Where Have You Been: Location and Privacy
By Zachariah Kopacz
Location Locating: Opting-Out
It is well known that tech companies and advertisers record a significant amount of information about their customers. However, as scandals and catastrophic security failures become more prevalent, opting out of risky enterprises also rises in difficulty. One such risk is location tracking, which does not abate fully, even when users have disabled it on their device.
Who’s Watching?
Three primary considerations
- Applications are constantly gathering location data, sometimes even after users have disabled location collection. This has occurred with Google, weather apps, etc.
- Legislation relating to this data is incomplete. Police and the government cannot simply track users without a warrant, but several loopholes exist to get around this.
- These massive collections of data can be breached by cyberattacks, providing malicious actors with access to users’ addresses, daily routine, etc.
Cyber Criminality
Rogue base stations allow device holders to be tracked in real-time. This equipment is easily mistaken for legitimate services by mobile devices if the signal is sufficiently strong.
Historical location data stored on mobile phones and Internet of Things (IoT) devices can be used to predict future behavior, helping to—among other concerns—tailor phishing campaigns to affected users.
The Law
- Carpenter v. United States in 2018 established that police must obtain a warrant to track users via cellphone location data.
- Instead of acquiring a warrant, some law enforcement agencies have opted to simply purchase such information directly from data brokers. The Fourth Amendment Is Not For Sale Act is intended to address this, however.
- Others have used devices known as “stingrays”, which emulate cellphone towers to amass data from all cellphones in an area. The Cell-Site Simulator Warrant Act would mandate a “super warrant” for such technologies to be used.
- Geofence warrants, however, are still exploitable. They require companies to provide “historical” location data on all cellphones in an area, such that someone who merely rode a bicycle in a neighborhood is at risk of having their data seized for an investigation, as in the case of Zachary McCoy.
“Now, that’s the commercial sector—the commercial side: Advertisers, apps, applications, your cell phone company, the operating systems, the device manufacturer… And websites, of course… And those are the companies that we—let’s say—are ‘the good guys’ and the trusted entities… There were too many breaches… [where] large databases of precise location information over time were hacked and compromised. Where unintended parties obtained information about everywhere your car has been or every place your cell phone has been.”
-Quote from Marc Groman, Groman Consulting
Keeping Your Location Under Wraps
- Turn off location settings. Disable Bluetooth and Wi-Fi when unneeded.
- Only give applications as much permission as necessary. Disable advertising permissions wherever possible. Reset your device’s advertising ID on a weekly basis, at minimum.
- Turn off settings to find lost or misplaced devices.
- Using the internet on a device especially opens it to having its precise location determined; consider this if you need to use the internet.
- Familiarize yourself with the specifics of how devices and apps you use record location.
Conclusion
Despite the massive implications for life in an increasingly-connected world, the issue of location data does not seem to receive a great deal of attention in the public sphere. Many people are unwittingly putting their privacy at risk. Both businesses and law enforcement entities have used this information in ways that are not in consumers’ and citizens’ best interests. Fortunately, there have been efforts in legislature to counter the latter, but a solution in the commercial world remains to be seen. Particularly noteworthy is that the NSA itself released a guide to avoiding location tracking on portable devices (see the link for Keeping Your Location Under Wraps).
My Process
Despite the massive implications for life in an increasingly-connected world, the issue of location data does not seem to receive a great deal of attention in the public sphere. Many people are unwittingly putting their privacy at risk. Both businesses and law enforcement entities have used this information in ways that are not in consumers’ and citizens’ best interests. Fortunately, there have been efforts in legislature to counter the latter, but a solution in the commercial world remains to be seen. Particularly noteworthy is that the NSA itself released a guide to avoiding location tracking on portable devices (see the link for Keeping Your Location Under Wraps).
If Nothing Else, Remember
- Turning off location settings is often not a guarantee against collection.
- Companies have been shown to sell location data to third parties.
- Laws have not kept fully up-to-date with tracking techniques.
- Many devices and apps have location enabled by default.
References
Bhuiyan, J. (2021, September 16). The new warrant: How us police mine google for your location and search history. The Guardian. Retrieved October 8, 2021, from https://www.theguardian.com/us-news/2021/sep/16/geofence-warrants-reverse-search-warrants-police-google.
Gaylord, I. (2019, October 21). Location Tracking: A privacy concern. United States Cybersecurity Magazine. Retrieved October 8, 2021, from https://www.uscybersecurity.net/location-tracking/.
Groman, M. M. (2020). Tracking My Location – Business Uses and Consumer Choices. Stay Safe Online. Retrieved October 9, 2021, from https://staysafeonline.org/resource/tracking-location-business-uses-consumer-choices/.
Laperruque, J. (2021, August 25). Geofence warrants: The last piece of the location privacy puzzle. Project On Government Oversight. Retrieved October 8, 2021, from https://www.pogo.org/analysis/2021/08/geofence-warrants-the-last-piece-of-the-location-privacy-puzzle/.
National Security Agency. (2020, August). Limiting location data exposure – U.S. Department of Defense. Retrieved October 13, 2021, from https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF.