"In the wake of the NSA revelations, there has been an avalanche of state bills requiring law enforcement to obtain a probable cause warrant before tracking an individual’s location in an
investigation. Most state legislators know they can’t control the NSA—but they can control their state and local law enforcement, which are engaging in some of the same invasive practices. […] Working
closely with our lobbyists in state capitols around the country, we’ve been tracking this activity and working hard to make sure these privacy-protective bills become law. The chart below shows the
current status of state legislation as we understand it. We will keep this chart up-to-date as we receive new information."
"We present a new algorithm for inferring the home location of Twitter users at different granularities, including city, state, time zone or geographic region, using the content of users’ tweets and their tweeting behavior. Unlike existing approaches, our algorithm uses an ensemble of statistical and heuristic classifiers to predict locations and makes use of a geographic gazetteer dictionary to identify place-name entities. We find that a hierarchical classification approach, where time zone, state or geographic region is predicted first and city is predicted next, can improve prediction accuracy. We have also analyzed movement variations of Twitter users, built a classifier to predict whether a user was travelling in a certain period of time and use that to further improve the location detection accuracy. Experimental evidence suggests that our algorithm works well in practice and outperforms the best existing algorithms for predicting the home location of Twitter users."
"In this paper, we examine the application of Privacy by Design to the design and architecture of MLA systems through the work of Toronto-based MLA company Aislelabs. […] This paper has in
total four sections. It begins with a background discussion of MLA and how it works technologically (section 2). Next the paper discusses the unique privacy risks associated with MLA (section 3). Finally,
it introduces Privacy by Design, discusses Aislelabs’ MLA implementation, and shows how it designs in privacy from the outset (section 4)."
"Limited privacy protections for metadata may have made sense decades ago when technology to collect and analyze data was virtually nonexistent. But in today’s ‘big data’ world, non-content
does not mean non-sensitive. In fact, new technology is demonstrating just how sensitive metadata can be: how friend lists can reveal a person’s sexual orientation, purchase histories can identify a
pregnancy before any visible signs appear, and location information can expose individuals to harassment for unpopular political views or even theft and physical harm. Two separate committees assembled by
the executive branch — the President’s Review Group on Intelligence and Communications Technology and the Privacy and Civil Liberties Oversight Board —have joined lawmakers, academics, and judges in
calling for a reevaluation of the distinction between content and metadata. This paper examines how new technologies and outdated laws have combined to make metadata more important and more vulnerable
than ever, and proposes a way forward to ensure that all of our sensitive information gets the privacy protection it deserves."
"We now know that the NSA is collecting location information en masse. As we’ve long said, location data is an extremely powerful set of information about people. To flesh out why that is
true, here is the kind of future memo that we fear may someday soon be uncovered: […]"
"Mr. Zhang is a client of Turnstyle Solutions Inc., a year-old local company that has placed sensors in about 200 businesses within a 0.7 mile radius in downtown Toronto to track shoppers as
they move in the city. The sensors, each about the size of a deck of cards, follow signals emitted from Wi-Fi-enabled smartphones. That allows them to create portraits of roughly 2 million people’s habits
as they have gone about their daily lives, traveling from yoga studios to restaurants, to coffee shops, sports stadiums, hotels, and nightclubs."
"There are actually a surprising number of different ways law enforcement agencies can track and get information about phones, each of which exposes different information in different ways. And it’s all steeped in arcane surveillance jargon that’s evolved over decades of changes in the law and the technology. So now seems like a good time to summarize what the various phone tapping methods actually are, how they work, and how they differ from one another."
"This report addresses (1) what selected companies that provide in-car location-based services use location data for and if they share the data, and (2) how these companies’ policies and reported practices align with industry-recommended privacy practices. GAO selected a non-generalizable sample of 10 companies. The companies were selected because they represent the largest U.S. market share or because their services are widely used."
"A YouGov survey commissioned by the ICO in December has highlighted that concerns around how apps are using people’s personal information is hitting developer’s sales and usage figures. The survey found that 62% of people who have downloaded an app are concerned about the way apps use personal information, with almost half (49%) of app users having chosen not to download an app due to privacy concerns. […] It’s clear then, that as well as fulfilling a legal requirement, it is in developers’ interests to make sure they are looking after people’s information correctly by complying with the Data Protection Act. To help them achieve this we have published detailed guidance today that was developed in consultation with key figures within the industry, including academics and other regulators. The guidance explains the key requirements that developers must meet when processing personal information through an app, covering issues such as security and data retention."
"Everyone who carries a cellphone generates a trail of electronic breadcrumbs that records everywhere they go. Those breadcrumbs reveal a wealth of information about who we are, where we live, who our friends are and much more. And as we reported last week, the National Security Agency is collecting location information in bulk — 5 billion records per day worldwide — and using sophisticated algorithms to assist with U.S. intelligence-gathering operations. How do they do it? And what can they learn from location data?"
"Mobile Location Analytics (MLA) provides technological solutions for Retailers by developing aggregate reports used to reduce waiting times at check-out, to optimize store layouts and to understand consumer shopping patterns. The reports are generated by recognizing the Wi-Fi or Bluetooth MAC addresses of cellphones as they interact with store Wi-Fi networks. Given the potential benefits that Mobile Location Analytics may provide to businesses and consumers, it is important that these practices are subject to privacy controls and are used responsibly to improve the consumer shopping experience. This Code puts such data protection standards in place by requiring transparency and choice for Mobile Location Analytics."
"We study fifteen months of human mobility data for one and a half million individuals and find that human mobility traces are highly unique. In fact, in a dataset where the location of an individual is specified hourly, and with a spatial resolution equal to that given by the carrier’s antennas, four spatio-temporal points are enough to uniquely identify 95% of the individuals. We coarsen the data spatially and temporally to find a formula for the uniqueness of human mobility traces given their resolution and the available outside information. This formula shows that the uniqueness of mobility traces decays approximately as the 1/10 power of their resolution. Hence, even coarse datasets provide little anonymity. These findings represent fundamental constraints to an individual’s privacy and have important implications for the design of frameworks and institutions dedicated to protect the privacy of individuals."
From ‘Mobile privacy disclosures - building trust through transparency’:
"Based on more than a decade of work on mobile privacy issues and recent data obtained through panel discussions and comments, the Commission offers this staff report providing recommendations for best practices on mobile privacy disclosures. First, the report reviews the benefits and privacy risks of mobile technologies. Second, it discusses the FTC’s efforts to address mobile privacy, as well as its research on disclosure issues generally. It then summarizes general themes raised by panel participants. Finally, it sets forth recommendations for best practices to key commercial players involved in the mobile arena – platforms, app developers, third parties such as ad networks and analytics companies, and trade associations. The recommendations are intended to promote more effective privacy disclosures."
"Location-based services, which employ data from smartphones, vehicles, etc., are growing in popularity. To reduce the threat that shared location data poses to a user’s privacy, some services anonymize or obfuscate this data. In this paper, we show these methods can be effectively defeated: a set of location traces can be deanonymized given an easily obtained social network graph. The key idea of our approach is that a user may be identified by those she meets: a contact graph identifying meetings between anonymized users in a set of traces can be structurally correlated with a social network graph, thereby identifying anonymized users."