"We now know that the NSA is collecting location information en masse. As we’ve long said, location data is an extremely powerful set of information about people. To flesh out why that is
true, here is the kind of future memo that we fear may someday soon be uncovered: […]"
"Mr. Zhang is a client of Turnstyle Solutions Inc., a year-old local company that has placed sensors in about 200 businesses within a 0.7 mile radius in downtown Toronto to track shoppers as
they move in the city. The sensors, each about the size of a deck of cards, follow signals emitted from Wi-Fi-enabled smartphones. That allows them to create portraits of roughly 2 million people’s habits
as they have gone about their daily lives, traveling from yoga studios to restaurants, to coffee shops, sports stadiums, hotels, and nightclubs."
"There are actually a surprising number of different ways law enforcement agencies can track and get information about phones, each of which exposes different information in different ways. And it’s all steeped in arcane surveillance jargon that’s evolved over decades of changes in the law and the technology. So now seems like a good time to summarize what the various phone tapping methods actually are, how they work, and how they differ from one another."
"This report addresses (1) what selected companies that provide in-car location-based services use location data for and if they share the data, and (2) how these companies’ policies and reported practices align with industry-recommended privacy practices. GAO selected a non-generalizable sample of 10 companies. The companies were selected because they represent the largest U.S. market share or because their services are widely used."
"A YouGov survey commissioned by the ICO in December has highlighted that concerns around how apps are using people’s personal information is hitting developer’s sales and usage figures. The survey found that 62% of people who have downloaded an app are concerned about the way apps use personal information, with almost half (49%) of app users having chosen not to download an app due to privacy concerns. […] It’s clear then, that as well as fulfilling a legal requirement, it is in developers’ interests to make sure they are looking after people’s information correctly by complying with the Data Protection Act. To help them achieve this we have published detailed guidance today that was developed in consultation with key figures within the industry, including academics and other regulators. The guidance explains the key requirements that developers must meet when processing personal information through an app, covering issues such as security and data retention."
"Everyone who carries a cellphone generates a trail of electronic breadcrumbs that records everywhere they go. Those breadcrumbs reveal a wealth of information about who we are, where we live, who our friends are and much more. And as we reported last week, the National Security Agency is collecting location information in bulk — 5 billion records per day worldwide — and using sophisticated algorithms to assist with U.S. intelligence-gathering operations. How do they do it? And what can they learn from location data?"
"Mobile Location Analytics (MLA) provides technological solutions for Retailers by developing aggregate reports used to reduce waiting times at check-out, to optimize store layouts and to understand consumer shopping patterns. The reports are generated by recognizing the Wi-Fi or Bluetooth MAC addresses of cellphones as they interact with store Wi-Fi networks. Given the potential benefits that Mobile Location Analytics may provide to businesses and consumers, it is important that these practices are subject to privacy controls and are used responsibly to improve the consumer shopping experience. This Code puts such data protection standards in place by requiring transparency and choice for Mobile Location Analytics."
"We study fifteen months of human mobility data for one and a half million individuals and find that human mobility traces are highly unique. In fact, in a dataset where the location of an individual is specified hourly, and with a spatial resolution equal to that given by the carrier’s antennas, four spatio-temporal points are enough to uniquely identify 95% of the individuals. We coarsen the data spatially and temporally to find a formula for the uniqueness of human mobility traces given their resolution and the available outside information. This formula shows that the uniqueness of mobility traces decays approximately as the 1/10 power of their resolution. Hence, even coarse datasets provide little anonymity. These findings represent fundamental constraints to an individual’s privacy and have important implications for the design of frameworks and institutions dedicated to protect the privacy of individuals."
From ‘Mobile privacy disclosures - building trust through transparency’:
"Based on more than a decade of work on mobile privacy issues and recent data obtained through panel discussions and comments, the Commission offers this staff report providing recommendations for best practices on mobile privacy disclosures. First, the report reviews the benefits and privacy risks of mobile technologies. Second, it discusses the FTC’s efforts to address mobile privacy, as well as its research on disclosure issues generally. It then summarizes general themes raised by panel participants. Finally, it sets forth recommendations for best practices to key commercial players involved in the mobile arena – platforms, app developers, third parties such as ad networks and analytics companies, and trade associations. The recommendations are intended to promote more effective privacy disclosures."
"Location-based services, which employ data from smartphones, vehicles, etc., are growing in popularity. To reduce the threat that shared location data poses to a user’s privacy, some services anonymize or obfuscate this data. In this paper, we show these methods can be effectively defeated: a set of location traces can be deanonymized given an easily obtained social network graph. The key idea of our approach is that a user may be identified by those she meets: a contact graph identifying meetings between anonymized users in a set of traces can be structurally correlated with a social network graph, thereby identifying anonymized users."
"Industry associations and privacy advocates have developed recommended practices for companies to protect consumers’ privacy while using mobile location data, but companies have not consistently implemented such practices. Recommended practices include clearly disclosing to consumers that a company is collecting location data and how it will use them, as well as identifying third parties that companies share location data with and the reasons for doing so. Companies GAO examined disclosed in their privacy policies that the companies were collecting consumers’ location data, but did not clearly state how the companies were using these data or what third parties they may share them with. For example, some companies’ policies stated they collected location data and listed uses for personal information, but did not state clearly whether companies considered location to be personal information. Furthermore, although policies stated that companies shared location data with third parties, they were sometimes vague about which types of companies these were and why they were sharing the data. Lacking clear information, consumers faced with making a decision about whether to allow companies to collect, use, and share data on their location would be unable to effectively judge whether the uses of their location data might violate their privacy."
"Technological innovations, notably over the past decade, facilitate the collection of substantial amounts of personally identifiable data about virtually anyone who accesses information online. The rapid pace of change in both technology and business models is fueling an active and growing debate in the United States and around the world about the appropriate use of that data. The following report focuses on one part of the discussion: Location-based services (‘LBS’), mobile services that combine information about a user’s physical location with online connectivity and are transforming the way Americans work and play. […] The promise of LBS, however, comes with challenges and concerns. Because mobile devices have the ability - and often the technical requirement - to regularly transmit their location to a network, they also enable the creation of a precise record of a user’s locations over time. This can result in the creation of a very accurate and highly personal user profile, which raises questions of how, when and by whom this information can and should be used."
"In this paper we discuss the results of our analysis of the NokiaMobile Data Challenge dataset showing that by means of multivariate nonlinear predictors it is possible to exploit mobility data of friends in order to improve user movement forecasting. This can be seen as a process of discovering correlation patterns in networks of linked social and geographic data. We also show how mutual information can be used to quantify this correlation. We demonstrate how to use this quantity to select individuals with correlated mobility patterns in order to improve movement prediction. We show that the exploitation of data related to friends improves dramatically the prediction with respect to the case of information of people that do not have social ties with the user. Finally, we discuss how movement correlation is linked to social interactions, in terms of colocation and number of phone calls between individuals."