Cell phone ping data

Cell phone ping data DEFAULT

Introduction

Governments and the private sector are increasingly relying on data-driven technologies to help contain the novel coronavirus, Covid-19. While some see technological solutions as a critical tool for contact tracing, quarantine enforcement, tracking the spread of the virus, and allocating medical resources, these practices raise significant human rights concerns. Human Rights Watch is particularly concerned about proposals for the use of mobile location data in the Covid-19 response because the data usually contains sensitive and revealing insights about people’s identity, location, behavior, associations, and activities.

Mobile location data programs to combat Covid-19 may not be scientifically necessary and could lead to human rights abuses if they are not equipped with effective safeguards to protect privacy. The long history of emergency measures, such as surveillance measures put in place to counter terrorism, shows that they often go too far, fail to have their desired effect, and, once approved, often outlast their justification. 

This Q&A explains the different ways that governments are using mobile location data to respond to Covid-19, the human rights concerns associated with these measures, and human rights standards that should be applied when using such data. It includes illustrative cases, recommendations, and guidelines to help evaluate the human rights risks posed by the use of mobile location data.

What Is Mobile Location Data and How Is It Being Used to Respond to Covid-19?

How is mobile location data being used to respond to Covid-19?

We define “mobile location data” as geolocation and proximity information from mobile phones and other devices. Governments view mobile location data as a key component of measures to contain the spread of Covid-19. They are presenting individualized tracking as a reliable way to track the movement of people who are infected and identify individuals with whom they came into contact during the period in which they are contagious. Individualized tracking can also be used to ascertain whether people are complying with social distancing and quarantine measures. Analysis of aggregate location data, on the other hand, might provide insight into the effectiveness of social distancing measures, model the potential for transmission, and identify potential “hot spots” of transmission. Examples of how governments are using technology to respond to Covid-19 include:

  • Contacttracing:Contact tracing is the process of identifying individuals who may have come into contact with an infected person. Its goal is to interrupt transmission by rapidly identifying individuals who have been in close contact of someone who is infected, defined by the United States Centers for Disease Control and Prevention (CDC) as within 6 feet of someone for approximately 10 or more minutes. The idea is to encourage such individuals to isolate themselves from others and seek testing and treatment. Because the coronavirus is primarily transmitted through person-to-person contact via respiratory droplets when an infected person coughs, sneezes, or talks, mobile location data has been proposed as a helpful method to identify potentially exposed individuals.
  • Enforcing quarantine and social distancing orders: Governments are imposing quarantines and other restrictions on movement, including broad lockdowns, closures of business, public spaces, and institutions, orders for the isolation of individuals infected, and requests for voluntary social distancing. Governments are using mobile location data to monitor compliance with these restrictions, for example, by encouraging or compelling people to install an app that uses location data to identify people who violate these restrictions.
  • Big data analytics: Companies and governments are also examining location data in aggregate form to better understand general patterns of people’s movements and behaviors and how these have changed over time. Such analysis aims to forecast how the virus might be spreading and the effectiveness of public health interventions such as social distancing measures and identify ways to better allocate testing and medical resources.
  • Hot spot mapping: Hot spot mapping is a type of big data analysis that involves the use of location data to piece together the movement or location history of individuals who have tested positive in order to send out public health warnings about particular locations, or close down or disinfect particular locations.

How does mobile location tracking work?

Mobile location data comes from a variety of sources, including cellphone towers, Global Positioning System (GPS) signals, and Bluetooth beacons.

  • Cell site location information: Mobile phones connect their users to telecommunications and internet networks through cell towers. As a mobile phone moves with its user, the phone pings nearby cell towers (or “cell sites”). This process generates location information stored by the telecommunication operators (“Telcos”) about the cell towers to which the phone has sent a signal. With proximity information from multiple cell towers, a technique called “triangulation” is used to estimate the location of a cell phone with greater precision. Governments can compel Telcos to provide that mobile location information to track someone’s real time or past movement.
  • Global positioning system (GPS): A mobile phone’s GPS capabilities allow it to track its location to within 5 to 10 feet (1.5 to 3 meters). Many smartphone apps (including maps, social media, games, shopping, and utility apps) log this location data, which can then be obtained by governments and data brokers. Data brokers are entities – some well-known, others less so – that collect information about potential consumers then sell that data (or analytic scores, or classifications made based on that data) to other data brokers, companies, and/or individuals. There has been a proliferation of apps for contact tracing and quarantine enforcement that rely on GPS data to track people’s movements. Additionally, anonymized GPS data (i.e. stripping data of personally identifiable information) can be used to track patterns of movement of populations in the past and in real time.
  • Bluetooth beacons: Bluetooth is a wireless, low-power, short-distance set of protocols used primarily to connect devices directly to each other in order to transfer data. Bluetooth can only communicate with devices that are nearby (approximately 33 feet or 10 meters). Bluetooth signals have been proposed as a method of contact tracing by identifying a phone’s proximity to other devices with a relatively high level of accuracy, using a specialized app. Unlike cell tower or GPS data, which track actual location, Bluetooth tracks interactions. Therefore, it is best understood as an interaction tracking tool. 

What Are the Applicable Human Rights Standards?

Even in times of emergency, when states restrict human rights for public health reasons, international human rights law says that measures taken that limit people’s rights and freedoms must be lawful, necessary, and proportionate. States of emergency need to be limited in duration and any curtailment of rights needs to take into consideration the disproportionate impact on specific populations or marginalized groups.

These rules apply to efforts to track and manage Covid-19 using mobile location data. The collection and analysis of such data could reveal users’ identities, movements, and associations in a manner that interferes with the right to privacy. Article 17 of the International Covenant on Civil and Political Rights (ICCPR), which is derived from Article 12 of the Universal Declaration of Human Rights (UDHR), establishes “the protection of the law” against “arbitrary or unlawful interference” with an individual’s “privacy, family, home, or correspondence.” The United Nations Human Rights Committee has found that restrictions on the right to privacy must take place only “in cases envisaged by the law.” Restrictions must also be “proportionate to the end sought, and ... necessary in the circumstances of any given case.”

Human Rights Watch and over 100 other human rights organizations have urged governments to respect privacy and human rights when using digital technologies to contain the pandemic. At a minimum, technology-assisted measures should:

  • Be lawful, necessary, proportionate, transparent, and justified by legitimate public health objectives
  • Be time-bound and only continue for as long as necessary to address the pandemic
  • Be limited in scope and purpose, used only for the purposes of responding to the pandemic
  • Ensure sufficient security of any personal data that is collected
  • Mitigate any risk of enabling discrimination or other rights abuses against marginalized populations
  • Be transparent about any data-sharing agreements with other public or private sector entities
  • Incorporate protections and safeguards against abusive surveillance and give people access to effective remedies
  • Provide for free, active, and meaningful participation of relevant stakeholders in data collection efforts

How Are Governments Using Mobile Location Data to Respond to Covid-19?

Governments are increasingly using mobile location data to respond to the spread of Covid-19 for understandable public health reasons since the virus is a highly communicable disease. Privacy International, a London-based organization working to promote the right to privacy worldwide, is maintaining a tracker of responses that governments, tech companies, and international agencies are using to help contain the spread of the Covid-19. Below are some examples.

Contact Tracing Using Data Provided by Telecommunications Providers

Governments are accessing data from Telcos in contact tracing efforts. In Israel, an emergency regulation approved by the government on March 17 authorized Shin Bet, Israel’s internal security service, to receive, collect, and process “technological data,” including location data, from Telcos without user consent to predict which citizens have been exposed to the virus. Under the program, the health ministry sends alerts to people’s phones ordering them to self-quarantine. The cabinet circumvented the parliament in approving the emergency regulation. Israel’s supreme court later ruled that the government needed to pass a law authorizing such “fulfills the principles of privacy protection” or else it would be halted. The health ministry on March 23 also released a voluntary app, ostensibly to back up Shin Bet efforts, to inform people if they have come in contact with an infected person.

In Armenia, the parliament on March 31 passed amendments giving the authorities very broad surveillance powers, which require Telcos to hand over the phone records for all of their customers, including phone numbers and the location, time, and date of their calls and text messages. The authorities can use that data to identify individuals who are infected and should be isolated or close contacts who should self-quarantine, or to monitor individuals in isolation or quarantine.

In Russia, the prime minister on March 20 ordered the communications ministry to design a national system to track people who have been in contact with coronavirus patients, using location data provided by individuals’ mobile phone provider. On April 1, the communications ministry confirmed it had designed the system. The communications ministry has demanded that regional authorities provide lists of mobile phone numbers of people infected with coronavirus, as well as the phone numbers of citizens who are quarantined at home either because they had traveled abroad or had contact with infected people.

In Ecuador,on March 16, the president issued an emergency decree authorizing the government to use data from satellite and mobile telephone platforms to monitor people who tested positive for the virus, those who have been in close contact with someone who tested positive, those who have symptoms, and those subjected to mandatory isolation for having entered the country from abroad.

Bluetooth Contact Tracing

In Singapore, the government on March 20 launchedTraceTogether, a Bluetooth-based contact tracing app, to supplement its human contact tracing efforts. When a person is contacted, they are required by law to assist the health ministry in accurately mapping out their movements and interactions to minimize the risk of widespread infection. Data logs are stored on phones in encrypted form, using “cryptographically generated temporary IDs”. However, when a TraceTogether user is a confirmed Covid-19 case and agrees to upload the data log in the app to the health ministry, the health ministry will decrypt the temporary IDs in the user’s app and obtain a list of phone numbers from the uploaded data log.

The European Commission on April 8 adopted a recommendation to pursue a pan-European coordinated approach for the use of mobile applications for contact tracing, among other purposes. The common approach will be guided by privacy and data protection principles, including data minimization and appropriate safeguards such as psaggregation, encryption, and decentralization. It will also be voluntary, with a preference for Bluetooth-based proximity tracing. Further guidance is due to be adopted on the data protection and privacy implications of the use of mobile applications. The European Parliament on April 17 adopted a resolution reinforcing the commission’s recommendation, demanding full transparency so that people can verify the underlying protocol for security and privacy of such apps. In the meantime, a number of European Union countries, including France, Germany, and the Netherlands, are in the process of selecting contact tracing apps.

In Norway, the National Institute of Public Health on April 16 launched a voluntary, self-reporting app that will monitor users’ movements and then ask people to go into quarantine if they have been exposed to someone who tested positive for the coronavirus. When a user is confirmed as having coronavirus, the app will then retrieve their location data and send a text message to every other user who has been within 2 meters of that person for more than 15 minutes, instructing them to go into quarantine.

Mobile Apps to Enforce Quarantine and Social Distancing Orders

Authorities in cities and provinces across China are using the app Health Code, which was developed by private companies, to make decisions about whom to quarantine and for how long. The app assigns each of its approximately 700 million users one of 3 colors: green enables unrestricted movement, yellow requires 7 days of quarantine, and red requires 14 days of quarantine. To enter buildings, go to the supermarket, use public transport, and move around their neighborhood, people must scan a QR code at a manned checkpoint. However, the rules behind color assignments are secretive, making it difficult for individuals to understand why they were assigned a particular color, or what circumstances might trigger a change of color. The app also collects users’ location data and shares it with the police. Users have complained that the app’s decisions are arbitrary and difficult to appeal; some of them have been confined to their homes for indefinite periods even after serving the quarantine period mandated by the app.

In Turkey, the health minister declared on April 7 that it is mandatory for people infected with Covid-19 to download an app called “Life fits inside the house” as part of the “Pandemic Isolation Tracking Project.” The app follows the movement of people instructed to self-isolate, and if they leave their homes, they receive a warning via SMS and are contacted instantly through automatic call technology and told to return to isolation. Under the program, those who fail to comply with the warning and continue to violate the quarantine are reported to relevant law enforcement and face administrative measures and sanctions, which can include jail time ranging from two months to a year in accordance with Article 195 of Turkish Penal Code. Human Rights Watch has not yet investigated how widespread the use of the app is in practice and whether the Turkish authorities have made efforts to enforce its use.

In Moscow, the city government on April launched an app to track the movement of coronavirus patients. The app is mandatory for all patients who have been ordered to stay at home. It requests access to the user’s calls, location, camera, storage, network information, sensors, and other data to ensure people do not leave their home while contagious. This app is in addition to the installation of one of the world’s biggest surveillance camera systems equipped with facial recognition technology to ensure that everyone placed under self-quarantine stays off the streets. On April 15, Moscow also introduced a digital permit system for non-essential travel, both on public transport and private vehicles.  

Big Data Analytics

In the EU, eight major Telcos have agreed to share anonymized metadata with the European Commission for modelling and predicting the propagation of the coronavirus. An official from the commission said the data will be aggregated and anonymized and that the commission will delete it when the pandemic is over. Still, the European Data Protection Supervisor warned about the possibility of such measures becoming permanent.

In the US, mobile advertising companies, which gather the location data of mobile and internet users to target and sell ads, are reportedly supplying analyses of people’s locations and movements to the CDC and certain state and local governments. In the context of Covid-19, this data sharing arrangement is apparently designed to help the authorities better understand how infections spread and refine public health responses. Much of this arrangement, including how data is collected, shared, anonymized, and analysed, is unknown. It has also been reported that the federal government is building a national coronavirus surveillance system to monitor and forecast rates of infection and hospitalization across the country. It is unclear whether this project is linked to the CDC’s partnership with the mobile advertising industry.

In South Korea, in addition to using cell phone location data, CCTV cameras, and tracking of debit, ATM, and credit cards to identify people infected with coronavirus, the authorities created a publicly available map using aggregate data of infected individuals to allow other people to check whether they may have crossed paths with someone infected with the virus. The platform was officially launched on March 26. Health authorities also send out cell phone notifications containing very detailed information on confirmed cases, including the age, gender, and daily routes infected people took 48 hours before being quarantined. The purpose of the disclosures is to enable potential untraceable contacts (for example, strangers who were in the same restaurant as the confirmed case at the same time) to recognize and prepare for possible infection.

In Ecuador, the president on April 6 announced the SOS Covid tool, which works with information obtained from the emergency service, the ministry of telecommunications, the ministry of health, mobile-service providers, and the Salud EC App (see below) to monitor whether the quarantine is being observed, detect cases, carry out massive tests, and identify areas of risk due to crowding.

Self-Reporting Initiatives

Governments are also launching initiatives to report coronavirus cases and direct people toward medical resources that rely on location data. For example, Ethiopia’sInformation Network Security Agency launched a Covid-19 monitoring platform on March 23 to update the public on the number of Covid-19 cases in the country and to provide information such as directions to the nearest pharmacies, hospitals, and police stations. People who develop symptoms or were in contact with people with confirmed cases can also give information to the ministry of health via the platform. The system also enables users to report illegal or unauthorized activities, such as large public gatherings. It also allows the reporting of people suspected of having symptoms based on subjective assessments on others’ symptoms. This is concerning, especially at a time when there are reports of harassment and discrimination against foreigners and healthcare sector workers as cases of Covid-19 rise in Ethiopia.

Ecuador announced on March 25 the development of Salud EC App, an application that stores the name, year of birth, ID number, and geolocated address of its users. Through this voluntary app, users can report their symptoms related to Covid-19. The app then provides the user with the online resources created by the government for the health emergency.

How Can Mobile Location Tracking Interfere with the Right to Privacy?

The privacy risks of mobile location tracking are significant and well-established. Mobile location information can contain sensitive and revealing insights about a person’s identity, location, behavior, associations, and activities. The use of mobile phone network data creates granular, real-time targeting opportunities, which can be used by governments to forcefully enforce quarantine, discriminate, or crackdown on populations for other reasons. And in the hands of abusive governments that already have adopted intrusive surveillance practices, this can serve to enhance repression.

The mobile phone tracking programs described above raise concern that governments are collecting, using, and retaining data beyond what is necessary for legitimate and targeted disease surveillance measures. The lack of transparency regarding many Covid-19 tracking initiatives, such as those in Ecuador and Ethiopia, prevents the public from assessing whether there are meaningful limits on the types of personal information that will be collected, used, aggregated, and retained, or whether tracking and data collection will end once the pandemic is contained. This is particularly troubling in countries like China, Ethiopia, and Russia, which have a record of pervasive surveillance.

Other concerns include: restricting people’s movements based on arbitrary and opaque apps, as is the case in China; the lack of consent to data being used, as is the case in Armenia, Israel, and South Korea; and the combination of mobile location data with other types of data, such as facial recognition, as is the case in Moscow. Almost all of the initiatives using location data to respond to Covid-19 involve placing large collections of data in the hands of governments, many of which have histories of repression and discrimination against already marginalized communities, including religious minorities and political dissidents.

Excessive interference with location privacy is a gateway to undue restrictions on other rights. For example, in Israel, the Shin Bet reportedly restricted people’s movements in error when they ordered into quarantine people who turned out to be negative for the coronavirus, including a woman who was ordered to self-quarantine after waving to a homebound coronavirus victim from the street. Information sharing with law enforcement may also have a chilling effect on access to health care. In the US, local governments are collecting the addresses of people who test positive for the coronavirus and sharing the lists with police and first responders, which some public health experts say could make people reluctant to seek medical care or get tested for Covid-19 because of a fear of profiling by law enforcement. Finally, publicizing revealing details about people’s movements and behaviors can stoke fear, panic, and discrimination. In South Korea, the government has sent “safety guidance texts” that notify the public about places that infected people have visited. Owners of affected shops and restaurants told The Guardian that these alerts are chasing customers away and may put them out of business even after they disinfected the premises.

If data is anonymized, what is the harm?

Anonymization (i.e. stripping mobile location data of personally identifiable information) has been proposed as a safeguard, but it is well-established that anonymized data can be combined with private and publicly held data to re-identify individuals. To prevent this, governments would need to provide clear rules to prohibit combining anonymized data with other personal data. This became a major issue in South Korea, where the level of personal information sent out on public health text message alerts based on the location history of known infected individuals led to the doxing of individuals. There are reports that some people suspected of testing positive for Covid-19 based on information sent out by public health alerts experienced hate speech or harassment. In some cases, the texts fueled social stigma leading to speculation about extra-marital affairs. The National Human Rights Commission of South Korea criticized authorities for providing more information than is necessary to stop the spread of disease, leading to a violation of privacy and human rights of an infected person, including “secondary damages as patients become the target of criticism, taunts, and hatred online.” It recommended only sharing location and times when infected people visited places, rather than providing the travel history of each individual.

Does aggregating data create privacy risks?

Companies and governments are also analyzing large location datasets to forecast disease trends and the effectiveness of public health interventions. An example is the US CDC’s reported partnership with the mobile advertising industry. Google has launched “Covid-19 Community Mobility Reports” that map mobility trends over time by country or region across different places like parks, grocery stores, and transit stations. Facebook’s Disease Prevention Maps initiative provides its research partners, which include Harvard School of Public Health in the US and National Tsing Hua University in Taiwan, with “co-location maps” that predict travel patterns, “movement range trends” that show whether social distancing and other preventive measures are working, and a “social connectedness index” that attempts to infer disease spread from “friendships across states and countries.”

Google and Facebook say that their initiatives are based on anonymized and aggregated location data that provide high-level insights into people’s movements and behaviors, rather than detailed location histories that are prone to re-identification. In theory, data aggregation poses fewer risks to privacy. However, companies and governments that perform such aggregation must disclose sufficient information about the protocols and procedures used to aggregate data that enable independent and external researchers to test if they actually work. Covid-19 tracking initiatives based on aggregated data should also disclose how they draw conclusions from this data, how this data is used to inform public health interventions, and the limits and risks associated with such analysis.

Does Bluetooth-based proximity tracking protect privacy?

Some companies and researchers have recently announced new efforts to make contact tracing more privacy-protecting using Bluetooth technology. Among the more prominent are the Pan-European Privacy Preserving Proximity Tracing initiative (PEPP-PT), the Decentralized Privacy-Preserving Proximity Tracing (DP-3T), and Apple and Google’s Privacy-Preserving Contact Tracing initiative, which consists of an application programming interface (API) that public health agencies can integrate into their own contact tracing apps. The next phase is a system-level contact tracing system that will work across iOS and Android devices on an opt-in basis. In Bluetooth-based proximity tracing, devices that come close to each other share pseudonymized IDs (a string of random numbers that are not tied to a user’s identity and change every 10-20 minutes for additional protection). If a user becomes infected with the virus, they can send an alert to all the phones with which they have been in proximity. The broadcast would not identify the infected person, nor would the infected person know the identity of the people who would be notified.

Bluetooth-based proximity tracing is being promoted as the more accurate and secure option for contact tracing because a device’s ability to communicate with another can be a much more accurate proxy for nearness and because systems can be built to decentralize data, meaning that data can be stored locally on the device rather than on a centralized database. 

While promising in some respects, Bluetooth-based proximity tracing is largely untested, and designing these systems involves choices that have implications for privacy and security. For example, Bluetooth-based proximity tracing can rely on centralized databases, or decentralized storage of data on people’s phones. While some governments may prefer centralizing data under their authority, this can be problematic if the authority has broad powers to abuse the metadata and is prone to bribery or legal coercion or has failed to take appropriate steps to secure the data from attacks by malicious actors.

Decentralizing data so that it is stored on people’s devices is generally seen as a better option from a privacy perspective. However, this approach is not without privacy risks either. A tech-savvy adversary in close proximity to a device could identify the IDs of infected people stored on it, or could set up a device with a stationary camera to capture the IDs of users passing by.

Furthermore, researchers from the Institute for Technology in the Public Interest have warned that technical safeguards may not address abusive implementation of contact tracing technologies. For example, strong encryption and decentralized systems will not protect someone from a government or private entity requiring that they show the results of the app (i.e. whether they are an infectious disease risk) in order to access to buildings or transportation.

In India, the official Covid-19 app, Aarogya Setu, was initially voluntary when it was launched in early April, but on April 29 it became mandatory for all government staff through an order by the Department of Personnel and Training and for all employees in the public and private sector through a Ministry of Home Affairs (MHA) May 1 order.

Even if an app is officially voluntary, in practice some businesses are already claiming that they will mandate them as a condition of returning to work. In China, Human Rights Watch has found that local authorities require users to show the Health Code app on their phone in order to hail a ride, use public transport, or enter supermarkets and residential areas. Finally, as experts in technology, law and policy, and epidemiology have noted, Bluetooth-based proximity tracing is vulnerable to trolls and spoofing, which could weaken trust in the system.

Are the privacy risks justified?

Inaccuracies associated with mobile location tracking programs raise questions about whether the restrictions they impose on privacy are necessary to safeguard public health.

A key consideration is whether mobile location technologies can accurately determine whether a person is in close contact (within 6 feet of someone for 10 or more minutes) of someone who is infected. Technology researchers have found that cell site location information and GPS signals are unlikely to provide location estimates with the level of precision required to meaningfully predict the risk of Covid-19 transmission. While Bluetooth tracking technologies can be engineered to achieve significantly more accurate measurements, their accuracy may still degrade in the presence of other signal-transmitting devices and in areas with high levels of interference, such as high-density buildings or busy parks (especially in cities). Furthermore, proximity tracing alone says very little about the nature of the interaction, such as whether people were in a closed space or outdoors, whether they were wearing masks or not, or whether someone sneezed during the interaction.

The wide variance in how people use cell phones may also make location tracking efforts ineffective. For example, tracking may assume that each device is unique to a single individual. However, in Sierra Leone researchers found that call detail records were an unreliable proxy for Ebola transmission during the 2014 to 2016 outbreak because many people had multiple mobile phones, or lent, traded, and passed around their devices among family and friends. In locations with weak signals, including conflict areas where cell phone towers may be strategic targets, people often use multiple SIM cards or phones.

Will Public Health Responses that Unduly Rely on Mobile Location Tracking Discriminate Against Minorities?

Disparities in mobile phone use, digital literacy, and tech uptake could also exclude vulnerable or marginalized populations from public health responses that unduly rely on mobile location tracking. These disparities are particularly pronounced for contact tracing apps, which assume that users enjoy access to smartphones that meet minimum technical specifications and a reliable mobile or internet connection.

According to the GSM Association, the industry body that represents mobile network operators worldwide, the percentage of the world’s population that connects to the internet using mobile phones was 49 percent at the end of 2019. In some regions, such as Sub-Saharan Africa, penetration rates are as low as 26 percent. Industry analysts estimate that Bluetooth tracing will be out of reach for as many as 2 billion mobile phone users whose devices are not configured to support this technology. That is roughly a quarter of all mobile phones in use today.

Disparities in access and use of mobile devices based on location (urban versus rural) and gender are also well documented and generally reflect and entrench broader patterns of inequality. Older people – a group that is at increased risk of severe disease and death in the Covid-19 pandemic – are also less likely to use specialized apps or have smartphones or even access to the internet. In the US, a 2019 Pew survey found that 68 percent of older people between ages 55 to 73 own smartphones, compared to 93 percent of people ages 23 to 38. In Italy, which has one of the lowest internet penetration rates in Europe, the government acknowledged the limited effectiveness of its voluntary contact tracing app because one-sixth of the population does not use the internet and older people were generally unlikely to download it. In China, older people without smart phones have been unable to take the public bus (which now requires the Health Code app) or enter public hospitals (which now require online appointments).

Women are up to 31 percent less likely to have internet access than men in some countries, and worldwide, about 327 million fewer women than men have a smartphone. Women’s use of cell phones is constrained by factors including lower literacy – globally, of an estimated 781 million people aged 15 and over who are illiterate, almost two-thirds are women and girls. If governments and companies mandate contact tracing apps as a condition of entry into public or private spaces, vulnerable and marginalized populations that are less able to download these apps will face discrimination.

Human Rights Watch has also cautioned that the use of incomplete and discriminatory datasets can misdirect public health efforts in ways that endanger the rights of the poorest and most vulnerable people. For example, stricter enforcement of social distancing measures in low-income counties could unduly penalize front line workers, people struggling to find shelter, or unemployed people traveling to food banks or welfare agencies because their movements may appear abnormal or in violation of social distancing norms when in fact they have to be more mobile to meet basic needs.

Recommendations

These technologies are intended for a praise-worthy purpose: protecting public health at a time of public emergency, a situation that can justify some restrictions on rights. But the long history of emergency measures shows that they often go too far, fail to meet their objectives, and once approved, often outlast their justification. No matter how compelling the situation, it is incumbent on public authorities and private actors to ensure that measures do not overstep the permitted legal restrictions on individual rights. 

This means that governments should not use or approve technologies using mobile location data to combat Covid-19 until they have demonstrated that they are necessary and proportionate to combat the spread of the disease and have enacted adequate safeguards to prevent human rights abuses. They should address the more fundamental question of whether such technologies are truly effective in curbing the spread of Covid-19 or may in fact misrepresent an individual’s risk of infection or mislead the public. They should also assess whether there are ways to combat the pandemic that are less intrusive on rights, such as privacy and freedom of movement, than deploying location tracking technologies. The international legal standard for restricting these rights contains these elements:

  • The restrictions are lawfulthat is they are neither arbitrary nor discriminatory in design or application, and they are enacted in law with sufficient specificity to give people a clear idea of what is prohibited and offer meaningful limits to official discretion
  • The restrictions must be necessaryin the sense that they would be effective, grounded in scientific evidence, and there are no alternatives that would have lesser impact on the rights concerned
  • The restrictions are proportionate to the risk to public health and in no way compromise the essence of the right in question
  • They are required to achieve a legitimate objective, in this case the protection of public health (rather than a xenophobic or discriminatory agenda)
  • The measures and the restrictions to rights they entail are of limited duration to the time of the emergency
  • The technology and its approved uses are respectful of human dignity
  • The technology is transparent and subject to review as well as oversight, and measures of remediation for rights abuse are available

Guiding Questions to Assess Proposed Programs Utilizing Mobile Location Data

Human Rights Watch has considerable doubt about whether the programs using mobile location data described in this Q&A can satisfy this threshold. Nonetheless, governments around the world are pursuing such programs at breakneck speed. When analyzing proposed or actual mobile location tracking technology, it is critical that the public, the media, the scientific and engineering community, and public policymakers ask the following questions as a way of interrogating whether any given tool or program presents undue risks to human rights.

Preliminary Questions

Governments, companies, and others assisting in the development of programs that propose utilizing mobile location data should first ascertain if the underlying technology is capable of tracking individuals’ exposure to Covid-19 with sufficient accuracy. Is the way the program identifies at-risk individuals consistent with what we know about Covid-19 transmission (e.g. proximity tracking versus symptom tracking)? Are its measurements able to correct for or otherwise take into account variations on how someone might interact with an infectious person (e.g. in high density buildings or busy parks) or use their phone (e.g. shared devices or high cell phone turnover rates)? What errors might these programs commit? How might they interfere with someone’s ability to seek testing and treatment or the broader public health response?

To ensure that a program would be epidemiologically sound and to help avoid issues of bias and error, governments and companies should engage relevant stakeholders (including civil society, representatives of vulnerable and marginalized populations, computer scientists, and epidemiologists) in meaningful and transparent dialogue. Some of the relevant inquires would be whether these programs will be linked to proper institutional responses – is there, for example, an accessible path to testing and treatment for those flagged to be at risk of Covid-19 exposure? Or would the program instead divert resources from non-technical measures, such as manual contact tracing and public messaging on social distancing, and to what effect?

Stakeholders should also ask if programs are truly voluntary and whether people would face any official sanction or disadvantage as a result of their decision to participate in the program. For example, it is important to understand if the program would impose punitive measures or undue restrictions on movement, access to health care, and other rights, particularly for vulnerable and marginalized populations.

At the Design Phase

If a program is already in development, in addition to the questions above, it is important to consider if it incorporates privacy by design principles. These would include data minimization, the practice of only collecting data that is adequate, relevant, and limited to data that is necessary for the purpose of scientifically established public health objective. Another relevant consideration is whether the program places strict limitations on how data can be collected, used, aggregated, retained, and shared, including with other users, other government agencies, and the public. Yet another is whether there are clear time limitations, including plans for the program to be deactivated and accompanying data deleted after it is no longer needed. Engaging data protection authorities to develop guidelines on how to protect privacy when using personal data in response to the pandemic is an important step.

Giving users control over what information they share and when they can discontinue to share data is important. Does a program allow users to meaningfully provide fully informed consent, through terms that are transparent and in clear and plain language, allowing users to opt-in, rather than opt-out? Are its privacy functions, including settings determining what data will be collected, who will have access to it, how long it will be retained, and how to delete it, easy to understand? In the case of contact tracing apps, it is important that collection, aggregation, retention, and analysis of personal and health data is not centralized within a single authority, such as a government ministry. If data collected under the program is used to analyze and communicate to an individual their risk of infection, it should provide meaningful information about the limits of this analysis and direct individuals to relevant public health resources, such as government health advisories.

Anonymizing and securing data are important design areas that deserve close scrutiny. Data collected should be anonymized to the greatest extent possible and the risks of de-anonymization communicated to users in an understandable and accessible manner. Has the source code been made available so that the public can assess whether it does what it intends to do? Have developers disclosed meaningful information about the anonymization protocols so that the broader public can verify that they are effective? Developers should also disclose how the data collected is protected against external parties who may wish to exploit or tamper with it. For example, has the product been designed with sufficient information security controls (such as end-to-end encryption) and are those measures subject to regular audit?

At the Deployment Phase

If a program is already in place, it should be examined or re-examined to assess whether it is compliant with the standards above. Developers should consider questions about the social and political context in which it operates and ascertain that protections and safeguards are in place to prevent against abuse. For example, are users able to challenge the collection, aggregation, retention, and use of their data, and do they have access to effective remedies for abuses? Can they withdraw from the program and delete their data? Can communities and users audit the tools themselves in order to signal that the technology is trustworthy and does what it purports to do?

Sours: https://www.hrw.org/news/2020/05/13/mobile-location-data-and-covid-19-qa

These are the actual locations
for millions of Americans. At the New York Stock Exchange …

… in the beachfront neighborhoods
of Los Angeles ...

… in secure facilities like
the Pentagon …

… at the White House …

… and at Mar-a-Lago, President
Trump’s Palm Beach resort.

One nation, trackedAn investigation into the smartphone tracking industry from Times Opinion

Every minute of every day, everywhere on the planet, dozens of companies — largely unregulated, little scrutinized — are logging the movements of tens of millions of people with mobile phones and storing the information in gigantic data files. The Times Privacy Project obtained one such file, by far the largest and most sensitive ever to be reviewed by journalists. It holds more than 50 billion location pings from the phones of more than 12 million Americans as they moved through several major cities, including Washington, New York, San Francisco and Los Angeles.

Each piece of information in this file represents the precise location of a single smartphone over a period of several months in 2016 and 2017. The data was provided to Times Opinion by sources who asked to remain anonymous because they were not authorized to share it and could face severe penalties for doing so. The sources of the information said they had grown alarmed about how it might be abused and urgently wanted to inform the public and lawmakers.

[Related: How to Track President Trump Read more about the national security risks found in the data.]

After spending months sifting through the data, tracking the movements of people across the country and speaking with dozens of data companies, technologists, lawyers and academics who study this field, we feel the same sense of alarm. In the cities that the data file covers, it tracks people from nearly every neighborhood and block, whether they live in mobile homes in Alexandria, Va., or luxury towers in Manhattan.

One search turned up more than a dozen people visiting the Playboy Mansion, some overnight. Without much effort we spotted visitors to the estates of Johnny Depp, Tiger Woods and Arnold Schwarzenegger, connecting the devices’ owners to the residences indefinitely.

If you lived in one of the cities the dataset covers and use apps that share your location — anything from weather apps to local news apps to coupon savers — you could be in there, too.

If you could see the full trove, you might never use your phone the same way again.

A typical day at Grand Central Terminal
in New York City

Satellite imagery: Microsoft

The data reviewed by Times Opinion didn’t come from a telecom or giant tech company, nor did it come from a governmental surveillance operation. It originated from a location data company, one of dozens quietly collecting precise movements using software slipped onto mobile phone apps. You’ve probably never heard of most of the companies — and yet to anyone who has access to this data, your life is an open book. They can see the places you go every moment of the day, whom you meet with or spend the night with, where you pray, whether you visit a methadone clinic, a psychiatrist’s office or a massage parlor.

The Times and other news organizations have reported on smartphone tracking in the past. But never with a data set so large. Even still, this file represents just a small slice of what’s collected and sold every day by the location tracking industry — surveillance so omnipresent in our digital lives that it now seems impossible for anyone to avoid.

It doesn’t take much imagination to conjure the powers such always-on surveillance can provide an authoritarian regime like China’s. Within America’s own representative democracy, citizens would surely rise up in outrage if the government attempted to mandate that every person above the age of 12 carry a tracking device that revealed their location 24 hours a day. Yet, in the decade since Apple’s App Store was created, Americans have, app by app, consented to just such a system run by private companies. Now, as the decade ends, tens of millions of Americans, including many children, find themselves carrying spies in their pockets during the day and leaving them beside their beds at night — even though the corporations that control their data are far less accountable than the government would be.

[Related: Where Even the Children Are Being Tracked — We followed every move of people in one city. Then we went to tell them.]

“The seduction of these consumer products is so powerful that it blinds us to the possibility that there is another way to get the benefits of the technology without the invasion of privacy. But there is,” said William Staples, founding director of the Surveillance Studies Research Center at the University of Kansas. “All the companies collecting this location information act as what I have called Tiny Brothers, using a variety of data sponges to engage in everyday surveillance.”

In this and subsequent articles we’ll reveal what we’ve found and why it has so shaken us. We’ll ask you to consider the national security risks the existence of this kind of data creates and the specter of what such precise, always-on human tracking might mean in the hands of corporations and the government. We’ll also look at legal and ethical justifications that companies rely on to collect our precise locations and the deceptive techniques they use to lull us into sharing it.

Today, it’s perfectly legal to collect and sell all this information. In the United States, as in most of the world, no federal law limits what has become a vast and lucrative trade in human tracking. Only internal company policies and the decency of individual employees prevent those with access to the data from, say, stalking an estranged spouse or selling the evening commute of an intelligence officer to a hostile foreign power.

Companies say the data is shared only with vetted partners. As a society, we’re choosing simply to take their word for that, displaying a blithe faith in corporate beneficence that we don’t extend to far less intrusive yet more heavily regulated industries. Even if these companies are acting with the soundest moral code imaginable, there’s ultimately no foolproof way they can secure the data from falling into the hands of a foreign security service. Closer to home, on a smaller yet no less troubling scale, there are often few protections to stop an individual analyst with access to such data from tracking an ex-lover or a victim of abuse.

A DIARY OF YOUR EVERY MOVEMENT

The companies that collect all this information on your movements justify their business on the basis of three claims: People consent to be tracked, the data is anonymous and the data is secure.

None of those claims hold up, based on the file we’ve obtained and our review of company practices.

Yes, the location data contains billions of data points with no identifiable information like names or email addresses. But it’s child’s play to connect real names to the dots that appear on the maps.

Here’s what that looks like.

The data included more
than 10,000 smartphones tracked
in Central Park.

Here is one smartphone, isolated
from the crowd.

Here are all pings from
that smartphone over the period covered by the data.

Connecting those pings reveals a diary of the person’s life.

Note: Driving path is inferred. Data has been additionally obscured. Satellite imagery: Maxar Technologies, New York G.I.S., U.S.D.A. Farm Service Agency, Imagery, Landsat/Copernicus and Sanborn.

In most cases, ascertaining a home location and an office location was enough to identify a person. Consider your daily commute: Would any other smartphone travel directly between your house and your office every day?

Describing location data as anonymous is “a completely false claim” that has been debunked in multiple studies, Paul Ohm, a law professor and privacy researcher at the Georgetown University Law Center, told us. “Really precise, longitudinal geolocation information is absolutely impossible to anonymize.”

“D.N.A.,” he added, “is probably the only thing that’s harder to anonymize than precise geolocation information.”

[Work in the location tracking industry? Seen an abuse of data? We want to hear from you. Using a non-work phone or computer, contact us on a secure line at 440-295-5934, @charliewarzel on Wire or email Charlie Warzel and Stuart A. Thompson directly.]

Yet companies continue to claim that the data are anonymous. In marketing materials and at trade conferences, anonymity is a major selling point — key to allaying concerns over such invasive monitoring.

To evaluate the companies’ claims, we turned most of our attention to identifying people in positions of power. With the help of publicly available information, like home addresses, we easily identified and then tracked scores of notables. We followed military officials with security clearances as they drove home at night. We tracked law enforcement officers as they took their kids to school. We watched high-powered lawyers (and their guests) as they traveled from private jets to vacation properties. We did not name any of the people we identified without their permission.

The data set is large enough that it surely points to scandal and crime but our purpose wasn’t to dig up dirt. We wanted to document the risk of underregulated surveillance.

Watching dots move across a map sometimes revealed hints of faltering marriages, evidence of drug addiction, records of visits to psychological facilities.

Connecting a sanitized ping to an actual human in time and place could feel like reading someone else’s diary.

In one case, we identified Mary Millben, a singer based in Virginia who has performed for three presidents, including President Trump. She was invited to the service at the Washington National Cathedral the morning after the president’s inauguration. That’s where we first found her.

Mary Millben has performed for three presidents during her singing career.Getty Images

She remembers how, surrounded by dignitaries and the first family, she was moved by the music echoing through the recesses of the cathedral while members of both parties joined together in prayer. All the while, the apps on her phone were also monitoring the moment, recording her position and the length of her stay in meticulous detail. For the advertisers who might buy access to the data, the intimate prayer service could well supply some profitable marketing insights.

“To know that you have a list of places I have been, and my phone is connected to that, that’s scary,” Ms. Millben told us. “What’s the business of a company benefiting off of knowing where I am? That seems a little dangerous to me.”

Like many people we identified in the data, Ms. Millben said she was careful about limiting how she shared her location. Yet like many of them, she also couldn’t name the app that might have collected it. Our privacy is only as secure as the least secure app on our device.

“That makes me uncomfortable,” she said. “I’m sure that makes every other person uncomfortable, to know that companies can have free rein to take your data, locations, whatever else they’re using. It is disturbing.”

[Related: What’s the Worst That Could Happen With My Phone Data? — Our journalists answers your questions about their investigation into how companies track smartphone users.]

The inauguration weekend yielded a trove of personal stories and experiences: elite attendees at presidential ceremonies, religious observers at church services, supporters assembling across the National Mall — all surveilled and recorded permanently in rigorous detail.

Protesters were tracked just as rigorously. After the pings of Trump supporters, basking in victory, vanished from the National Mall on Friday evening, they were replaced hours later by those of participants in the Women’s March, as a crowd of nearly half a million descended on the capital. Examining just a photo from the event, you might be hard-pressed to tie a face to a name. But in our data, pings at the protest connected to clear trails through the data, documenting the lives of protesters in the months before and after the protest, including where they lived and worked.

We spotted a senior official at the Department of Defense walking through the Women’s March, beginning on the National Mall and moving past the Smithsonian National Museum of American History that afternoon. His wife was also on the mall that day, something we discovered after tracking him to his home in Virginia. Her phone was also beaming out location data, along with the phones of several neighbors.

Senior Defense Department official and his wife identified at the Women’s March

Note: Animated movement of the person’s location is inferred. Satellite imagery: Microsoft and DigitalGlobe.

The official’s data trail also led to a high school, homes of friends, a visit to Joint Base Andrews, workdays spent in the Pentagon and a ceremony at Joint Base Myer-Henderson Hall with President Barack Obama in 2017 (nearly a dozen more phones were tracked there, too).

Inauguration Day weekend was marked by other protests — and riots. Hundreds of protesters, some in black hoods and masks, gathered north of the National Mall that Friday, eventually setting fire to a limousine near Franklin Square. The data documented those rioters, too. Filtering the data to that precise time and location led us to the doorsteps of some who were there. Police were present as well, many with faces obscured by riot gear. The data led us to the homes of at least two police officers who had been at the scene.

As revealing as our searches of Washington were, we were relying on just one slice of data, sourced from one company, focused on one city, covering less than one year. Location data companies collect orders of magnitude more information every day than the totality of what Times Opinion received.

Data firms also typically draw on other sources of information that we didn’t use. We lacked the mobile advertising IDs or other identifiers that advertisers often combine with demographic information like home ZIP codes, age, gender, even phone numbers and emails to create detailed audience profiles used in targeted advertising. When datasets are combined, privacy risks can be amplified. Whatever protections existed in the location dataset can crumble with the addition of only one or two other sources.

There are dozens of companies profiting off such data daily across the world — by collecting it directly from smartphones, creating new technology to better capture the data or creating audience profiles for targeted advertising.

The full collection of companies can feel dizzying, as it’s constantly changing and seems impossible to pin down. Many use technical and nuanced language that may be confusing to average smartphone users.

While many of them have been involved in the business of tracking us for years, the companies themselves are unfamiliar to most Americans. (Companies can work with data derived from GPS sensors, Bluetooth beacons and other sources. Not all companies in the location data business collect, buy, sell or work with granular location data.)

A Selection of Companies Working

the Location Data Business

A Selection of Companies Working

in the Location Data Business

Sources: MightySignal, LUMA Partners and AppFigures.

Location data companies generally downplay the risks of collecting such revealing information at scale. Many also say they’re not very concerned about potential regulation or software updates that could make it more difficult to collect location data.

“No, it doesn’t really keep us up at night,” Brian Czarny, chief marketing officer at Factual, one such company, said. He added that Factual does not resell detailed data like the information we reviewed. “We don’t feel like anybody should be doing that because it’s a risk to the whole business,” he said.

In absence of a federal privacy law, the industry has largely relied on self-regulation. Several industry groups offer ethical guidelines meant to govern it. Factual joined the Mobile Marketing Association, along with many other data location and marketing companies, in drafting a pledge intended to improve its self-regulation. The pledge is slated to be released next year.

States are starting to respond with their own laws. The California Consumer Protection Act goes into effect next year and adds new protections for residents there, like allowing them to ask companies to delete their data or prevent its sale. But aside from a few new requirements, the law could leave the industry largely unencumbered.

“If a private company is legally collecting location data, they’re free to spread it or share it however they want,” said Calli Schroeder, a lawyer for the privacy and data protection company VeraSafe.

The companies are required to disclose very little about their data collection. By law, companies need only describe their practices in their privacy policies, which tend to be dense legal documents that few people read and even fewer can truly understand.

Satellite imagery: Microsoft, Vexcel and DigitalGlobe

EVERYTHING CAN BE HACKED

Does it really matter that your information isn’t actually anonymous? Location data companies argue that your data is safe — that it poses no real risk because it’s stored on guarded servers. This assurance has been undermined by the parade of publicly reported data breaches — to say nothing of breaches that don’t make headlines. In truth, sensitive information can be easily transferred or leaked, as evidenced by this very story.

We’re constantly shedding data, for example, by surfing the internet or making credit card purchases. But location data is different. Our precise locations are used fleetingly in the moment for a targeted ad or notification, but then repurposed indefinitely for much more profitable ends, like tying your purchases to billboard ads you drove past on the freeway. Many apps that use your location, like weather services, work perfectly well without your precise location — but collecting your location feeds a lucrative secondary business of analyzing, licensing and transferring that information to third parties.

The data contains simple information like date, latitude and longitude, making it easy to inspect, download and transfer. Note: Values are randomized to protect sources and device owners.

For many Americans, the only real risk they face from having their information exposed would be embarrassment or inconvenience. But for others, like survivors of abuse, the risks could be substantial. And who can say what practices or relationships any given individual might want to keep private, to withhold from friends, family, employers or the government? We found hundreds of pings in mosques and churches, abortion clinics, queer spaces and other sensitive areas.

In one case, we observed a change in the regular movements of a Microsoft engineer. He made a visit one Tuesday afternoon to the main Seattle campus of a Microsoft competitor, Amazon. The following month, he started a new job at Amazon. It took minutes to identify him as Ben Broili, a manager now for Amazon Prime Air, a drone delivery service.

“I can’t say I’m surprised,” Mr. Broili told us in early December. “But knowing that you all can get ahold of it and comb through and place me to see where I work and live — that’s weird.” That we could so easily discern that Mr. Broili was out on a job interview raises some obvious questions, like: Could the internal location surveillance of executives and employees become standard corporate practice?

Ben Broili’s interview at Amazon was captured in the data.Grant Hindsley for The New York Times

Mr. Broili wasn’t worried about apps cataloguing his every move, but he said he felt unsure about whether the tradeoff between the services offered by the apps and the sacrifice of privacy was worth it. “It’s an awful lot of data,” he said. “And I really still don’t understand how it’s being used. I’d have to see how the other companies were weaponizing or monetizing it to make that call.”

If this kind of location data makes it easy to keep tabs on employees, it makes it just as simple to stalk celebrities. Their private conduct — even in the dead of night, in residences and far from paparazzi — could come under even closer scrutiny.

Reporters hoping to evade other forms of surveillance by meeting in person with a source might want to rethink that practice. Every major newsroom covered by the data contained dozens of pings; we easily traced one Washington Post journalist through Arlington, Va.

In other cases, there were detours to hotels and late-night visits to the homes of prominent people. One person, plucked from the data in Los Angeles nearly at random, was found traveling to and from roadside motels multiple times, for visits of only a few hours each time.

While these pointillist pings don’t in themselves reveal a complete picture, a lot can be gleaned by examining the date, time and length of time at each point.

Large data companies like Foursquare — perhaps the most familiar name in the location data business — say they don’t sell detailed location data like the kind reviewed for this story but rather use it to inform analysis, such as measuring whether you entered a store after seeing an ad on your mobile phone.

But a number of companies do sell the detailed data. Buyers are typically data brokers and advertising companies. But some of them have little to do with consumer advertising, including financial institutions, geospatial analysis companies and real estate investment firms that can process and analyze such large quantities of information. They might pay more than $1 million for a tranche of data, according to a former location data company employee who agreed to speak anonymously.

Location data is also collected and shared alongside a mobile advertising ID, a supposedly anonymous identifier about 30 digits long that allows advertisers and other businesses to tie activity together across apps. The ID is also used to combine location trails with other information like your name, home address, email, phone number or even an identifier tied to your Wi-Fi network.

The data can change hands in almost real time, so fast that your location could be transferred from your smartphone to the app’s servers and exported to third parties in milliseconds. This is how, for example, you might see an ad for a new car some time after walking through a dealership.

That data can then be resold, copied, pirated and abused. There’s no way you can ever retrieve it.

Location data is about far more than consumers seeing a few more relevant ads. This information provides critical intelligence for big businesses. The Weather Channel app’s parent company, for example, analyzed users’ location data for hedge funds, according to a lawsuit filed in Los Angeles this year that was triggered by Times reporting. And Foursquare received much attention in 2016 after using its data trove to predict that after an E. coli crisis, Chipotle’s sales would drop by 30 percent in the coming months. Its same-store sales ultimately fell 29.7 percent.

Much of the concern over location data has focused on telecom giants like Verizon and AT&T, which have been selling location data to third parties for years. Last year, Motherboard, Vice’s technology website, found that once the data was sold, it was being shared to help bounty hunters find specific cellphones in real time. The resulting scandal forced the telecom giants to pledge they would stop selling location movements to data brokers.

Yet no law prohibits them from doing so.

Location data is transmitted from your phone via software development kits, or S.D.Ks. as they’re known in the trade. The kits are small programs that can be used to build features within an app. They make it easy for app developers to simply include location-tracking features, a useful component of services like weather apps. Because they’re so useful and easy to use, S.D.K.s are embedded in thousands of apps. Facebook, Google and Amazon, for example, have extremely popular S.D.K.s that allow smaller apps to connect to bigger companies’ ad platforms or help provide web traffic analytics or payment infrastructure.

But they could also sit on an app and collect location data while providing no real service back to the app. Location companies may pay the apps to be included — collecting valuable data that can be monetized.

“If you have an S.D.K. that’s frequently collecting location data, it is more than likely being resold across the industry,” said Nick Hall, chief executive of the data marketplace company VenPath.

Satellite imagery: Microsoft, DigitalGlobe, Vexcel Imaging, Distribution Airbus

THE ‘HOLY GRAIL’ FOR MARKETERS

If this information is so sensitive, why is it collected in the first place?

For brands, following someone’s precise movements is key to understanding the “customer journey” — every step of the process from seeing an ad to buying a product. It’s the Holy Grail of advertising, one marketer said, the complete picture that connects all of our interests and online activity with our real-world actions.

Once they have the complete customer journey, companies know a lot about what we want, what we buy and what made us buy it. Other groups have begun to find ways to use it too. Political campaigns could analyze the interests and demographics of rally attendees and use that information to shape their messages to try to manipulate particular groups. Governments around the world could have a new tool to identify protestors.

Pointillist location data also has some clear benefits to society. Researchers can use the raw data to provide key insights for transportation studies and government planners. The City Council of Portland, Ore., unanimously approved a deal to study traffic and transit by monitoring millions of cellphones. Unicef announced a plan to use aggregated mobile location data to study epidemics, natural disasters and demographics.

For individual consumers, the value of constant tracking is less tangible. And the lack of transparency from the advertising and tech industries raises still more concerns.

Does a coupon app need to sell second-by-second location data to other companies to be profitable? Does that really justify allowing companies to track millions and potentially expose our private lives?

Data companies say users consent to tracking when they agree to share their location. But those consent screens rarely make clear how the data is being packaged and sold. If companies were clearer about what they were doing with the data, would anyone agree to share it?

What about data collected years ago, before hacks and leaks made privacy a forefront issue? Should it still be used, or should it be deleted for good?

If it’s possible that data stored securely today can easily be hacked, leaked or stolen, is this kind of data worth that risk?

Is all of this surveillance and risk worth it merely so that we can be served slightly more relevant ads? Or so that hedge fund managers can get richer?

The companies profiting from our every move can’t be expected to voluntarily limit their practices. Congress has to step in to protect Americans’ needs as consumers and rights as citizens.

Until then, one thing is certain: We are living in the world’s most advanced surveillance system. This system wasn’t created deliberately. It was built through the interplay of technological advance and the profit motive. It was built to make money. The greatest trick technology companies ever played was persuading society to surveil itself.

Stuart A. Thompson ([email protected]) is a writer and editor in the Opinion section. Charlie Warzel ([email protected]) is a writer at large for Opinion.

Lora Kelley, Ben Smithgall, Vanessa Swales and Susan Beachy contributed research. Alex Kingsbury contributed reporting. Graphics by Stuart A. Thompson. Additional production by Jessia Ma and Gus Wezerek. Note: Visualizations have been adjusted to protect device owners.

Opening satellite imagery: Microsoft (New York Stock Exchange); Imagery (Pentagon, Los Angeles); Google and DigitalGlobe (White House); Microsoft and DigitalGlobe (Washington, D.C.); Imagery and Maxar Technologies (Mar-a-Lago).

Like other media companies, The Times collects data on its visitors when they read stories like this one. For more detail please see our privacy policy and our publisher's description of The Times's practices and continued steps to increase transparency and protections.

Sours: https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html
  1. Best bracket ever filled out
  2. Engineering manager amazon
  3. New tic watch
  4. Ls1 camaro fuel pump
  5. Puzzle easel

Your Cell Phone Is a Spy!

Three years ago, I asked the question, “Is Your Internet Device Spying on You?”1 Now, instead of asking a question, I am telling you, “Your cell phone is a spy!” It is a tracking device that logs information about your locations and movements throughout the day and reports that information to third parties. Many of us are aware of this spotlight on our daily travels, but we have traded this loss of privacy for the convenience of our ever-increasing reliance on mobile devices. What are the implications? The answers may amaze you.

An investigation of cell site location data that resulted in a series of New York Times articles, including “How to Track President Trump,” has placed some of these implications into stark relief. The article reports how the Times obtained a random sample dataset consisting of over 50 billion location pings occurring in 2016 and 2017 from over 12 million people in Washington, New York, San Francisco, Los Angeles, and other major cities in the United States.2

Pings, Cell Site Data, and Location Data Companies

As discussed in this column, I am using the term “ping” to include any of several ways that a cell phone provides electronic clues or descriptions of its location. This location information is often known as cell site location information or global positioning system (GPS) data. When a phone is in standby mode ready to make or receive a call, it initiates several searches a minute seeking the strongest network signal from nearby cell towers, which is often the closest tower. In this situation, the phone identifies its approximate location by connecting with a particular cell tower. Additionally, the GPS feature of a cell phone allows tracking within several feet of its precise location. Lastly, as typically referred to in the telecommunications industry, a network may “ping” a cell phone to reveal its location as part of standard network protocol. One or more entities, including the cell carrier, the phone itself, or a location data company, maintain a time-stamped log for each of these contacts.

Depending on the number of apps installed, a cell phone may send data regarding its location thousands of times per day. Indeed, some phone apps will share as many as 200 individually time-stamped location data points within a 12-hour interval.3 These data are sent in real time to multiple companies, each of which can track the phone in real time or retrace the phone’s path by analyzing the logged historical data. According to the Times, every minute of every day, everywhere on the planet, dozens of companies . . . largely unregulated, little scrutinized . . . are logging the movements of tens of millions of people with mobile phones and storing the information in massive data files.

Location data are collected by companies along with millions of other data points, commonly packaged and sold as marketing analysis to advertisers, financial institutions, real estate investors, and other third parties. Location data are particularly lucrative to advertisers, who use it to determine the places people frequent and the times they go to these locations. Although companies routinely package location data and commercially sell those data to other companies, additional dissemination may occur through unauthorized leaks, such as the dataset received by the Times, or hacking efforts by malevolent actors to steal the historical information from location data companies and cell phone carriers.

The data provided to the Times did not come from a “telecom or giant tech company” or “governmental surveillance operation.” The data came from a location data company that collects digital information from mobile phone apps.4

Analysis of the Dataset Received by the Times

The data provided to the Times included location, date, and unique identifier information for the device, but no information identifying any individual’s association with a device. This is often described as anonymized data. However, deanonymizing the anonymized data was a straightforward task for the researchers. The location pings associated with each device revealed work and life patterns. This enabled the researchers to determine the location of a user’s site of employment, the user’s home, and other places the user frequents. Once the address of a home was located, public records for the home were accessed to provide the name of the person and often the name of his or her spouse or other persons occupying the property.5

It did not take long for researchers to deanonymize the data. They were able to track federal employees in almost every major government building in Washington, D.C. This included congressional advisors, department of defense officials, and Supreme Court judicial staff. The observations also included thousands of pings inside the Pentagon, on military bases, in F.B.I. headquarters, and in Secret Service facilities across the country. The researchers were even able to track a secret service agent assigned to President Trump. By proxy, the researchers were able to track the location of the president himself, capturing movements to within a few feet of accuracy on a day when the president traveled between Mar-a-Lago and nearby golf clubs, which also included a golf outing with the prime minister of Japan.

Phone Tracking in Government Facilities

Addressing the risks associated with location tracking has proven difficult for government institutions. Policies limiting employee use of location-sharing apps are difficult to enforce, particularly as they relate to personal devices. Further, compliance with such rules is complicated by the fact that users often cannot detect which apps are actually tracking them. With cell phones being so ubiquitous and increasingly necessary, government employers find that, to an extent, they must acquiesce to their employees’ use of those devices. Even when cell phone use is prohibited within government buildings, risks still exist. The Central Intelligence Agency, the National Security Agency, and other intelligence agencies prohibit most personal phones within their facilities. These agencies also advise employees to turn off their personal devices before they arrive at their work location. However, researchers still located thousands of location pings in parking lots outside these buildings, with additional pings creating trails leading back to the homes of these employees and visitors.

Risks Posed to Courts, Judges, and Attorneys

Many of the risks present at government facilities pose similar threats to the courts. Every place judges visit could be tracked. Sensitive location information released publicly for the purpose of embarrassing or impugning the impartiality of a judge or court official could serve to undermine public confidence in the judiciary. Additionally, concerns regarding the security of the courts and the personal safety of judges are implicated. The researchers were able to track dozens of phones within multiple Washington, D.C., courthouses. One person whose movements researchers traced had a role in the technology division, which controls servers containing data for the Supreme Court.6 Similar tactics could be used to undermine and embarrass prosecutor and public defender offices, prominent law firms, government officials, and officers at major corporations.

Cell Phones in the Courthouse

The courts across the United States have adopted a variety of policies regarding cell phones, with many permitting them within courthouses. While phone use is generally prohibited within courtrooms, courthouse hallways are commonly filled with litigants on their devices. Some courts have banned the general public from bringing phones into the courthouse. However, these prohibitions have been increasingly met with pushback from the public and legal community who assert that such bans are overly burdensome for litigants, particularly pro se litigants who may rely on connectivity to aid in their cases,7 and jurors who want to conduct personal business while they are not in jury selection, trial, or deliberations. Moreover, courts that prohibit the public and visitors from bringing phones into the courthouse often make exceptions for staff. Hence, even these courts are not signal-free.

A Few Specific Observations After Reviewing the Location Data

In one case, researchers noticed the recorded movements of a Microsoft engineer when he visited the campus of a Microsoft competitor, Amazon. Further information obtained the following month from employment announcements within the tech industry revealed the engineer started a new job at Amazon as a manager for an Amazon drone delivery service.8 Another set of pings noticed by the researchers was someone who spent weekdays at the Pentagon and visited a mental health and substance abuse facility multiple times.9 Researchers also found cell phones traveling to a Church of Scientology storefront and a late-night stop at a massage parlor. This travel and location information is recorded in a database and often tied directly to a home address, viewable by anyone with access to the data.10

Protecting Your Phone from Being Tracked Is Not Easy

The primary vulnerability allowing our phones to be turned into tracking devices is found within the phone’s apps. Many of the apps we use collect and share our data with advertisers or other third parties. This includes not only those apps that require our location information for functionality, such as mapping apps, but may include apps that we would not expect to utilize location data, such as a coupon saving app.

The one-time permission requests and privacy disclosures we see when we download apps commonly go unread or are not fully understood before we accept them. When installing a new app, we almost always click “Accept” or “Agree” in response to the End User License Agreement (EULA) (our contract with the software provider) because we know from experience the app will not install on our device if we decline.

Even reading the fine print might not guarantee that your cell phone app will not transmit more information than you agreed to share. Security researchers have discovered many apps that share data beyond what users have consented to under the permission requests and privacy policies. For example, researchers found over 1,000 apps that shared data even after permission had been revoked or denied by the user. In one case, the popular weather app AccuWeather was sending location data even after users had turned location sharing off.11 Privacy advocates have expressed concerns that more apps in the future will contain tracking technology in order to improve business data collection methods, the result of which the advocates believe will increase the threats posed.

Beneficial Uses of Phone Tracking Can Cause Concern

Researchers can use cell phone location data to provide insights for transportation studies and government planners. The City Council of Portland, Oregon, approved a traffic and transit study to monitor millions of cell phones. Unicef announced a plan to use similar data to study epidemics, natural disasters, and demographics.12

The ongoing coronavirus pandemic has placed some of these benefits in the public eye. Private technology companies have used cell phone location data to create heat maps demonstrating the potential impact that disregard for social distancing and travel guidelines could have on the spread of COVID-19. One of these maps showed cell phones active on a Florida beach during spring break, as well as their subsequent movements throughout the country as the owners of these devices returned to school or home. Notwithstanding the insight this use of location data can provide, critics have pointed out that this technology poses the same risks associated with other forms of location tracking. Although user data are anonymized, users’ identities can nonetheless be determined by following their movements back to their homes and other places.13

Apple and Google are jointly developing technology utilizing cell phone data in response to the pandemic for contact tracing. The planned software is not strictly location tracking, as it does not collect individual location pings or follow a phone’s movements. Instead, whenever cell phone users with the enabled technology come into close proximity with one other, their phones collect a randomized identifier number associated with the other person. These identifier numbers change approximately every 15 minutes. Information from these person-to-person contacts are collected and stored on individual phones instead of a centralized database.

In the event someone is diagnosed with COVID-19, that person or his or her doctor can upload the identifier information to a central system set up by a health authority, whereby anyone documented to have been in contact with the infected person will be notified. Although contact tracing appears to be more protective of users’ information than forms of location tracking, critics have noted privacy concerns, including hacking. On the other side of the debate, some have argued that Apple and Google’s concessions to privacy concerns will make the technology less effective than more rigid versions proposed or already deployed in other countries. For example, the ability to opt out of contact tracing will result in lower utilization.14

And finally, many readers know about the use of location pings in aid of law enforcement and witness investigations and to help parents keep track of their children’s whereabouts. However, with each of these uses, debates continue concerning the benefits and conveniences offered versus the resulting loss of privacy.

Final Thoughts

In Carpenter v. United States,15 the Supreme Court invalidated the warrantless acquisition of stored cell site location data, a result that should have been a clarion call to the public. The cell phone has now achieved the protected status of a private residence or body appendage because it stores so much information about the owner as to deserve constitutional protection requiring the government to obtain your consent or a search warrant based on probable cause. As the Times stated, the private sector does not need a search warrant to request your data, and nothing prevents companies from tracking the precise movements of hundreds of millions of Americans and selling copies of that dataset to anyone who can pay the price.16 Remember, if your cell phone is turned on, someone, somewhere is collecting information about you.

Judge Dixon wishes to thank James L. Anderson, Esquire, Superior Court of D.C. Senior Judges’ Law Clerk, for his assistance researching the topic of cell phone tracking technology and preparing this article.

Endnotes

1. Herbert B. Dixon Jr., Is Your Internet Device Spying on You?, 56 Judges’ J., no. 2, Spring 2017, at 36, https://bit.ly/2VBmVFq.

2. Stuart A. Thompson & Charlie Warzel, The Privacy Project: Twelve Million Phones, One Dataset, Zero Privacy, N.Y. Times (Dec. 19, 2019), https://nyti.ms/3geMYu4.

3. Alfred Ng, Your Phone Talks About You Behind Your Back. These Researchers Are Listening In, CNET (Feb. 13, 2020), https://cnet.co/3ik4xKW.

4. Thompson & Warzel, supra note 2.

5. Stuart A. Thompson & Charlie Warzel, The Privacy Project: How to Track President Trump, N.Y. Times (Dec. 20, 2019), https://nyti.ms/2NIFO59.

6. Thompson & Warzel, supra note 5.

7. Amanda Robert, ABA Asks Courthouses to Reconsider Cellphone Bans, ABA J. (Nov. 1, 2019), https://bit.ly/3dUb8s1.

8. Thompson & Warzel, supra note 2.

9. Thompson & Warzel, supra note 5.

10. Charlie Warzel & Suart A. Thompson, The Privacy Project: Where Even the Children Are Being Tracked, N.Y. Times (Dec. 21, 2019), https://nyti.ms/2ZpVTSx.

11. Ng, supra note 3.

12. Thompson & Warzel, supra note 2.

13. Jason Murdock, Mobile Phone Location Data of Florida Beachgoers During Spring Break Tracked to Show Potential Coronavirus Spread, Newsweek (Mar. 27, 2020), https://bit.ly/3inLUpt.

14. Bill Duberstein, How Apple and Google Are Turning Your Cell Phone into a COVID-19 Tracker, Motley Fool (Apr. 12, 2020), https://bit.ly/2BqCDwc.

15. 138 S. Ct. 2206, 201 L. Ed. 2d 507 (2018).

16. The Editorial Board, Total Surveillance Is Not What America Signed Up For, N.Y. Times (Dec. 21, 2019), https://nyti.ms/2BW6PPX.

By Judge Herbert B. Dixon Jr. (Ret.)

Judge Herbert B. Dixon Jr. retired from the Superior Court of the District of Columbia after 30 years of service. He is a former chair of both the National Conference of State Trial Judges and the ABA Standing Committee on the American Judicial System and a former member of the Techshow Planning Board. You can reach him at [email protected] Follow Judge Dixon on Twitter @Jhbdixon.

Sours: https://www.americanbar.org/groups/judicial/publications/judges_journal/2020/summer/your-cell-phone-a-spy/
How WiFi and Cell Phones Work - Wireless Communication Explained

Mobile phone tracking

An indoor location tracking map on a mobile phone

Mobile phone tracking is a process for identifying the location of a mobile phone, whether stationary or moving. Localization may be effected by a number of technologies, such as the multilateration of radio signals between (several) cell towers of the network and the phone or by simply using GPS. To locate a mobile phone using multilateration of mobile radio signals, the phone must emit at least the idle signal to contact nearby antenna towers and does not require an active call. The Global System for Mobile Communications (GSM) is based on the phone's signal strength to nearby antenna masts.[1]

Mobile positioning may be used for location-based services that disclose the actual coordinates of a mobile phone. Telecommunication companies use this to approximate the location of a mobile phone, and thereby also its user.[2]

Technology[edit]

The location of a mobile phone can be determined in a number of ways.

Network-based[edit]

The location of a mobile phone can be determined using the service provider's network infrastructure. The advantage of network-based techniques, from a service provider's point of view, is that they can be implemented non-intrusively without affecting handsets. Network-based techniques were developed many years prior to the widespread availability of GPS on handsets. (See US 5519760, issued 21 May 1996  for one of the first works relating to this.[3])

The technology of locating is based on measuring power levels and antenna patterns and uses the concept that a powered mobile phone always communicates wirelessly with one of the closest base stations, so knowledge of the location of the base station implies the cell phone is nearby.

Advanced systems determine the sector in which the mobile phone is located and roughly estimate also the distance to the base station. Further approximation can be done by interpolating signals between adjacent antenna towers. Qualified services may achieve a precision of down to 50 meters in urban areas where mobile traffic and density of antenna towers (base stations) is sufficiently high.[4]Rural and desolate areas may see miles between base stations and therefore determine locations less precisely.

GSM localization uses multilateration to determine the location of GSM mobile phones, or dedicated trackers, usually with the intent to locate the user.[2]

The accuracy of network-based techniques varies, with cell identification being the least accurate (due to differential signals transposing between towers, otherwise known as "bouncing signals") and triangulation as moderately accurate, and newer "advanced forward link trilateration"[5] timing methods as the most accurate. The accuracy of network-based techniques is both dependent on the concentration of cell base stations, with urban environments achieving the highest possible accuracy because of the higher number of cell towers, and the implementation of the most current timing methods.

One of the key challenges of network-based techniques is the requirement to work closely with the service provider, as it entails the installation of hardware and software within the operator's infrastructure. Frequently the compulsion associated with a legislative framework, such as Enhanced 9-1-1, is required before a service provider will deploy a solution.

In December 2020, it emerged that the Israeli surveillance company Rayzone Group may have gained access, in 2018, to the SS7 signaling system via cellular network provider Sure Guernsey, thereby being able to track the location of any cellphone globally.[6]

Handset-based[edit]

The location of a mobile phone can be determined using client software installed on the handset.[7] This technique determines the location of the handset by putting its location by cell identification, signal strengths of the home and neighboring cells, which is continuously sent to the carrier.[8] In addition, if the handset is also equipped with GPS then significantly more precise location information can be then sent from the handset to the carrier.

Another approach is to use a fingerprinting-based technique,[9][10][11] where the "signature" of the home and neighboring cells signal strengths at different points in the area of interest is recorded by war-driving and matched in real-time to determine the handset location. This is usually performed independent from the carrier.

The key disadvantage of handset-based techniques, from service provider's point of view, is the necessity of installing software on the handset. It requires the active cooperation of the mobile subscriber as well as software that must be able to handle the different operating systems of the handsets. Typically, smartphones, such as one based on Symbian, Windows Mobile, Windows Phone, BlackBerry OS, iOS, or Android, would be able to run such software, e.g. Google Maps.

One proposed work-around is the installation of embedded hardware or software on the handset by the manufacturers, e.g., Enhanced Observed Time Difference (E-OTD). This avenue has not made significant headway, due to the difficulty of convincing different manufacturers to cooperate on a common mechanism and to address the cost issue. Another difficulty would be to address the issue of foreign handsets that are roaming in the network.

SIM-based[edit]

Using the subscriber identity module (SIM) in GSM and Universal Mobile Telecommunications System (UMTS) handsets, it is possible to obtain raw radio measurements from the handset.[12][13] Available measurements include the serving Cell ID, round-trip time, and signal strength. The type of information obtained via the SIM can differ from that which is available from the handset. For example, it may not be possible to obtain any raw measurements from the handset directly, yet still obtain measurements via the SIM.

Wi-Fi[edit]

Crowdsourced Wi-Fi data can also be used to identify a handset's location.[14] The poor performance of the GPS-based methods in indoor environment and the increasing popularity of Wi-Fi have encouraged companies to design new and feasible methods to carry out Wi-Fi-based indoor positioning.[15] Most smartphones combine Global Navigation Satellite Systems (GNSS), such as GPS and GLONASS, with Wi-Fi positioning systems.

Hybrid positioning system[edit]

Hybrid positioning systems use a combination of network-based and handset-based technologies for location determination. One example would be some modes of Assisted GPS, which can both use GPS and network information to compute the location. Both types of data are thus used by the telephone to make the location more accurate (i.e., A-GPS). Alternatively tracking with both systems can also occur by having the phone attain its GPS-location directly from the satellites, and then having the information sent via the network to the person that is trying to locate the telephone. Such systems include Google Maps, as well as, LTE's OTDOA and E-CellID.

There are also hybrid positioning systems which combine several different location approaches to position mobile devices by Wi-Fi, WiMAX, GSM, LTE, IP addresses, and network environment data.

Operational purpose[edit]

In order to route calls to a phone, cell towers listen for a signal sent from the phone and negotiate which tower is best able to communicate with the phone. As the phone changes location, the antenna towers monitor the signal, and the phone is "roamed" to an adjacent tower as appropriate. By comparing the relative signal strength from multiple antenna towers, a general location of a phone can be roughly determined. Other means make use of the antenna pattern, which supports angular determination and phase discrimination.

Newer phones may also allow the tracking of the phone even when turned on but not active in a telephone call. This results from the roaming procedures that perform hand-over of the phone from one base station to another.[16]

Consumer applications[edit]

A phone's location can be shared with friends and family, posted to a public website, recorded locally, or shared with other users of a smartphone app. The inclusion of GPS receivers on smartphones has made geographical apps nearly ubiquitous on these devices. Specific applications include:

In January 2019, the location of her iPhone as determined by her sister helped Boston police find kidnapping victim Olivia Ambrose.[17]

Privacy[edit]

Locating or positioning touches upon delicate privacy issues, since it enables someone to check where a person is without the person's consent.[18] Strict ethics and security measures are strongly recommended for services that employ positioning.
In 2012 Malte Spitz held a TED talk[19] on the issue of mobile phone privacy in which he showcased his own stored data that he received from Deutsche Telekom after suing the company. He described the data, which consists of 35,830 lines of data collected during the span of Germany's data retention at the time, saying, "This is six months of my life [...] You can see where I am, when I sleep at night, what I'm doing." He partnered up with ZEIT Online and made his information publicly available in an interactive map which allows users to watch his entire movements during that time in fast-forward. Spitz concluded that technology consumers are the key to challenging privacy norms in today's society who "have to fight for self determination in the digital age."[20][21]

China[edit]

Chinese government has proposed using this technology to track commuting patterns of Beijing city residents.[22] Aggregate presence of mobile phone users could be tracked in a privacy-preserving fashion.[23]

Europe[edit]

In Europe most countries have a constitutional guarantee on the secrecy of correspondence, and location data obtained from mobile phone networks is usually given the same protection as the communication itself.[24][25][26][27]

United States[edit]

In the United States, there is a limited constitutional guarantee on the privacy of telecommunications through the Fourth Amendment.[28][29][30][31][32] The use of location data is further limited by statutory,[33]administrative,[34] and case law.[28][35] Police access of seven days of a citizen's location data is unquestionably enough to be a fourth amendment search requiring both probable cause and a warrant.[28][36]

In November 2017, the United States Supreme Court ruled in Carpenter v. United States that the government violates the Fourth Amendment by accessing historical records containing the physical locations of cellphones without a search warrant.[37]

See also[edit]

References[edit]

  1. ^"Tracking a suspect by any mobile phone: Tracking SIM and handset". BBC News. 2005-08-03. Retrieved 2010-01-02.
  2. ^ ab"Location Based Services for Mobiles: Technologies and Standards“, Shu Wang, Jungwon Min and Byung K. Yi, IEEE International Conference on Communication (ICC) 2008, Beijing, China
  3. ^Mobile Positioning Using Wireless Networks
  4. ^Laitinen, H.; Lahteenmaki, J.; Nordstrom, T. (2001). "Database correlation method for GSM location". IEEE VTS 53rd Vehicular Technology Conference, Spring 2001. Proceedings (Cat. No.01CH37202). Rhodes, Greece: IEEE. 4: 2504–2508. doi:10.1109/VETECS.2001.944052. ISBN .
  5. ^Wang, S.S.; Wylie-Green, M.P. (September 2004). "Geolocation propagation modeling for cellular-based mobile positioning". IEEE 60th Vehicular Technology Conference, 2004. VTC2004-Fall. 2004. 7: 5155–5159 Vol. 7. doi:10.1109/VETECF.2004.1405083.
  6. ^Black, Crofton; Kirchgaessner, Stephanie; Sabbagh, Dan (December 16, 2020). "Israeli spy firm suspected of accessing global telecoms via Channel Islands" – via www.theguardian.com.
  7. ^Handset-based mobile phone tracking app example 1: MobileTrack
  8. ^Reynolds, Bethany. "Handset-based Mobile phone carrier tracking app". Retrieved 6 February 2015.
  9. ^Ibrahim, M.; Youssef, M. (2012-01-01). "CellSense: An Accurate Energy-Efficient GSM Positioning System". IEEE Transactions on Vehicular Technology. 61 (1): 286–296. arXiv:1110.3425. doi:10.1109/TVT.2011.2173771. ISSN 0018-9545.
  10. ^Ibrahim, M.; Youssef, M. (2010-12-01). "CellSense: A Probabilistic RSSI-Based GSM Positioning System". 2010 IEEE Global Telecommunications Conference (GLOBECOM 2010): 1–5. arXiv:1004.3178. Bibcode:2010arXiv1004.3178I. doi:10.1109/GLOCOM.2010.5683779. ISBN .
  11. ^Ibrahim, M.; Youssef, M. (2011-06-01). "A Hidden Markov Model for Localization Using Low-End GSM Cell Phones". 2011 IEEE International Conference on Communications (ICC): 1–5. arXiv:1010.3411. CiteSeerX 10.1.1.750.7082. doi:10.1109/icc.2011.5962993. ISBN .
  12. ^ETSI TS 102 223 V9.1.0 SIM standard
  13. ^Ted Gibbons (25 August 2008). "Vodafone Local Zone". PC World.
  14. ^"Q&A on Location Data". apple.com. Apple. Retrieved 2013-03-08.
  15. ^Pourhomayoun; Fowler (2012). "Improving WLAN-Based Indoor Mobile Positioning Using Sparsity"(PDF). Asilomar Conference on Signal Processing 2012.
  16. ^Declan McCullagh and Anne Broache (6 December 2008). "Roving Bug in Cell Phones Used By FBI to Eavesdrop on Syndicate". The Chicago Syndicate -BLOG.
  17. ^"A common smartphone feature helped find missing woman - The Boston Globe". BostonGlobe.com.
  18. ^Waxman, Seth. "Brief for technology companies as amici curiae in support of neither party"(PDF). scotusblog. Supreme Court of the United States. Retrieved 23 June 2018.
  19. ^"Your phone company is watching - TEDGlobal 2012". ted.com. June 2012. Retrieved 26 January 2016.
  20. ^Fitzgerald, Britney (25 July 2012). "Malte Spitz's TED Talk Takes On Mobile Phone Privacy Debate (VIDEO)". Huffington Post. Retrieved 26 January 2016.
  21. ^Biermann, Kai (10 March 2011). "Betrayed by our own data". ZEIT. Retrieved 26 January 2016.
  22. ^Cecilia Kang (March 3, 2011). "China plans to track cellphone users, sparking human rights concerns". The Washington Post.
  23. ^D. Quercia, Ilias Leontiadis, Liam McNamara, Cecilia Mascolo, Jon Crowcroft (2011). SpotME If You Can: Randomized Responses for Location Obfuscation on Mobile Phones. IEEE ICDCS
  24. ^Spyropoulos, Philippos K. (2009). Constitutional law in Greece. Fortsakis, Théodore. Netherlands: Kluwer Law International. ISBN . OCLC 383848443.
  25. ^Campbell, John (2020), "The origins and development of the right to privacy", Comparative Privacy and Defamation, Edward Elgar Publishing, pp. 9–23, ISBN , retrieved 2020-10-24
  26. ^"Chapter X, Fundamental Rights and Duties of Citizens, Article 128". 1936 Constitution of the USSR.
  27. ^Roxana Maria Roba. The Legal Protection of the Secrecy of Correspondence, Curentul "Juridic" (archived), 2009, number 1, Tîrgu-Mureş, Romania.
  28. ^ abcCarpenter v. United States, 583 U.S. (Supreme Court of the United States 22 June 2018) ("The Government’s acquisition of Carpenter’s cell-site records was a Fourth Amendment search.").
  29. ^Riley v. California, 573 U.S. (Supreme Court of the United States 25 June 2014) ("Required a warrant to search mobile telecommunications devices.").
  30. ^United States v. Jones, 565 U.S. 400 (Supreme Court of the United States 23 January 2012) ("Limited use of GPS devices [such as in a cell phone] to track movements.").
  31. ^Katz v. United States, 389 U.S. 347 (Supreme Court of the United States 18 December 18, 1967) ("(a) that an enclosed telephone booth is an area where, like a home, and unlike a field, a person has a constitutionally protected reasonable expectation of privacy; (b) that electronic as well as physical intrusion into a place that is in this sense private may constitute a violation of the Fourth Amendment; and (c) that an invasion of a constitutionally protected area by federal authorities is, as the Court has long held, presumptively unreasonable in the absence of a search warrant.").
  32. ^Ex parte Jackson, 96 U.S. 727 (Supreme Court of the United States 1878) ("Letters and sealed packages subject to letter postage in the mail can be opened and examined only under like warrant, issued upon similar oath or affirmation, particularly describing the thing to be seized, as is required when papers are subjected to search in one's own household. The constitutional guaranty of the right of the people to be secure in their papers against unreasonable searches and seizures extends to their papers, thus closed against inspection, wherever they may be.").
  33. ^"Stored Communications Act (18 U.S. Code § 2703(d) - Required disclosure of customer communications or records)".
  34. ^"47 CFR Subpart E - Privacy Act Regulations". LII / Legal Information Institute.
  35. ^United States v. Karo, 468 U.S. 705 (Supreme Court of the United States 3 July 1984) ("the use of a beeper to conduct surveillance on Karo and his accomplices constituted an unlawful search and seizure in violation of the Fourth Amendment.").
  36. ^Liptak, Adam (23 June 2018). "Warrant Required for Cellphone Tracking Data"(print). The New York Times. CLXII (58, 002) (National ed.). pp. A1, A16. Retrieved 23 June 2018.
  37. ^Keyaerts, K. (2018). "United States ∙ Carpenter v US: Supreme Court Rules Police Need a Warrant to Obtain Cell-Site Location Information". European Data Protection Law Review. 4 (4): 525–530. doi:10.21552/edpl/2018/4/17. ISSN 2364-2831.

External links[edit]

  • Varshavsky, Alex; Chen, Mikey; Froehlich, Jon; Haehnel, Dirk; Hightower, Jeffrey; Lamarca, Anthony; Potter, Fred; Sohn, Timothy; Tang, Karen; Smith, Ian. "Are GSM phones THE solution for localization?"(PDF). In 7th IEEE Workshop on Mobile Computing Systems and Applications (HotMobile). IEEE Computer Society: 20–28.
  • Dan Goodin (17 February 2012). "Location tracking of GSM cellphones: now easier (and cheaper) than ever". Arstechnica. Conde Nast.
Sours: https://en.wikipedia.org/wiki/Mobile_phone_tracking

Ping data phone cell

Locating Mobile Phones through Pinging and Triangulation

Is cell phone pinging really possible (and legal) for private investigators?

We asked reporter Sean Cole to find out.

HAL: I became PursuitMag‘s executive editor in the autumn of 2012, but the magazine’s been around a lot longer than that. And back in the summer of 2008, the original editor posted an article with the following headline: “Locating Mobile Phones Through Pinging and Triangulation.” That is, finding someone you’re looking for by turning that person’s cell phone into a kind of homing device.

Over the years, that article set a record for the most hits of any PursuitMag story ever…and it’s still getting lots of hits to this day—apparently, because a whole lot of people type “cell phone pinging” into Google search. People really want to know if this is possible, and if so, how to do it.

Of course, in technological terms, 2008 is primeval. So when I stumbled across this article again, I got to thinking: What’s possible NOW in terms of pinging a cell phone? And what’s legal? So I got a hold of an old radio buddy of mine, Sean Cole, and asked him to make some calls.

To find out what Sean Cole learned about current cell phone pinging and triangulation technology and laws, click below:

Produced by Storyboard EMP

Host: Hal Humphreys

Music provided by Jason White (who composed our theme) and  Lullatone.

Special thanks to producer Sean Cole (This American Life), and engineer Simon Gugala.

 

Below, you’ll find the text of the original 2008 article by L. Scott Harrell:

I hesitated to include this article since cell phone pinging has always been something of an urban legend among the private investigation and bail enforcement communities. However, I do know for certain that it is absolutely possible and that many fugitives and abducted children have been recovered through the use of cell phone pinging by various State and Federal law enforcement agencies.

Do you remember when President Bush went to the Middle East on a surprise visit to the troops not too long ago? The media made a big deal about the fact that the Secret Service made everyone onboard Air Force One, including the President, take the battery out of their cell phones so that the “real bad guys” didn’t know of their location.

Voila! (Cell phone pinging has gotten someone’s attention.) I was convinced to include the article because a trusted peer indicated that he too had luck with a locate at one time and anyone interested in locating another person may at least have the need to understand the technology and the process of locating cellular phones.

There are two ways a cellular network provider can locate a phone connected to their network, either through pinging or triangulation. Pinging is a digital process and triangulation is an analog process.

A cell phone “ping” is quite simply the process of determining the location, with reasonable accuracy, of a cell phone at any given point in time by utilizing the phone GPS location aware capabilities, it is very similar to GPS vehicle tracking systems. To “ping” in this context means to send a signal to a particular cell phone and have it respond with the requested data.

The term is derived from SONAR and echolocation when a technician would send out a sound wave, or ping, and wait for its return to locate another object. New generation cell phones and mobile service providers are required by federal mandate, via the “E-911” program, to be or become GPS capable so that 911 operators will be able to determine the location of a caller who is making an emergency phone call. When a new digital cell phone is pinged, it determines its latitude and longitude via GPS and sends these coordinates back via the SMS system (the same system used to send text messages). This means that in instances where a fugitive or other missing person has a GPS enabled cell phone (and that the phone has power when being polled, or pinged) that the cell phone can be located within a reasonable geographic area- some say within several feet of the cell phone.

With the older style analog cellular phones and digital mobile phones that are not GPS capable the cellular network provider can determine where the phone is to within a hundred feet or so using “triangulation” because at any one time, the phone is usually able to communicate with more than one of the aerial arrays provided by the phone network. The cell towers are typically 6 to 12 miles apart (less in cities) and a phone is usually within range of at least three of them. By comparing the signal strength and time lag for the phone’s carrier signal to reach at each tower, the network provider can triangulate the phone’s approximate position.

Similar technology is used to track down lost aircraft and yachts through their radio beacons. It’s not identical because most radio beacons use satellites and older cell phones use land-based aerial arrays but the principle is the same.

Not surprisingly, the phone network companies are shy about admitting they have this ability. The triangulation and pinging capability of mobile phone network companies varies according to the age of their equipment. A few can only do it manually with a big drain on skilled manpower. But these days most companies can generate the information automatically, which makes it cheap enough to sell.

Some nefarious service providers have indicated that they have either developed sources within mobile telephone service providers to be able to get this information upon request or have access to the software interfaces to accomplish this on their own (or some variant thereof). I highly suspect that these “cell phone ping service providers” I see advertising from time to time are actually using a good ol’ fashioned pretext to obtain the location of a cell phone rather than using an actual ping. If you do come across a real provider, please let me know.

There you have it- the short course regarding the technical capability of locating cell phones and those who possess them either through pinging or triangulation. Again, I cannot speak to the commercial availability of such a service but like anything else in the investigative business; for now I believe that mobile-phone pinging is largely urban myth among private investigators, fugitive recovery investigators and skip tracers.

 

Sours: https://pursuitmag.com/locating-mobile-phones-through-pinging-and-triangulation/
How WiFi and Cell Phones Work - Wireless Communication Explained

How To Ping A Phone – 6 Methods To Find Location

What Does ‘Pinging A Phone’ Mean

Pinging a cell phone means the process of determining the location of a device with reasonable accuracy utilizing the GPS installed on the phone. Through this process, a message or signal is sent to the device via the signal towers. Then the signal is returned with the device GPS location information.

How Pinging a Phone Technology Work

There are two ways a cell phone location can be located by the cellular network provider, Pinging and Triangulation. Pinging a cell phone is a digital process, whereas triangulation is an analog process of finding a phone location.

To “ping” in this context means to send a signal to a particular cell phone and have it respond with the requested data.

When a new digital cell phone is pinged, it determines its latitude and longitude via GPS and sends these coordinates back via the SMS system.

Why Ping A Phone?

Well, this modern technology is used to find the location of a lost android or iPhone device or sometimes this technology is used to keep track of the live locations of people with criminal records.

Furthermore, This technology is used by the android spy app companies to keep track of the user’s devices.Many parents who want to keep track of their children about their locations use different spy apps for tracking purposes.

But it would be best if you remembered that tracking or spying on someone’s device and location without their permission is illegal. Before installing any spy apps or using any technique discussed in this post, please inform your child that you will track them.

Also Read:
How to type Backwards 3 with alt code
150+ JAM TOPICS FOR INTERVIEW

Best whatsapp group names for cousins

Methods of Pinging a Phone

There are many methods to ping an android or iPhone device, but in this post, we discuss six methods to ping a phone to locate the device location.

Methods to find a phone location or ping a phone are

  1. GPS Tracking Software
  2. Default Phone Mechanisms
  3. Spy apps
  4.  Default Phone Mechanisms
  5. Ping from computer 
  6. Tracing the Phone Number Details
  7. Using the Phone’s Carrier’s help

GPS Tracking Software

The first and easiest method to find a lost android or iphone device or keep track of your family and loved ones location is pinging the phone using the GPS tracking softwares. There are hundreds of free and Paid GPS tracking software for android and iPhone are available out there but here we are listing some of the best GPS tracking software to ping a phone to find its location.

 Some of the GPS tracking app to ping a phone are listed below

1. Google Maps

Google maps is one of the best and most reliable and popular gps tracking app to ping an android and iphone device to locate the phone location. It is a free app and avaiable for both anndroid and iphone devices. Google maps enable you to manage the sharing options and use this technology to track your lost device’s location.

2. Life 360

Life 360 is another best GPS tracking software that lets you ping your phone to find its location. This comes with a range of superb features. Along with finding your lost device you can also keep track of the location of your family members.

Here we mention only 2 GPS tracking apps that let you ping your phone but there are hundreds of other location tracking software available for android and iPhone. For more GPS tracking apps, check this article.

These GPS tracking apps are beneficial to find the live location of any device but these apps will not work if the GPS is not enabled on your lost device or if fake GPS app is installed on your lost phone. In such cases, you can use the second method we are going to discuss in this post.

Default Phone Mechanisms

If the phone GPS location is turned off then you can use the phone’s default mechanism to ping the phone to locate the device’s location. By default, the android devices come with an inbuilt feature called “Find My Device,” and similarly, iPhone devices also come with this inbuilt feature called Find My iPhone that lets you track the location of your phone.

 Steps to Ping phone using Find My Device

  1. At the first visit to android.com/find 
  2. Next, sign in to your Google Account through Gmail details.
  3. Then, On the map, you’ll see the live location of the lost phone.
  4. Furthermore, you can remotely play a ringtone, erase the data or can lock your device.

Spy Apps

The spy apps are another best option to ping a phone to find its location. The spy apps come with excellent and advanced features that help you to keep track and monitor the target phone.

Spy apps are available for android and iPhone devices. With these apps, you can easily track the person’s live location, read conversations, monitor social media chats, check browser history, record screen, listen to live phone calls, listen surrounding sounds, and much more.

There are hundreds of spy apps out there in the market that help you to keep track and monitor android and iPhone devices. Here we are taking the example of the Cocospy App for tutorial purposes.

Here is a step by guide to Ping a Phone Using spy Apps:

  1.  First Create a New Cocospy Account from your Android or iPhone device
  2. Select the target device you want to monitor and check the call history.
  3. Next, you need to select the plan according to your requirements.
  4. Then install the app on the target device
  5. After complete installation, you will get Wi-Fi or GPS data in real-time

Ping from computer

The second method you can use to find your lost device’s location is to ping from your computer.

Yes, with the help of your computer, you can ping your phone to locate its location.

  1. Follow the below-given steps to ping your phone using a computer
  2. Open the “Settings.” on the Android device.
  3. Then Tap on “About Phone”
  4. Next Tap on “Status.” and get your IP address 
  5. Then turn on your computer and search for Windows Command Prompt.
  6. Following open CMD as “Run as Administrator.”
  7. Then type “ping” followed by your Android device’s IP address and press “Enter.”

Tracing the Phone Number Details

Another method to find the location of a sim number or the device is tracing the phone number details. Numerous apps bring universal caller ID services to smartphones, which help keep track of the phone number. 

True caller, Showcaller, CallApp are some of the popular phone number tracker apps that let you check the sim card owner name, registered place, and many more details. This is more helpful to find fraud caller, unknown caller location details.

Using the Phone’s Carrier’s help

In case any of the above methods does not work, the last option you can try to ping your phone is contacting the phone carrier. The mobile phone carrier companies help their customers find the lost phone by tracing the device’s live location. They find out the phone location by using the triangulation process.

Possible ways that you can’t ping a phone

Sours: https://techstuffplus.com/how-to-ping-a-phone-to-find-location/

You will also be interested:

Your cellphone location data is now the last vestige of your privacy

If you’re in the US and concerned about data privacy, you can breathe a little easier today (June 22). The nation’s highest court just ruled that cellphone location data is protected by the Fourth Amendment of the US Constitution.

The ruling in Carpenter v. US(pdf) protects not only digital privacy, but freedom of movement. A divided Supreme Court, split 5-4 with a plethora of dissenting opinions issued, held that “an individual maintains a legitimate expectation of privacy in the record of his physical movements as captured through” cell signal location information (CSLI). That means police need a warrant based on probable cause in order to obtain your records from cellphone companies.

Phone companies collect information about the locations where you’ve traveled for an innocuous reason. The mobile phones of 400 million US cellphone users “ping” cellphone towers as they move around, and companies keep the information for up to five years with the goal of improving wireless networks. The pings don’t reveal anything said in conversation. But they do, taken together, create a map that can be used to track your activities retrospectively in an investigation.

Because the technology is relatively new, it wasn’t clear until now whether the information qualifies for constitutional protections preventing searches and seizures without a warrant based on probable cause. Chief justice John Roberts wrote the majority opinion, presenting the issue as follows, “The question we confront today is how to apply the Fourth Amendment to a new phenomenon: the ability to chronicle a person’s past movements through the record of his cell phone signals … cell phone location information is detailed, encyclopedic, and effortlessly compiled.”

In this case—which arose from a series of cellphone store robberies, ironically—police obtained a court order for 127 days of a suspect named Timothy Carpenter’s location data based on “reasonable grounds,” rather than the more strict “probable cause” standard. The government argued that people have no reasonable expectation of privacy in their location data because they voluntarily submit it to third parties—wireless service providers—and so no warrant is necessary.

The high court disagreed. The opinion states:

Given the unique nature of cell phone location records, the fact that the information is held by a third party does not by itself overcome the user’s claim to Fourth Amendment protection … we hold that an individual maintains a legitimate expectation of privacy in the record of his physical movements as captured through CSLI. The location information obtained from Carpenter’s wireless carriers was the product of a search.

Indeed, the ruling provides a robust defense of privacy in a time during which the notion has come to seem practically old-fashioned. “A person does not surrender all Fourth Amendment protection by venturing into the public sphere,” Roberts writes. “To the contrary, “what [one] seeks to preserve as private, even in an area accessible to the public, may be constitutionally protected.”

The high court noted that “the retrospective quality” of the data gives police access to information that was previously unknowable, and with just “the click of a button.” Before, attempts to reconstruct movements “were limited by a dearth of records and the frailties of recollection,” the opinion notes. Not so anymore. “With access to CSLI, the Government can now travel back in time to retrace a person’s whereabouts,” Roberts writes. This is problematic not only for a defendant subject to such an intrusion, but for all cellphone users, he argues, writing, “this newfound tracking capacity runs against everyone.”

Still, the opinion warns that the decision is limited and “narrow.” The court doesn’t call into question conventional surveillance techniques and tools, such as security cameras. Nor does the decision affect other business records that might incidentally reveal location information, or collection techniques involving foreign affairs or national security. The ruling also allows for the fact that there may be exceptions to the warrant requirement under “exigent circumstances.”

The majority is somewhat circumspect, heeding the warning of justices before them who have contended with the constitutional questions raised by new technologies. Roberts explains, “As Justice Frankfurter noted when considering new innovations in airplanes and radios, the Court must tread carefully in such cases, to ensure that we do not ’embarrass the future.’”

But Roberts chides dissenters, particularly justices Kennedy and Alito, for taking positions that would erode the Fourth Amendment protections and for minimizing the dangers of cellphone location data collection. Relying on historical holdings again, the chief justice writes, “As Justice Brandeis explained in his famous dissent, the Court is obligated—as ‘subtler and more far-reaching means of invading privacy have become available to the Government’—to ensure that the ‘progress of science’ does not erode Fourth Amendment protections.”

Notably, the court’s female contingent—Justices Ginsburg, Sotomayor, and Kagan—all joined Roberts in his opinion, as did justice Breyer. Justice Kennedy dissented in an opinion joined by justices Thomas and Alito, who each also wrote individual dissents, with Thomas joining Alito’s opinion. The court’s most junior justice, Neil Gorsuch, stood alone, writing an independent dissent and joining no other opinions.

Sours: https://qz.com/1312339/this-supreme-court-ruling-means-cellphone-location-data-is-now-the-last-vestige-of-your-privacy/


853 854 855 856 857