Updated: Feb 23
Every minute of everyday, everywhere on the planet, dozens of
companies — largely unregulated, little scrutinized — are logging the
movements of tens of millions of people with mobile phones and storing the
information in gigantic data files. One such file obtained, was by far the largest and most sensitive ever to be reviewed by journalists.
It holds more than 50 billion location pings from the phones of
more than 12 million Americans as they moved through several major cities,
including Washington, New York, San Francisco and Los Angeles.
Each piece of information in this file represents the precise location of a
single smartphone over a period of several months in 2016 and 2017.
The data was provided to the writer by sources who asked to remain
anonymous because they were not authorized to share it and could face
severe penalties for doing so. The sources of the information said they
had grown alarmed about how it might be abused and urgently wanted to
inform the public and lawmakers.
After spending months sifting through the data, the writer discovered these data sets represent people from every walk of life, every socioeconomic background. Nobody is spared, not the poor living in trailer parks in Alabama, nor the wealthy living in luxury high rises in Manhattan.
One search turned up more than a dozen people visiting the Playboy
Mansion, some overnight. Without much effort we spotted visitors to
the estates of Johnny Depp, Tiger Woods and Arnold Schwarzenegger,
connecting the devices’ owners to the residences indefinitely.
If you are C-level executive with concerns about your public profile,
or a public figure with the same concerns, your privacy should be of
upmost importance to you. SecureCrypt provides you with a level of
privacy that you cannot find elsewhere. SecureCrypt can give you what
your regular cellular provider cannot, complete anonymity. With our network
level protections, your movements cannot be tracked, all of your metadata
is encrypted at all times. SecureCrypt as an industry-first, blocks any external location
queries made by any global telecom provider (AT&T, Verizon (US) Rogers, Bell
(CA) etc.) There is no other secure communications provider that has this type of
defense. This makes cellular network tracking not possible.
Speaking with other SecureCrypt users guarantees you complete privacy. With
Self-Destructing Messages, and location spoofing, you can rest assured nobody
can access your location, and nobody can intercept any messages or calls, ever.
Not even if you lose control of your device. With forward secrecy, encrypted
communications recorded in the past cannot be retrieved or decrypted should long-term
secret keys or passwords be compromised in the future, even if the adversary
actively interfered, for example via a man-in-the-middle attack.
If you lived in one of the cities the dataset covers and use apps
that share your location — anything from weather apps to local
news apps to coupon savers — you could be in there, too.
The data reviewed by the writer didn’t come from a telecom or giant
tech company, nor did it come from a governmental surveillance operation.
It originated from a location data company, one of dozens quietly collecting
precise movements using software slipped onto mobile phone apps. You’ve
probably never heard of most of the companies — and yet to anyone who has
access to this data, your life is an open book. They can see the places you
go every moment of the day, whom you meet with or spend the night with,
where you pray, whether you visit a methadone clinic, a psychiatrist’s
office or a massage parlor.
It doesn’t take much imagination to conjure the powers such always-on
surveillance can provide an authoritarian regime like China’s. Within
America’s own representative democracy, citizens would surely rise up in
outrage if the government attempted to mandate that every person above the
age of 12 carry a tracking device that revealed their location 24 hours a day.
Yet, in the decade since Apple’s App Store was created, Americans have, app
by app, consented to just such a system run by private companies. Now, as
the decade ends, tens of millions of Americans, including many children,
find themselves carrying spies in their pockets during the day and leaving
them beside their beds at night — even though the corporations that control
their data are far less accountable than the government would be.
Today, it’s perfectly legal to collect and sell all this information. In the
United States, as in most of the world, no federal law limits what has become
a vast and lucrative trade in human tracking. Only internal company policies
and the decency of individual employees prevent those with access to the data
from, say, stalking an estranged spouse or selling the evening commute of an
intelligence officer to a hostile foreign power.
A Diary Of Your Every Movement
The companies that collect all this information on your movements justify their
business on the basis of three claims: People consent to be tracked, the data
is anonymous and the data is secure.
None of those claims hold up, based on the file we’ve obtained and our review
of company practices.
Yes, the location data contains billions of data points with no identifiable
information like names or email addresses. But it’s child’s play to connect
real names to the dots that appear on the maps.
Here’s what that looks like.
In most cases, ascertaining a home location and an office location was enough
to identify a person. Consider your daily commute: Would any other smartphone
travel directly between your house and your office every day?
Describing location data as anonymous is “a completely false claim” that has
been debunked in multiple studies, Paul Ohm, a law professor and privacy
researcher at the Georgetown University Law Center, told us. “Really precise,
longitudinal geolocation information is absolutely impossible to anonymize.”
“D.N.A.,” he added, “is probably the only thing that’s harder to anonymize
than precise geolocation information.”
Yet companies continue to claim that the data are anonymous. In marketing
materials and at trade conferences, anonymity is a major selling point —
key to allaying concerns over such invasive monitoring.
To evaluate the companies’ claims, we turned most of our attention to
identifying people in positions of power. With the help of publicly available
information, like home addresses, we easily identified and then tracked scores
of notables. We followed military officials with security clearances as they
drove home at night. We tracked law enforcement officers as they took their
kids to school. We watched high-powered lawyers (and their guests) as they
traveled from private jets to vacation properties. We did not name any of the
people we identified without their permission.
The data set is large enough that it surely points to scandal and crime but
our purpose wasn’t to dig up dirt. We wanted to document the risk of
Watching dots move across a map sometimes revealed hints of faltering
marriages, evidence of drug addiction, records of visits to psychological
Connecting a sanitized ping to an actual human in time and place could feel
like reading someone else’s diary.
Protesters were tracked just as rigorously. After the pings of Trump
supporters, basking in victory, vanished from the National Mall on Friday
evening, they were replaced hours later by those of participants in the
Women’s March, as a crowd of nearly half a million descended on the capital.
Examining just a photo from the event, you might be hard-pressed to tie a
face to a name. But in our data, pings at the protest connected to clear
trails through the data, documenting the lives of protesters in the months
before and after the protest, including where they lived and worked.
We spotted a senior official at the Department of Defense walking through
the Women’s March, beginning on the National Mall and moving past the
Smithsonian National Museum of American History that afternoon. His wife was
also on the mall that day, something we discovered after tracking him to his
home in Virginia. Her phone was also beaming out location data, along with the
phones of several neighbors.
Inauguration Day weekend was marked by other protests — and riots.
Hundreds of protesters, some in black hoods and masks, gathered north of
the National Mall that Friday, eventually setting fire to a limousine near
Franklin Square. The data documented those rioters, too. Filtering the data
to that precise time and location led us to the doorsteps of some who were
there. Police were present as well, many with faces obscured by riot gear.
The data led us to the homes of at least two police officers who had been at
As revealing as our searches of Washington were, we were relying on just one
slice of data, sourced from one company, focused on one city, covering less
than one year. Location data companies collect orders of magnitude more
information every day than the totality of what the writer received.
Data firms also typically draw on other sources of information that we didn’t
use. We lacked the mobile advertising IDs or other identifiers that advertisers
often combine with demographic information like home ZIP codes, age, gender,
even phone numbers and emails to create detailed audience profiles used in
targeted advertising. When datasets are combined, privacy risks can be
amplified. Whatever protections existed in the location dataset can crumble
with the addition of only one or two other sources.
There are dozens of companies profiting off such data daily across the world —
by collecting it directly from smartphones, creating new technology to better
capture the data or creating audience profiles for targeted advertising.
The full collection of companies can feel dizzying, as it’s constantly
changing and seems impossible to pin down. Many use technical and nuanced
language that may be confusing to average smartphone users.
While many of them have been involved in the business of tracking us for
years, the companies themselves are unfamiliar to most Americans. (Companies
can work with data derived from GPS sensors, Bluetooth beacons and other
sources. Not all companies in the location data business collect, buy,
sell or work with granular location data.)
None of this tracking would be possible if using a SecureCrypt phone, equipped
with network protections. All metadata is encrypted, and our infrastructure was
built and designed around a Zero-Trust architecture. If you are a government
employee, contractor, activist, journalist, HNWI, or anyone else employed in
sensitive industry, it is worth considering whether or not you could benefit
from having your communications secured, and your location kept private.
This article has sections taken from the NYT Opinion investigation.