Your phone reveals more about you than you think, warns Susan Landau.
Where you’ve been and who you’ve interacted with are not difficult for governments and corporations to find out. (Maskot via Getty Images)
By Susan Landau
Tufts University
When Politico published Supreme Court Justice Samuel Alito’s draft opinion that would undo Roe v. Wade, a number of commentators observed how hard it would be for women in states that had made abortion illegal to safely travel to abortion clinics elsewhere. Their phones’ location histories would give them away, or maybe their search histories would. Even their texts might do so.
If people want to travel incognito to an abortion clinic, according to well-meaning advice, they need to plan their trip the way a C.I.A. operative might – and get a burner phone. As a cybersecurity and privacy researcher, I know that wouldn’t be good enough to guarantee privacy.
Using a maps app to plan a route, sending terms to a search engine and chatting online are ways that people actively share their personal data. But mobile devices share far more data than just what their users say or type. They share information with the network about whom people contacted, when they did so, how long the communication lasted and what type of device was used. The devices must do so in order to connect a phone call or send an email.
Who’s Talking to Whom
When NSA whistleblower Edward Snowden disclosed that the National Security Agency was collecting Americans’ telephone call metadata – the Call Detail Records – in bulk in order to track terrorists, there was a great deal of public consternation. The public was rightly concerned about loss of privacy.
Researchers at Stanford later showed that call detail records plus publicly available information could reveal sensitive information, such as whether someone had a heart problem and their arrhythmia monitoring device was malfunctioning or whether they were considering opening a marijuana dispensary. Often you don’t have to listen in to know what someone is thinking or planning. Call detail records – who called whom and when – can give it all away.
The transmission information in internet-based communications – IP-packet headers – can reveal even more than call detail records do. When you make an encrypted voice call over the internet – a Voice over IP call – the contents may be encrypted but information in the packet header can nonetheless sometimes divulge some of the words you’re speaking.
Pocket Full of Sensors
That’s not the only information given away by your communications device. Smartphones are computers, and they have many sensors. For your phone to properly display information, it has a gyroscope and an accelerometer; to preserve battery life, it has a power sensor; to provide directions, a magnetometer.
Just as communications metadata can be used to track what you’re doing, these sensors can be used for other purposes. You might shut off GPS to prevent apps from tracking your location, but data from a phone’s gyroscope, accelerometer and magnetometer can also track where you’re going.
This sensor data could be attractive to businesses. For example, Facebook has a patent that relies on the different wireless networks near a user to determine when two people might have been close together frequently – at a conference, riding a commuter bus – as a basis for providing an introduction. Creepy? You bet. As someone who rode the New York City subways as a young girl, the last thing I want is my phone introducing me to someone who has repeatedly stood too close to me in a subway car.
Uber knows that people really want a ride when their battery power is low. Is the company checking for that data and charging more? Uber claims not, but the possibility is there.
And it’s not just apps that get access to this data trove. Data brokers get this information from the apps, then compile it with other data and provide it to companies and governments to use for their own purposes. Doing so can circumvent legal protections that require law enforcement to go to court before they obtain this information.
Beyond Consent
There’s not a whole lot users can do to protect themselves. Communications metadata and device telemetry – information from the phone sensors – are used to send, deliver and display content. Not including them is usually not possible. And unlike the search terms or map locations you consciously provide, metadata and telemetry are sent without you even seeing it.
Providing consent isn’t plausible. There’s too much of this data, and it’s too complicated to decide each case. Each application you use – video, chat, web surfing, email – uses metadata and telemetry differently. Providing truly informed consent that you know what information you’re providing and for what use is effectively impossible.
If you use your mobile phone for anything other than a paperweight, your visit to the cannabis dispensary and your personality – how extroverted you are or whether you’re likely to be on the outs with family since the 2016 election – can be learned from metadata and telemetry and shared.
That’s true even for a burner phone bought with cash, at least if you plan on turning the phone on. Do so while carrying your regular phone and you’ll have given away that the two phones are associated – and perhaps even that they belong to you. As few as four location points can identify a user, another way your burner phone can reveal your identity. If you’re driving with someone else, they’d have to be equally careful or their phone would identify them – and you. Metadata and telemetry information reveals a remarkable amount about you. But you don’t get to decide who gets that data, or what they do with it.
The Reality of Technological Life
There are constitutional guarantees to anonymity. For example, the Supreme Court held that the right to associate, guaranteed by the First Amendment, is the right to associate privately, without providing membership lists to the state. But with smartphones, that’s a right that’s effectively impractical to exercise. Unless you’re working in remote parts of the nation, it’s nearly impossible to function without a mobile phone. Paper maps and public payphones have virtually disappeared. If you want to do anything – travel from here to there, make an appointment, order takeout or check the weather – you all but need a smartphone to do so.
It’s not just people who might be seeking abortions whose privacy is at risk from this data that phones shed. It could be your kid applying for a job: For instance, the company could check location data to see if they are participating in political protests. Or it could be you, when the gyroscope, accelerometer and magnetometer data gives away that you and your co-worker went to the same hotel room at night.
There’s a way to solve this chilling scenario, and that’s for laws or regulations to require that the data you provide to send and receive communications – TikTok, SnapChat, YouTube – is used just for that, and nothing else. That helps the people going for abortions – and all the rest of us as well.
Susan Landau is professor of cyber security and policy at Tufts University.
This article is republished from The Conversation under a Creative Commons license. Read the original article.
Help Us Beat the Censors!
Donate to Consortium News‘
2022 Spring Fund Drive
Donate securely by credit card or check by clicking the red button:
Uhhh… not 2 Name Names… But… Which Alfa dog has patent on appx 90% of android devices?
Well, well. Try just not having a phone. I don’t. Well I have a fixed landline but that’s it. When I go walking around my local park the PTB don’t know where I am or whether I’m wearing a mask since I walk in a thicket of trees, or doing something they don’t approve of. One thing is sure I don’t carry a phone around with me. Of course I don’t it gets permanently left at home indoors.
The problem is HOW to ensure the data you provide to send and receive communications is used for just that and nothing else? How can we possibly hold all these non-transparent private entities accountable when we can’t even stop our own government from committing mass surveillance? The people responsible for it will even commit perjury in front of Congress over the subject and face no consequences. I think a far more productive avenue is to minimize the amount of data which can be abused from being sent in the first place. That starts at a minimum with open-source, freedom-respecting hardware and software. This applies especially strongly to mobile phones, which are some of the most locked-down, proprietary computing devices in existence. As Richard Stallman is fond of pointing out: computing that you cannot control is used to control you.
in the inverted Roe v. Wade “not my body, not my choice” world, if I were raped and got pregnant in my home state of Indiana and wanted to get to liberal Califonria for an abortion, heres what I would do
1) don’t talk about it with anyone on the phone or in person
2) purchase a computer for cash, at a second-hand computer store, and a VPN to search for an abortion doctor
3) take the trip to CA in a car without gps and use a tomtom that doesn’t connect to the internet for directions
4) leave the smartphone at home; purchase a burner phone in a different state with cash
5) wear a Covid mask inside where there are cameras
my post doesn’t cover the moral aspect of getting an abortion without telling the baby’s father, but in a post Roe v. Wade world, it’s a choice women may have to make
a real problem in this scenario is most doctors keep patient history in an electronic database, so the doctor would have your name, address, SS#, and other info in a database that can be hacked even if you did all the steps above right and paid cash for the operation. you would have to find a doctor to do the operation outside that system and that could put you in the territory of “doctors” who practice organ trafficking.
“The greatest right we have is the right to be left alone.” Supreme Court Justice Louis Brandeis.
End/stop the surveillance state.
These devices are wholly unnecessary. You didn’t need then before. You don’t need then now. Continue to think for yourself- on your own. No reliance on artificial intelligence [sic.] It’s called artificial for a reason. Save your soul. Now.
Frankly, what you suggest won’t help. The NSA/CIA etc have violated what few laws we have and you think writing more laws will help?!? I have a smart phone but it sits resolutely on my desk with everything turned off. But the reality is that you have to generate the data for the gov and corps to abuse. No data, no abuse.
Your phone sits alone on a desk while all of your family and friends are out at the T-Mobile and the Verizon parties, generating constant data. Your image, voice, name, phone number and common locations are already known to the biggest parties and the apps, even if you choose not to attend. Your anti-data collection strategy is like voting for the Green Party. You can only win if everyone else keeps their phone on the desk.
Excellent article, thank you very much. I cannot speak with authority on these matters, though I often need to do so. There are millions of concerned citizens out there believing that someday a mass movement is going to change more than political rhetoric. They do not understand that they are already too well known to be allowed to participate in anything remotely dangerous to the Combine and its tools. This article will help me explain.
For heaven’s sake, folks DUMP all this ‘must have’ garbage which is intruding in your private lives…and you pay for it.
That is impractical and nearly impossible. You cannot live without a cell phone. Many employers insist on you having one. There are no more pay phones, so you need a cell phone to be able to call anyone if you are not at home. And most people got rid of their landlines decades ago. Young people have never had landlines at all. If you want a job interview, you have to use Zoom because the pandemic is still keeping HR departments from working in their offices. I found this out and had to create a Zoom account or I would not be interviewed at all. The world is changing rapidly, my friend. We cannot go backward. What we CAN do is to rein in these cyber spies through law and that will be hard (but not impossible) because of the influence and cash that the mega-corporations have.
“The greatest right we have is the right to be left alone.” Supreme Court Justice Louis Brandeis.
End/stop the surveillance state.
These devices are wholly unnecessary. You didn’t need then before. You don’t need then now. Continue to think for yourself- on your own. No reliance on artificial intelligence [sic.] It’s called artificial for a reason. Save your soul. Now.