream and decided to contact the family. A security company determined that hackers were able to gain access to the webcam while the young victim was playing the online videogame Minecraft.

Government spying is a further privacy concern raised by the Internet of Things. In early 2017, WikiLeaks released a trove of documents purportedly revealing the Central Intelligence Agency’s ability to hack your internet-enabled television and turn it into a listening device. The same document dump indicated that the CIA has targeted Apple, designing malware that can infect “factory fresh” iPhones and snoop on users’ texts, phone and FaceTime calls, and internet searches. “Siri, why do I feel like I’m being watched?” READ MORE

Analysis: If you thought the tracking of your cell phone’s location was an invasion of privacy, you ain’t seen nothing yet, as this article indicates. IoT (as the Internet of Things is abbreviated in the industry) will make plain-old location privacy concerns seem quaint in comparison. Just imagine that EVERYTHING you interact with, or are even nearby, will be able to monitor and track you, AND report that to practically anything or anyone else on the internet. Scared yet? If you are not, you should be.

How do deal with this threat? Three ways: 1) Regulatory, with something like Europe’s “intrusive” laws specifically addressing IoT concerns. Call your Congressperson!; 2) Buy “dumb” devices that can’t connect to the Internet, while you still can (you’ve got maybe a year at most before everything from refrigerators to office furniture becomes IoT-capable), and 3) Pay close attention to EVERY product and service provider’s Privacy Policy (including their Terms and Conditions) before you opt-in, register, or even just put your name on an email mailing list. All of these are a pain, for different reasons. But absolutely necessary if you don’t want to be tracked at every turn. We can already put together 80-90% of your life just from your cell phone records (a statistic I confirm every time I do a criminal case cell phone forensics analysis); with the Internet of Things it will become 98-99%.

As a last recommendation “bonus”: Assume every brand new product and service you sign up for from now on has the potential to monitor and track your behavior. It doesn’t have to be an Echo-type device (though it will be a cold day before I buy one of these no matter how convenient, because of these privacy concerns), though those are the most obvious–it can (and will be) ANYTHING.

____________________________

Defense Department bans geolocation features on tech devices due to security risk (ABCNews.com, August 6, 2018)
 

The Department of Defense is prohibiting personnel from using geolocation features on their devices while serving in certain locations after concerns that the information transmitted from such devices was jeopardizing the security of American forces around the world, including those deployed in classified or sensitive areas.

The new policy, which is effective immediately, follows reports from earlier this year that some wearable electronic devices, like the popular Fitbit, can convey users’ GPS coordinates in the form of publicly available online maps that display the most frequently trafficked routes of users who allowed their location to be shared.

“The rapidly evolving market of devices, applications, and services with geolocation capabilities presents a significant risk to the Department of Defense personnel on and off duty, and to our military operations globally,” the department said in a statement on Monday. “These geolocation capabilities can expose personal information, locations, routines, and numbers of Department personnel, and potentially create unintended security consequences and increased risk to the joint force and mission.”

In January, a 20-year old Australian student named Nathan Ruser was exploring the online maps from Strava’s Global Heatmap when he found the location of U.S. troops inside Syria.

“The biggest concerns with the data is firstly it allows an unprecedented look at the geographic build of a lot of these bases,” Ruser told ABC News in January. “You can see the supply lines, you can see the patrol routes in some cases, and you can see the infrastructure within the bases. But more than that, one of the most important and disturbing elements of the map is that it’s possible to establish an understanding of how the base works.”

Journalists quickly started using the Global Heatmap to identify what they believed to be the locations of other U.S. personnel, including a suspected CIA base near Mogadishu, Somalia, and U.S. troops operating in the Sahel region of Africa…

Applicable devices include fitness trackers, smartphones, tablets, smartwatches, and related software applicationsaccording to a copy of the policy memo sent from Deputy Secretary of Defense Patrick Shanahan to top DoD leadership last week..

…Notably, the policy’s language allows service members to continue tracking their workouts on a device like a Fitbit, as long as the geolocation feature is turned off. READ MORE

Analysis – While this is primarily about security, its privacy implications are obvious, though in this case it is for groups, not necessarily individuals. It is not a stretch (pun intended) to envision a scenario where someone figures out a favorite running trail for female runners that tend to run singly, and potentially use that information to stalk them or worse. In this kind of scenario it is not the individual’s privacy that is at risk, but the individual’s person still is. 
 
Lesson? As much as you feel like you might be doing a public service by posting your exercise to the public, it may well not be  worth the risk. Keep your personal location information private in all scenarios, even those where your personally-identifiable information is supposedly anonymized.
 
 
 
____________________________
  
 

How Wireless Carriers Get Permission to Share Your Whereabouts

Industry outsources job of seeking approval to third-party firms (The Wall Street Journal, July 16, 2018)

Cellphone carriers usually ask for their customers’ blessing before listing their phone numbers, sharing their addresses or exposing them to promotional emails.

But seeking permission to share one particularly sensitive piece of information—a cellphone’s current location—often falls to one of several dozen third-party companies like Securus Technologies Inc. and 3Cinteractive Corp.

Carriers such as AT&T Inc. and T-Mobile US Inc. rely on those firms to vouch that they obtained users’ consent before handing over the data. The companies that pay to access this information use it for everything from preventing credit-card fraud to providing roadside assistance.

That arrangement embarrassed the wireless industry earlier this year after it was discovered that Securus, a prison phone operator, created a website that let law-enforcement agencies find the location of noninmates without their permission.

All four national carriers said in June that they would cut off two companies that handled the data Securus had accessed and promised new safeguards, though they didn’t detail how it would be done.

“This is just the tip of the iceberg,” Georgetown Law expert Laura Moy testified in a House subcommittee hearing last week on internet privacy. “We’re probably just seeing what could be the beginning of a massive investigation and a lot of privacy violations.”

Blake Reid, an associate clinical professor at the University of Colorado Law School, said this “chained consent” process likely violates Section 222 of the Telecommunications Act of 1996, which sets privacy standards for carriers, though there hasn’t been a strong case to test his theory.

Section 222 updated decades-old telecom law by making phone-call records subject to privacy protections. Congress hasn’t passed comprehensive privacy legislation since then, though it repealed Federal Communications Commission broadband privacy regulations enacted during the Obama administration.

Mr. Reid said Securus is the most flagrant example to come to light because the company used its website as an investigative tool with little oversight. Securus’ web portal let law-enforcement officials pull data by uploading an official document, though the system didn’t verify whether the document was actually authorization from a court or prosecutor. The file “could be a warrant, could be your grandma’s cookie recipe,” he said. “There’s no consent there.”

The FCC in 2007 imposed new broadband rules that left location data gathered from internet service outside of Section 222 strictures.

“That was a green light for telecommunications carriers to monetize customer-location data,” said Stanford University law professor Al Gidari, who helped draft the location-data guidelines that wireless industry group CTIA used to self-regulate. He said the FCC has been “woefully inadequate” at policing the carriers’ use of location information.

About 75 companies had access to Verizon Communications Inc. customers’ locations, the company said in a June letter to Sen. Ron Wyden (D., Ore.), who has pressured telecom companies to disclose more information about their data-protection measures. Verizon said it would wind down its relationship with the middlemen that serve those companies, though it was searching for an arrangement that could replace them…

…Sen. Wyden said in a statement that “middlemen are selling Americans’ location to the highest bidder without their consent, or making it available on insecure web portals.” READ MORE

Analysis – Up until about 2010, carriers were very protective about location data, at least in that they wanted to directly control (and monitize that control) who got access to it. Since then however the carrier’s “opened up” their location infrastructure to these “middlemen”, formally called “location aggregators”, so they could stop being the bottleneck to new location apps that ran on their network (re: so they could make more money). For a time this was a win-win for all involved, including consumers, in that it allowed now location apps to be launched without the formal approval of the carriers.

Now, however, it looks like the lack of privacy controls on all parties–aggregators, carriers, and regulators–have enabled a new set of privacy abuses. Big surprise…

____________________________

5 Ways Companies Use Your Cellphone Location Data

U.S. wireless carriers said they would cut off two middlemen, but they aren’t the only firms using your location data (The Wall Street Journal, July 15, 2018)

The smartphones at the center of consumers’ lives generate vast streams of data on where they live, work and travel, and how wireless giants like AT&T Inc. and Verizon Communications Inc. use that personal data and share it with other companies has come under increased scrutiny.

The four major U.S. carriers said in June that they would stop selling access to the locations of individual customers to two companies—LocationSmart and Zumigo—following accusations that a LocationSmart customer misused the information. (The Federal Communications Commission has referred the LocationSmart issue to its enforcement division, a spokesman said.)

But those two middlemen aren’t the only companies that have had or continue to rely on access to the locations of cellphone users to make money.

Location data controlled by carriers is different from the data collected by popular applications such as Uber or Facebook . Because those apps get location data directly from a consumer’s phone—and not from wireless carriers—consumers opt into sharing their location in exchange for or as part of receiving a service. (Read about how other companies get permission to use your data.)

Here’s a look at five scenarios in which companies or carriers have relied on or considered using cellphone location data.

1. Roadside Assistance

John gets a flat tire and pulls over to the side of a highway to call for roadside assistance.

The American Automobile Association in the past partnered with LocationSmart, according to a company press release. Members of the auto club had the opportunity to opt out of sharing their location information when they made a service call and instead describe nearby road markings or intersections, an AAA spokeswoman said…

2. Traveling Abroad

Susan attends a conference in London and then spends a week in Paris. While she is in those countries, her mobile phone relies on local wireless networks.

Tampa-based Syniverse Technologies LLC helps wireless carriers around the world square up on customer roaming charges between their networks. As a result, the company sees which country a mobile user is in, which network they receive service from, the quality of that service and what types of communication a traveler has used, a Syniverse spokeswoman said…

3. Fraud Prevention

Ted buys a pair of sneakers while he is traveling in Germany.

Syniverse, owned by private-equity giant Carlyle Group , in the past worked with Mastercard Inc. on fraud-prevention services that would match a traveler’s location with where he or she was making purchases. A spokesman for the credit-card company said work on location-based fraud… prevention products stopped last year.

4. City Planning

A city-planning board is considering creating a new bus route and wants to know how many people live in a given neighborhood and commute downtown for work.

Companies such as Teralytics AG plot the travel patterns of wireless subscribers for use in infrastructure, public transportation and other urban-planning projects.

Teralytics works with one of the major U.S. carriers and receives an “anonymized representative sample” of location data, a spokeswoman said. The company typically needs a representative sample of 15% to 30% of the population, she said…

5. Shopping

A retailer wants to know how many people walk past each of its locations.

Pinsight Media, a subsidiary of Sprint Corp. , uses anonymized data on how the wireless carrier’s subscribers shop, use apps and travel in the U.S. to give retailers, financial services companies and other firms data on their tastes and habits.

Apps also partner with Pinsight to serve targeted advertisements and must get consent from their users to collect and use information about them.

Another digital advertising unit owned by a carrier, Verizon’s Oath, also includes a team focused on using subscriber location data to deliver targeted advertisements. READ MORE

Analysis: None of these (ab)uses are new, or surprising. What is (mildly) surprising was the ability/allowing of the “location aggregators”–LocationSmart and Zumigo–to have such lax controls on the access to the data. (See more on these companies being dropped by carriers here. In a nutshell being dropped is a death blow for these companies, another reason to be surprised that they did not take privacy more seriously…)

I use the word “mildly” not to diminish the seriousness of the activity (it was VERY serious), but rather to point out surprise that more companies have been not (yet) being caught doing something similar. Until there is significant progress on the privacy regulator front, this kind of abuse will not only continue to occur, but get worse as more location-capable devices (e.g. IoT) enter the market. Or we can hope that public backlash, such as has been occuring with here and Facebook, erupts more frequently as investigators such as this one point out major “flaws” in individual companies’ policies and processes. 

In the meantime, the best defense is assuming that every company will be tempted to abuse your data, limited only by their view on how likely they will be caught doing so…

__________________________

Phone Companies Selling Personal Information (Fox News, May 22, 2013, adapted from The Wall Street Journal)

 

Big phone companies have begun to sell the vast troves of data they gather about their subscribers’ locations, travels and Web-browsing habits.

The information provides a powerful tool for marketers but raises new privacy concerns. Even as Americans browsing the Internet grow more accustomed to having every move tracked, combining that information with a detailed accounting of their movements in the real world has long been considered particularly sensitive.

The new offerings are also evidence of a shift in the relationship between carriers and their subscribers. Instead of merely offering customers a trusted conduit for communication, carriers are coming to see subscribers as sources of data that can be mined for profit, a practice more common among providers of free online services like Google and Facebook.

When a Verizon Wireless customer navigates to a website on her smartphone today, information about that website, her location and her demographic background may end up as a data point in a product called Precision Market Insights. The product, which Verizon launched in October 2012 after trial runs, offers businesses like malls, stadiums and billboard owners statistics about the activities and backgrounds of cellphone users in particular locations.  Read more

Analysis:  This should scare the hell out of anybody who uses location-based services.  It is not just that it is being done, it is who is doing it – Verizon Wireless. 

A direct descendent of the old Bell system, Verizon was once the most conservative of a bunch of conservative companies when it came to the protection of customer information.  Verizon Wireless actually delayed launching LBS services until the mid 2000’s due to concerns about the sensitivity and legal liability associated with location information.  Now it is actively marketing that data!  So what if it is “aggregated” and “anonymized” – it is a small step from doing that on a “micro” basis (which is the level described in this article) to being able to determine the actual identity of the user.  Ironically, VZW last year had a news release touting their commitment to the protection of personal data while touting how selling your “de-identified” data would be good for you…

If the carriers – the last bastion of customer data protection – are doing this, then ALL bets are off when it comes to your privacy.

* * * * *

F.T.C. Suggests Privacy Guidelines for Mobile Apps (NY Times February 1, 2013)

In a strong move to protect the privacy of Americans as they use the Internet on their smartphones and tablets, the Federal Trade Commission on Friday said the mobile industry should include a do-not-track feature in software and apps and take other steps to safeguard personal information.

 

The staff report, which was approved by the commission, is not binding, but it is an indication of how seriously the agency is focused on mobile privacy. As if to emphasize that, the commission on Friday separately fined Path, a two-year-old social networking app, $800,000. It charged the company with violating federal privacy protections for children by collecting personal information on underage users, including almost everyone in users’ address books.

 

Together the actions represent the government’s heightened scrutiny of mobile devices, which for many Americans have become the primary way of gaining access to the Internet, rather than through a laptop or desktop computer.

 

“We‘ve been looking at privacy issues for decades,” said Jon Leibowitz, the F.T.C. chairman. “But this is necessary because so much commerce is moving to mobile, and many of the rules and practices in the mobile space are sort of like the Wild West.”  Read More

Analysis: Wild West Indeed.  While the article only briefly mentions location, it is quickly becoming the largest body of data (in type and volume) being collected and used.  Its potential for abuse is enormous.  While we are not a big fan of government regulation, this is clearly one area where government needs to take leadership.  The article rightly mentions that this lack of guidance and standards is impacting how companies are using or not using personal wireless information.  The collection of personal information CAN play a very positive role in users’ lives under the right conditions and with the knowledge and consent of the user.  In the wrong conditions and without the knowledge and consent of the user the results can be irritating at best and potentially even horrific at worst.  In any event it is a legal and application design gray area to put it mildly.  The government needs to accelerate its efforts in this area.

Data-Gathering via Apps Presents a Gray Legal Area (NY Times October 28, 2012)

Angry Birds, the top-selling paid mobile app for theiPhone in the United States and Europe, has been downloaded more than a billion times by devoted game players around the world, who often spend hours slinging squawking fowl at groups of egg-stealing pigs.

While regular players are familiar with the particular destructive qualities of certain of these birds, many are unaware of one facet: The game possesses a ravenous ability to collect personal information on its users.

When Jason Hong, an associate professor at the Human-Computer Interaction Institute at Carnegie Mellon University, surveyed 40 users, all but two were unaware that the game was storing their locations so that they could later be the targets of ads (emphasis added).

The shift has brought consumers into a gray legal area, where existing privacy protections have failed to keep up with technology. The move to mobile has set off a debate between privacy advocates and online businesses, which consider the accumulation of personal information the backbone of an ad-driven Internet.

In the United States, the data collection practices of app makers are loosely regulated, if at all; some do not even disclose what kind of data they are collecting and why. Last February, the California attorney general, Kamala D. Harris, reached an agreement with six leading operators of mobile application platforms that they would sell or distribute only mobile apps with privacy policies that consumers could review before downloading.  Read More

Analysis: This is a legal storm building, and when it bursts (likely in some sort of horrific media event) it is going to be huge. 

 
* * * * *

 

 

Police Are Using Phone Tracking as a Routine Tool (NY Times March 31, 2012)

Law enforcement tracking of cellphones, once the province mainly of federal agents, has become a powerful and widely used surveillance tool for local police officials, with hundreds of departments, large and small, often using it aggressively with little or no court oversight, documents show.

The practice has become big business for cellphone companies, too, with a handful of carriers marketing a catalog of “surveillance fees” to police departments to determine a suspect’s location, trace phone calls and texts or provide other services. Some departments log dozens of traces a month for both emergencies and routine investigations.

 

With cellphones ubiquitous, the police call phone tracing a valuable weapon in emergencies like child abductions and suicide calls and investigations in drug cases and murders. One police training manual describes cellphones as “the virtual biographer of our daily activities,” providing a hunting ground for learning contacts and travels.

 

But civil liberties advocates say the wider use of cell tracking raises legal and constitutional questions, particularly when the police act without judicial orders. While many departments require warrants to use phone tracking in nonemergencies, others claim broad discretion to get the records on their own, according to 5,500 pages of internal records obtained by the American Civil Liberties Union from 205 police departments nationwide.

 

The internal documents, which were provided to The New York Times, open a window into a cloak-and-dagger practice that police officials are wary about discussing publicly. While cell tracking by local police departments has received some limited public attention in the last few years, the A.C.L.U. documents show that the practice is in much wider use — with far looser safeguards — than officials have previously acknowledged.

 

The issue has taken on new legal urgency in light of a Supreme Court ruling in January finding that a Global Positioning System tracking device placed on a drug suspect’s car violated his Fourth Amendment rights against unreasonable searches. While the ruling did not directly involve cellphones — many of which also include GPS locators — it raised questions about the standards for cellphone tracking, lawyers say.

 

The police records show many departments struggling to understand and abide by the legal complexities of cellphone tracking, even as they work to exploit the technology.

 

In cities in Nevada, North Carolina and other states, police departments have gotten wireless carriers to track cellphone signals back to cell towers as part of nonemergency investigations to identify all the callers using a particular tower, records show.

 

In California, state prosecutors advised local police departments on ways to get carriers to “clone” a phone and download text messages while it is turned off.

 

In Ogden, Utah, when the Sheriff’s Department wants information on a cellphone, it leaves it up to the carrier to determine what the sheriff must provide. “Some companies ask that when we have time to do so, we obtain court approval for the tracking request,” the Sheriff’s Department said in a written response to the A.C.L.U.

 

And in Arizona, even small police departments found cell surveillance so valuable that they acquired their own tracking equipment to avoid the time and expense of having the phone companies carry out the operations for them. The police in the town of Gilbert, for one, spent $244,000 on such equipment.

 

Cell carriers, staffed with special law enforcement liaison teams, charge police departments from a few hundred dollars for locating a phone to more than $2,200 for a full-scale wiretap of a suspect, records show.

 

Most of the police departments cited in the records did not return calls seeking comment. But other law enforcement officials said the legal questions were outweighed by real-life benefits.

 

The police in Grand Rapids, Mich., for instance, used a cell locator in February to find a stabbing victim who was in a basement hiding from his attacker.

 

“It’s pretty valuable, simply because there are so many people who have cellphones,” said Roxann Ryan, a criminal analyst with Iowa’s state intelligence branch. “We find people,” she said, “and it saves lives.”

Analysis:  I have absolutely no problem with police using location information to track criminals or finding missing persons.  In the latter case time is of the essence and no time needs to be wasted on bureaucratic proceedings.  In the former I do have concerns with law enforcement using tracking devices without court appoval, and applaud the Supreme Court’s ruling. 
 
But there is still alot of legal gray area that needs to be cleared up.  I have a huge problem with police departments getting their own tracking equipment – this is just begging to be abused.  I also have a big problem with this being a profit center for carriers – it needs to be a cost center just like 911.  Being a profit center might make them a bit too over-eager when a gray area comes up.
 

GPS AND POSITIONING DEVELOPMENTS

Massive GPS Jamming Attack by North Korea (GPS World, May 23, 2012

 

Large coordinated cyber attacks from North Korea near its border with South Korea produced electronic jamming signals that affected GPS navigation for passenger aircraft, ships, and in-car navigation for roughly a week in late April and early May. To date, no accidents, casualties, or fatalities have been attributed to jammed navigation signals aboard 337 commercial flights in and out of South Korean international airports, on 122 ships, including  a passenger liner carrying 287 people and a petroleum tanker. One South Korean driver tweeted “It also affects the car navigation GPS units.  I am getting a lot of errors while driving in Seoul.” Read More

Analysis: Besides giving us one more reason to despise North Korea, it provides one more reason to have redundant location technologies whenever possible, particularly for safety related applications.

 

 

 
 
 

Google Satellites Can Track Every Ship At Sea — Including US Navy; Detailed Maps Planned of Sea Bottom

aol.com By  and  May 17, 2012

VIRGINIA BEACH, VA: Google has launched a pair of low-cost satellites that can track virtually every ship at sea, giving the current location and identity even of American warships. While the company is consulting with the Navy and others about security issues, it plans to go public with the data soon.  Read More

 

Analysis: This is one of those inventions that will have 101 uses – including ones not even on Google’s radar screen.

 
 

GPS Robots Swarm California Rivers

 
GPS World May 15, 2012
 
Swarms of robots equipped with GPS and sensors were released May 9 into California rivers to measure water flow, salinty levels, and pollution, reports OurAmazingPlanet.com. The Floating Sensor Network is intended to change the way water quality and flows are monitored in the Sacramento-San Joaquin river system.  Read More
 
Analysis: LBS knows no bounds!  Besides the slightly scary aspect regarding GPS robots, it’s an excellent example of various location technologies being used in new and exciting ways – particularly in this case, the unique use cases and combination with other sensors.
 

LightSquared Nears Bankruptcy  (Update – It did file on May 15th)

May 13, 2012 The Wall Street Journal By MIKE SPECTOR And GREG BENSINGER

 

Hedge-fund manager Philip Falcone’s LightSquared Inc. venture was preparing Sunday to file for bankruptcy protection after negotiations with lenders to avoid a potential debt default faltered, said people familiar with the matter.

 

LightSquared and its lenders still have until 5 p.m. Monday to reach a deal that would keep the wireless-networking company out of bankruptcy court, and there were some indications over the weekend that a final decision hadn’t yet been reached on its fate. Still, the two sides remained far apart, and people involved in the negotiations expected LightSquared to begin making bankruptcy preparations in earnest.  Read More

 
Analysis: What a mess.  You’ve never seen a regulatory battle like this one since the breakup of AT&T.  (Obvious) Lesson – Don’t put all your eggs in one basket, and make sure you have plenty of Plan B’s, C’s, D’s…
 
 

GPS Monitoring of Sex Offenders Can Cut Recidivism

 
LBS Zone May 10, 2012
 

WASHINGTONMay 10, 2012 — The United States Department of Justice’s National Institute of Justice (NIJ) recently released a study that evaluated the use of global positioning systems (GPS) technology to monitor high-risk sex offenders on parole in California.

Offenders in the GPS group demonstrated significantly better outcomes than offenders who were monitored in traditional ways.  The evaluation showed that risk for a sex-related violation was nearly three times greater for offenders who received traditional parole supervision, than offenders who received GPS supervision. The risk of committing an offense that resulted in an arrest was twice as high for offenders who received traditional parole supervision than for offenders in the GPS group.

When compared to traditional supervision, the study found that GPS monitoring costs approximately $8.51 more per day.  The outcomes of GPS monitoring, however, are significantly better. Read More

Analysis: Good news on many fronts.  Interesting cost estimate.  Full report can be found at https://www.ncjrs.gov/pdffiles1/nij/grants/238481.pdf

 
______________________
 
 
 
LBS LEGAL AND PRIVACY NEWS

 

New Jersey judge rules texter not liable for driver’s car crash (Fox News May 26th, 2012)

 

 

A woman who texted her boyfriend while he was driving cannot be held liable for a car crash he caused while responding, seriously injuring a motorcycling couple, a judge ruled Friday in what is believed to be the first case of its kind in the country.

A lawyer for the injured couple argued that text messages from Shannon Colonna to Kyle Best played a role in the September 2009 wreck in Mine Hill. But Colonna’s lawyer argued she had no control over when or how Best would read and respond to the message.  Read More

Analysis: Thank God! As we noted earlier (see below a couple articles), if this lawsuit was allowed to stand it would have tremendous implications, not the least of which for location information – and NOT in a good way.  Our faith in the the justice system got an uptick!

 

 

58% Use Location-based Apps Despite Privacy Concerns  LBS Zone April 9, 2012

 

ROLLING MEADOWS, Ill.–(BUSINESS WIRE)–Fifty-eight percent of consumers who have a smart device use location-based applications, despite concerns about safety and use of their personal information for marketing purposes, according to a survey from nonprofit global information security association ISACA.

“Location-based apps can be tremendously convenient, but also risky. People should educate themselves to understand how their data is being used or know how to disable this feature”

A telephone poll of 1,000 Americans shows that many people are concerned about geolocation, which uses data from a computer or mobile device to identify a physical location:

  • Top concerns include third-party use of personal information for marketing purposes (24%) and strangers knowing too much about people’s activities (24%)
  • Personal safety is the next biggest concern (21%)
  • 43% of people do not read the agreements on apps before downloading them, and of those who do read the agreements, 25% believe these agreements are not clear about how location information is being used  Read More

Analysis: No surprise here, but good quantitative reinforcement to have privacy at the top of mind when designing LBS apps.

 

Despite dangers U.S. teens text and drive: poll

By Chris Michaud Reuters | Mon May 14, 2012 1:08am EDT

Nearly half of the teenagers polled in an AT&T-commissioned survey released today said they had engaged in texting activity while driving; most of the respondents added that it was also common for their friends and parents to do so. Separately, a New Jersey judge is hearing a case in which a couple injured in a car accident has sued both the receiver and sender of the text message that allegedly distracted the driver who caused the crash. The judge will rule on whether the person who sent the message can be held liable for damages. Reuters (5/14), CNET

Analysis: The potential that the sender of the text message could be sued is absolutely terrifying.  While it’s conceivable that location technology could be incorporated into the overhead of a text message sending process, it would be complicated, time consuming, and costly.  Let’s hope the judge realizes how ridiculous this is – what’s the difference between someone who calls you as opposed to texting?  It’s you as the receiver of whatever type of message to make a good judgement. 

 

Wireless Carriers Who Aid Police Are Asked for Data

 
 
WASHINGTON — A leading House Democrat is demanding information from the country’s biggest cellphone companies about their role in helping local police departments conduct surveillance and tracking of suspects and others in criminal investigations.
 
In his letter, Mr. Markey sought data from the cellphone carriers on the number of requests for help they have received from law enforcement officials in cell tracking and surveillance operations, their policies on whether they require the authorities to secure court warrants, the use of cellphone surveillance in nonemergencies, the fees they charge the police and other information.

His letter was prompted by an April 1 article in The New York Times on the routine use of cellphone surveillance by local police departments, even in nonemergency situations.  Read More

Analysis: The big issue here is a lack of consistency and a standard application of law.  The article notes “gray areas” that allow individual police departments to set their own policies.  While we are a big proponent of law enforcement (and not thrilled with Congress getting involved with everyday life), this is just asking for trouble.

Potential Spy Devices Which Track Cellphones, Intercept Calls Found All Over D.C., Md., Va. (NBCWashington.com, May 18, 2018)

The technology can be as small as a suitcase, placed anywhere at any time, and it’s used to track cell phones and intercept calls.

The News4 I-Team found dozens of potential spy devices while driving around Washington, D.C., Maryland and Northern Virginia. “While you might not be a target yourself, you may live next to someone who is. You could still get caught up,” said Aaron Turner, a leading mobile security expert.

The device, sometimes referred to by the brand name StingRay, is designed to mimic a cell tower and can trick your phone into connecting to it instead. The News4 I-Team asked Turner to ride around the capital region with special software loaded onto three cell phones, with three different carriers, to detect the devices operating in various locations.

“So when you see these red bars, those are very high-suspicion events,” said Turner.

If you live in or near the District, your phone has probably been tracked at some point, he said.A recent report by the Department of Homeland Security called the spy devices a real and growing risk. And the I-Team found them in high-profile areas like outside the Trump International Hotel on Pennsylvania Avenue and while driving across the 14th Street bridge into Crystal City. The I-Team got picked up twice while driving along K Street — the corridor popular with lobbyists….

…Every cellphone has a unique identifying number. The phone catcher technology can harness thousands of them at a time. DHS has warned rogue devices could prevent connected phones from making 911 calls, saying, “If this type of attack occurs during an emergency, it could prevent victims from receiving assistance.”

“Absolutely. That’s a worry,” said D.C. Councilwoman Mary Cheh, adding that the spy technology should be a concern for all who live and work in the District.

The I-Team’s test phones detected 40 potential locations where the spy devices could be operating, while driving around for just a few hours. Read More

Analysis: Two major points here. First, and most obvious is of course the potential for rampant survelliance on non-warranted subscribers. 

The second is one mentioned here, but deserves more emphasis: the possibility that a 911 call may not go through. Though it is not 100%, we suspect very strongly that these spy-sites are NOT appropriately connected to the 9-1-1 system, as that system is extremely complicated and requires a large number of workarounds to operate correctly. This is particularly true for AT&T and T-Mobile, carriers that whose 9-1-1 locating systems are “network-based” and use the location of the cell tower as part of the location determination process. It is highly unlikely that these fake towers have an active operating agreement and setup that allow them to integrate with the 911 infrastructure. One more privacy-related timebomb waiting to happen…

_____________________________

What Your Facebook ‘Likes’ Say About Your Personality

(The New York Times, March 21, 2018, embedded in broader article about Facebook security chief)

Researchers at Stanford University and Cambridge University’s Psychometrics Center built a model that could assess a person’s personality using Facebook “likes” alone. The model can use the likes to score a person’s openness, conscientiousness, extraversion, agreeableness and neuroticism. [Examples include:]

Tom Waits musician

Cheryl Cole musician

“A Clockwork Orange” movie

Adidas Football brand

Writing hobby

Jason Aldean musician

MOST CONSCIENTIOUS LEAST CONSCIENTIOUS
Running hobby Bring Me the Horizon musician
Traveling hobby “Adventure Time” TV show
Cooking hobby Minecraft Game
MOST EXTROVERTED LEAST EXTROVERTED
DJ Pauly D musician Anime
JWoww TV star Video Games hobby
Gucci Mane musician Drawing hobby
MOST AGREEABLE LEAST AGREEABLE
Casting Crowns musician Marilyn Manson musician
The Bible Rammstein musician
Relient K musician “Californication” TV show
 
The model, the researchers said, was particularly adept at “predicting life outcomes such as substance use, political attitudes and physical health.” The real-world efficacy of the approach, however, has been called into question.
 
Analysis: It is becoming obvious that we have (finally) encountered the major privacy disaster that we’ve been predicting/anticipating/dreading for sometime with the Facebook–Cambridge Analytica disclosures. The above “Likes Analysis” is similar to numerous other articles that have been written recently, but are only now getting major media time. 
 
While the article, and analysts themselves, calls into question about the accuracy of drawing conclusions based on certain Likes, these examples help illustrate the dangers associated with the lack of protections with respect to social media data, and particularly location data. Put another way, while you “Liking” pictures of exotic destinations may or may not indicate that you love traveling, posts of you in several different destinations (or alternatively, in common scenes but with exotic location stamps) make it far more likely to be true (with the added bonus of giving potential burglars a heads-up on your propensity to be out-of-town). This is even more problematic when you consider that FB and other apps commonly track your location even when you are not using the app, or, as the articles below indicate, when you don’t even use the app or have it loaded on your device at all! 
 
Some examples of behaviors or mindsets that can be inferred with a decent degree of accuracy with just a few location stamps include:
  • Multiple trips to the liquor store in a week/month = Alcoholism for you or a family member
  • Frequent trips to a church = Religious (and perhaps Republican)
  • Frequent trips to AA/NA meetings = Recovering Alcoholism/Drug Addiction
  • Numerous trips to hospital/doctors offices = Health problems (for you or your family. Other data could be used to pinpoint exactly who and the affliction involved)
  • Attendance at Far-Right or Far-Left speaker/rally = Indicating being very politically active, and perhaps other political leanings and “community membership”
  • More than 3 (pick a number) of baseball games attended each season = Cardinals fan (or perhaps a Cubs fan if you only go when Cubs are in town)
Some of the above conclusions can be derived just with location data, while others (such as being a Cubs fan or attending Alcoholics Anonymous/Narcotics Anonymous) needing to be meshed with other data sets such as those games/organization meeting days/times. Some will likely need multiple data points within a certain timeframe to have a high degree of confidence in the “conclusion”, whereas others may only require a few or even one or two data points to draw meaningful conclusions.  The Far-Right/Left example above would likely only need one instance to be indicative of a certain mindset, though in which direction may require other data. 
 
Some of the above examples could be life altering–even destroying, once such “conclusions” are arrived at and publicized (or hacked) in some manner.  Historically it is only the people that get photographed/publicized at some of these events or situations that get the life-altering exposure. With location data and a widely used/abused app (re: FB), it is possible that anyone and everyone could be exposed. No matter what your life situation or political leanings, isn’t everyone entitled to protection from this kind of damage? There is no due process involved, nor mitigating knowledge about the particular context/background of the individual. 
 
BOTTOM LINE: It is critical that ALL location data be protected, no matter what else comes out of legislative and corporate privacy policy changes from the Facebook-CA disclosures.
__________________________
Facebook and Cambridge Analytica: What You Need to Know as Fallout Widens 
(The New York Times, March 20, 2017)

Our report that a political firm hired by the Trump campaign acquired access to private data on millions of Facebook users has sparked new questions about how the social media giant protects user information.

Who collected all that data?

Cambridge Analytica, a political data firm hired by President Trump’s 2016 election campaign, gained access to private information on more than 50 million Facebook users. The firm offered tools that could identify the personalities of American voters and influence their behavior.

Cambridge has been largely funded by Robert Mercer, the wealthy Republican donor, and Stephen K. Bannon, a former adviser to the president who became an early board member and gave the firm its name. It has pitched its services to potential clients ranging from Mastercard and the New York Yankees to the Joint Chiefs of Staff. On Monday, a British TV news report cast it in a harsher light, showing video of Cambridge Analytica executives offering to entrap politicians.

Read more about how Cambridge Analytica and the Trump campaign became linked.

Behind the data: How researchers use Facebook “likes” to sway your thinking.

What kind of information was collected, and how was it acquired?

The data, a portion of which was viewed by The New York Times, included details on users’ identities, friend networks and “likes.” The idea was to map personality traits based on what people had liked on Facebook, and then use that information to target audiences with digital ads.

Researchers in 2014 asked users to take a personality survey and download an app, which scraped some private information from their profiles and those of their friends, activity that Facebook permitted at the time and has since banned.

The technique had been developed at Cambridge University’s Psychometrics Center. The center declined to work with Cambridge Analytica, but Aleksandr Kogan, a Russian-American psychology professor at the university, was willing.

Dr. Kogan built his own app and in June 2014 began harvesting data for Cambridge Analytica.

He ultimately provided over 50 million raw profiles to the firm, said Christopher Wylie, a data expert who oversaw Cambridge Analytica’s data harvesting. Only about 270,000 users — those who participated in the survey — had consented to having their data harvested, though they were all told that it was being used for academic use.

Facebook said no passwords or “sensitive pieces of information” had been taken, though information about a user’s location was available to Cambridge. Read More

Analysis: Facebook continues to not inspire confidence in how it uses location data. If this was truly a “one-off” incident, we would not be that concerned. But FB continues to exhibit the strategic intent of monitezing every bit of personal data as possible. Other related articles elaborate on how data associated with this “breach” was used (really, a legal use as defined within their bryzantine and continually changing privacy policies) and indicate an even more worrisome aspect: “leveraging” (re: using well beyond what most people understand) potentially anyone’s use of Facebook login credentials to login onto other apps to obtain their personal Facebook-related data, even if those other person’s do not have that (non-Facebook) app. This type of “leveraged” personal data use is extremely concerning. 

If for example you (Person B) don’t subscribe to a dating site, but Person A does, and Person A and B (you) are friends, and/or you (Person B) Like something Person A posted, Facebook could (and apparently did in some cases) use your (Person B’s) data to help Person A’s dating app in some way, such as extending its understanding of Person A’s profile based on their relationships with Person B (you). One more BIG reason to NEVER use Facebook login-credentials to login to ANY app other than Facebook: there is just no way of understanding how the cross-app data will be used. But since there is a growing body of evidence that practially every scrap of personal data (including location data–check-ins in particular) are heavily monetized, it is probably wise to assume that every possible personal behavior and interest that Facebook can extract from the use of these other apps will be monetized as well. Facebook is not going to stop using this data because of this uproar–it is the core of their business model

________________________ 

Drones Are Watching: Railroad Irks Workers With Unmanned Aircraft

Workers say drones are a distraction; the railroad says the program will coach employees in correcting behaviors that could cause serious injury (The Wall Street Journal, 3/15/18)

Union Pacific Corp. UNP 0.83% riled employees recently when it started flying drones over some of its railroad yards to ensure workers were following safety guidelines.

The aerial spotters were looking for any number of behaviors that deviate from the railroad’s rule book, from passing between railcars that are less than 100 feet apart to climbing off moving equipment.

The response from the railroad workers’ union? Urging the rank and file to flood Union Pacific’s safety hotline with complaints that the drones make their jobs more dangerous.

Workers say that rather than promote safety, the drones create a hazard by distracting them when they should be laser-focused while around 200-ton locomotives and railcars moving along the tracks, according to Steve Simpson, general chairperson with the International Association of Sheet Metal, Air, Rail and Transportation Workers. “They are no longer looking ahead or at their task at hand,” he said. “They’re looking up.”

Mr. Simpson, whose general committee represents 1,600 conductors, engineers and other rail workers in the southern U.S., also advises members on complaints to the Federal Aviation Administration and Federal Railroad Administration. He said there is no way to distinguish a drone flown by Union Pacific from one operated by an unauthorized party….

—Mr. Simpson said he suspects safety isn’t the company’s only motivation. Workers see drones as a means to discipline them, he said, with escalating penalties that can lead to termination. There is no indication anyone has been fired for an infraction spotted from up to 400 feet in the air, but Mr. Simpson said workers have been cited for violations as a result.

Ms. Espinoza said Union Pacific has been using drones to conduct federally mandated field testing and will coach employees to correct behavior that could cause serious injury. “We are finding drones are valuable tools that can help us reach our ultimate goal of operating in an incident-free environment and ensure employees go home safely,” Ms. Espinoza said. She added that the company hotline has received only one complaint about the use of drones...

…Drone use is still in its infancy in the railroad industry. Companies have sought to incorporate it into operations to inspect bridges and track, assess damage after natural disasters and map their networks. Other proposed or active uses have included spotting trespassers, air-quality tests and aerial photography.

Earl Lawrence, who runs the FAA’s drone-integration office, said he was unaware of any other industries where employers are using drones to enforce safety rules. “Every day we see inventive ways of using aerial platforms,” he said.

Berkshire Hathaway Inc.’s BNSF railroad, which, like Union Pacific, operates in the Western U.S., has worked closely with the FAA to find ways to incorporate drones into its operations. After obtaining waivers to fly drones outside the line of sight of their operators, BNSF in 2015 flew an unmanned, fixed-wing aircraft over 270 miles in New Mexico to inspect tracks. The railroad said it was the first commercially operated drone to fly beyond its pilot’s line of sight within the lower 48 states.

Since then, BNSF has received permission to conduct tests on more than 2,000 miles of track, including at night.

Norfolk Southern Corp. uses drones only for bridge inspections, a spokeswoman said. CSX uses the aircraft to monitor its rail network, collect data and conduct security checks. Drones also have been used as part of installing so-called positive train control, a new, federally mandated safety system, a spokesman said.

Union Pacific first received FAA approval to use drones in 2015. It now has 126 employees on staff certified to fly them and has used them to inspect bridges and flood damage, among other uses. Union Pacific plans to have as many as 250 trained drone pilots by the end of 2018 and is also looking into self-flying drones.

Union Pacific first deployed drones to monitor employees in December 2017 at a rail facility in Ste. Genevieve, Mo., later expanding to 14 locations. While railroads already make use of fixed cameras to monitor operations, aerial footage provides a new vantage point for yardmasters in facilities that can be more than 100 tracks wide and scattered with visual obstacles like cars and equipment.

“It’s a useful tool,” said Mr. Simpson, the railroad union leader. “But it’s being used as a discipline tool and that worries me.” Read More

Analysis: The concerns expressed here by the union closely resembles the criticisms from workers in the early days of mobile phone-based location-based services business apps, with assertions of privacy violations and unwarranted tracking of workers. Like those apps–now fully accepted as a management tool–I suspect the backlash will also die down, even if it takes a few years. 

However, the article mentions an area of likely to be great concern as drone use grows: being able to discern (or not) between “authorized” drones (drones sanctioned by the railway/applicable business entity) and unauthorized ones (anybody else’s drone, including competitors, reckless hobbyists, or even thieves). How do you determine if a drone is one or the other? And what do you do when you know something is unauthorized? Call the police? Try and shoot it down? Equip railyards with jammers? While the privacy/worker tracking issue will die down, we predict the “unauthorized use” issue will become a major one in the years ahead.

__________________________

Facebook Really Is Spying on You, Just Not Through Your Phone’s Mic (The Wall Street Journal, March 6, 2018)

How to limit the amount of data Facebook and advertisers are collecting about you

“Can I try the Cole Haans in a size 8?”
Later that night on Facebook: An advertisement for Cole Haan pumps.

OK, maybe a coincidence.

“What’s the best high-tech scale?” my wife asks aloud.
Five minutes later on Instagram: An ad for scales.

Wait, are they listening?

“Get the little red Sudafed pills,” my mom says after I sneeze.
That afternoon: An advertisement for Sudafed PE.

Yep, they’ve even wiretapped my bodily functions.

A conspiracy theory has spread among Facebook and Instagram users: The company is tapping our microphones to target ads. It’s not.

“Facebook does not use your phone’s microphone to inform ads or to change what you see in News Feed,” says Facebook.

Yeah, sure, and the government swears it isn’t keeping any pet aliens at Area 51. So I contacted former Facebook employees and various advertising technology experts, who all cited technical and legal reasons audio snooping isn’t possible.

Uploading and scanning that much audio data “would strain even the resources of the NSA,” says former Facebook ad-targeting product manager Antonio Garcia Martinez. “They would need to understand the context of what you are saying—not just listen for words,” says Sandy Parakilas, a former Facebook operations manager.

I believe them, but for another reason: Facebook is now so good at watching what we do online—and even offline, wandering around the physical world—it doesn’t need to hear us. After digging into the various bits of info Facebook and its advertisers collect and the bits I’ve actually handed over myself, I can now explain why I got each of those eerily relevant ads. (Facebook ads themselves offer limited explanations when you click “Why am I seeing this?”)

Advertising is an important staple of the free internet, but the companies buying and selling ads are turning into stalkers. We need to understand what they’re doing, and what we can—or can’t—do to limit them. [Article describes tracking what you bought, and other elements, picking back up with location tracking, next. Strongly urge you to read this too though this section is not about location. However the overall recommendation is either don’t use loyalty cards, or register them to an email address or phone number you don’t use.]

Where You’ve Been

What could be better than your purchase history? Location, location, location. Did you stop by a shop? This ad will remind you to come back! Are you close to one of our stores? Here’s a coupon!

My colleague Christopher Mims detailed in his recent column how advertisers are using all sorts of location signals—your phone’s GPS, Wi-Fi access points around you, IP addresses, etc.— to follow your breadcrumbs….

Do this: Limit Facebook from knowing where you are. In the mobile app (iOS and Android), go to Settings > Account Settings > Location and turn off location tracking. Disable location history, too….

Other apps can pinpoint your location and serve you ads back through Facebook. Before granting any app location access, think it throughOn the iPhone, go to Settings > Privacy > Location Services and go through the apps you’ve granted location access. (They should all say “Never” or “While Using”—not “Always.”) On Android, go to Settings > Location. Read More

Analysis – Do the above. If not the “Never” option, then at least “While Using”. NEVER do the “Always” option, unless…well, there is no unless.

____________________________

 

Your Location Data Is Being Sold—Often Without Your Knowledge

 

Location-based ads are growing, which means the industry has more ways than ever to track you (The Wall Street Journal, March 3, 2018)

As location-aware advertising goes mainstream—like that Jack in the Box ad that appears whenever you get near one, in whichever app you have open at the time—and as popular apps harvest your lucrative location data, the potential for leaking or exploiting this data has never been higher.

It’s true that your smartphone’s location-tracking capabilities can be helpful, whether it’s alerting you to traffic or inclement weather. That utility is why so many of us are giving away a great deal more location data than we probably realize. Every time you say “yes” to an app that asks to know your location, you are also potentially authorizing that app to sell your data.

Dozens of companies track location and/or serve ads based on this data. They aim to compile a complete record of where everyone in America spends their time, in order to chop those histories into market segments to sell to corporate advertisers.

Marketers spent $16 billion on location-targeted ads served to mobile devices like smartphones and tablet computers in 2017. That’s 40% of all mobile ad spending, research firm BIA/Kelsey estimates, and it expects spending on these ads to double by 2021.

The data required to serve you any single ad might pass through many companies’ systems in milliseconds—from data broker to ad marketplace to an agency’s custom system. In part, this is just how online advertising works, where massive marketplaces hold continuing high-speed auctions for ad space.

But the fragmentation also is because of a very real fear of the public backlash and legal liability that might occur if there were a breach. Imagine the Equifax breach, except instead of your Social Security number, it’s everywhere you’ve been, including your home, your workplace and your children’s schools.

The fix, at least for now, is that with most individual data vendors holding only parts of your data, your complete, identifiable profile is never all in one place. Giants like Facebook and Alphabet ’s Google, which do have all your data in one place, say they are diligent about throwing away or not gathering what they don’t need, and eliminating personally identifying information from the remainder.

Yet as the industry and the ways to track us expand, the possibility that our whereabouts will be exposed multiplies. If you’ve ever felt clever because an app on your phone asked to track your location and you said no, this should make you feel a little less smug: There are plenty of ways to track you without getting your permission. Some of the most intrusive are the easiest to implement.

The spy in your pocket

Your telco knows where you are at all times, because it knows which cell towers your phone is near. In the U.S., how much data service providers sell is up to them.

Another way you can be tracked without your knowing it is through any open Wi-Fi hot spot you might pass. If your phone’s Wi-Fi is on, you’re constantly broadcasting a unique address and a history of past Wi-Fi connections. Retailers sometimes use these addresses to identify repeat customers, and they can also use them to track you as you go from one of their stores to another. Read More

Analysis: We’ve been saying for almost 2 decades (yes, we’ve been around that long) that Privacy and Security are the single most important elements of location-based services. Put another way, together they are the biggest single vulnerabilities with respect to LBS consumer adoption. While there have been many location-data breaches, they have been piecemeal so far. But it will only take one big one, e.g. the location-equivalent of the Equifax breach, to change this – in the form of a hack, or even worse, over-the-top abuse by a major service provider. The article offers some good ideas, but here are the overall keys in our opinion: 

1) Lobby Congress to pass (finally) a location-protection bill (a long-shot but a good bill would fix alot of the problems), 

2) Wean yourself off the more egregeous abusers of your data (legal and self-preservation prevents us from naming them, but they are not hard to figure out),

3) Clear your tracking cookies frequently (weekly), 

4) Consider installing Privacy software (review on candidates coming soon), 

5) DON’T login to every free Wi-Fi spot you find just to save a bit on data usage, and 

6) Make sure you opt-OUT (since most provides assume a non-response is an opt-in, or they bury it in the Ts&Cs) of location tracking on every application you have (usually in Settings function), or, alternatively if you must have location, turn OFF the location tracking feature seeting that allows tracking you even when the app is not loaded/open. 

Finally, try and make your online life as fragmented as possible, as this article suggests. It’s counter-intuitive, and somewhat inefficient, but necessary to avoid a breach from ruining your entire online life (instead of only a piece of it). Avoid the temptation to link applications together, and/or funnel all logins/passwords through one source like Facebook, which is a virtual Byzantine with respect to privacy – but one thing you can count on is that they are using every scrap of data they can get on you, and reselling it as well.

____________________________

Cops, Cellphone and Privacy at the Supreme Court (The New York Times, November 26, 2017)

How hard should it be for the police to get hold of reams of data showing every place you’ve been for months?

The Supreme Court will confront that question on Wednesday when it hears oral arguments in one of the biggest Fourth Amendment cases in years.

In 2013, Timothy Carpenter was convicted of being the ringleader behind a series of armed robberies of cellphone stores in and around Detroit, and was sentenced to almost 116 years in prison. His conviction was secured in part based on 127 days of location data that his cellphone service provider turned over to the police, showing that his phone had been in the vicinity of several of the robberies.

The police got those phone records without a warrant, which the Fourth Amendment generally requires, and which would have forced them to show they had probable cause to believe that Mr. Carpenter had committed a crime. Instead they relied on a federal law with a lower standard: “reasonable grounds to believe” that the records “are relevant and material to an ongoing criminal investigation.”

Mr. Carpenter appealed his conviction as violating the Fourth Amendment’s ban on unreasonable searches and seizuresHe argues that the police should have to get warrants to collect long-term location data, which reveal a huge amount of private information. As a federal judge in a separate case put it, “A person who knows all of another’s travels can deduce whether he is a weekly churchgoer, a heavy drinker, a regular at the gym, an unfaithful husband, an outpatient receiving medical treatment, an associate of particular individuals or political groups — and not just one such fact about a person, but all such facts.” Read More

Analysis: We do mobile forensic data analysis on both sides of criminal cases, so in general believe we are impartial. But we have to side with Mr. Carpenter on this one: long-term location data can reveal a huge amount about a person – an amount far above whatever is likely needed for arrest and prosecution, with the exception (perhaps) of conspiracy charges. But even then a warrant should be required.

___________________

The End of Privacy (The New York Times, October 5, 2017)
 

We learned on Tuesday that three billion Yahoo email accounts were compromised in 2013. In early September, it was Equifax’s 143 million credit reports. Just a few months before that, we learned 198 million United States voter records were leaked online in June.

Given the constant stream of breaches, it can be hard to understand what’s happening to our privacy over time. Two dates — one recent and one long ago — help explain this: Dec. 15, 1890, and May 23, 2017, are the two most important days in the history of privacy. The first signifies its creation as a legal concept, and the latter, while largely overlooked at the time, symbolizes something close to its end.

On Dec. 15, 1890, the future Supreme Court Justice Louis Brandeis and the attorney Samuel Warren published an article in the Harvard Law Review, “The Right to Privacy,” which argued for the recognition of a new legal right to, in their words, “be let alone.” The article was spurred by a new technology called the instantaneous photograph, which made it possible for anyone walking down the street to find their image in the newspaper the next day.

That argument forms the basis for the way we approach our rights to privacy to this day. The proposed right to “be let alone” made a fundamental distinction between being observed, which can accompany any act made in public, versus being identified, a separate and more intrusive act. We consent to be observed constantly; we rarely consent to be identified.

Today, however, this distinction has eroded, thanks to the rapid advance of digital technologies and the accompanying rise of the field broadly called data science. What we have thought of as privacy is dying, if not already dead.

For example, in 2012, the United States Supreme Court in U.S. v. Jones evaluated the constitutionality of police investigators’ placement of a GPS tracker on the Jeep of a suspected drug trafficker to monitor his movements for a month without a warrant. The court determined that this tracking of the defendant’s public movements had crossed the line from public observation to private identification and had therefore violated his expectations of privacy. It held that sustained monitoring, even in public, exceeded the bounds of simple observation and that the government’s surveillance was therefore unconstitutional.

Just five years later, this argument makes much less sense: “Sustained monitoring” is now a part of our digital lives. And that’s why what happened on May 23, 2017, is so important.

On that day, Google announced that it would begin to tie billions of credit card transactions to the online behavior of its users, which it already tracks with data from Google-owned applications like YouTube, Gmail, Google Maps and more. Doing so allows it to show evidence to advertisers that its online ads lead users to make purchases in brick-and-mortar stores. Google’s new program is now the subject of a Federal Trade Commission complaint filed by the Electronic Privacy Information Center in late July.

Google may be the first to formally make this link, but it is hardly alone. Among technology companies, the rush to create comprehensive offline profiles of online users is on, driven by the need to monetize online services offered free.

In practice, this means that we can no longer expect a meaningful difference between observability and identifiability — if we can be observed, we can be identified. In one recent study, for example, a group of researchers showed that aggregate cellular location data — the records generated by our cellphones as they anonymously interact with nearby cell towers — can identify individuals with 73 percent to 91 percent accuracy.

And even without these advanced methods, finding out who we are and what we like and do has never been easier. Thanks to the trails created by our continuous online activities, it has become nearly impossible to remain anonymous in the digital age.

So what to do?

The answer is that we must regulate what organizations and governments can actually do with our data. Simply put, the future of our privacy lies in how our data is used, rather than how or when our data may be gathered. Excepting those who opt out of the digital world altogether, controls on data gathering is a lost cause.

This is part of the approach now being taken by European regulators. One of the cornerstones of the European Union’s new regulatory framework for data, known as the General Data Protection Regulation, or G.D.P.R., is the idea of purpose-based restrictions on data. In order for an organization or public authority to use personal data gathered in the European Union, it must first specify what that data is going to be used for. The G.D.P.R. sets forth six broad categories of acceptable purposes, including when an individual has directly consented to a specific use for the data to when data processing is necessary for the public interest. If data is issued for an unauthorized purpose, legal liability ensues. The G.D.P.R. is far from perfect, but it is on to something big.

This method stands in stark contrast to the way data is protected in the United States, which might best be characterized as a “collect data first, ask questions later” approach. Sure, American technology companies disclose their privacy policies in a terms-of-service statement, but these disclosures are often comically ambiguous and widely misunderstood.

Many privacy advocates will no doubt find it hard to stomach that the way we think about protecting our data is outdated. But if we are to maintain the ability to assert control over the data we generate, we must also admit that our past ideas of what it means to be “let alone” no longer apply. Read More

Analysis – The advent of the Internet of Things and facial recognition softwqre will make this scary prospect outright horrifying. The cycle wll not stop with “if we can be observed, we can be identified”. It will progress to “if we can be identified, we can be tracked” – not just with location data, but with sensors that capture every element of our lives from what we do to how we act, and finally to what we think and even why we think it (e.g. interprolating our motivations, which is easier than you think). Our lives will be the proverbal open book to anyone who can capture our image electronically, unless we adopt an European-type attitude and regulatory structure.

_______________________

Cars Suck Up Data About You. Where Does It All Go? (The New York Times, July 27, 2017)

Cars have become rolling listening posts. They can track phone calls and texts, log queries to websites, record what radio stations you listen to — even tell you when you are breaking the law by exceeding the speed limit.

Automakers, local governments, retailers, insurers and tech companies are eager to leverage this information, especially as cars transform from computers on wheels into something more like self-driving shuttles. And they want to tap into even more data, including what your car’s video cameras see as you travel down a street.

Who gets what information and for what purposes? Here is a primer.

What Can Be Collected?

Government rules limit how event data recorders — the black boxes in cars that record information such as speed and seatbelt position in the seconds before, during and after a crash — can be used. But no single law in the United States covers all the data captured by all the other devices in automobiles.

Those devices include radar sensors, diagnostic systems, in-dash navigation systems and built-in cellular connections. Newer cars may record a driver’s eye movements, the weight of people in the front seats and whether the driver’s hands are on the wheel. Smartphones connected to the car, and those not connected to the car, can also track your activities, including any texting while driving.

There are few rules or laws in the United States that govern what data can be collected and used by companies. (An exception is medical information.) The United States generally does not ensure that companies strip out names or other personal details, or stipulate how such information should be used, for example. Read More

Analysis – No long-winded analysis of this one. Bottom Line: Connected cars means your EVERY move will be tracked.
____________________________

Spyware Sold to Mexican Government Targeted International Officials (The New York Times, July 10, 2017) – NOTE: This is a followup to a June 19th article, also below)

MEXICO CITY — A team of international investigators brought to Mexico to unravel one of the nation’s gravest human rights atrocities was targeted with sophisticated surveillance technology sold to the Mexican government to spy on criminals and terrorists.

The spying took place during what the investigators call a broad campaign of harassment and interference that prevented them from solving the haunting case of 43 students who disappeared after clashing with the police nearly three years ago.

Appointed by an international commission that polices human rights in the Americas, the investigators say they were quickly met with stonewalling by the Mexican government, a refusal to turn over documents or grant vital interviews, and even a retaliatory criminal investigation.

Now, forensic evidence shows that the international investigators were being targeted by advanced surveillance technology as well. (Read More of NYTimes article)

Analysis: The “forensics evidence shows” link has this passage: “Once infected, the Pegasus implant on the phones phones would connect with Pegasus’ Command and Control (C2) servers, enabling the NSO customer to invisibly control the phone’s microphone and camera, as well as collect all of the contacts, e-mails, messages, geolocation, and other personal information on the phone.” What is the lesson here?
First, there are NO limitations on the use of this technology once obtained. Second, the only “protection” the vendors of these tools offer is “limiting” their purchase to government entities, along with a toothless request/”mandate” that they be used only for legal purposes. Third, these tools can collect EVERYTHING on a phone, including real-time location – an incredibly scary prospect for investigators in semi-lawless countries.
 
 
Is there a solution? Not sure – perhaps a back door disabling capability that the vendors can use to disable tools being used against the terms and conditions of the purchase. But would they use it, in the process likely destroying their relationship with a whole country? Unlikely. This problem is only going to get worse, people.
____________________________

Using Texts as Lures, Government Spyware Targets Mexican Journalists and Their Families (The New York Times, June 19, 2017)

MEXICO CITY — Mexico’s most prominent human rights lawyers, journalists and anti-corruption activists have been targeted by advanced spyware sold to the Mexican government on the condition that it be used only to investigate criminals and terrorists.

The targets include lawyers looking into the mass disappearance of 43 students, a highly respected academic who helped write anti-corruption legislation, two of Mexico’s most influential journalists and an American representing victims of sexual abuse by the police. The spying even swept up family members, including a teenage boy.

Since 2011, at least three Mexican federal agencies have purchased about $80 million worth of spyware created by an Israeli cyberarms manufacturer. The software, known as Pegasus, infiltrates smartphones to monitor every detail of a person’s cellular life — calls, texts, email, contacts and calendars. It can even use the microphone and camera on phones for surveillance, turning a target’s smartphone into a personal bug.

The company that makes the software, the NSO Group, says it sells the tool exclusively to governments, with an explicit agreement that it be used only to battle terrorists or the drug cartels and criminal groups that have long kidnapped and killed Mexicans.

But according to dozens of messages examined by The New York Times and independent forensic analysts, the software has been used against some of the government’s most outspoken critics and their families, in what many view as an unprecedented effort to thwart the fight against the corruption infecting every limb of Mexican society.

“We are the new enemies of the state,” said Juan E. Pardinas, the general director of the Mexican Institute for Competitiveness, who has pushed anti-corruption legislation. His iPhone, along with his wife’s, was targeted by the software, according to an independent analysis. “Ours is a society where democracy has been eroded,” he said.

The deployment of sophisticated cyberweaponry against citizens is a snapshot of the struggle for Mexico itself, raising profound legal and ethical questions for a government already facing severe criticism for its human rights record. Under Mexican law, only a federal judge can authorize the surveillance of private communications, and only when officials can demonstrate a sound basis for the request.

It is highly unlikely that the government received judicial approval to hack the phones, according to several former Mexican intelligence officials. Instead, they said, illegal surveillance is standard practice. Read More

Analysis: Unfortunately, this is the kind of government invasion of privacy we’ve been worried about for years. While the article doesn’t specifically refer to location information, current and historical location is the kind of information that can be obtained by these tools. We’ve used the (legal) output of similar tools in forensics cases in the past, and they can extract everything on your phone, whether deleted or not.

While this article is about Mexico, not the U.S., the key in both countries is the rule of law AND its enforcement. Any gray area in the law, or in the processes involved in legally obtaining cell phone information, will be exploited. Even where/when the law is supposedly “up-to-date”, rest assured it is not, as technology advances are far faster than legal protections. Worst, the privacy invasion represented here is only going to get exponentially worse, as connected cars and the Internet of Things potentially provides literally billions of new opportunities for illegal and/ unethical survelliance.

___________________________

Companies Look to Make a Quantum Leap With New Technology (The Wall Street Journal, May 6, 2017)

Quantum mechanics has fascinated, confounded and even alarmed scientists for nearly a century with the notion that particles can exist in two states at once and communicate with each other across vast distances. The underlying science that Albert Einstein famously called “spooky” could soon become one of modern computing’s core tenets.

 

Computers that utilize quantum mechanics are moving beyond pure scientific research and inching toward the commercial sector, with companies such as Volkswagen AG beginning to harness their unprecedented power to solve complex problems in nanoseconds.

 

“This technology is not futuristic,” said Martin Hofmann, Volkswagen chief information officer, who oversees information technology for the group’s 12 brands including Audi , Porsche and Bentley. “It’s a question of years until it’s commercialized, and investing right now in the technology is a big competitive advantage.”

While traditional computers use binary digits, or bits, which can either be 0s or 1s, quantum computers use quantum binary digits, or qubits, which represent and store information in both 0s and 1s simultaneously. This means the computers have the potential to sort through a vast number of possibilities within a fraction of a second to come up with a probable solution.

Volkswagen put that speed to use for a recent traffic-optimization project. Working on a $15-million D-Wave quantum computer over the cloud, a team of five in-house data scientists took GPS data from 10,000 taxis in Beijing and simulated specific routes that would allow each car to travel from downtown Beijing to the nearest airport, about 20 miles away, in the fastest time possible without creating a traffic jam.

After six months and several attempts, Dr. Hofmann and his team in March came up with an algorithm for the computer that optimized the routes for each taxi within a fraction of a second. A normal computer would have taken about 45 minutes to complete the same task, he said.

Dr. Hofmann’s next project is a navigation-based mobile app for drivers in Barcelona that will harness the power of quantum computing and machine learning, a part of artificial intelligence, to predict traffic jams and immediately send alternate routes. The first iteration is expected to debut by the end of the year, though Dr. Hofmann declined to go into more detail about the project. “If our project succeeds and in six to eight years the technology is where it should be, then traffic jams won’t happen anymore,” he said.  Read More

Analysis: It is very interesting that the two key examples in this article of the potential of quantum computing (QC) are in the LBS space. More broadly, QC’s potential in location and context big data analysis that will come from IoT’s ability to collect data on us anywhere, anytime, is staggering, and frightful. Imagine the ability to predict with a high degree of certainty where we will go and what we will do tomorrow based on our past behavior, before we even know it ourselves! A long-term issue yes, but “long-term” is now 5-10 years, not 20-50, so the time to start planning for (and protecting ourselves from) this capability is now. 

_________________________
Shopping Malls Are Tracking Your Every Move (The Wall Street Journal, March 14, 2017)

Add another category to the growing list of companies monitoring their customers: shopping-mall landlords.

As more shoppers tote smartphones while browsing in stores, shopping-center owners are tracking their movements and spending habits to try to figure out how best to arrange stores and mall layouts to boost shopping activity.

Some landlords measure how long people stay in the mall, how long they linger in particular stores or displays, and where they were before and after heading to the mall. That gives them a better idea of which stores benefit from being in proximity to one another.

Landlords also match shoppers’ location data against their social media or email accounts and channel personalized advertisements to them…

…To use a shopping center’s Wi-Fi or app, customers typically have to agree to terms and conditions that disclose its privacy policy before they can log in.

Mobile games also are starting to appeal to landlords looking for other ways to deliver incentives directly to shoppers.

Some landlords include a screen at a corner of the food court and designate that area as a place where customers can compete with each other at games played on their phones, with the images projected on the screen.

People have to provide basic information to play, such as their age, email address, and you’ve instantly captured these customers,” said Steve Ridley, chief executive officer of FunWall, a social and tournament gaming company. The data help the mall’s marketing team improve loyalty programs, including promotions such as gift certificates or free drinks.

In The Shops at South Town in Utah, owner Pacific Retail Capital Partners invested millions to renovate the shopping center to add beacons, which emit signals to smartphones or tablets in the vicinity, and multimedia wall displays that include digital art and advertising.

The Los Angeles-based real-estate developer also included a 13-by-6-foot interactive wall in the dining terrace where children can play a custom-developed emoji game that draws families and increases their mall time…

..Some malls have been using beacons not only to offer personalized coupons to the shopper’s smartphone but also to get data on how often shoppers pass by the store and how often they use their phones to make calls or pay for purchases. Read More (Subscription may be required)

Analysis – This covers many different issues: Privacy policies,  future trends (e.g. wearables), using mobile games as personal data acquisition mechanisms, and–implicitly–the potential for data abuse and hacking, particularly with children and young adults. 

While this article does not discuss the details of privacy policies, it’s an easy bet that you are accepting a free-for-all in terms of data access and usage. Since most people (particularly children and young adults) are always on the lookout for a free hotspot, it is likely they will accept a mall’s Ts&Cs in a heartbeat, not knowing what data access they are providing. And malls are not particularly stringent when it comes to security–on the contrary, the easier to access their hot spot and any apps the better. The gaming angle is both innovative and concerning, since again its the younger generation most likely to sign on without caring about security or privacy. It’s just a matter of time before some enterprising hacker taps into this…

Longer-term, as wearables and multi-use beacons become more prevalent, the more data that will become available to retailers, and along for the ride the higher for potential hacking and abuse. Malls and retailers are salivating at the prospect, understandably. But the first (publicized) breach will likely result in a significant financial hit for the retailer/mall responsible. Lesson to retailers: be proactive in beefing up your security, even if it doesn’t include credit card #s.

____________________________

 

Court: Warrant needed to search car’s ‘black box’

How Uber Used Secret Greyball Tool to Deceive Authorities Worldwide (NY Times, March 3, 2017)

 

SAN FRANCISCO — Uber has for years engaged in a worldwide program to deceive the authorities in markets where its low-cost ride-hailing service was being resisted by law enforcement or, in some instances, had been outright banned.

 

The program, involving a tool called Greyball, uses data collected from the Uber app and other techniques to identify and circumvent officials. Uber used these methods to evade the authorities in cities such as Boston, Paris and Las Vegas, and in countries like Australia, China, Italy and South Korea.

 

Greyball was part of a broader program called VTOS, short for “violation of terms of service,” which Uber created to root out people it thought were using or targeting its service improperly. The VTOS program, including the Greyball tool, began as early as 2014 and remains in use, predominantly outside the United States. Greyball was approved by Uber’s legal team…

…This is where the VTOS program and the use of the Greyball tool came in. When Uber moved into a new city, it appointed a general manager to lead the charge. This person would try to spot enforcement officers using a set of technologies and techniques.

One method involved drawing a digital perimeter, or “geofence,” around the authorities’ offices on a digital map of the city that Uber monitored. The company watched which people were frequently opening and closing the app — a process known internally as eyeballing — near such locations as evidence that the users might be associated with city agencies.

Other techniques included looking at a user’s credit card information and determining whether the card was tied directly to an institution like a police credit union.

Enforcement officials involved in large-scale sting operations meant to catch Uber drivers would sometimes buy dozens of cellphones to create different accounts. To circumvent that tactic, Uber employees would go local electronics stores to look up device numbers of the cheapest mobile phones on sale — often the ones bought by city officials working with budgets that were not sizable.

In all, there were at least a dozen or so signifiers in the VTOS program that Uber employees could use to assess whether users were regular new riders or likely to be city officials.

If such clues were not enough to confirm a user’s identity, Uber employees would search social media profiles and other information available online. If users were identified as being connected to law enforcement, Uber Greyballed them by tagging them with a small piece of code that read “Greyball” followed by a string of numbers.

When someone tagged this way called a car, Uber could scramble a set of ghost cars inside a fake version of the app for that person to see, or show no cars available at all. If a driver accidentally picked up someone tagged as an officer, Uber occasionally called the driver with instructions to end the ride.

Uber employees said the practices and tools were born out in part of safety measures meant to protect drivers in some countries. In Franchwe, India and Kenya, for instance, taxi companies and workers targeted and attacked new Uber drivers. Read More.

Analysis: This is one of the most fascinating – and complex – stories involving location privacy that we’ve seen. It has everything: the clash of private and public motivations, dueling use of technologies, questionable law enforcement techniques, and of course the possible abuse of location data privacy. But the possible “abuse” comes with the question: what is more ethical: to invade the privacy of individuals (though acting in an official capacity), or to misrepresent oneself (even if acting in an official capacity, though without court sanction)? 

I would like to say there is a clear winner here but there isn’t one. Uber was likely trying to prevent being “caught” by cities where it had not yet been approved. However, the original purpose of the program – to protect driver safety – was laudable. Cities clearly have a right to regulate as they see fit, but do they have a right to so obviously misrepresent themselves (particularly when using non-law enforcement city employees) in trying to catch offenders of their regulations? No easy answer.

More generally however, Greyball’s use of personal geofencing (which may or may not be a privacy intrusion, legally or ethically) along with its “meshing” of that data with more clearly private information (credit card numbers and to some degree social media) illustrates a location data privacy conundrum that will only get worse as location data collection mechanisms and opportunities increase and the ability to combine it with other information creates the great potential for abuse. Any privacy regulations will likely always be behind what technology can do – it is up the nasceant privacy protection industry to step up its game and provide real alternatives to individuals who don’t want their data to be used in this manner.

                                                                      _______________________

States Wire Up Roads as Cars Get Smarter

Planners say ‘smart roads’ will unlock benefits from self-driving cars, curb accidents, but costs are high (The Wall Street Journal, January 2, 2017)

On a crowded interstate outside Washington, D.C., large digital signs over four westbound lanes flashed messages lowering the speed limit by 10, then 20 miles an hour.

Drivers slowed just as a fast-moving thunderstorm unleashed sheets of rain that drenched the road and reduced visibility to a few dozen yards. There was no abrupt braking, no swerving and none of the fender-benders that can tie up traffic for miles.

The signs, installed last year, are a first step toward what highway planners say is a future in which self-driving cars will travel on technology-aided roads lined with fiber optics, cameras and connected signaling devices that will help vehicles move as quickly as possible—and more safely.

Transit planners say these so-called smart roads will unlock bigger benefits from self-driving cars, including fewer accidents, faster trips and fuel savings. Read More

Analysis: We’re at the top of the list recognizing the potential for driverless cars. But the potential is a double-edged sword–the most obvious downside being the potential for being hacked. However, there is an even bigger potential–and legal–downside: the potential for user (e.g. the owner/passenger of the vehicle) information being misused by government and other entities, via the infrastructure being put in place as described in this article. Worst case, such infrastructure will allow EVERY person on the road to have their movements tracked – not just by insurance companies, advertisers, and the like, but by law enforcement and other big-brother type entities that have a real (or invented) interest in tracking every movement of an individual. The potential for abuse is embryonic at this point, but ENORMOUS in the longer term.

                                                                                ___________________________

911 centers struggle to find callers on cellphones, and results can be deadly (Foxnews.com December 28, 2016)

Commercial apps, such as Facebook and Uber, can pinpoint your exact location using your smartphone’s built-in GPS. But that’s not necessarily the case when you call 911.

That’s because most 911 centers determine a mobile caller’s location based on technology that was adopted two decades ago — before cellphones were equipped with GPS. So, instead of obtaining location information directly from the phone, the 911 center estimates the caller’s location based on which cell tower is in use.

AFTER HUSBAND DISAPPEARED, APP LED WOMAN TO HIS BODY

The problem is, the tower your phone pings may be miles away, or even in another jurisdiction. Read More

Analysis – While this column generally focuses on location data privacy, this article is worth commenting on. Getting fast, accurate location information to the correct 911 center is extremely complex, at least how it has been implemented for the last 10+ years. There is fault to be found everywhere – the 911 centers, the wireless carriers, the FCC, even our tax system and how technology companies approach privacy. However, this article is off on 2 fronts: 1) It grossly simplifies the 911 process, including providing little detail on the myriad of issues involved, and 2) It uses the north Atlanta area to be representative of 911 problems faced nationwide. 

Regarding point #2: As anyone intimately familiar with location technology in the Atlanta area can tell you, Atlanta is “messed-up” due to the presence of “super-towers” – rogue cell towers with greater height and strength than other surrounding towers. This causes cell phones to connect to them even though they are further away than other closer “normal” towers. This can screw  up the 911 process big-time, since wireless 911 uses the location of the cell tower to which it is connected as a means to quickly identify which PSAP (911 center) to route the call to – speed being an essential requirement in the 911 process. So, when a further-away tower is the one being used, then naturally a further-away 911 center (the one servicing that cell tower’s area) will be selected. This process has been well established for over a decade – thus any such incorrect 911 center selection fault likely lies at the feet of the owner(s) of the towers–e.g. their not properly calibrating the towers’ power to appopriately integrate with the surrounding towers–minimizing coverage overlap and confusion. PSAPs could also be culpable here, by not taking steps to minimize 911 center jurisdiction overlaps/confusion by correcting mapping sofware and establishing exception processes.

Bottom Line: In general, since these rogue-towers are relatively rare, using the northern Atlanta area as a basis for extrapolating widespread erroneous 911 center selection problems is ignorant at best, and grossly misleading at worse. Few other areas of the country have problems with routing 911 calls to the wrong 911 center. Their (much bigger and very valid) issues generally revolve around the precision and timing of the cell phone location reported to the (nearly always correct) PSAP. This article does a disservice and distraction to these real problems by implying that a core issue is the 911 center selection process. Not true–except in Atlanta and a few other places…

___________

Attention iOS Players: Pokemon Go Has Total Control Over Your Google Account (CSO, July 11, 2016)

Last week, Pokemon Go was officially released in the U.S. and players downloaded the application in droves. Overall, games are reporting a mostly positive experience, after a few server issues, but security experts warn that the app isn’t without its risks. …

 

 

In order to play the game, the user will need to have an acoount. There are two ways to authenticate, a Polemon.com account or Google. Most players, due to a halt in new signups on Pokemon.com have opted to use their Google account.

 

Typically, when Google is used as the authentication method, the user is shown the level of permissions the application is going to need. But in the case of Pokemon Go, the authentication is nearly instant and the user is redirected to the login screen – with no permissions notice.

 

[Adam Reeve, a Princpal Architect at RedOwl, said Pokemon Go now has full access to his Google account. “Let me be clear – Polemon Go can now: Read all your email; Send email as you; Access all your Gogle drive documents (including deleting them); Look at your search history and your Maps navigation history, access any private photos you may store in Google Photos, and a whole lot more.” Reeve explained…

 

Anyone playing htis game is sharing metadata – at the very least – which means details on who they are, where they live, locations they frequent, who they associate with, time spent in each location,etc. Read More

 
 
Analysis: Besides the obvious location privacy (e.g. lack thereof) issues, this raises several issues regarding permissions, privacy policy, and design approaches. As the article implies, it is possible, even unlikely, that the designers intended on such wide access to personal information – a great deal of it is not needed for the game. But I can see an advertising bonanza coming down the pipe in future version. I can also see how such insecure design can open the door for others to obtain info through the app via holes in the app security design. I predict some Pokemon Go privacy horror stories coming down the pipe… 
_________________________

Facebook  To Put Maps In Ads, Measure Store Visits.(June 14, 2016, USAToday)

Facebook’s new ads will track which stores you visit so the giant social network can show marketers that its online ads result in offline purchases.
 
In the new ads, Facebook advertisers  can include an interactive map detailing the locations of stores so that Facebook users can visit them. Facebook will then use the Facebook users’phones to track how many of them who saw the ad wound up visiting the store – information it will share with marketers. Facebook is working on tying in-store purchases to ads seen on Facebook. Read More
 
 
Analysis: While I totally understand the business case for this, it is scary as hell as a potential invasion of privacy. Assuming FB does its usual make-it-near-impossible-to-understand-how-to-change-privacy-settings, millions of people will now be that much closer to having their daily lives completely monitored.
 ____________________________

The Location Privacy Protection Act (Sponsor: Senator Al Franken) January 7, 2016

This bill, after a long stall and rewrite, was referred to committee on November 10, 2015. Some highlights include:

  1. Requires that companies get individuals’ consent before collecting location data off of their smartphones, tablets, or in car navigation devices, and before sharing it with others. This rule doesn’t apply to parents tracking kids, emergencies, and similar scenarios;

  2. Stymies GPS stalking by preventing companies from collecting location data in secret;

  3. Requires that any company that collects the location data of 1,000 or more devices publicly disclose the data they’re collecting, what they do with it, who they share it with, and how people can stop that collection or sharing.;

  4. Bans the development, operation, and sale of GPS stalking apps and allows law enforcement to seize the proceeds of those sales; and

  5. Requires that the federal government gather more information about GPS stalking, facilitate reporting of GPS stalking, and prioritize training grants for law enforcement. Read More or follow via Government Bill Tracking

Analysis: This is an excellent start in the pushback to location privacy violations. I have some concerns about Item #4, particularly in the definition and scope of a “stalking app.” As with most things government, the devil is in the details. The problem is that many if not most location-related devices and applications can be “repurposed” for stalking purposes, whether it is children apps or asset tracking devices. As far as I am aware all stalking incidents to date were done by such repurposed apps/devices. I would encourage all readers of this blog to contact Sen. Franken’s office and offer your (qualified) support on this bill – hopefully it can get to a vote this time!

* * * * *

Surveillance companies are marketing systems to governments worldwide that are capable of pulling location data out of global cellular networks, even if you are traveling in another country. These systems are designed so that neither cellphone users nor their carriers detect the tracking. That could allow government officials to potentially sidestep court review or other systems designed to protect the rights of people targeted for surveillance.

Types of information that can be collected

Computerized maps can show where you are, which direction you are traveling and how quickly, by plotting the cell towers your phone is using, even when you are not on a call. Tracking systems can also trigger an alarm if a person crosses an international border or approaches a designated area — such as a presidential palace — or gets close to another person under surveillance.

How cellular carriers track their customers

Every time a phone gets a call, text or Internet data, it must connect to a nearby cellular towerCarriers keep track of which tower their customers are using — even when they are roaming — in order to route services. This information is stored incarrier databases and, in certain conditions, shared with other carriers.

When you roam between networks

When a phone connects to a cell tower, it updates databases within the carrier’s network of the user’s location. That information can then be shared with other companies, such as the home carrier of a phone using roaming services.

How someone can find you
Advanced tracking systems can send computer queries to carriers’ databases, prompting them to reveal what cell towers customers are using at the time. That provides real-time location information that’s reasonably precise — within a few blocks in an urban area or a few miles in a rural one.
How someone can track you

Other surveillance systems called IMSI catchers can then be deployed to find the person’s exact location by collecting the signals that all phones emit.

What this means for you

Security experts say it may be possible for hackers, sophisticated criminal gangs and nations under sanctions to potentially gain access to this technology, which operates in a legal gray area. Read graphical short story, or full original story.

Analysis – Unfortunately the way wireless carrier supporting IT arcthitectures were originally designed were NOT with security in mind – rather they were and are focused on network speed and optimization. Gaining access to the data described in this article is as simple and straightforward as gaining access to two specific databases: the Home Location Register (HLR) and the Visitor Location Register (VLR). These 2 databases contain the “Cell ID” of the cell tower a user is connected to at any given time (as long as the phone is turned on).  Many if not most location-related applications that need some sort of backup location data (in cases where the GPS on the phone does not work, like indoors) usually can access this data directly from the carrier or indirectly via an approved gateway. Restictions to the data are only as good as the carrier security protocol with those 3rd party application providers; such restrictions are generally at the subscriber account level, not the underlying network level. As such anyone who knows how to penetrate one or two layers of carrier IT security can theoretically gain access to all of a carrier’s subscriber location data.

The “fix” for this is similar to that for financial systems – more wireless carrier strategic focus on protecting customer data security. Unfortunately, as below articles indicate – not only has protecting subscriber data become less of a cornerstone of the carrier-customer relationship, it is going the opposite direction with carriers’ trying to sell your location data. Anytime that kind of strategic technology reversal happens then it is going to open all kinds of potential security holes. Also, if better privacy legislation was passed – including limiations on access to customer location data, how long location information can be stored, and in particular major penalties for location data breaches – it would go a long way to re-elevating customer privacy as a carrier priority.

* * * * * * * *

 

Verizon’s zombie cookie gets new life

 

Verizon’s tracking supercookie joins up with AOL’s ad tracking network. (Arstechnica, 10/7/2015)

 

Verizon is giving a new mission to its controversial hidden identifier that tracks users of mobile devices. Verizon said in a little-noticed announcement that it will soon begin sharing the profiles with AOL’s ad network, which in turn monitors users across a large swath of the Internet.

That means AOL’s ad network will be able to match millions of Internet users to their real-world details gathered by Verizon, including “your gender, age range and interests.” (Author’s Note: This includes location information) AOL’s network is on 40 percent of websites, including on ProPublica.

AOL will also be able to use data from Verizon’s identifier to track the apps that mobile users open, what sites they visit, and for how long. Verizon purchased AOL earlier this year.

Privacy advocates say that Verizon and AOL’s use of the identifier is problematic for two reasons: not only is the invasive tracking enabled by default, but it also sends the information unencrypted, so that it can easily be intercepted.

“It’s an insecure bundle of information following people around on the Web,” said Deji Olukotun of Access, a digital rights organization.

Verizon, which has 135 million wireless customers, says it will share the identifier with “a very limited number of other partners and they will only be able to use it for Verizon and AOL purposes,” said Karen Zacharia, chief privacy officer at Verizon.

In order for the tracking to work, Verizon needs to repeatedly insert the identifier into users’ Internet traffic. The identifier can’t be inserted when the traffic is encrypted, such as when a user logs into their bank account.

Previously, Verizon had been sending the undeletable identifier to every website visited by smartphone users on its network, even if the user had opted out. But after ProPublica revealed earlier this year that an advertising company was using the identifier to recreate advertising cookies that users had deleted, Verizon began allowing users to truly opt-out, meaning that it won’t send the identifier to subscribers who say they don’t want it.

Verizon users are still automatically opted into the program.

“I think in some ways it’s more privacy protective because it’s all within one company,” said Verizon’s Zacharia. “We are going to be sharing segment information with AOL so that customers can receive more personalized advertising.”

A recent report by Access found that other large carriers such as AT&T and Vodafone are also using a similar technique to track their users.

In order for Verizon users to opt-out, they have to log into their account or call 1-866-211-0874.

Analysis – This is another indicator of carriers’ playing fast and loose with your location information. Not only does it open the door to unwanted advertising and spam, any loosening of controls on location information gives rise to unwarranted tracking and survellience, and/or wholesale hacking. It is good that there is at least an opt-out now, but it should be opt-in as the default. In general this is one more example of the deterioration of consumer data protections in this country, and the need for a more robust legislative solution.
 
 
* * * * * * * 
Car-jacking hackers are driving Nokia Here acquisition (Fortune, July 23, 2015)
 

Daimler CEO wants more control over the platform that enables autonomous driving.

How much is security against car hackers worth? For Daimler Group AG, owner of Mercedes-Benz, it’s somewhere in the ballpark of $2.4 billion to $3.29 billion.

Earlier this week, when reports that a coalition of German carmakers — Daimler, Audi, and BMW — had agreed to acquire Nokia’s HERE and its mapping technology, much of the analysis focused on the deal’s importance in helping develop autonomous cars. Earlier reports, said the purchase price was about $2.71 billion.

It turns out, that concerns about hackers attacking connected cars is at least part of the reason for the acquisition, according to Daimler CEO Dieter Zetsche.

During a call with reporters Thursday to discuss Daimler’s second-quarter earnings, Zetsche acknowledged that the company along with its competitors is trying to buy Nokia Here to have better, more secure control over the platform that enables autonomous driving, according to a Reuters report.

“We have the goal of designing security into the software,” Zetsche said.

A recent car-hacking of a Jeep Cherokee not only showed the weakness of this particular SUV’s digital defenses, it also raised questions about what, if anything, are other connected car manufacturers doing to protect their vehicles?

Major automakers want and need a steady, uninterrupted flow of mapping data. Data, and who has access to it, is in part, driving the pursuit of Nokia’s maps businessHighly detailed mapping is also necessary for self-driving cars to function. Without it, self-driving cars can’t move beyond a few dozen test vehicles to the mainstream.

Connected cars equipped with driver assistance systems (and more advanced automated tech) are meant to reduce accidents caused by inattentive driving. And yet, this push towards connected cars also increases their vulnerability to nefarious hackers.

Despite security concerns, automakers aren’t backing away from connected cars or the push to automated driving. Daimler is highly interested, and has invested heavily in making sure it’s at the forefront of connected cars. Read More

Analysis: Like early Location-Based Services, two of the biggest Achilles’ Heel’s for driverless cars will be map data (both static and dynamic) availability/accuracy and the privacy/security of the related applications/systems that utilize it. Unlike today’s navigation-related applications, which generally rely on 2-dimensional static data (e.g. roads, speed limits, etc) and less so on dynamic data (e.g. traffic, weather), driverless cars will require both much more precise (and 3D) static data and in particular up-to-the-second dynamic data in all locations and conditions. This will be a tremendous undertaking to collect, process, integrate, and keep up-to-date, and Daimler and partners should be applauded for seeing the upcoming essential need. With such a critical dependency, car makers would be short-sided if they did not take some steps to achieve a reliable, controllable navigation “supply-chain.”
 
However, as this article alludes to, having a driverless car opens up a Pandora’s Box of possibilities for hacking. There are multiple “hackable” dimensions in a navigation system, starting with the map data (particularly embedding malicious s/w in dynamic data updates); access to and updates for various navigation apps/car support subsystems; and the wireless connections that will be used by the car to get these updates (which presumably will be vulnerable to whatever security flaws exist in the Wi-fi/bluetooth networks used by the car for navigation and/or entertainment purposes).

Also, presumably other devices like smartphones will be able to access these car systems (e.g. to turn it on, remotely set the interior tempature, setup entertainment links, etc.), opening up vulnerabilities from that angle. It’s a potential security nightmare. Not to mention the potential abuse of privacy by those with “legitimate” access to the car/car data, particularly its location. 
 
Even if driverless cars are a few years away, design for these security/privacy issues need to start NOW. 
                         ____________________________

A Police Gadget Tracks Phones? Shhh! It’s Secret

The New York TImes, March 15, 2015

A powerful new surveillance tool being adopted by police departments across the country comes with an unusual requirement: To buy it, law enforcement officials must sign a nondisclosure agreement preventing them from saying almost anything about the technology.

Any disclosure about the technology, which tracks cellphones and is often called StingRay, could allow criminals and terrorists to circumvent it, the F.B.I. has said in an affidavit. But the tool is adopted in such secrecy that communities are not always sure what they are buying or whether the technology could raise serious privacy concerns.

 

The confidentiality has elevated the stakes in a longstanding debate about the public disclosure of government practices versus law enforcement’s desire to keep its methods confidential. While companies routinely require nondisclosure agreements for technical products, legal experts say these agreements raise questions and are unusual given the privacy and even constitutional issues at stake. Read More

Analysis: While we generally support tools that allow the good guys to catch the bad guys, history teaches us that secret survelliance programs can be and often are abused. That this technology is so “secret” that entities essentially have to buy it to find out what it can do (and then are forbidden to discuss it) does not bode well for privacy advocates. Combined with a generally weak privacy protection proposal by the White House, and of course the recent overreaches by the NSA and other law enforcement agencies, this technology fuels the continued weakening of privacy protections in favor of institutional survelliance abilities. A cause for concern. 

 
____________________________

 

U.S. Spies on Millions of Drivers

 

DEA Uses License-Plate Readers to Build Database for Federal, Local Authorities (The Wall Street Journal, January 26, 2015)

 

WASHINGTON—The Justice Department has been building a national database to track in real time the movement of vehicles around the U.S., a secret domestic intelligence-gathering program that scans and stores hundreds of millions of records about motorists, according to current and former officials and government documents.

 

The primary goal of the license-plate tracking program, run by the Drug Enforcement Administration, is to seize cars, cash and other assets to combat drug trafficking, according to one government document. But the database’s use has expanded to hunt for vehicles associated with numerous other potential crimes, from kidnappings to killings to rape suspects, say people familiar with the matter.

 

Officials have publicly said that they track vehicles near the border with Mexico to help fight drug cartels. What hasn’t been previously disclosed is that the DEA has spent years working to expand the database “throughout the United States,’’ according to one email reviewed by The Wall Street Journal.

 

Many state and local law-enforcement agencies are accessing the database for a variety of investigations, according to people familiar with the program, putting a wealth of information in the hands of local officials who can track vehicles in real time on major roadways.

 

The database raises new questions about privacy and the scope of government surveillance. The existence of the program and its expansion were described in interviews with current and former government officials, and in documents obtained by the American Civil Liberties Union through a Freedom of Information Act request and reviewed by The Wall Street Journal. It is unclear if any court oversees or approves the intelligence-gathering.

 

The DEA program collects data about vehicle movements, including time, direction and location, from high-tech cameras placed strategically on major highways. Many devices also record visual images of drivers and passengers, which are sometimes clear enough for investigators to confirm identities, according to DEA documents and people familiar with the program.

 

The documents show that the DEA also uses license-plate readers operated by state, local and federal law-enforcement agencies to feed into its own network and create a far-reaching, constantly updating database of electronic eyes scanning traffic on the roads to steer police toward suspects. Read More

 

Analysis: This is beyond scary. As with most such programs, the “pure” intent is understandable – in this case combating drug trafficking. But of course the potential for abuse is enormous, and real, as anyone who has read the other articles below will recognize. Put together, tracking our vehicles’ locations along with our cell phone locations, particularly in aggregate and over time, will allow anyone in a position of “authority” to construct a picture of our daily lives that will probably be at least 90% accurate. From where we go it is possible to closely deduce what we do, when we do it, who we do it with, even what we DON’T do. From there it is easy to make reasonable assumptions as to what our beliefs are from a political, cultural, societal, religious, and even “moral” basis, not to mention our personal habits and hobbies. Who knows what this information can do in the hands of an unprincipled, unchecked government bureaucrat with their own agenda?

 

Congress needs to get a jump on this uncontrolled collection of data before it further intrudes on our personal and professional lives.

 

_________________

 

Protecting Data Privacy at School and at Play (The New York Times, December 2, 2014)

Like many parents, Michelle Finneran Dennedy, who lives with her family in the Bay Area, likes to keep tabs on what her children and their friends are doing online.

She intervened, for instance, when she overheard a conversation in the back of her car between her daughter and a friend about Instagram, the photo-sharing site. While Ms. Dennedy has told her daughter not to accept online friend or follower requests from strangers, the other girl, who frequently posted images of herself on Instagram, declared that she had more than 2,000 followers.

Ms. Dennedy is particularly attuned to the risk that identity thieves or other online predators may obtain and exploit children’s information because she is the chief privacy officer of McAfee, the computer security service owned by Intel. So she quickly contacted the girl’s parents to offer her concerns and advice.

“We have to look over each other’s children’s shoulders,” Ms. Dennedy said.

Parents trying to protect their child’s privacy and data security online are grappling with two main concerns — information-sharing by children and data-mining by companies — only one of which they may have some meaningful control over.

With the growing use of mobile devices and apps at home and in school, an increasing number of companies are compiling and analyzing details about children’s online activities. Some sites that offer video games featuring cartoon characters, for instance, track children’s activities around the web with the aim of tailoring advertisements to them. Some apps popular with children can collect information like their whereabouts or phone numbers.

A federal law, the Children’s Online Privacy Protection Act, or Coppa, is designed to provide some online safeguards. It requires online operators to obtain a parent’s consent before collecting personal details from a child under 13.

Unfortunately for concerned parents, that law applies only to sites and apps specifically directed at young children — and not to general-audience sites frequented by adults and children. A recent article in The Wall Street Journal, for instance, reported that digital marketing companies are scouring, storing and analyzing the images people post on Instagram and Pinterest, another photo-sharing site, to help advertisers hone their pitches.

In a recent research project, he and his team studied the types of information collected by a number of animated game apps. Then they assigned each a privacy grade based on the kinds of data the app collected that a user might not have expected. Their ratings are available at www.privacygrade.org.

The researchers reported, for instance, that Fruit Ninja, a free fruit-slicing game, collected information about a user’s location, phone number and the phone’s unique identification code, apparently for the purposes of tailoring ads to users. The app received a D grade in privacy.

“Personally, as a parent, I would not like my kid’s location to be tracked, even by advertisers,” said Dr. Hong. “It’s sort of a judgment call what your comfort level is with this.” Read More

Analysis: This serves as yet another wakeup call (still mostly unheeded) for parents to be hyper-vigilant about their children’s privacy, especially their mobile location. You know it’s coming – a child abducted due to hacked or carelessly protected location information. Technology is changing too fast for laws to keep up with it, and there are too many cracks in (and outright not caring about) mobile app security to take location data security for granted. 

Americans’ Cellphones Targeted in Secret U.S. Spy Program

Devices on Planes that Mimic Cellphone Towers Used to Target Criminals, but Also Sift Through Thousands of Other Phones (11/13/14, The Wall Street Journal)

The Justice Department is scooping up data from thousands of mobile phones through devices deployed on airplanes that mimic cellphone towers, a high-tech hunt for criminal suspects that is snagging a large number of innocent Americans, according to people familiar with the operations.

The U.S. Marshals Service program, which became fully functional around 2007, operates Cessna aircraft from at least five metropolitan-area airports, with a flying range covering most of the U.S. population, according to people familiar with the program.

Planes are equipped with devices—some known as “dirtboxes” to law-enforcement officials because of the initials of the Boeing Co. unit that produces them—which mimic cell towers of large telecommunications firms and trick cellphones into reporting their unique registration information.

AT&T ends tracking of customers by “supercookie” (USAToday, 11/14/14)

AT&T appears to have ended a controversial program that used hidden “super cookies” to track smart phone users as they surfed the web.

The year-long program added a hidden and undeletable tracking number into all the Web traffic on a users’ cell phone.

The news site ProPublic reported Friday that AT&T had ended the practice. The company did not immediately respond to a USA TODAY request for confirmation.

Verizon Wireless, the country’s largest mobile firm, said Friday it still uses this type of tracking. There has been no evidence that Sprint and T-Mobile have used such codes.

The AT&T codes appear to have been in place to track cell phone users’ web surfing for the past year but only become public in late October.

The unique identifier code marks each website a subscriber visits. This allows the company–and advertisers–to build up a profile of everything the subscriber does online, by following the trail of sites he or she has visited.

It’s a problem because people with AT&T smart phone accounts didn’t know their every move was being tracked and because cell phones have become many people’s “second brain,” said Jacob Hoffman-Andrews, a senior staff technologist with theElectronic Frontier Foundation in San Francisco.

“If you have a question or you’re wondering about something, pretty soon you’re typing it into a web browser on your phone to answer it. You don’t want everything that goes through your mind being indexed by advertisers and used to sell things to you later,” he said.

AT&T said the change came because its period of testing was completed. Others believe the intense public outcry when the tracking was revealed led to the shift.

“AT&T is reacting to consumer pressure and they’re now doing the right thing,” said Rob Shavell, CEO of Abine, an online privacy company.

Verizon should note that too, he said.

“If companies like Verizon continue to ignore consumers’ rights to privacy and choice in how their information is able to be accessed, they’ll be subject to hugely increased government regulation,” Shavell said.

Verizon spokeswoman Debra Lewis told the Associated Press that business and government customers don’t have the code inserted, only consumers.

“As with any program, we’re constantly evaluating, and this is no different,” Lewis said, adding that consumers can ask that their codes not be used for advertising tracking. But that still passes along the codes to websites, even if subscribers say they don’t want their data being used for marketing purposes. Read More

Analysis: This is disturbing on a number of levels. First is that AT&T viewed this as just a “test” that they could do at anytime. Second is that they did not inform customers. Third, from a location perspective, is that it is very likely that location data was included in this tracking (though the article does not say so specifically). And finally, that while AT&T seems to at least been “shamed” into stopping the program (for now), Verizon thinks that continuing it is no big deal.

 

With Apple Pay and Smartwatch, a Privacy Challenge

The New York Times, September 10, 2014

No one has considered Apple a serious data company, until now.

For years, Apple has offered Internet services like email and online calendars. But Tuesday, with the introduction of health-monitoring technology and a new service that will allow people to buy things wirelessly with some Apple devices, the Cupertino, Calif., company positioned itself as a caretaker of valuable personal information, like credit card numbers and heart rates.

Talk about unfortunate timing. Just last week, a number of celebrities, including the Oscar-winning actress Jennifer Lawrence, discovered that hackers broke into their Apple accounts, stole nude or provocative photos, and posted those photos on the Internet. Even though Apple found no widespread breach of its online service, the company’s ability to protect its customers’ private information — for perhaps the first time — was openly questioned.

Against that background, Apple faces two threats to its new services: one from hackers always looking for clever ways to steal financial information, and another from regulators increasingly interested in ensuring that information gleaned from health monitoring devices stays private.

So Apple executives, in a two-hour presentation and in media interviews Tuesday, were careful to explain what the company planned to do with the information users were sharing through the health-monitoring capabilities of a smartwatch called the Apple Watch, which will be available next year, and its new payment service, Apple Pay.

Timothy D. Cook, Apple’s chief executive, said in an interview that in contrast to companies like Amazon and Google that relied on tracking user activity to serve ads or sell things, Apple still primarily made money from selling hardware. With Apple Pay, which will be available next month,

Apple does not store any payment information on the devices or on Apple’s servers. It simply acts as a conduit between the merchant and bank.

“We’re not looking at it through the lens that most people do of wanting to know what you’re buying, where you buy it at, how much you’re spending and all these kinds of things,” he said. “We could care less.”

Jeff Williams, Apple’s head of operations, noted that for the Apple Watch, Apple is forbidding app developers from storing any health information on cloud computing servers. He added that all health information logged by the watch would be encrypted on the device and users would decide which apps had access to the data. Read More

Analysis – At first glance, this looks like a very good start regarding location data privacy and wearable technology. I view the recent icloud privacy breach as actually a good thing, as it has hightened public awareness of cloud privacy issues, and by extension of this announcement, the potential for privacy breaches with respect to wearable technology.

As positive as this news is however, it is a certainty that others will not be privacy concious. After all, Apple by its own admission has the “luxury” of making its money primarily by hardware. Almost everyone else will have to do it via applications and by extension data and ultimately advertising. This is where the problems will occur. Now that the NSA privacy debacle seems to be coming to a relatively satisfactory end, wearable technology privacy will become our primary privacy worry.

European Court Lets Users Erase Records on Web

May 13, 2014. The New York Times

 

Europe’s highest court said on Tuesday that people had the right to influence what the world could learn about them through online searches, a ruling that rejected long-established notions about the free flow of information on the Internet.

A search engine like Google should allow online users to be “forgotten” after a certain time by erasing links to web pages unless there are “particular reasons” not to, the European Court of Justice in Luxembourg said.

The decision underlined the power of search companies to retrieve controversial information while simultaneously placing sharp limits on their ability to do so. It raised the possibility that a Google search could become as cheery — and as one-sided — as a Facebook profile or an About.me page.

Jonathan Zittrain, a law and computer science professor at Harvard, said those who were determined to shape their online personas could in essence have veto power over what they wanted people to know.
 
“Some will see this as corrupting,” he said. “Others will see it as purifying. I think it’s a bad solution to a very real problem, which is that everything is now on our permanent records.” Read More
 
Analysis – This ruling is fascinating on many fronts, and may come to be viewed as a watershed moment in privacy protections, including those for location data privacy.
 
While I agree that it not a great solution to a very real – and very serious – problem, I also believe the pendulum for exploiting private information had swung too far from the consumer in favor of commerical interests. This ruling grabs the pendulum and flings it back to the other side. Neither is good: a balance is needed.
 
In the narrow case of location data privacy, it is the timeframe of how long the data is stored that is most revelant. This ruling – while not addressing location privacy at all – could be interpreted in the coming years to prevent long-term storage of location data, just as the plainiff in this case wanted to expunge a long-ago bankruptcy.
 
Some other interesting side predictions. One is that more niche non-Google search engines will ignore this ruling and still provide the kinds of links at issue here. Second, there will be a kind of concatenation of search algorithms that will allow a search to get to the home page of the website that has this informattion, but not the complete link to it. This will result in a proliferation of mini-search engines on the site itself, which a Google can argue they cannot control. Finally, this kind of patchwork ruling (and already nightmarish implementation) will cause a great deal of short-term chaos both from a regulatory and technology viewpoint, but in the long-term it will be very helpful to ultimately getting to the right balance when it comes to consumer privacy protections vs commercial interests.
 
* * * * *

Revelations of N.S.A. Spying Cost U.S. Tech Companies (The New York Times, March 21 2014)

Microsoft has lost customers, including the government of Brazil.

IBM is spending more than a billion dollars to build data centers overseas to reassure foreign customers that their information is safe from prying eyes in the United States government.

 

And tech companies abroad, from Europe to South America, say they are gaining customers that are shunning United States providers, suspicious because of the revelations by Edward J. Snowden that tied these providers to the National Security Agency’s vast surveillance program.

 

Even as Washington grapples with the diplomatic and political fallout of Mr. Snowden’s leaks, the more urgent issue, companies and analysts say, is economic. Technology executives, including Mark Zuckerberg of Facebook, raised the issue when they went to the White House on Friday for a meeting with President Obama. Read More

 

Analysis – At the end of the day, money is what is going to dissuade companies (not government) from abusing our private information. While there are few companies out there right now who are making a business out of protecting mobile information, there are encouraging signs that more will be joining the fight soon, if only so they can make some money. I would far rather pay someone to ensure my data privacy – including location data – then let someone else make a mint off it for free.

* * *

NSA tracking cellphone locations worldwide, Snowden documents show (Washington Post, 12/5/13)

The National Security Agency is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world, according to top-secret documents and interviews with U.S. intelligence officials, enabling the agency to track the movements of individuals — and map their relationships — in ways that would have been previously unimaginable.

The records feed a vast database that stores information about the locations of at least hundreds of millions of devices, according to the officials and the documents, which were provided by former NSA contractor Edward Snowden. New projects created to analyze that data have provided the intelligence community with what amounts to a mass surveillance tool.

(Video: How the NSA uses cellphone tracking to find and ‘develop’ targets)

 

 

 

 

 

 

 

 

 

 

The NSA does not target Americans’ location data by design, but the agency acquires a substantial amount of information on the whereabouts of domestic cellphones “incidentally,” a legal term that connotes a foreseeable but not deliberate result.

One senior collection manager, speaking on the condition of anonymity but with permission from the NSA, said “we are getting vast volumes” of location data from around the world by tapping into the cables that connect mobile networks globally and that serve U.S. cellphones as well as foreign ones. Additionally, data are often collected from the tens of millions of Americans who travel abroad with their cellphones every year.

In scale, scope and potential impact on privacy, the efforts to collect and analyze location data may be unsurpassed among the NSA surveillance programs that have been disclosed since June. Analysts can find cellphones anywhere in the world, retrace their movements and expose hidden relationships among the people using them.

(Graphic: How the NSA is tracking people right now)

U.S. officials said the programs that collect and analyze location data are lawful and intended strictly to develop intelligence about foreign targets.

Robert Litt, general counsel for the Office of the Director of National Intelligence, which oversees the NSA, said “there is no element of the intelligence community that under any authority is intentionally collecting bulk cellphone location information about cellphones in the United States.”

The NSA has no reason to suspect that the movements of the overwhelming majority of cellphone users would be relevant to national security. Rather, it collects locations in bulk because its most powerful analytic tools — known collectively as CO-TRAVELER — allow it to look for unknown associates of known intelligence targets by tracking people whose movements intersect.

Still, location data, especially when aggregated over time, are widely regarded among privacy advocates as uniquely sensitive. Sophisticated mathematical tech­niques enable NSA analysts to map cellphone owners’ relationships by correlating their patterns of movement over time with thousands or millions of other phone users who cross their paths. Cellphones broadcast their locations even when they are not being used to place a call or send a text message.  Read Entire Story

Analysis – This is surprising to us not at all.  Since the Snowden affair broke we have surmised that location data is at the top of the NSA’s priority list.  The aggregation part is particularly bad: think about it as you leaving little breadcrumb trails of location data everywhere you go, and the NSA coming along behind you and analysing all of them.  They can develop a VERY comprehensive picture of your life.  

The consequences of this revelation will be both good and bad:  Good in that it will force location data privacy to the forefront of the privacy discussion.  Bad in that it will accelerate the development of ways to mask or even “spoof” a person’s location, which will make implementing location-based services significantly more complicated. 

                                                                               _________________________

FBI Taps Hacker Tactics to Spy on Suspects (The Wall Street Journal, 8/3/13)

Law-Enforcement Officials Expand Use of Tools Such as Spyware as People Under Investigation ‘Go Dark,’ Evading Wiretaps

Law-enforcement officials in the U.S. are expanding the use of tools routinely used by computer hackers to gather information on suspects, bringing the criminal wiretap into the cyber age.

Federal agencies have largely kept quiet about these capabilities, but court documents and interviews with people involved in the programs provide new details about the hacking tools, including spyware delivered to computers and phones through email or Web links—techniques more commonly associated with attacks by criminals.

People familiar with the Federal Bureau of Investigation’s programs say that the use of hacking tools under court orders has grown as agents seek to keep up with suspects who use new communications technology, including some types of online chat and encryption tools. The use of such communications, which can’t be wiretapped like a phone, is called “going dark” among law enforcement.

The FBI develops some hacking tools internally and purchases others from the private sector. With such technology, the bureau can remotely activate the microphones in phones running Google Inc.’s Android software to record conversations, one former U.S. official said. It can do the same to microphones in laptops without the user knowing, the person said. Google declined to comment.

The bureau typically uses hacking in cases involving organized crime, child pornography or counterterrorism, a former U.S. official said. It is loath to use these tools when investigating hackers, out of fear the suspect will discover and publicize the technique, the person said.

A search warrant would be required to get content such as files from a suspect’s computer, said Mark Eckenwiler, a senior counsel at Perkins Coie LLP who until December was the Justice Department’s primary authority on federal criminal surveillance law. Continuing surveillance would necessitate an even stricter standard, the kind used to grant wiretaps.

But if the software gathers only communications-routing “metadata”—like Internet protocol addresses or the “to” and “from” lines in emails—a court order under a lower standard might suffice if the program is delivered remotely, such as through an Internet link, he said. That is because nobody is physically touching the suspect’s property, he added.  Read More

Analysis – There are a couple of important points here.  First, while I have no problem using this technology to catch criminals, there is some gray area when it comes to “metadata.”  While the metadata reference above does not specifically include location data, location data IS generally regarded as metadata, and thus could be included in a “lower standard” as discussed above.

Second, it illustrates the growing danger of malware and other type programs infiltrating our phones.  As those phones become more sophisticated, and the underlying operating systems become more complex yet open (e.g. Android) to all developers, the opportunities for hacking will increase greatly.  This hacking can include of course location information, such that more and more hackers will likely try to access your private data in the months and years ahead.  When location data becomes more prevalent in financial security (such as verifying the location of your phone is being used in your “regular” location area as part of verifying a mobile wallet transaction via your phone), you can expect hackers to become increasingly interested in tracking your movements.

State Farm Is There: As You Drive

Insurers Use Big Data to Track Drivers, Offering Discounts as Lure, But Privacy Advocates See Dangers (The Wall Street Journal, August 4 2013)

As soon as Ed Scharlau of Austin, Texas, pulls out of his driveway in his Ford Expedition, a computer starts keeping score. It keeps track of how fast he accelerates, how abruptly he brakes and how far he drives.
 
The prize if he scores high enough: a substantial discount on his car insurance.  “This is a step in the right direction,” the 74-year-old former manufacturing executive said. “How I drive should affect my insurance premium.” Mr. Scharlau is on the leading edge of a revolutionary shift in how insurers price car insurance, one that has tantalized the $167 billion industry for more than a decade.
 
But what many insurers see as a smart application of Big Data, some customers and privacy advocates view as a worrisome encroachment by Big Brother.
 
The conventional methods for pricing car insurance involve pooling customers on the basis of characteristics such as age, gender and history of speeding tickets and crashes, all of which actuaries have correlated with loss potential.  Insurers acknowledge those methods are imprecise.
 
More than 1.4 million drivers have signed up for Progressive’s “Snapshot” program since 2008, and the insurer said discounts of up to 30% have topped $125 million.  State Farm’s discounts run as high as 50%.
 
Still, the programs have critics because of the voluminous  data they collect on customers.
“It’s a slippery slope,” said Paul Stephens, an official with the Privacy Rights Clearinghouse, speaking generally. While insurers say they don’t track routes driven, Mr. Stephens fears that as programs expand and get more commonplace, insurers may wind up with “a very detailed log of your whereabouts throughout the day.”
 
And the data, he said, might be obtained by law-enforcement authorities for criminal probes and parties in civil litigation.
 
Allstate, State Farm and Progressive said they share data as required by law and that they disclose this to customers. Allstate and Progressive said their devices don’t have Global Positioning System functions. State Farm said it receives information “about the broad geographic areas” in which a vehicle is driven, measuring about 40 square miles, but not “the exact vehicle location.”
 
Brent Allen, who is Mr. Scharlau’s State Farm agent, said some clients have no interest in the program because of “the Big Brother thing,” but others are eager for discounts.  Mike Hatch, a Minneapolis lawyer who is a former Minnesota attorney general, said more consumers should be wary. “People ought to be more cautious” about allowing such inroads into privacy, he said.
 
One day recently, Mr. Scharlau logged onto his State Farm account to learn he so far had earned “A+” grades for left-hand turns and for not topping 80 miles per hour, but only “B+” for braking, acceleration and time of day his Expedition was on the road.  Mr. Scharlau said he and his wife now find themselves chatting “about our own driving and what we see around us: ‘Oops, did we just lose points?'”  Read More
 
Analysis – This is an area where you definitely have to weigh the tradeoffs between $ and privacy for yourself.  No question it has the potential to save you money, particularly if you are a good driver yet are lumped into a generally bad category of drivers because of your age, type of car, where you live, long-ago bad driving experiences, etc.  But the privacy concerns are very real; not just the feeling that big brother is watching you but the one that makes you feel that you are continually taking a Drivers Ed class.  I find that the tracking is not that precise somewhat comforting, but have no illusions that more precise tracking will be coming soon as insurers try and refine their actuarial table algorithms (or however the hell they price things).
 
More importantly (for me anyway) I did/do not like the  potential for survellience that comes with it – lawful or otherwise.  This data IS supeonable in criminal/civil lawsuits I am told.  I personally tried this “usage-based” insurance for a few months (not by State Farm) and indeed did save some money, but in the end I did not like being monitored nor did I like the potential for invasion of privacy, at least at this point in time with the details of what kind of information can be collected, when it is collected, how, and how long is still so muddled legally.  Not to mention not knowing for certain who can see it – law enforcement, third parties, my eX…
 
* * * * *

Consumers, not tech firms,should control data, documentary filmmaker says (The Washington Post, July 27 2013)

Filmmaker Cullen Hoback was about a year into working on a film on how technology is changing society when he realized that his footage was actually leading him in a different direction — the erosion of online privacy.
“I started out by asking the question of how technology is changing us,” Hoback told The Washington Post in an interview. “I interviewed all these people and was really dissatisfied with my answer. I realized that I had to look at what was behind the technology.”
 
The result was “Terms and Conditions May Apply,” a new documentary on the tech industry, the current state of online privacy and the role the government plays in data collection. The movie opened in select cities around the country last week, could hardly have come at a more opportune time in light of the disclosures about National Security Agency surveillance programs that collect data on foreigners and average Americans from prominent technology firms.
 
“It is kind of like a horror film,” Hoback said in describing his work. “I was able to look back and distill how we got here and really break down the relationship between the corporations and the government.”
Hoback draws a line between the shifts in Web users’ online privacy and laws that encourage data retention for national security concerns.
 
“There were over 10 bills on the floor [of the House and Senate] that were supposed to embed some sort of privacy rights. Then 9/11 happened, and that all got washed away,” he said.
 
But, as is clear from Hoback’s film, he doesn’t believe that the blame rests solely with the government.
“Just because these laws exist, it doesn’t mean that companies [that have provided the data to the government] couldn’t have sat up and tried to change them,” he said. “It seems in­cred­ibly convenient for them, getting an incredible amount of our data. They could be potentially building these systems with privacy at the forefront. It’s really more like the corporations had a lot to gain and the government had a lot to gain.”
 
He said major technology firms — Google, Facebook and LinkedIn are all featured prominently in the film — have not only taken steps to boost their data collection and retention but have also made it difficult for consumers to parse their lengthy terms and conditions statements for online privacy. Those agreements, which many users approve without reading, are so complicated that they may as well be invisible, he said.
 
“They’re designed not to be looked at, designed to be scoffed at,” Hoback said. “It’s a joke.”
Hoback said he wanted to make the film to make more lawmakers and Web users aware of online privacy issues, and to show that most people want explicit control over their own data. As part of that effort, Hobart has worked with Internet activist group Demand Progress to set up a Web site — trackoff.us — that directs people to contact their congressional representatives with privacy concerns.
 
To illustrate his point in the film, Hoback intercepted Mark Zuckerberg as he walked to work — after failing to reach him through official channels — to ask the Facebook chief executive about online privacy. When Zuckerberg asked Hoback to stop filming the conversation with his main camera, the filmmaker complied but continued to record with a camera concealed in his glasses.
 
The reason for filming that exchange, Hoback said, was to prove that privacy matters to everyone.
“We don’t want to be recorded just as much as you don’t want to be recorded,” he said. “With that [scene] I said, Mark, I’m opting you in even though you didn’t necessarily want that.” Based on the reaction he’s seen to his film, he said, he believes there’s plenty of popular support for stronger privacy laws and regulations.
 
“People are scared and angry, and they want to do something,” he said.
But those efforts won’t be simple or easy. The technology industry moves fast, making it harder to form regulations quickly enough for new gadgets such as wearable technologies, he said.
“As these technologies get closer and closer to our bodies, the privacy protections will be more difficult,” to put in place Hoback said. “But the power is in the information.”
 
Hoback said that a recent vote in Congress defeating a provision that would have curbed NSA data collection shows that the fight for privacy is just beginning. But he also said that he believes his film dovetails nicely with the privacy concerns raised by NSA leaker Edward Snowden and will help people better understand what, exactly, they’re consenting to when they hit the “I agree” button.  Read More
 
Analysis: Great article, and gets to two important points.  First, the Terms & Conditions in most “privacy policies” are a total joke – they are not designed to protect you, but to protect the companies when they do practically anything with your data.  Second, this problem is only going to get worse.  A LOT worse, as ever more personal technologies such as wearable technologies become more prevalent.  Without some sort of major response by consumers and/or legislative bodies, our entire lives – down literally to our underwear – will become open to all to see.

* * * * * *

License plate cameras track millions of Americans (Washington Post, July 17 2013) 

 
The spread of cheap, powerful cameras capable of reading license plates has allowed police to build databases on the movements of millions of Americans over months or even years, according to an American Civil Liberties Union report released Wednesday.

The license-plate readers, which police typically mount along major roadways or on the backs of cruisers, can identify vehicles almost instantly and compare them against “hot lists” of cars that have been stolen o

But the systems collect records on every license plate they encounter — whether or not they are on hot lists — meaning time and location data are gathered in databases that can be searched by police. Some departments purge information after a few weeks, some after a few months and some never, said the report, which warns that such data could be abused by authorities, and chill freedom of speech and association.

“Using them to develop vast troves of information on where Americans travel is not an appropriate use,” said Catherine Crump, a staff attorney at the ACLU and one of the authors of the report, “You are Being Tracked: How License Plate Readers Are Being Used to Record Americans’ Movements.”

The use of license-plate readers is common in the Washington area, where concerns about terrorism have fueled major investments in the equipment, with much of the money coming from federal grants. Agreements among departments and jurisdictions allow sharing of the location information, with data typically retained for at least a year.

(Story: License plate readers: A useful tool for police comes with privacy concerns)

Such details, say police and law enforcement experts, can help investigators reconstruct suspects’ movements before and after armed robberies, auto thefts and other crimes. Departments typically require that information be used only for law enforcement purposes and require audits designed to detect abuse.

But the ACLU argues that data collection by most police departments is unnecessarily broad. In an analysis of data collected in Maryland, the report found that license-plate readers recorded the locations of vehicle plates 85 million times in 2012.

Based on a partial-year analysis of that data, the ACLU found that about one in 500 plates registered hits. In the overwhelming majority of cases, it said, the alleged offenses were minor, involving lapsed registrations or failures to comply with the state’s emission-control program.

For each million plates read in Maryland, 47 were associated with serious crimes, such as a stolen vehicle or a wanted person, the report said. Statistics collected by the ACLU in several other jurisdictions around the country also found hit rates far below 1 percent of license plates read.

Maryland officials have defended their program, which collects data from departments across the state in a fusion center, which shares intelligence among federal, state and local agencies. In a recent three-month period, state officials said, license-plate readers contributed to 860 serious traffic citations and the apprehension of 180 people for crimes including stolen autos or license plates.

The center deletes the data one year after they are collected, in what officials said was a compromise between investigative needs and privacy rights.

The license-plate readers are also widely used in Northern Virginia and the District, which has them mounted on many of the major roadways entering and exiting the city. A D.C. police spokeswoman did not immediately comment on the ACLU report.

Private companies also are using license-plate-reading technology to build databases, typically to help in repossessing cars.  Read More

Analysis – While not technically a mobile phone issue, it is very indicative of how tracking technology – in whatever form – can be used to essentially “profile” Americans.  I do not use that term lightly; profiling by law enforcement is not just an issue of race, but increasingly one of behavior patterns (e.g. where you go, when you go, how you go – car – and ultimately why you go).   

While there seems to be a valid law enforcement reason for this particular concept (essentially finding and tracking criminals), how it is being practiced is very disturbing – an example of too broad data collection and in particular way too long retention of the data.  It should not be any longer than 24 hours at the most – unless there is a “hit” during that time and for only those hits retaining data for longer periods.

How Kid Apps Are Data Magnets (adapted from The Wall Street Journal, June 27 2013)

While 7-year-old Eros ViDemantay played with a kid’s app on his father’s phone, tracing an elephant, behind the scenes a startup company backed by Google was collecting information from the device—including its email address and a list of other apps installed on his phone.
 
“My jaw dropped,” says Lee ViDemantay, Eros’s father and a fifth-grade teacher at the Los Angeles Unified School District. “Why do they need to know all that?” The app, called “How to Draw—Easy Lessons,” also sent two of the phone’s main ID numbers.
 
A Wall Street Journal examination of 40 popular and free child-friendly apps on Google’s Android and Apple  Inc.’s  iOS systems found that nearly half transmitted to other companies a device ID number, a primary tool for tracking users from app to app. Some 70% passed along information about how the app was used, in some cases including the buttons clicked and in what order.
 
Some three years after the Journal first tested data collection and sharing in smartphone apps—and discovered the majority of apps tested sending details to third parties without users’ awareness—the makers of widely used software continue to gather and profit from people’s personal information.
 
Data transmissions related to child-friendly apps will be subject to greater government scrutiny after July 1, when the Federal Trade Commission’s new rules on children’s online privacy take effect. The rules, which were adopted in December and outline how the FTC enforces the Children’s Online Privacy Protection Act, or Coppa, expand the types of information considered “personal” and, hence, protected.
 
These rules could upend the business of some kid-friendly apps that rely on data-driven advertising to bring in money.
 
Among other things, the new rules will govern collection of location data and certain types of phone ID numbers. The FTC isn’t banning collection of this information altogether. But app developers—and all online services—won’t be able to use it in as many ways as before without receiving explicit parental consent.
 
The majority of apps—28 of 40—sent data to other companies that provide analytics services that track the ways people use particular apps. The data can range from simple details—for example, when a user opens or closes an app—to complex behavioral patterns. Developers use this information to decide how to improve their games, for example, or what in-game products they might be able to sell to users.
 
The new Coppa rules count “persistent identifiers” as “personal information” protected under the act. Developers will be allowed to collect the IDs for “activities necessary to [maintain] or analyze the functioning” of the app. But to use the identifiers for behavioral advertising or for targeting individual children, they must obtain “verifiable parental consent.”
 
In Apple’s iOS operating system, apps don’t request any particular permissions before being downloaded. Instead, Apple segregates user data into three categories: data, such as certain phone identifiers, available to all apps; data available upon in-app request, such as geolocation; and data off-limits to all apps, such as email addresses. Apps that want emails have to ask people to type them in.  Read More
 
Analysis – Well done  FTC!  Now if we can apply this level of concern for privacy to all Americans.  As a side note, Apple continues to be called out on its lack of privacy protections, including (the lack of those) for location data (see below for more related Apple location privacy articles and analysis.
 
Trying to capture data related to and synethsizing it to understand complex behavior patterns is one of the next big “things” in location-based services and related technology (it is also referred to as “contextual awareness” and “ambient awareness”). 
 
Instead of “just” understanding where you are, this kind of data capture/analysis seeks to understand what you are doing, what you were doing, and what you will be doing.  It essentially will be putting together all the pieces of data about you that can be collected via technology – kind of pieces of the jigsaw puzzle of your life – together to figure out not just  Where you are, but What you are doing, When you are doing it, Why you are doing it, and How you are doing it.  Change the word”are” to “were” or “will be” and you get the idea. 
 
Location technology can clearly capture the “where” (and a portion of “when”) components; “why” can be captured by monitoring what you are doing it on your phone around that time frame (e.g. searching for a place to eat); and from that synethesize the “why.” In one example  you could be driving (the Where and How inferred from location data points relatively far apart in a short period of time) in a retail area (meshing your data points with point-of-interest maps); that it is nearing lunchtime (the data captured was between 1130 and 1330 hours); and that you were doing a search on restaurants in the area during that time period.  From all that data you can easily deduce an accurate Why. 
 
No big deal you say?  Maybe not in that example, but the point is that this same data capture and analysis can be used to deduce a far more sophisticated portrait of your life, including complex behavior patterns that you might prefer to be kept to yourself.  Watch out!
 
* * * * *.

U.S., British intelligence mining data from nine U.S. Internet companies in broad secret program (Excerpts from The Washingon Post, June 7 2013)

The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track foreign targets, according to a top-secret document obtained by The Washington Post.

The program, code-named PRISM, has not been made public until now. It may be the first of its kind. The NSA prides itself on stealing secrets and breaking codes, and it is accustomed to corporate partnerships that help it divert data traffic or sidestep barriers. But there has never been a Google or Facebook before, and it is unlikely that there are richer troves of valuable intelligence than the ones in Silicon Valley.

Jameel Jaffer, deputy legal director of the American Civil Liberties Union, said: “I would just push back on the idea that the court has signed off on it, so why worry? This is a court that meets in secret, allows only the government to appear before it, and publishes almost none of its opinions. It has never been an effective check on government.”

Several companies contacted by The Post said they had no knowledge of the program, did not allow direct government access to their servers and asserted that they responded only to targeted requests for information.

The technology companies, whose cooperation is essential to PRISM operations, include most of the dominant global players of Silicon Valley, according to the document. They are listed on a roster that bears their logos in order of entry into the program: “Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”

 

Sens. Ron Wyden (D-Ore.) and Mark Udall (D-Colo.), who had classified knowledge of the program as members of the Senate Intelligence Committee, were unable to speak of it when they warned in a Dec. 27, 2012, floor debate that the FISA Amendments Act had what both of them called a “back-door search loophole” for the content of innocent Americans who were swept up in a search for someone else.

As it is written, there is nothing to prohibit the intelligence community from searching through a pile of communications, which may have been incidentally or accidentally been collected without a warrant, to deliberately search for the phone calls or e-mails of specific Americans,” Udall said.

The Obama administration points to ongoing safeguards in the form of “extensive procedures, specifically approved by the court, to ensure that only non-U.S. persons outside the U.S. are targeted, and that minimize the acquisition, retention and dissemination of incidentally acquired information about U.S. persons.”

And it is true that the PRISM program is not a dragnet, exactly. From inside a company’s data stream the NSA is capable of pulling out anything it likes, but under current rules the agency does not try to collect it all.

Analysts who use the system from a Web portal at Fort Meade, Md., key in “selectors,” or search terms, that are designed to produce at least 51 percent confidence in a target’s “foreignness.” That is not a very stringent test. Training materials obtained by The Post instruct new analysts to make quarterly reports of any accidental collection of U.S. content, but add that “it’s nothing to worry about.” Even when the system works just as advertised, with no American singled out for targeting, the NSA routinely collects a great deal of American content. That is described as “incidental,” and it is inherent in contact chaining, one of the basic tools of the trade. To collect on a suspected spy or foreign terrorist means, at minimum, that everyone in the suspect’s inbox or outbox is swept in. Intelligence analysts are typically taught to chain through contacts two “hops” out from their target, which increases “incidental collection” exponentially. The same math explains the aphorism, from the John Guare play, that no one is more than “six degrees of separation” from any other person.

Like market researchers, but with far more privileged access, collection managers in the NSA’s Special Source Operations group, which oversees the PRISM program, are drawn to the wealth of information about their subjects in online accounts.  According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms. may be troubled by the menu available to analysts who hold the required clearances to “task” the PRISM system.

There has been “continued exponential growth in tasking to Facebook and Skype,” according to the PRISM slides. With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an analyst obtains full access to Facebook’s “extensive search and surveillance capabilities against the variety of online social networking services.”

Firsthand experience with these systems, and horror at their capabilities, is what drove a career intelligence officer to provide PowerPoint slides about PRISM and supporting materials to The Washington Post in order to expose what he believes to be a gross intrusion on privacy. “They quite literally can watch your ideas form as you type,” the officer said.  Read Full Story

 

Analysis – This is just as frightening as the NSA call collection of all VZW calls (and likely ALL calls, see next story analysis), as it gets into full interception of content, not just metadata.  While this news article does not single out location, you can be sure that the location of the source and recipient of the content is being captured. 

Even more disturbing is the potential for abuse from cross-indexing this content data with the metadata being captured from the wireless carriers.  In combination, both of these types of data sets can easily be used to develop a complete picture – including names, numbers/addresses (telephone and IP addresses), physical location of tranmission, physical location of recipients, and finally all types of content.  In other words, EVERYTHING.  It would represent an end-around the direct requirement of a warrant to get this information from a single court order, by using the two (and who knows what other orders are out there) and capitalizing on “gray areas” within and between the seperate orders to obtain information that a single order could not.

For those of you who might say “they wouldn’t do that,” I beg to differ.  The temptation to do this would be incredible, particularly by “collection managers” who with a few clicks would have all of this information at their fingertips.  Having these managers/analysts file quarterly reports on “accidental” data collection while telling them it is “nothing to worry about” is not only NOT a deterrent, it is an enabler to give in to the temptation of all this power at their fingertips.

As a humorous aside, it is greatly amusing to see how this issue has scrambled the normal partisan lines.  The New York Times – Obama’s #1 supporter – has become its harshest critic on this issue.  At the same time, Obama’s #2 opponent, The Wall Street Journal, is a big fan of this survellience.  In the mean time O’s #1 opponent, Fox News, is in effect siding with the Times but in general can hardly contain its glee with all this scandal.  Gotta find humor where you can in all this mess because there is not much of it to find…

 * * * * *

NSA collecting phone records of millions of Verizon customers daily Exclusive: Top secret court order requiring Verizon to hand over all call data shows scale of domestic surveillance under Obama (The Guardian, June 6 2013)

The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America’s largest telecoms providers, under a top secret court order issued in April.The order, a copy of which has been obtained by the Guardian, requires Verizon on an “ongoing, daily basis” to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries.

The document shows for the first time that under the Obama administration the communication records of millions of US citizens are being collected indiscriminately and in bulk – regardless of whether they are suspected of any wrongdoing.

The secret Foreign Intelligence Surveillance Court (Fisa) granted the order to the FBI on April 25, giving the government unlimited authority to obtain the data for a specified three-month period ending on July 19.

Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.  Read More

 

Analysis:  Where to begin – this is so disturbing on many levels.  While the data collection supposedly did not include actually listening/looking at the actual content involved, the metadata involved – including location data – is hugely invasive.  And it covered ALL calls for ALL users – the “limitation” to metadata allowed blanket access to personal information that otherwise requires a warrant.

There are so many unanswered questions in and about this order.  Here is a starter list: Does it cover wireless calls? Is it just Verizon?  How long will they keep the data?  Did Verizon have to comply?

 

Does it cover wireless calls? – While the order doesn’t say, and if read narrowly it could be limited to a Verizon subsidiary, I would say there is virtually no chance that it does NOT include wireless calls.  Grandma sitting at home calling her friend next door on their landlines is not going to do the NSA any good – it is the potential terrorists using cell phones that are the target.

 

Is it just Verizon? – No, terrorists don’t have a VZW family plan, making them only use Verizon connections.  OF COURSE it is not just Verizon – a certainty is AT&T, likely Sprint and T-Mobile, and who knows how many Tier 2 carriers.

 

How long will they keep the data? – This is one of the incredibly scary parts.  Initial reports indicate that it could be indefinitely, as the order contains no “mitigation clause” that requires the NSA or FBI to destroy data that they were not using or not relevant.  Think about it: five years from now a government agency can go back and trace your everyday movements (using location data) over that time to see how often you were at work, home, play, church, gun shows, a bar, a “friend”, a “good friend”, visiting public officials (listen up AP and Fox News journalists)…. you get the idea.  They could use this “big data” to zero in on behavior patterns they deem threatening, then to individuals matching the patterns.  The IRS targeting groups based just on their name would be nothing compared to the potential abuse here.

 

Did Verizon have to comply? – While I have no reason to doubt that Verizon had no recourse but to abide by the court order (in stark contrast to its selling of customer data – see below story), I do wonder if they had and tried to use any legal  recourse to prevent it or limit its scope.  Also, I wonder how much they are getting paid for doing this.  It can’t be for free – this would be a huge undertaking costing mega-bucks to implement.  I just wonder if they are just covering their costs, or making a profit on it… 

Bottom Line – I am probably biased, but I suspect that the location data is at the top of what the NSA is looking for.  If they can’t monitor the actual content, then tracking the physical activity – e.g. the location – of individuals is the next best thing.  Erosion of civil liberties – here we come.

* * * * *

Assessors Use Google’s Street View Photos to Find Signs of Undeclared Wealth (adapted from The WSJ, 5/31/13)

VILNIUS, Lithuania—One day last summer, a woman was about to climb into a hammock in the front yard of a suburban house here when a photographer for the Google Inc. Street View service snapped her picture.

The apparently innocuous photograph is now being used as evidence in a tax-evasion case brought by Lithuanian authorities against the undisclosed owners of the home.

Some European countries have been going after Google, complaining that the search giant is invading the privacy of their citizens. But tax inspectors here have turned to the prying eyes of Street View for their own purposes.

After Google’s car-borne cameras were driven through the Vilnius area last year, the tax men in this small Baltic nation got busy. They have spent months combing through footage looking for unreported taxable wealth.  Read More

Analysis – If you don’t think this kind of nightmare combination of invasion of privacy and taxes isn’t coming to a country and town near you, you are fooling yourself. 

I can forsee (unfortunately) a time in the near future when building your dream home includes specific design elements to hide what you have from satellite and street cameras.  Kind of like trying to hide your own nuclear program a la Iran.  God help us if we get to this point, but we will without specific legal protections and prohibitions.

Apple’s Cook Hints at Wearable Devices (The Wall Street Journal May 23 2013)

Chief Executive Tim Cook, defending the company’s prowess as a tech trend-setter, hinted that wearable devices may play a role in future product plans.

Mr. Cook praised devices such as Nike Inc.’s FuelBand, an activity tracker worn on the wrist. He said such wearable products “could be a profound area for technology,” while expressing less excitement about Google Glass, Google Inc.’s high-tech eyeglasses that serve as a kind of heads-up display to view Internet content. He said it’s “tough to see” Google’s product having mass-market appeal.

The Wall Street Journal reported in February that Apple is experimenting with designs for a watch-like device that would perform some functions of a smartphone, according to people briefed.  Read More

Analysis – While useable, practical wearable devices would definitely fall into the “cool” category a la Dick Tracy, it should be fairly obvious about the potential for huge levels of abuse.  

One possible endgame would be being able to detect and track everything on your person, from the earrings on your ears to the shoes on your feet, and in turn feeding that info (along with its location) to eager retailers chomping at the bit to ever more personalize its ads.  A kind of reverse customer showrooming of sorts.

 
 
FACEBOOK NEWS

Facebook’s Mobile Miscalculation (The WSJ – May 23, 2012)

The Social Network Plays Catch-Up After Ignoring Its App; One Frustrated Game Maker Bows Out

As Facebook Inc. begins life as a public company, it is confronting heightened concern about its business. One of the biggest question marks is its mobile strategy.

Facebook’s recent experience with app developer CrowdStar Inc. shows just how deep its mobile problems are rooted. CrowdStar was an active developer of social games on Facebook in 2010, with 50 million daily active users playing its games like “Happy Aquarium” and “Happy Pets,” said CrowdStar Chief Executive Peter Relan.

But last month, CrowdStar stopped making new games for Facebook. Instead, the Burlingame, Calif., company plans to focus on creating games for mobile … Read More (Note it is subscription access only)

Analysis: Essentially the WSJ says that Facebook screwed up by not developing a sophisticated mobile app for the site; instead, having users access the site via their mobile web browser.  We concur.  This is preventing many apps such as games from being able to be used on mobile devices.

 

Bankers Under Fire as Facebook Slips 11%

NEW YORK—Facebook Inc. FB -10.99% shares skidded on their second day on the stock market to well below their offer price, leaving some investors who bought in the social network’s public offering in the red and raising questions about whether the company and its lead banker, Morgan StanleyMS -1.20% botched the deal.

The slump is likely to turn up the heat on Facebook to boost its performance by generating more revenue from its user base, which includes more than 900 million active users. The company’s earnings fell 12% in the first quarter amid surging expenses.

Revenue slipped compared with the fourth quarter, a decline the company blamed on “seasonal trends” in the advertising business and growth in markets where Facebook generates less revenue per user, according to a regulatory filing last month. Read More

Analysis: While this is location news site, not a financial analysis one, the fact that they are under so much pressure to add revenue – and that a critical element for this is mobile (see next article) – indicates major initiatives to come, including in the LBS space, given the importance of location in mobile advertising and mobile social networking in general.

 
 

Facebook’s Zuckerberg says mobile first priority

 ________________________________
 
 

 

M2M NEWS

 

Verizon CTO: Industry needs standard M2M platform

 

UNUSUAL LBS APPS

Buy Me a Drink App to Launch in Asia on May 16 at the Butter Factory LBS Zone May 11, 2012

Buy Me A Drink’s Chief Party Officer Silvana Carpanelli-Hayes said “It’s official, we are ready to party in Asia! On May 16th not only we will celebrate crossing over from NYC to Singapore but we will also release Buy Me A Drink to Android users for the very first time.”

The May 16th event will also see the exclusive worldwide launch of the Android version of the App allowing users of the world’s most popular Smartphone platform to finally access the Ultimate Nightlife App.

Celeste Chong Co-founder and Marketing Director at The Butter Factory says “We are really excited to be the exclusive Asian launch partner for the Buy Me a Drink App here at The Butter Factory in Singapore, we are looking forward to partying with them on May 16th!”

About Buy Me A Drink
Buy Me A Drink is a nightlife-socializing App that helps you meet new people everywhere you party over your favorite drinks and rewards you with free music downloads just for using the App. The App is now available on iPhone and Android and holds offices both in NYC and Singapore.

Analysis: Curious about the privacy functionality, if it exists at all.

___________________________
 
 
RETAIL/MOBILE LOCAL SEARCH
 

Why are cellphone-equipped shoppers halting in-store purchases? CTIA Smartbrief May 17, 2012
More than half of in-store shoppers who use their cellphones to shop have abandoned their purchases, according to an Interactive Advertising Bureau study that also found that 30% of those who opted against buying in the store said they found the items cheaper online using their handsets. “Fighting this trend is certainly going to be a losing strategy, so I predict that savvy marketers will learn to live with, and even court, these newly empowered consumers, who can and do leave a store if they discover a better deal somewhere else,” said the IAB’s Joe Lazlo. MobileCommerceDaily.com (5/17)

Analysis: Absolutely agree that fighting this trend is going to be a losing strategy.  Effective use of location and creative ways to find out what the customer is actually shopping for will be critical.  See next article.

Can Texting Save Stores?

‘Geofencing’ Lets Retailers Offer Deals to Nearby Customers, Fight Price-Shopping

Retailers are trying to make smartphones work for them instead of against them.

Take Maurices. The women’s clothing chain last month started sending promotions to the phones of people who come within a few hundred yards of its stores. Consumers who opt in to the service are sent messages about in-store sales. There is little evidence that sort of marketing actually works, but Maurices wants to give it a shot, in hopes of drawing people to the chain’s bricks and mortar locations.

Retailers desperately hope the technology—called “geofencing”—can be at least one successful response to the dreaded “showrooming,” where a shopper comes into a store to see an item but then makes the purchase online after finding a better price via smartphone.

The idea behind geofencing is to target consumers when they are nearby—and the promotions can get hyper-local, like beaming a special on umbrellas to people within a 10-mile radius during a rainstorm, or touting a markdown on aisle 6 when a customer is walking down aisle 3.  Read More

Analysis: The word “desperately” is quite appropriate, particularly for big box stores.  The key trick however is in knowing what the customer is actively looking for. If they can figure this out on a high volume basis they will have a winner. 

MEDICAL LBS NEWS
 

RFID medical records management pilot in India could track 100K residents (RFID 24-7, May 23, 2012)

The humanitarian benefits of deploying RFID have been making headlines over the last 12 months. While the inventory accuracy gains enjoyed by retailers from deploying RFID are breathtaking, they take a back seat when it comes to the technology’s ability to save lives.

From solutions designed to monitor drugs given to cancer patients to tagging dead bodies with RFID tags to add visibility to the organ donor supply chain, RFID is improving patient care — and saving lives — around the globe.

The RFID-based ID system is allowing health care workers to track patients in the city. Dr. Ali Zalzala, an IEEE volunteer and lead for the project, tells RFID 24-7 that the project — which distributes RFID-enabled ID cards to citizens — is improving patient care and saving lives every day.

“Prior to the system, physicians would not always remember what happened with a [patient] a week or so ago, and mistakes did happen with medication and diagnosis,” he says. “Holding patient records is making a huge change and saving life. Physicians now can look at the entire history of a patient and know if drug interaction or previous episodes may cause issues.” Read More

Analysis: One more example of how location technology can make a major difference beyond just reducting costs.

 

 

Exploring the Role of Mobile Technology as a Health Care Helper

The New York Times  By STEPHANIE NOVAK Published: May 13, 2012

Two decades ago, a woman having a difficult birth in a Ugandan village would have had few options to get life-saving treatment if there was not a nearby health clinic. But today, mobile technology can help her get advice from a doctor in Kampala over the telephone, alert a community health worker about her situation, or even get her to a hospital.

Mobile technology is changing the landscape of health care delivery across the developing world by giving people who live in rural villages the ability to connect with doctors, nurses and other health care workers in major cities.

“Now, a phone call can compress the time that it would have taken before to come to that decision point and get the woman care more often and quickly,” said Dr. Alain Labrique, a professor of International Health and Epidemiology at Johns Hopkins University, in Baltimore.  Read More

 

Analysis: While there is no specific mention of location in this article, I think it is pretty apparent as to how LBS could be incorporated into this area.  For example doctors/care givers could much more readily locate patients – particularly important in situations where minutes can make all the difference – and visa versa.  It is well know that critical medical equipment and supplies are in short supply in many areas of Africa – GPS tags could make the management and availability of these critical assets much easier.  This is probably the tip of the iceburg.