How Your Location Is Tracked Daily

Every minute of everyday, everywhere on the planet, dozens of

companies — largely unregulated and not scrutinized — are logging the

movements of tens of millions of people with mobile phones and storing the

information in gigantic data files.

One such file obtained, was by far the largest and most sensitive ever to be reviewed by journalists.

It holds more than 50 billion location pings from the phones of

more than 12 million Americans as they moved through several major cities,

including Washington, New York, San Francisco and Los Angeles.

Each piece of information in this file represents the precise location of a

single smartphone over a period of several months in 2016 and 2017.

The data was provided to the writer by sources who asked to remain

anonymous because they were not authorized to share it and could face

severe penalties for doing so. The sources of the information said they

had grown alarmed about how it might be abused and urgently wanted to

inform the public and lawmakers.

After spending months sifting through the data, the writer discovered these data sets represent people from every walk of life, every socioeconomic background. Nobody is spared, not the poor living in trailer parks in Alabama, nor the wealthy living in luxury high rises in Manhattan.

One search turned up more than a dozen people visiting the Playboy

Mansion, some overnight. Without much effort we spotted visitors to

the estates of Johnny Depp, Tiger Woods and Arnold Schwarzenegger,

connecting the devices’ owners to the residences indefinitely.

If you are C-level executive with concerns about your public profile,

or a public figure with the same concerns, your privacy should be of

upmost importance to you. SecureCrypt provides you with a level of

privacy that you cannot find elsewhere. SecureCrypt can give you what

your regular cellular provider cannot, complete anonymity. With our network

level protections, your movements cannot be tracked, all of your metadata

is encrypted at all times. SecureCrypt as an industry-first, blocks any external location

queries made by any global telecom provider (AT&T, Verizon (US) Rogers, Bell

(CA) etc.) There is no other secure communications provider that has this type of

defence. This makes cellular network tracking not possible.

Speaking with other SecureCrypt users guarantees you complete privacy. With

Self-Destructing Messages, and nobody can intercept any messages or calls, ever.

Not even if you lose control of your device. With our Remote Wipe option all your data is deleted, and written over with zeros to prevent forensic recovery.

If you lived in one of the cities the dataset covers and use apps

that share your location — anything from weather apps to local

news apps to coupon savers — you could be in there, too.

The data reviewed by the writer didn’t come from a telecom or giant

tech company, nor did it come from a government sanctioned surveillance operation.

It originated from a location data company, one of dozens quietly collecting

precise movements using software slipped onto mobile phone apps. You’ve

probably never heard of most of the companies — and yet to anyone who has

access to this data, your life is an open book.

They can see the places you go every moment of the day, whom you meet with or spend the night with, where you pray, whether you visit a methadone clinic, a psychiatrist’s

office or a massage parlour.

It doesn’t take much imagination to conjure the powers such always-on

surveillance can provide an authoritarian regime like China’s. Within

America’s own representative democracy, citizens would surely rise up in

outrage if the government attempted to mandate that every person above the

age of 12 carry a tracking device that revealed their location 24 hours a day.

Yet, in the decade since Apple’s App Store was created, Americans have, app

by app, consented to just such a system run by private companies.

Today, it’s perfectly legal to collect and sell all this information. In the

United States, as in most of the world, no federal law limits what has become

a vast and lucrative trade in human tracking. Only internal company policies

and the decency of individual employees prevent those with access to the data

from, say, stalking an estranged spouse or selling the evening commute of an

intelligence officer to a hostile foreign power.

A Diary Of Your Every Movement

The companies that collect all this information on your movements justify their

business on the basis of three claims: People consent to be tracked, the data

is anonymous and the data is secure.

None of those claims hold up, based on the file we’ve obtained and our review

of company practices.

Yes, the location data contains billions of data points with no identifiable

information like names or email addresses. But it’s child’s play to connect

real names to the dots that appear on the maps.

With the help of publicly available information, like home addresses, journalists easily identified and then tracked scores of notables. We followed military officials with security clearances as they drove home at night. We tracked law enforcement officers as they took their kids to school. We watched high-powered lawyers (and their guests) as they

traveled from private jets to vacation properties. They did not name any of the

people they identified without their permission.

Watching dots move across a map sometimes revealed hints of faltering

marriages, evidence of drug addiction, records of visits to psychological

facilities.

Connecting a sanitized ping to an actual human in time and place could feel

like reading someone else’s diary.

Protesters were tracked just as rigorously. After the pings of Trump

supporters, basking in victory, vanished from the National Mall on Friday

evening, they were replaced hours later by those of participants in the

Women’s March, as a crowd of nearly half a million descended on the capital.

Examining just a photo from the event, you might be hard-pressed to tie a

face to a name. But in the data, pings at the protest connected to clear

trails through the data, documenting the lives of protesters in the months

before and after the protest, including where they lived and worked.

Journalists spotted a senior official at the Department of Defence walking through

the Women’s March, beginning on the National Mall and moving past the

Smithsonian National Museum of American History that afternoon. His wife was

also on the mall that day, something we discovered after tracking him to his

home in Virginia. Her phone was also beaming out location data, along with the

phones of several neighbours.

Inauguration Day weekend was marked by other protests — and riots.

Hundreds of protesters, some in black hoods and masks, gathered north of

the National Mall that Friday, eventually setting fire to a limousine near

Franklin Square. The data documented those rioters, too. Filtering the data

to that precise time and location led us to the doorsteps of some who were

there. Police were present as well, many with faces obscured by riot gear.

The data led us to the homes of at least two police officers who had been at

the scene.

As revealing as searches of Washington were, they were relying on just one

slice of data, sourced from one company, focused on one city, covering less

than one year. Location data companies collect orders of magnitude more

information every day than the totality of what the writer received.

Data firms also typically draw on other sources of information that they didn’t

use. They lacked the mobile advertising IDs or other identifiers that advertisers

often combine with demographic information like home ZIP codes, age, gender,

even phone numbers and emails to create detailed audience profiles used in

targeted advertising. When datasets are combined, privacy risks can be

amplified. Whatever protections existed in the location dataset can crumble

with the addition of only one or two other sources.

There are dozens of companies profiting off such data daily across the world —

by collecting it directly from smartphones, creating new technology to better

capture the data or creating audience profiles for targeted advertising.

The full collection of companies can feel dizzying, as it’s constantly

changing and seems impossible to pin down. Many use technical and nuanced

language that may be confusing to average smartphone users.

While many of them have been involved in the business of tracking us for

years, the companies themselves are unfamiliar to most Americans. (Companies

can work with data derived from GPS sensors, Bluetooth beacons and other

sources. Not all companies in the location data business collect, buy,

sell or work with granular location data.)

None of this tracking would be possible if using a SecureCrypt phone, equipped

with network protections. All metadata is encrypted, and our infrastructure was

built and designed around a Zero-Trust architecture. If you are a government

employee, contractor, activist, journalist, HNWI, or anyone else employed in

sensitive industry, it is worth considering whether or not you could benefit

from having your communications secured, and your location kept private.

This article has sections taken from the NYT Opinion investigation.

https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html