viernes, 20 de diciembre de 2019

One Nation, Tracked - An Investigation into the Smartphone Tracking Industry from Times Opinion

Muy buenas,
Me lo acabo de encontrar:
https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html
One nation, Tracked - An investigation into the smartphone tracking industry from Times Opinion
Opinion - The Privacy Project
Twelve Million Phones, One Dataset, Zero Privacy
By Stuart A. Thompson and Charlie Warzel
Dec. 19, 2019

Every minute of every day, everywhere on the planet, dozens of companies — largely unregulated, little scrutinized — are logging the movements of tens of millions of people with mobile phones and storing the information in gigantic data files. The Times Privacy Project (https://www.nytimes.com/interactive/2019/opinion/internet-privacy-project.html) obtained one such file, by far the largest and most sensitive ever to be reviewed by journalists. It holds more than 50 billion location pings from the phones of more than 12 million Americans as they moved through several major cities, including Washington, New York, San Francisco and Los Angeles.

Each piece of information in this file represents the precise location of a single smartphone over a period of several months in 2016 and 2017. The data was provided to Times Opinion by sources who asked to remain anonymous because they were not authorized to share it and could face severe penalties for doing so. The sources of the information said they had grown alarmed about how it might be abused and urgently wanted to inform the public and lawmakers.

After spending months sifting through the data, tracking the movements of people across the country and speaking with dozens of data companies, technologists, lawyers and academics who study this field, we feel the same sense of alarm. In the cities that the data file covers, it tracks people from nearly every neighborhood and block, whether they live in mobile homes in Alexandria, Va., or luxury towers in Manhattan.

One search turned up more than a dozen people visiting the Playboy Mansion, some overnight. Without much effort we spotted visitors to the estates of Johnny Depp, Tiger Woods and Arnold Schwarzenegger, connecting the devices’ owners to the residences indefinitely.

If you lived in one of the cities the dataset covers and use apps that share your location — anything from weather apps to local news apps to coupon savers — you could be in there, too.

If you could see the full trove, you might never use your phone the same way again.

The data reviewed by Times Opinion didn’t come from a telecom or giant tech company, nor did it come from a governmental surveillance operation. It originated from a location data company, one of dozens quietly collecting precise movements using software slipped onto mobile phone apps. You’ve probably never heard of most of the companies — and yet to anyone who has access to this data, your life is an open book. They can see the places you go every moment of the day, whom you meet with or spend the night with, where you pray, whether you visit a methadone clinic, a psychiatrist’s office or a massage parlor.

The Times and other news organizations have reported on smartphone tracking in the past. But never with a data set so large. Even still, this file represents just a small slice of what’s collected and sold every day by the location tracking industry — surveillance so omnipresent in our digital lives that it now seems impossible for anyone to avoid.

It doesn’t take much imagination to conjure the powers such always-on surveillance can provide an authoritarian regime like China’s. Within America’s own representative democracy, citizens would surely rise up in outrage if the government attempted to mandate that every person above the age of 12 carry a tracking device that revealed their location 24 hours a day. Yet, in the decade since Apple’s App Store was created, Americans have, app by app, consented to just such a system run by private companies. Now, as the decade ends, tens of millions of Americans, including many children, find themselves carrying spies in their pockets during the day and leaving them beside their beds at night — even though the corporations that control their data are far less accountable than the government would be.

“The seduction of these consumer products is so powerful that it blinds us to the possibility that there is another way to get the benefits of the technology without the invasion of privacy. But there is,” said William Staples, founding director of the Surveillance Studies Research Center at the University of Kansas. “All the companies collecting this location information act as what I have called Tiny Brothers, using a variety of data sponges to engage in everyday surveillance.”

In this and subsequent articles we’ll reveal what we’ve found and why it has so shaken us. We’ll ask you to consider the national security risks the existence of this kind of data creates and the specter of what such precise, always-on human tracking might mean in the hands of corporations and the government. We’ll also look at legal and ethical justifications that companies rely on to collect our precise locations and the deceptive techniques they use to lull us into sharing it.

Today, it’s perfectly legal to collect and sell all this information. In the United States, as in most of the world, no federal law limits what has become a vast and lucrative trade in human tracking. Only internal company policies and the decency of individual employees prevent those with access to the data from, say, stalking an estranged spouse or selling the evening commute of an intelligence officer to a hostile foreign power.

Companies say the data is shared only with vetted partners. As a society, we’re choosing simply to take their word for that, displaying a blithe faith in corporate beneficence that we don’t extend to far less intrusive yet more heavily regulated industries. Even if these companies are acting with the soundest moral code imaginable, there’s ultimately no foolproof way they can secure the data from falling into the hands of a foreign security service. Closer to home, on a smaller yet no less troubling scale, there are often few protections to stop an individual analyst with access to such data from tracking an ex-lover or a victim of abuse.

A DIARY OF YOUR EVERY MOVEMENT

The companies that collect all this information on your movements justify their business on the basis of three claims: People consent to be tracked, the data is anonymous and the data is secure.

None of those claims hold up, based on the file we’ve obtained and our review of company practices.

Yes, the location data contains billions of data points with no identifiable information like names or email addresses. But it’s child’s play to connect real names to the dots that appear on the maps.

Here’s what that looks like.

In most cases, ascertaining a home location and an office location was enough to identify a person. Consider your daily commute: Would any other smartphone travel directly between your house and your office every day?

Describing location data as anonymous is “a completely false claim” that has been debunked in multiple studies, Paul Ohm, a law professor and privacy researcher at the Georgetown University Law Center, told us. “Really precise, longitudinal geolocation information is absolutely impossible to anonymize.”

“D.N.A.,” he added, “is probably the only thing that’s harder to anonymize than precise geolocation information.”

[Work in the location tracking industry? Seen an abuse of data? We want to hear from you. Using a non-work phone or computer, contact us on a secure line at 440-295-5934, @charliewarzel on Wire or email Charlie Warzel and Stuart A. Thompson directly.]

Yet companies continue to claim that the data are anonymous. In marketing materials and at trade conferences, anonymity is a major selling point — key to allaying concerns over such invasive monitoring.

To evaluate the companies’ claims, we turned most of our attention to identifying people in positions of power. With the help of publicly available information, like home addresses, we easily identified and then tracked scores of notables. We followed military officials with security clearances as they drove home at night. We tracked law enforcement officers as they took their kids to school. We watched high-powered lawyers (and their guests) as they traveled from private jets to vacation properties. We did not name any of the people we identified without their permission.

The data set is large enough that it surely points to scandal and crime but our purpose wasn’t to dig up dirt. We wanted to document the risk of underregulated surveillance.

Watching dots move across a map sometimes revealed hints of faltering marriages, evidence of drug addiction, records of visits to psychological facilities. ww

Connecting a sanitized ping to an actual human in time and place could feel like reading someone else’s diary.

In one case, we identified Mary Millben, a singer based in Virginia who has performed for three presidents, including President Trump. She was invited to the service at the Washington National Cathedral the morning after the president’s inauguration. That’s where we first found her.

 She remembers how, surrounded by dignitaries and the first family, she was moved by the music echoing through the recesses of the cathedral while members of both parties joined together in prayer. All the while, the apps on her phone were also monitoring the moment, recording her position and the length of her stay in meticulous detail. For the advertisers who might buy access to the data, the intimate prayer service could well supply some profitable marketing insights.

“To know that you have a list of places I have been, and my phone is connected to that, that’s scary,” Ms. Millben told us. “What’s the business of a company benefiting off of knowing where I am? That seems a little dangerous to me.”

Like many people we identified in the data, Ms. Millben said she was careful about limiting how she shared her location. Yet like many of them, she also couldn’t name the app that might have collected it. Our privacy is only as secure as the least secure app on our device.

“That makes me uncomfortable,” she said. “I’m sure that makes every other person uncomfortable, to know that companies can have free rein to take your data, locations, whatever else they’re using. It is disturbing.”

 The inauguration weekend yielded a trove of personal stories and experiences: elite attendees at presidential ceremonies, religious observers at church services, supporters assembling across the National Mall — all surveilled and recorded permanently in rigorous detail.

Protesters were tracked just as rigorously. After the pings of Trump supporters, basking in victory, vanished from the National Mall on Friday evening, they were replaced hours later by those of participants in the Women’s March, as a crowd of nearly half a million descended on the capital. Examining just a photo from the event, you might be hard-pressed to tie a face to a name. But in our data, pings at the protest connected to clear trails through the data, documenting the lives of protesters in the months before and after the protest, including where they lived and worked.

We spotted a senior official at the Department of Defense walking through the Women’s March, beginning on the National Mall and moving past the Smithsonian National Museum of American History that afternoon. His wife was also on the mall that day, something we discovered after tracking him to his home in Virginia. Her phone was also beaming out location data, along with the phones of several neighbors.

 The official’s data trail also led to a high school, homes of friends, a visit to Joint Base Andrews, workdays spent in the Pentagon and a ceremony at Joint Base Myer-Henderson Hall with President Barack Obama in 2017 (nearly a dozen more phones were tracked there, too).

Inauguration Day weekend was marked by other protests — and riots. Hundreds of protesters, some in black hoods and masks, gathered north of the National Mall that Friday, eventually setting fire to a limousine near Franklin Square. The data documented those rioters, too. Filtering the data to that precise time and location led us to the doorsteps of some who were there. Police were present as well, many with faces obscured by riot gear. The data led us to the homes of at least two police officers who had been at the scene.

As revealing as our searches of Washington were, we were relying on just one slice of data, sourced from one company, focused on one city, covering less than one year. Location data companies collect orders of magnitude more information every day than the totality of what Times Opinion received.

Data firms also typically draw on other sources of information that we didn’t use. We lacked the mobile advertising IDs or other identifiers that advertisers often combine with demographic information like home ZIP codes, age, gender, even phone numbers and emails to create detailed audience profiles used in targeted advertising. When datasets are combined, privacy risks can be amplified. Whatever protections existed in the location dataset can crumble with the addition of only one or two other sources.

There are dozens of companies profiting off such data daily across the world — by collecting it directly from smartphones, creating new technology to better capture the data or creating audience profiles for targeted advertising.

The full collection of companies can feel dizzying, as it’s constantly changing and seems impossible to pin down. Many use technical and nuanced language that may be confusing to average smartphone users.

While many of them have been involved in the business of tracking us for years, the companies themselves are unfamiliar to most Americans. (Companies can work with data derived from GPS sensors, Bluetooth beacons and other sources. Not all companies in the location data business collect, buy, sell or work with granular location data.)

 Location data companies generally downplay the risks of collecting such revealing information at scale. Many also say they’re not very concerned about potential regulation or software updates that could make it more difficult to collect location data.

“No, it doesn’t really keep us up at night,” Brian Czarny, chief marketing officer at Factual, one such company, said. He added that Factual does not resell detailed data like the information we reviewed. “We don’t feel like anybody should be doing that because it’s a risk to the whole business,” he said.

In absence of a federal privacy law, the industry has largely relied on self-regulation. Several industry groups offer ethical guidelines meant to govern it. Factual joined the Mobile Marketing Association, along with many other data location and marketing companies, in drafting a pledge intended to improve its self-regulation. The pledge is slated to be released next year.

States are starting to respond with their own laws. The California Consumer Protection Act goes into effect next year and adds new protections for residents there, like allowing them to ask companies to delete their data or prevent its sale. But aside from a few new requirements, the law could leave the industry largely unencumbered.

“If a private company is legally collecting location data, they’re free to spread it or share it however they want,” said Calli Schroeder, a lawyer for the privacy and data protection company VeraSafe.

The companies are required to disclose very little about their data collection. By law, companies need only describe their practices in their privacy policies, which tend to be dense legal documents that few people read and even fewer can truly understand.

EVERYTHING CAN BE HACKED

Does it really matter that your information isn’t actually anonymous? Location data companies argue that your data is safe — that it poses no real risk because it’s stored on guarded servers. This assurance has been undermined by the parade of publicly reported data breaches — to say nothing of breaches that don’t make headlines. In truth, sensitive information can be easily transferred or leaked, as evidenced by this very story.

We’re constantly shedding data, for example, by surfing the internet or making credit card purchases. But location data is different. Our precise locations are used fleetingly in the moment for a targeted ad or notification, but then repurposed indefinitely for much more profitable ends, like tying your purchases to billboard ads you drove past on the freeway. Many apps that use your location, like weather services, work perfectly well without your precise location — but collecting your location feeds a lucrative secondary business of analyzing, licensing and transferring that information to third parties.

For many Americans, the only real risk they face from having their information exposed would be embarrassment or inconvenience. But for others, like survivors of abuse, the risks could be substantial. And who can say what practices or relationships any given individual might want to keep private, to withhold from friends, family, employers or the government? We found hundreds of pings in mosques and churches, abortion clinics, queer spaces and other sensitive areas.

In one case, we observed a change in the regular movements of a Microsoft engineer. He made a visit one Tuesday afternoon to the main Seattle campus of a Microsoft competitor, Amazon. The following month, he started a new job at Amazon. It took minutes to identify him as Ben Broili, a manager now for Amazon Prime Air, a drone delivery service.

“I can’t say I’m surprised,” Mr. Broili told us in early December. “But knowing that you all can get ahold of it and comb through and place me to see where I work and live — that’s weird.” That we could so easily discern that Mr. Broili was out on a job interview raises some obvious questions, like: Could the internal location surveillance of executives and employees become standard corporate practice?

 Mr. Broili wasn’t worried about apps cataloguing his every move, but he said he felt unsure about whether the tradeoff between the services offered by the apps and the sacrifice of privacy was worth it. “It’s an awful lot of data,” he said. “And I really still don’t understand how it’s being used. I’d have to see how the other companies were weaponizing or monetizing it to make that call.”

If this kind of location data makes it easy to keep tabs on employees, it makes it just as simple to stalk celebrities. Their private conduct — even in the dead of night, in residences and far from paparazzi — could come under even closer scrutiny.

Reporters hoping to evade other forms of surveillance by meeting in person with a source might want to rethink that practice. Every major newsroom covered by the data contained dozens of pings; we easily traced one Washington Post journalist through Arlington, Va.

In other cases, there were detours to hotels and late-night visits to the homes of prominent people. One person, plucked from the data in Los Angeles nearly at random, was found traveling to and from roadside motels multiple times, for visits of only a few hours each time.

While these pointillist pings don’t in themselves reveal a complete picture, a lot can be gleaned by examining the date, time and length of time at each point.

Large data companies like Foursquare — perhaps the most familiar name in the location data business — say they don’t sell detailed location data like the kind reviewed for this story but rather use it to inform analysis, such as measuring whether you entered a store after seeing an ad on your mobile phone.

But a number of companies do sell the detailed data. Buyers are typically data brokers and advertising companies. But some of them have little to do with consumer advertising, including financial institutions, geospatial analysis companies and real estate investment firms that can process and analyze such large quantities of information. They might pay more than $1 million for a tranche of data, according to a former location data company employee who agreed to speak anonymously.

Location data is also collected and shared alongside a mobile advertising ID, a supposedly anonymous identifier about 30 digits long that allows advertisers and other businesses to tie activity together across apps. The ID is also used to combine location trails with other information like your name, home address, email, phone number or even an identifier tied to your Wi-Fi network.

The data can change hands in almost real time, so fast that your location could be transferred from your smartphone to the app’s servers and exported to third parties in milliseconds. This is how, for example, you might see an ad for a new car some time after walking through a dealership.

That data can then be resold, copied, pirated and abused. There’s no way you can ever retrieve it.

Location data is about far more than consumers seeing a few more relevant ads. This information provides critical intelligence for big businesses. The Weather Channel app’s parent company, for example, analyzed users’ location data for hedge funds, according to a lawsuit filed in Los Angeles this year that was triggered by Times reporting. And Foursquare received much attention in 2016 after using its data trove to predict that after an E. coli crisis, Chipotle’s sales would drop by 30 percent in the coming months. Its same-store sales ultimately fell 29.7 percent.

Much of the concern over location data has focused on telecom giants like Verizon and AT&T, which have been selling location data to third parties for years. Last year, Motherboard, Vice’s technology website, found that once the data was sold, it was being shared to help bounty hunters find specific cellphones in real time. The resulting scandal forced the telecom giants to pledge they would stop selling location movements to data brokers.

Yet no law prohibits them from doing so.

Location data is transmitted from your phone via software development kits, or S.D.Ks. as they’re known in the trade. The kits are small programs that can be used to build features within an app. They make it easy for app developers to simply include location-tracking features, a useful component of services like weather apps. Because they’re so useful and easy to use, S.D.K.s are embedded in thousands of apps. Facebook, Google and Amazon, for example, have extremely popular S.D.K.s that allow smaller apps to connect to bigger companies’ ad platforms or help provide web traffic analytics or payment infrastructure.

But they could also sit on an app and collect location data while providing no real service back to the app. Location companies may pay the apps to be included — collecting valuable data that can be monetized.

“If you have an S.D.K. that’s frequently collecting location data, it is more than likely being resold across the industry,” said Nick Hall, chief executive of the data marketplace company VenPath.

THE ‘HOLY GRAIL’ FOR MARKETERS

If this information is so sensitive, why is it collected in the first place?

For brands, following someone’s precise movements is key to understanding the “customer journey” — every step of the process from seeing an ad to buying a product. It’s the Holy Grail of advertising, one marketer said, the complete picture that connects all of our interests and online activity with our real-world actions.

Once they have the complete customer journey, companies know a lot about what we want, what we buy and what made us buy it. Other groups have begun to find ways to use it too. Political campaigns could analyze the interests and demographics of rally attendees and use that information to shape their messages to try to manipulate particular groups. Governments around the world could have a new tool to identify protestors.

Pointillist location data also has some clear benefits to society. Researchers can use the raw data to provide key insights for transportation studies and government planners. The City Council of Portland, Ore., unanimously approved a deal to study traffic and transit by monitoring millions of cellphones. Unicef announced a plan to use aggregated mobile location data to study epidemics, natural disasters and demographics.

For individual consumers, the value of constant tracking is less tangible. And the lack of transparency from the advertising and tech industries raises still more concerns.

Does a coupon app need to sell second-by-second location data to other companies to be profitable? Does that really justify allowing companies to track millions and potentially expose our private lives?

Data companies say users consent to tracking when they agree to share their location. But those consent screens rarely make clear how the data is being packaged and sold. If companies were clearer about what they were doing with the data, would anyone agree to share it?

What about data collected years ago, before hacks and leaks made privacy a forefront issue? Should it still be used, or should it be deleted for good?

If it’s possible that data stored securely today can easily be hacked, leaked or stolen, is this kind of data worth that risk?

Is all of this surveillance and risk worth it merely so that we can be served slightly more relevant ads? Or so that hedge fund managers can get richer?

The companies profiting from our every move can’t be expected to voluntarily limit their practices. Congress has to step in to protect Americans’ needs as consumers and rights as citizens.

Until then, one thing is certain: We are living in the world’s most advanced surveillance system. This system wasn’t created deliberately. It was built through the interplay of technological advance and the profit motive. It was built to make money. The greatest trick technology companies ever played was persuading society to surveil itself.
https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-privacy-tips.html
Opinion - The Privacy Project
Freaked Out? 3 Steps to Protect Your Phone
By Stuart A. Thompson and Gus Wezerek
Dec. 19, 2019

Your smartphone is one of the world’s most advanced surveillance tools. This week, Times Opinion is reporting on a huge trove of location data showing the precise location movements for millions of Americans.

Once your location is shared with the companies, there’s no way to delete that information or get it back. Your best bet is to avoid sharing your location in the first place — at least until the government bestirs itself to begin regulating how that information is collected, used and sold.

1 Stop sharing your location with apps

The most important thing you can do now is to disable location sharing for apps already on your phone. (Don’t worry, your phone will automatically send its location to emergency responders if you dial 911.) It’s easy to do this without having to open each app.

Many apps that request your location, like weather, coupon or local news apps, often work just fine without it. There’s no reason a weather app, for instance, needs your precise, second-by-second location to provide forecasts for your city.

Apple has recently made it harder for companies to snoop on your whereabouts via backdoor methods like checking for nearby Bluetooth and Wi-Fi networks. Make sure your phone’s operating system is updated to benefit from these safeguards.

2 Disable your mobile ad ID

Your online activity is often tied together and tracked using your mobile advertising ID, which is a unique number created by your phone and sent to advertisers and app makers.

Since location data is sent along with your ad ID, it can be tied to other data about you. You can disable this feature entirely in your privacy settings, limiting the ways companies can tie your activities together.

3 Prevent Google from storing your location

If you have a Google account, the company may already have saved a trove of location data tied to your devices. You can prevent Google from collecting this information by going to your account’s location activity controls and turning off location sharing.

4 Understand location tracking is hard to avoid

You can do only so much. Location vendors are engaged in a race to find new ways to ferret out your devices, regardless of whether you followed the steps above. Some will try to identify you using your device type, I.P. address, screen size and even volume and screen brightness, in a process called “fingerprinting.”

Your mobile carrier also collects location pings while your phone is turned on, regardless of whether you followed the steps above. Telecom companies were recently caught selling that data to companies that then resold it to bounty hunters, who used it to find phones in real time. The telecom companies have since pledged to stop selling the data, but they still collect it.

Interested in doing more to keep your location to yourself? Try the Privacy Pro SmartVPN app, which allows users to monitor apps and block them from additional forms of data sharing.

Real protections will come only if federal laws are passed to limit what companies can do with the data they collect. Until then, no matter what settings we choose, we’re all at risk.
https://www.nytimes.com/interactive/2019/12/20/opinion/location-data-national-security.html
Opinion - The Privacy Project
How to Track President Trump
By Stuart A. Thompson and Charlie Warzel
Dec. 20, 2019

If you own a mobile phone, its every move is logged and tracked by dozens of companies. No one is beyond the reach of this constant digital surveillance. Not even the president of the United States.

The Times Privacy Project obtained a dataset with more than 50 billion location pings from the phones of more than 12 million people in this country. It was a random sample from 2016 and 2017, but it took only minutes — with assistance from publicly available information — for us to deanonymize location data and track the whereabouts of President Trump.

The device’s owner was easy to trace, revealing the outline of the person’s work and life. The same phone pinged a dozen times at the nearby Secret Service field office and events with elected officials. From computer screens more than 1,000 miles away, we could watch the person travel from exclusive areas at Palm Beach International Airport to Mar-a-Lago.

The meticulous movements — down to a few feet — of the president’s entourage were recorded by a smartphone we believe belonged to a Secret Service agent, whose home was also clearly identifiable in the data. Connecting the home to public deeds revealed the person’s name, along with the name of the person’s spouse, exposing even more details about both families. We could also see other stops this person made, apparently more connected with his private life than his public duties. The Secret Service declined to comment on our findings or describe its policies regarding location data.

The vulnerability of the person we tracked in Mr. Trump’s entourage is one that many if not all of us share: the apps (weather services, maps, perhaps even something as mundane as a coupon saver) collecting and sharing his location on his phone.

Americans have grown eerily accustomed to being tracked throughout their digital lives. But it’s far from their fault. It’s a result of a system in which data surveillance practices are hidden from consumers and in which much of the collection of information is done without the full knowledge of the device holders.

For the nation’s security agencies, however, privacy is critical to the safety of military, defense and security operations across the country and abroad. If threats to that privacy have seemed abstract in the past, the trove of location data we have analyzed has brought them into sharp relief. Military and intelligence officials have long been concerned about how their movements could be exposed; now every move is. As a senior Defense Department official told Times Opinion, even the Pentagon has told employees to expect that their privacy is compromised:

“We want our people to understand: They should make no assumptions about anonymity. You are not anonymous on this planet at this point in our existence. Everyone is trackable, traceable, discoverable to some degree.”

We were able to track smartphones in nearly every major government building and facility in Washington. We could follow them back to homes and, ultimately, their owners’ true identities. Even a prominent senator’s national security adviser — someone for whom privacy and security are core to their every working day — was identified and tracked in the data.

While the Constitution prevents companies from sharing location data with the government without a warrant, there are no federal protections limiting how they use or share it privately. No such protections are currently being debated before Congress — even though we found that we could track people through Congress’s own halls as easily as any place else.

When we reached out to some lawmakers to show what we found, the outrage proved bipartisan.

“This is terrifying,” said Senator Josh Hawley, Republican of Missouri, who has called for the federal government take a tougher stance with tech companies. “It is terrifying not just because of the major national security implications, what Beijing could get ahold of. But it also raises personal privacy concerns for individuals and families. These companies are tracking our kids.”

“Tech companies are profiting by spying on Americans — trampling on the right to privacy and risking our national security,” Senator Elizabeth Warren, a Democrat running for president, told us. “They are throwing around their power to undermine our democracy with zero consequences. This report is another alarming case for why we need to break up big tech, adopt serious privacy regulations and hold top executives of these companies personally responsible.”

Agencies can limit how their employees use location-sharing apps and services, but that doesn’t mean those guidelines will be strictly enforced — or extended to personal devices.

But no matter how comprehensive an organization’s policies and regulations are, getting everyone to follow them is nearly impossible as many of these apps' surveillance practices are not visible to consumers.

“The human being is the weak link,” said Martijn Rasser, a former Central Intelligence Agency officer who is now a senior fellow in the technology and national security program at the Center for a New American Security. “It’s really difficult to enforce a lot of these rules and regulations. Sometimes, all it takes is one person to violate the rules to completely negate the purpose of having those rules in the first place.”

Despite the sensitivity of this information, it is put to everyday use. Packaged with millions of other data points, location information is turned into marketing analysis and sold to financial institutions, real estate investors, advertising companies and others. Companies say they vet partners carefully and tend to work with larger players that have a clear business case for receiving the data.

Like all data, the vast location files are vulnerable to hacks, leaks or sale at any point along that process. The data we reviewed was provided to Times Opinion by sources who asked to remain anonymous because they were not authorized to share it and could face severe penalties for doing so.

Multiple experts with ties to the United States’ national security agencies warned in interviews that foreign actors like Russia, North Korea, China and other adversaries may be working to steal, buy or otherwise obtain this kind of data. Only months ago, hackers working for the Chinese government allegedly targeted location data for people moving throughout Asia by breaking into telecom networks, according to a report by Reuters.

“People literally go to work every day, sit down at a desk, check the sports, send an email or two to their girlfriend and then start looking for databases they can steal,” said James Dempsey, the executive director of the Berkeley Center for Law and Technology. “They just do that 9 to 5, every day.”

The American government may conduct similar intelligence operations against its adversaries, experts said, though under stricter legal frameworks.

Using the data, we identified people in positions of power by following smartphone pings as they moved around the White House, Capitol Hill, the Supreme Court and other government facilities. In many cases, the data trails led back to the smartphone users’ homes. In this series, we did not name any of the identified people without their permission. And the data below has been obscured to protect device owners.

Connecting a ping to a person was as easy as combining home and work locations with public information. A seemingly random set of movements turned into a clear individual pattern after we added just one other piece of information.

Plenty of corroborating information is already floating around dark corners of the web, given the frequent high-profile data breaches of the past decade. Consider what China already knows: In 2015, a federal database containing the personal information of more than four million people with security clearances was stolen by Chinese hackers presumed to be state actors.

“From those very detailed documents, they may gather a good deal of information about a person,” said David S. Kris, a co-founder of the consulting firm Culper Partners and former assistant attorney general for the national security division of the Department of Justice. Mr. Kris said he was also included in the data that was hacked. “The more you can combine location-based data into a mosaic with other information, the more likely you are to gain real insight into an adversary.”

Location data potentially gives any enemy an opening for attack. Russians, whose intelligence apparatus has worked for decades to disrupt American democracy, could simply leak location information to embarrass the government, the legal system or particular officials.

“Think about Russia’s efforts to undermine public trust and confidence in our democratic institutions,” Suzanne Spaulding, senior adviser at the Center for Strategic and International Studies and a former under secretary at the Department of Homeland Security, told us. “Think about all of the ways they could use location data to do that. Think about tracking judges everywhere they went and how you could use that to undermine confidence in our courts and our justice system.”

After Ms. Spaulding raised the danger of tracking judges, we checked the data file for courthouse employees. In minutes, we found dozens of potential targets by watching smartphones sharing their precise locations inside Washington courthouses. One person whose movements we traced has a role in the technology division, which controls servers containing data for the Supreme Court.

For people with political power, knowing those locations could put their safety — and our national security — at risk. Experts told Times Opinion that foreign governments could use the data to monitor sensitive sites and identify people with access to them, and their associates.

“Not everybody in the department has a national security position, not everybody has access to classified or higher-level stuff,” the senior Defense official said. “But everyone in the department is of some interest or value to a lot of adversaries just by virtue of being a member of the Defense Department, just by working at the Pentagon.”

he possibilities for blackmail are endless. Once stolen, details on sexual interests and extramarital affairs can provide opportunities for extortion. Targets could be coerced in ways large and small, compelled to make decisions or take actions for a foreign government. Or the locations themselves could provide valuable intelligence about security practices, contacts, schedules and the identities of people in prominent and sensitive posts, with access to state secrets or critical infrastructure.

With no training and far more limited technical tools than those of a state intelligence service, we were able to use the location data — date, time and length of stay — to make basic inferences. By determining whether two people were in the same place at the same time, it was easy to zero in on spouses, co-workers or friends. Cataloguing their movements revealed even more associations, creating the map of a robust social network that would be nearly impossible to determine through traditional surveillance. In cases where it was difficult to identify an individual, associations offered more clues about workplaces and interests.

In one case, it proved difficult to confirm the identity of a man listed in public records who had a common name. Examining his associations revealed that he met multiple times with someone carrying another phone that was being tracked. That person was, we soon learned, his brother. That piece of information doubled the pool of digital breadcrumbs to follow, ultimately helping confirm both of their identities.

Now consider elections. Bad actors could monitor candidates and elected leaders for intelligence that could be leaked or used to blackmail them. There are also no regulations limiting how long location data can be stored. Data swept up today may prove valuable in the future, as everyday citizens rise to positions of authority and influence only to have their precise movements from years gone by reviewed for damaging insights.

Defense contractors and employees at secure locations like power plants are all at risk.

We found smartphone pings at all of these sorts of sites. In one case, someone who spent their weekdays at the Pentagon visited a mental health and substance abuse facility multiple times.

Even just commuting to work can be risky for people in prominent positions. “The easiest way to figure out how to get to you is know you always have the same routine,” said Mr. Rasser, the former Central Intelligence Agency officer. He said he mixes up his own routine, partly because the C.I.A. emphasized such methods when he joined.

The threats will only grow as more data is collected and shared. More apps will enter the marketplace using tracking technology. And companies are becoming more sophisticated at collecting location data, adding signals from Wi-Fi networks and Bluetooth beacons. They also often rely on one-time consent or disclosures that don’t explicitly state what’s collected or shared.

Experts emphasized how location data has joined many other kinds of sensitive information in the espionage toolkit, showing how intelligence agencies must continually adapt to the digital age.

“We need to learn to operate with fewer secrets,” Ms. Spaulding said.

Even areas once thought to be secure showed up in the data. Personal phones aren’t generally allowed inside the C.I.A. or the National Security Agency. But while no pings registered inside the C.I.A. headquarters, we found thousands of pings in the parking lots outside, with trails that led to the homes of likely employees.

Similarly, there were no blackout areas in many sensitive government buildings. We observed thousands of pings inside the Pentagon, on military bases, in F.B.I. headquarters and in Secret Service facilities across the country. (Intelligence facilities also have secure areas where certain electronic devices aren’t permitted.)

The risks posed by location-tracking remain largely unaddressed by the government. Beginning last year, the Department of Defense prohibited geolocation features and functionality from being used by its workers on devices in “operational areas” like foreign military bases. For all other locations, the department said it would consider the risks and issue specific recommendations to personnel.

For now, the department does not issue guidance to employees about downloading specific apps, including those that might share location data with third parties. “Instead, we focused on certain core characteristics of the geolocation functionality and identified what risks those characteristics posed,” a department spokesman, Lt. Col. Uriah L. Orland, said in an email.

Agencies with a need for heightened security are left in a vulnerable position. Phones are ubiquitous, and so long as granular location tracking remains legal, even the Defense Department must play along. “We cannot stop our workforce of 3.6 million people from living their everyday lives,” a senior department official told us.

We haven’t identified any serving elected representatives in our data, but we found a former House representative and dozens of prominent public officials, including chiefs of staff, security officials and subcommittee staff members.

Given their proximity to public figures with public schedules and their presence at training sites and field offices, Secret Service agents were particularly easy to identify. With little difficulty, we were able to track a Secret Service agent who spent most of his daytime hours in the West Wing of the White House. He also joined President Trump at the National Cathedral the day after the inauguration.

While the data reviewed by Times Opinion is from three years ago, similar information is being collected daily and often resold to third parties, meaning anyone with current access to such data could feasibly, in near real time, track people within arm’s reach of the president or other powerful figures.

“If you want to take action against someone, you have to find them first,” said Mr. Kris, the former Department of Justice official. “I’m wary of breathless, pearl-clutching, speculative, sensationalistic counterintelligence concerns. This doesn’t strike me as falling into that category. I think there is a legitimate concern here.”

Leaked location data may open the door to other cyber vulnerabilities. Foreign actors could learn movement details and infer meeting locations, which could be used to conduct a type of scam where targets receive fake emails — posing as a friend you just met with or a business you just visited — including a phony link meant to steal your password or install malware.

“Location tracking data of individuals can be used to facilitate reconnaissance, recruitment, social engineering, extortion and in worst-case scenarios, things like kidnapping and assassination,” warned Kelli Vanderlee, manager of intelligence analysis at the cybersecurity company FireEye.

Those are not theoretical threats. The phone of the Washington Post journalist Jamal Khashoggi, who was assassinated in 2018, was allegedly compromised, possibly allowing his location data to be used to follow him.

Last year, Strava, a company that makes a fitness app, released a global map showing 700 million activities that clearly revealed American military bases abroad. The Department of Defense issued its recent guidance after discovering the problem. The data reviewed by Times Opinion revealed several points on domestic military bases as well, showing how some of the nation’s most secure armed sites can be exposed.

“An adversary can still glean a lot from your whereabouts on the base itself,” said Mr. Rasser, the former C.I.A. officer. “If you’re always at a certain part of the base, at a certain time, you can start piecing together what the function of that corner of the base could be based on the person’s job duties.”

Using base locations as a guide, Times Opinion accurately surmised the job title of a commander in the U.S. Air Force Reserve. He regularly traveled to the Pentagon and visited Joint Base Andrews, perhaps best known as the home of the president’s airliner, Air Force One.

 It’s not necessary for someone to visit sensitive locations to be open to scrutiny or criticism. Location data could become a powerful political tool, exposing the private lives of wealthy elites who prefer to adopt a more egalitarian persona. It is not difficult to imagine efforts to undermine a political campaign by exposing travels through private airports or visits to expensive restaurants and luxurious spas.

The sources who provided the trove of location information to Times Opinion did so to press for regulation and increased scrutiny of the location data market. Some solutions exist that could help improve privacy while ensuring businesses can still perform some of the analysis they do today, like limiting the ability to identify individual paths, changing how long the information is stored and limiting how it’s sold.

So far, Washington has done virtually nothing to address the threats, and location data companies have every reason to keep refining their tracking, sucking up more data and selling it to the highest bidders.
https://www.nytimes.com/interactive/2019/12/20/opinion/location-tracking-smartphone-marketing.html

No hay comentarios:

Publicar un comentario