The phone carriers – Verizon, AT&T, and the others – track the location of your phone by keeping a map of the cell antennas you connect to as you move around.
You didn’t consent to that tracking. It’s inherent in the way phones work. You can turn off every permission for every app on your phone and it will not slow down the carriers’ location tracking one bit.
Your phone automatically registers with the nearest cell phone tower, constantly switching from one antenna to another, even when the phone is idle. Cell antennas are densely concentrated in urban areas, even more so as 5G systems are rolled out where antennas may be mounted every eight hundred feet.
The tracking by the carriers is not quite as precise as the GPS signal collected by apps, but it allows your movements to be tracked continuously with a fair amount of detail, effectively block by block in big cities.
For years, the carriers sold data about your location to bounty hunters, car dealerships, landlords, stalkers, and basically anyone with three hundred bucks. EFF summarized the situation last year:
“An investigation by Motherboard earlier this year revealed that any cellphone user’s precise, real-time location could be bought for just $300. The report showed that carriers, including AT&T, were making this data available to hundreds of third parties without first verifying that users had authorized such access. AT&T not only failed to obtain its customers’ express consent, making matters worse, it created an active marketplace that trades on its customers’ real-time location data.”
Regulators and politicians began to pay attention after the New York Times and others reported on how easy it was to get location data from the carriers. There were investigations that led to pious promises by the cell companies that they would stop selling the data.
Note I say they promised to stop. They didn’t actually stop. They kept right on selling your movements to the highest bidders. Did you think they stopped? You must be new here.
That’s why a House panel requested an emergency briefing from the Federal Communications Commission to determine why the agency had not prevented wireless carriers from selling consumers’ location data. Last week the New York Times reported that the FCC is going to fine the companies for continuing to sell personal information for months despite their promises to quit. “The FCC has approved a proposal to fine T-Mobile, AT&T and two other cellphone carriers more than $200 million for selling customers’ location data to companies that allowed it to be misused by rogue law enforcement officers and others. The agency is making the move after repeated public reports about data abuse — and after several companies continued to sell access to troves of personal information for months despite saying they were sharply limiting the practice.”
Today, though, well, now it’s different. The carriers don’t sell your location anymore! You can tell they don’t because they promise they’ve stopped, and that’s enough reassurance, right?
Key fobs, smartwatches, and Bluetooth beacons
IoT is the acronym for “Internet Of Things,” devices that communicate online without direct human control after setup. In the “smart home,” that’s cameras, door locks, security systems, thermostats, and much more. Some of those devices include location tracking, either by reporting movement in a specific place – monitoring elderly people as they move around their home, for example – or by tracking all your movements, like this emergency response device that lets an operator know who is calling, their exact location, if they are moving or stationary, and details about them such as medical history and emergency contacts.
It has become common for tenants to use fobs, PIN codes, a smartphone app, a fingerprint, or a facial recognition system to unlock their entry doors or open a garage door. They probably don’t realize that the landlord or property manager is notified and makes a record of every time they tap into their apartment. It’s not quite location tracking, but it has some similarities:
“The fob system records the time the tenant comes back to the apartment and the entrance used. The same happens when that tenant returns from work or goes out with friends for dinner. This data gives landlords the ability to paint a picture of when a tenant is home, who the tenant shares access with and how often, and when the tenant’s kids come home from school. . . . Using this information, bad actor landlords have a new tool at their disposal to harass tenants — and in some cases, to try to evict them.
“But this technology also offers some benefits to tenants. Those with an access system that uses a smartphone app are able to maintain a record of who enters their home and when — in addition to being able to grant and revoke guest access with relative ease. This is a major step forward for tenants who have been harassed by abusive landlords entering their homes during the day, victims of theft and domestic violence survivors who have struggled to keep abusive partners out of their homes.”
The New York Times parenting editor just wrote an article about smartwatches for kids that report GPS locations continuously to parents.
“There has always been tension between the promise of safety for a parent and allowing independence for a child. My friend said he feels less stress since getting his daughter that Gizmo. But is it at the cost of breathless, joyful freedom?”
Tiny Bluetooth beacons have been used to monitor the location of nearby phones at concerts, campaign rallies, and in buildings and malls. The student tracking described in the last article was mostly being powered by Bluetooth beacons. Your phone responds to Bluetooth requests with a unique hardware address, even if the Bluetooth connection isn’t completed. Stores, for example, can combine the Bluetooth location tracking with facial recognition to identify customers, screen for theft, and deliver targeted ads. Since 2013, Apple iPhones have had a built-in system named iBeacon to facilitate targeted advertisements as you walk through a store. Remember the scene in the movie Minority Report when Tom Cruise walks by a store in the mall and the ad window greets him by name and refers to his prior purchases? That is exactly what we’re talking about.
Some Bluetooth tracking has become more difficult recently; both iOS and Android now send obfuscated hardware addresses, so you probably can’t be tracked now over Bluetooth today as effectively as a few years ago. But if you join a wi-fi hotspot, connect to that Bluetooth beacon, or install the helpful app offered by the event or business, the door is open for you to be tracked and identified by other information sent by the phone – IP address, cookies, or ad IDs. And other Bluetooth devices do not necessarily obscure the hardware ID, so laptops, wireless headphones, and even cars can still be passively tracked.
Cameras and facial recognition
A quick recap (see this article for more depressing details):
- There are cameras everywhere.
- Facial recognition databases are becoming commonplace, pulling images from social networks, photo websites, dating services like OkCupid, and cameras placed in restaurants and on college quads.
- Retailers are contracting with facial recognition providers to log people’s faces.
- Facial recognition data is being shared widely with law enforcement and government agencies.
- License plate readers are being installed everywhere.
The information from different sources is combined into a profile that contains more information about you than you probably could collect for yourself, including your location but also so much more.
Last year it was private company Palantir working with the US government’s Immigration and Customs Enforcement (ICE) division to weaponize our data, our faces, and our locations – for example, by identifying and targeting possible illegal immigrants.
Last week it was Banjo, a private company contracting with the state of Utah to draw from every piece of surveillance technology deployed by cities and law enforcement, including state traffic cameras, CCTV and “public safety” cameras, 911 emergency systems, and location data for state-owned vehicles. The company combines the data with information collected from social media, satellites, and “other apps,” presumably including location data readily available from private location tracking companies. Banjo promises the data is anonymized, which is simply nonsense when location data is included.
Banjo adds some AI secret sauce and promises it can deliver “predictive policing” and real-time alerts of Very Bad Things in progress. “Predictive policing”! I keep coming back to the movie Minority Report. The “PreCrime” police unit used psychics with visions of the future to uncover crimes that had not actually happened yet. Was that movie screened in Utah? It didn’t end well.
Okay, you get the point: we live in a surveillance society and your location is known to a lot of people, tracked in real-time. That data is primarily used for targeted advertising, but it’s also used for a wide variety of other purposes, ranging from helpful services to scary assaults. In the next articles, we’ll look at both sides.