TL;DR - A German man got all the data his cell company had collected on him, correlated it to his other public data on the web (Twitter, etc) and made an online, animated map of his life. Illustrates how much can be known about someone from these two sources and argues for restricting what carriers collect and what governments can get from them.
This makes me want to get a tinfoil hat. Now do I give up one of my most vital tools because someone knows where I am at almost all of the time? Do I trust the government to make sure this data is not misused? Or do just go all in and make sure the google, fb, twitter etc have it too and continue to whistle through the graveyard? There has to be a realistic middle ground to protect privacy but with the global data cloud surrounding us I have no idea what that would be.
It's a tough question and I think there is a drought of answers, even from those who think about the subject quite a bit. I'm not sure it's the best idea to go all in, but that's certainly an approach. I suspect one of the mid term answers (in general) may involve creating a ton of contradictory noise on your behalf, but I'm not even sure if that could be applied to mobile location. Privacy is clearly not winning the match so far.
While it's not quite on topic, this presentation by moxie marlinspike last year at defcon europe has some interesting thoughts on how we voluntarily surrender our privacy. It's definitely worth a watch if you're thinking about the subject.
You can get a pay-go phone, sometimes with cheaper unlimited rates than AT&T and Verizon, although they won't subsidize the purchase of a nice smart phone. (And I'm not too happy with the data transfer speed on Boost.)
This obviously wouldn't prevent against a targeted attack. If the phone company or the government wanted to track YOU specifically, they could probably figure out your phone number by looking at the calls your family and friends have made and finding the union, and retrieve the info from there.
But if someone wants blanket info, i.e. a list off all the people at a G-20 protest or whatever, a computer won't be able to instantly figure out who you are. Someone would have to start investing real man-hours to accomplish this. This hopefully gets too cost-prohibitive for large scale tracking of the general population.
> But why are carriers storing this tracking information for more than 24 hours, unless of course it's by government demand.
This information can be invaluable in crime investigations. Think if you're abducted and manage to keep your phone with you and on - they can track it.
It's a situation where the data can be valuable, but someone needs to watch the watchers.
The information here is inconclusive ( https://www.eff.org/issues/cell-tracking ), but I'm surprised I've not heard of a case where this sort of data was presented as evidence?
I'd also like to know whether this information can be or has ever been used in court as evidence. "Where were you on the night of such and such...?" may become a question of the past. Frightening.
Don't forget that it's not actually your position that is being tracked - it is the position of your mobile phone device, which could be carried by someone else. As such, that limits its value in court.
I guess I don't have a big problem with this, law enforcement would need a warrant to get the information, and in most cases it would only confirm or repudiate what they already know or suspect. It's just a more convenient way to surveil a suspect, and for the suspect it's easier to counter: turn off your phone, or better yet leave it somewhere where you're not.
Neighbouring Denmark (where you'd track me down) put a law into effect some years back saying that all telcos must log basically everything all the time about everyone.
This makes me wonder if I could request to see these full logs from my cell and Internet provider. Would make some interesting data for mining.
Plus I'm sure they'd hate handing it over, which makes this that much sweeter !
For those interested, http://veriplace.com/ allows you to do this kind of serverside phone location tracking yourself.
They say they give people good privacy controls, but it is very unclear if it works on an opt-in or opt-out basis (they claim to track 180 million phones in the US)
It's opt-in--definitely no way to get a locate without a device owner providing permission to do so. It's kind of like a Facebook app, if you're using a service that uses Veriplace to get location information, any end user can log in and modify (or deny) what information that service can access. Location data is only stored as specified by your Veriplace settings and otherwise isn't kept around.
Veriplace is a location aggregator (for details, see http://developer.sprint.com/site/global/go_to_market/aggrega...). Essentially, every carrier has a disparate location infrastructure that would require significant development and customization to integrate with. Simply too much work for most developers. Veriplace and other aggregators provide a much simpler, singular API for accessing location data across multiple carriers.
To be clear--these companies are tightly regulated and strictly watched over by both the government and the carriers. It's not these services that should be the concern, it's more so data retention policies and what not of carriers where the data originates.
I actually met him at the start of this (Erlangen), it feels even more weird if you think about how much data you can correlate if you have more than one persons data. This could be big - you will probably get millions of funding even pre launch.
On the other hand... I actually have Google Latitude turned on all the time, which gives me (and whoever's spying on me) data like http://goo.gl/23iBj all the time.
[+] [-] wewyor|15 years ago|reply
Quite cool, even though it is indeed scary.
[+] [-] DanI-S|15 years ago|reply
[+] [-] billybob|15 years ago|reply
[+] [-] lowprofile|15 years ago|reply
[+] [-] trotsky|15 years ago|reply
While it's not quite on topic, this presentation by moxie marlinspike last year at defcon europe has some interesting thoughts on how we voluntarily surrender our privacy. It's definitely worth a watch if you're thinking about the subject.
http://vimeo.com/11303353
[+] [-] kgo|15 years ago|reply
This obviously wouldn't prevent against a targeted attack. If the phone company or the government wanted to track YOU specifically, they could probably figure out your phone number by looking at the calls your family and friends have made and finding the union, and retrieve the info from there.
But if someone wants blanket info, i.e. a list off all the people at a G-20 protest or whatever, a computer won't be able to instantly figure out who you are. Someone would have to start investing real man-hours to accomplish this. This hopefully gets too cost-prohibitive for large scale tracking of the general population.
[+] [-] ck2|15 years ago|reply
But why are carriers storing this tracking information for more than 24 hours, unless of course it's by government demand.
[+] [-] davidw|15 years ago|reply
This information can be invaluable in crime investigations. Think if you're abducted and manage to keep your phone with you and on - they can track it.
It's a situation where the data can be valuable, but someone needs to watch the watchers.
[+] [-] throwaway40m|15 years ago|reply
[deleted]
[+] [-] re1s|15 years ago|reply
Can this information be used in court?
The information here is inconclusive ( https://www.eff.org/issues/cell-tracking ), but I'm surprised I've not heard of a case where this sort of data was presented as evidence?
[+] [-] eliasmacpherson|15 years ago|reply
[+] [-] evandavid|15 years ago|reply
[+] [-] atlantic|15 years ago|reply
[+] [-] ams6110|15 years ago|reply
[+] [-] akashs|15 years ago|reply
This is the case that says so: http://en.wikipedia.org/wiki/Smith_v._Maryland
And these are the laws that allows it: http://en.wikipedia.org/wiki/ECPA http://en.wikipedia.org/wiki/Stored_Communications_Act
Somewhat unrelated, but under current law (the two above) they can read your emails without warrant too, but this was a big step: https://www.eff.org/deeplinks/2010/12/breaking-news-eff-vict...
[+] [-] nl|15 years ago|reply
"The spokesman also said that law enforcement agents have to obtain a court order for the data, except in special emergency circumstances."
But:
"The US Department of Justice has petitioned the 3rd District Court of Appeals for the right to request cellphone location data without a warrant."
http://thenextweb.com/us/2010/02/11/dept-justice-pushes-warr...
[+] [-] itistoday|15 years ago|reply
No, it doesn't.
https://www.eff.org/issues/nsa-spying
[+] [-] oniTony|15 years ago|reply
[+] [-] erikstarck|15 years ago|reply
[+] [-] cskau|15 years ago|reply
This makes me wonder if I could request to see these full logs from my cell and Internet provider. Would make some interesting data for mining.
Plus I'm sure they'd hate handing it over, which makes this that much sweeter !
[+] [-] nl|15 years ago|reply
They say they give people good privacy controls, but it is very unclear if it works on an opt-in or opt-out basis (they claim to track 180 million phones in the US)
[+] [-] ruff|15 years ago|reply
Veriplace is a location aggregator (for details, see http://developer.sprint.com/site/global/go_to_market/aggrega...). Essentially, every carrier has a disparate location infrastructure that would require significant development and customization to integrate with. Simply too much work for most developers. Veriplace and other aggregators provide a much simpler, singular API for accessing location data across multiple carriers.
To be clear--these companies are tightly regulated and strictly watched over by both the government and the carriers. It's not these services that should be the concern, it's more so data retention policies and what not of carriers where the data originates.
[+] [-] fbailey|15 years ago|reply
[+] [-] chrisjsmith|15 years ago|reply
[+] [-] dmd|15 years ago|reply
[+] [-] itistoday|15 years ago|reply
http://news.ycombinator.com/item?id=2385463