by Johanna Faust
Maybe you are reading this right now on your phone, but perhaps not. Maybe you would say ‘Of course, I know that’ if I were to tell you your phone was tracking you. Maybe you even remove the battery sometimes, but then no one can reach you, and whenever you need to make a call, or just check the time, or look up something on the web, you put it back in, and bam! it’s tracking you again.
|Perhaps I will send him a copy of this article.|
Or maybe you have an iPhone, so there is no way to remove the battery. Soon this will be any phone, since, as one reviewer put it, “we’ve all already decided we value all of the aforementioned features more than a removable battery. If we didn’t, the iPhone would have died a quick death years ago.” That reviewer completely neglected to mention privacy concerns.
Maybe your phone takes a very long time to boot up, and you don’t live in the best neighborhood, and you get home from work after dark: you can’t risk even turning it off. So your phone is always on. Even though you’ve heard it’s tracking you.
Maybe you use a digital assistant, meaning, you talk to ‘Google’ or ‘Siri’ or possibly ‘Cortana,’ giving simple commands or asking simple questions. The implications may or may not have already dawned on you, that may be deduced from this: Since your device needs to respond whenever you say a certain phrase, it has to be monitoring — everything — all the time. The microphone in your phone is always-on, always-listening.
In the frenzy of tapping ‘Agree,’ ‘Agree,’ to all those contracts of adhesion when you first set up your phone, maybe you opted for that ‘battery-saving’ app. Or maybe you read the Terms of Service, like I did, and, right where it gets around to talking in mealy-mouthed terms about third parties, you decided against it. As it turns out, at least in regard to the safety and security of the sensitive information of your location (which is what we’re talking about here), it doesn’t matter one way or the other.
|Samy Kamkar’s android map|
That’s right. Go ahead and turn ‘location’ off, and call 911, if you don’t believe me. Just like personalized search, you may if you choose opt out of officially knowing about it, but you cannot turn that locatability off.
Because your phone transmits enough information, continually, to locate you, without need of GPS. Oh, you know about that, right? That’s the way Apple used to do the ‘locate me’ thing. Some guy on the web had a script up, which you could use to find other people’s phones, if you had the six digit hexadecimal hardware address. I found my friend’s stolen laptop with it. Doesn’t work anymore, but if it did, that would be pretty scary, right?
Then there’s this team from Princeton who found a way to geolocate phones from data that anyone can access, no special permissions needed. Nothing that the end user has to agree to. No special SMS or email that he has to open up. No need for his phone to connect to GPS, or even to a WIFI network I say ‘theoretically’ because although their work was published and peer reviewed, their compiled code is not, as far as I can tell, available.
So there is no web page in which some jealous person can enter the cell number of their cheating lover to get their accurate, current location. Right?
The official answer may surprise you.
Picture a vast room with floors polished to a mirror shine and ridiculously high ceilings. An official place; all alone, or in twos and threes, men in dark expensive suits walk up and down, or gather in front of the world map in the middle, rendered on a huge semitransparent touchscreen and absolutely infested with tiny points of light, shimmering and shifting, that are periodically redrawn with realtime data from wherever you are. An agent zooms in with a hand gesture on one specific dot. It blinks.
And it moves, ever so slightly, whenever you do.
Location information is incredibly revealing. From your location history, over time, well, everything about you that matters may be deduced. What you buy. What you like to do and when. What meetings you go to; and who you talk to at length after those meetings; and, from the histories of those data points, what you have in common. Are you getting the picture? Because it is a picture of you, and, with the rest of the data being traded about you, I’d say that for a mere photograph it sure is detailed. Remarkably high definition.
Are you holding your phone? If so, you are definitely within earshot of an audio data collection point. Do yourself — and your friends, and your country — a favor. I say your friends — because the privacy of each of us is only as secure as the privacy of any of us. Put another way: if they can find your friends, and your friends visit or contact you, that means they can almost definitely find you; and if they know where you are over time, well, see above.
I say ‘your country’ because what this amounts to is totalitarianism. You cannot control who knows where you are, who you are, what you are doing, what you are reading or writing or thinking. Anyone could know these things now. Absolutely anyone.
Because as we live our lives, and interact with a myriad of data-collecting devices, we cast a tangible shadow that persists, available to be copied and pasted in some private database, for five years, which might as well be forever. It is an intricate record, an accurate reflection of our every move and action.
Every jog, walk, or ride. Every text message, phone call, or download. Every song, game, or movie; every search, click, or mouseover. All of these as geolocation data points, of measurable proximity to, and interaction with, what other points of what other devices, with what other histories.
If we all do not continue to expect and believe together that this data is and should remain private in the first place, it loses this privilege legally, by default. Our commonly held expectation of privacy if strong enough would certainly be a good place to start beating back this tide, Without that expectation and belief, no one would have legal standing to bring suit. One cannot claim one has been harmed if, when, or after, that privacy is compromised.
So make this affirmation out loud. It doesn’t have to be reasonable, feasible, justifiable, plausible, or rational. No one has to believe in it but you. Let it be a spell of protection, a mantra:
“As an American citizen, I have every expectation of privacy.”
Evidence surfaced recently — proof — that each of us, that every one of us with a cellphone, might as well have a corresponding dot moving and blinking in real time, geolocated on a map somewhere. Did I say might as well? I mean does. (Yes that map is real.)
|Find links here, and below.|
Let that sink in. THAT GIANT MAP IS REAL. It is a map of all connected devices. If you have a phone, or laptop, or tablet, or router for that matter, you are on it. I mean that absolutely literally.
If you own a cell phone, this means you.
We already know now for a hard fact that cell phones alone generate reams of detailed and in depth information about each user. The historic revelations concerning the U.S. government spying on its own citizens were originally over a request by both the FBI and the NSA for data from one tower dump, remember? The FBI dropped off that map. The government admitted, begrudgingly, at first only to metadata and geographic location (and if you don’t know how much this reveals about you, you are in for a nasty surprise) going back seven years. We now know that limited hangout for the lie it was. All the security professionals in America should have known that it was a lie at the time. If not, there were clues here and there. And over there.
|From EFF’s archive of the Securus Documentation|
We can prove that continuous location information is readily available, even when the GPS is turned off; in some cases geographic location and hardware serials of the last three hotspots you visited. (Go wardriving, and you’ll get the histories of the devices attached to them.)
First we learned that our private location information may be, and is, easily retrieved, without a warrant, or our informed consent, and with little to no oversight, at the will, or even whim of almost any police officer in America..
|Robert Xiao’s dissection of the vulnerability|
I repeat, up until may 17th, 2018, it was trivially easy for absolutely anyone to locate absolutely anyone else’s phone WITH ONLY THE NUMBER…
… and it very probably still isn’t that hard.
I say “until may 17th, 2018,” because that’s when this company, whose actions was busted by this security researcher, “fixed” the security vulnerability that enabled anyone, armed with a cell number, to locate it geographically in real time. They disabled the free demo of the service after being found out.
That’s all they did to fix it: they took the webpage that contained the free demo of their software-as-a-service product down off of the internet. The cached version of the page goes to their official statement about the incident, which mentions that they claim that the numbers this researcher plugged in were the only people affected. (If you only check out one of these hyperlinks, THIS, about that incident, is the MOST IMPORTANT.)
|LocationSmart OnAsset Case Study|
I say “and it very probably still isn’t that hard” because the page was to a free demo. Anyone who already has an account can still do what was demonstrated. Furthermore, it is not a stretch of the imagination to think that anyone with a business name and enough money can still, easily, open a new account.
The digital shadows we cast are data-mineable details that are the 21st century incarnation of the papers and effects of the 4th amendment to the United States Constitution.
But you need to know this: without a reasonable expectation, personal privacy is much, much harder to defend. If ‘everyone knows’ that ‘all the information’ on ‘everyone’ is ‘collected,’ we would have no legal basis to complain. None.
So do it again. However illogical this may seem, if it is true, its true:
“As an American citizen, I have every expectation of privacy.”
Read more at FemaleFaust