Mobile phone carriers can collect, share location data
Maybe more than you think.
Wherever you are, your mobile phone regularly checks in with the nearest cell tower so that when you want to make a call, it can do so quickly.
And that creates literally billions of location data points as we all go about our daily lives.
Mobile carriers collect that location data and pass it on to third parties, from municipal planners who want to make roads safer, to companies that want to target ads to folks who live and work where their products are sold.
Andrea Moe is vice president of product management and marketing for AirSage, an Atlanta-based data analysis company. AirSage recently announced partnerships with two major wireless carriers 'to turn integrated cellular activity into meaningful local, regional and national data.'
AirSage captures location data from 100 million mobile devices, Moe said, including those of New Hampshire customers of the two carriers. 'We see about a third of the population in the United States about 100 times a day,' she said. 'And that's about 15 billion data points a day. It's pretty incredible stuff.'
Her company doesn't know the names or phone numbers associated with any of those devices, Moe said. The mobile carriers keep private customer information behind a firewall and 'anonymize' the data before giving encrypted location data to AirSage.
Then it's up to AirSage to 'make sense of the data,' she said. 'After it gets anonymized and it goes through the firewall into our data center, that's where our secret sauce starts working.'
AirSage's potential customers include city planners who want to measure traffic volume and patterns and companies that want to provide real-time traffic information to their customers, she said, noting the company hasn't done any work for New Hampshire municipalities.
AirSage provides aggregated location data to those users. But when it comes to mobile marketing, they can get a lot more specific, Moe said.
Say you downloaded a Starbucks app that lets you find the closest coffee shop. If Starbucks were a customer of AirSage, Moe said, 'We could basically tell them with our FastCache product ... your mobile's location throughout the day, and they would be able to send you push notifications at relevant times.'
'Let's just say your mobile typically leaves home at 7 o'clock in the morning and you typically drive by a certain Starbucks at 7:30,' she said. 'They might want to send you a push notification at 7:10 that says, 'Hey, come on in for a free latte today.''
Those kinds of messages are sent only to consumers who 'opted in' to get offers from a given company, Moe said.
She said her company also can 'infer' other information from how mobile devices move: 'If we see a mobile device in the same geographic area between midnight and 6 a.m., we can pretty well infer that that's where that mobile device lives.'
But she stressed, 'We know where the mobile device is, but we don't know who it belongs to. And that's a very important thing.'
'Privacy is the utmost of concern to us.'
David Jacobs, with the Electronic Privacy Information Center in Washington, D.C., has some concerns of his own about mobile location data. 'One of the basic principles is you should tell people what is going to happen to their data beforehand,' he said.
'There are clearly public benefits to having good traffic data and so on,' he said. 'The question is whether we can try to capture those benefits while still protecting privacy.'
The fact that location data is anonymized and aggregated does reduce the privacy concerns, he said. 'But you always have to be on the lookout for an expansion in the use of data.
'It's very tempting to say we can use it not only to monitor traffic, but we can use it to catch speeders. And it just keeps expanding and expanding and grows beyond the purpose for which you collected the data in the first place.'
Jacobs is also concerned that a third party could 'reidentify' individuals from a broader pool that's 'anonymized.'
As companies get better at narrowing their customers' profiles, he said, 'it may be there's only one person that matches that profile ... and that's where the potential for reidentification comes in.'
He thinks it makes sense to limit how companies can use location data. 'Because there are some uses we might just decide are totally impermissible, regardless of how good the notice is.'
Rep. Neal Kurk, R-Weare, a privacy watchdog, said so long as a company requires customers to 'opt in' before it tracks their location or sends them ads, he doesn't see any privacy concerns.
However, he said, 'I have a problem with the carrier giving that bulk information to third parties because to the extent that a lot of companies have this data, then you run into additional issues.'
One concern is the potential the data could be hacked; another is the possibility that someone could layer enough other information on top of the anonymous location data to reidentify someone's personal information, he said.
Kurk said it's not too late to address the issue with laws: 'You establish a right to locational privacy and require that anybody who has this information, because it's been provided for cellphone purposes, can only use that information on the basis of an opt-in or court order.'
Hanni Fakhoury, a staff attorney with the Electronic Frontier Foundation in San Francisco, said current law is unclear about the legal standard for law enforcement to obtain location information about a cellphone.
A federal law passed in 1986 protects the 'content' of electronic communications, Fakhoury said; he contends location data 'should actually be considered content.'
But he said there have been cases where law enforcement officials have asked for 'a tower dump,' seeking all the records from a particular cell tower on a given date.
'What's happening is they're getting information about people that they're not necessarily suspecting of criminal activity. And that's always been what the law has generally required in order to engage in a search or seizure,' he said.
Fakhoury said the risks are even greater with today's smartphones 'because we do everything: we check our bank accounts, book plane tickets, communicate with people.'
'You're creating a database of all of this information that's being held by a private company, and the law has generally said you lose your right to privacy when you turn information over to third parties,' he said.
Meanwhile, experts say if you're worried about all this, there is a simple solution: Turn off your phone.