How the Federal Government Buys Our Cell Phone Location Data

Over the past few years, data brokers and federal military, intelligence, and law enforcement agencies have formed a vast, secretive partnership to surveil the movements of millions of people. Many of the mobile apps on our cell phones track our movements with great precision and frequency. Data brokers harvest our location data from the app developers, and then sell it to these agencies. Once in government hands, the data is used by the military to spy on people overseas, by ICE to monitor people in and around the U.S., and by criminal investigators like the FBI and Secret Service. This post will draw on recent research and reporting to explain how this surveillance partnership works, why is it alarming, and what can we do about it.

Where does the data come from?

Weather apps, navigation apps, coupon apps, and “family safety” apps often request location access in order to enable key features. But once an app has location access, it typically has free rein to share that access with just about anyone.

That’s where the location data broker industry comes in. Data brokers entice app developers with cash-for-data deals, often paying per user for direct access to their device. Developers can add bits of code called “software development kits,” or SDKs, from location brokers into their apps. Once installed, a broker’s SDK is able to gather data whenever the app itself has access to it: sometimes, that means access to location data whenever the app is open. In other cases, it means “background” access to data whenever the phone is on, even if the app is closed.

Keep reading

Mental health and worship apps are found to be some of the most privacy invasive

Apps that deal with some of the most sensitive and personal data, such as that concerning a user’s mental health or religious activities, are said to rank among the worst privacy offenders.

This is the conclusion of a study conducted by the Mozilla Foundation, which singled out mental health and prayer apps as being prone to track and collect data revealing a person’s state of mind, feelings, and thoughts, and then “share” that for-profit via targeted advertising.

Mozilla’s team looked into 32 apps from this category, putting a “privacy not included” label on 29, and publishing the findings in a guide of the same name. 25 of these apps didn’t pass the foundations’ minimum security standards around password quality and handling of security updates.

PTSD Coach, developed by the US The Department of Veterans Affairs, has “strong privacy policies and security practices,” while chatbot Wysa “seems to value users’ privacy.” And the Catholic prayer app Hallow was the only one to “respond in a timely manner” to Mozilla’s emails.

Besides these technical issues, the apps singled out in the report are also said to target “vulnerable users with personalized advertisements” and track and share biometric data.

Keep reading

Scooping private data doesn’t violate Fourth Amendment if the owner can still access it, court rules

The US Ninth Circuit Court of Appeals appears to have given the government permission to order anyone’s internet account data copied and held without any cause, whenever they want, without providing any justification, according to University of California, Berkeley School of Law professor Orin Kerr’s analysis of a recent Ninth Circuit briefing that affirmed Carsten Igor Rosenow’s conviction and sentencing for sexually exploiting children in the Philippines.

In his appeal to the Ninth Circuit, Rosenow argued that he had a right to privacy in his digital data and that law enforcement requests to preserve his Yahoo! account data, which were submitted without a warrant after a tip from Yahoo!, violated the Fourth Amendment’s protection against unreasonable search and seizure.

But the Ninth Circuit rejected his argument and affirmed his conviction, saying that Yahoo!’s preservation of Rosenow’s records didn’t amount to an unreasonable seizure because the preservation requests didn’t prevent him from accessing his account and Yahoo! didn’t provide the government with access to his data without further legal process:

“A ‘seizure’ of property requires ‘some meaningful interference [by the government,] with an individual’s possessory interests in [his] property.’ Jacobsen, 466 U.S. at 113. Here, the preservation requests themselves, which applied only retrospectively, did not meaningfully interfere with Rosenow’s possessory interests in his digital data because they did not prevent Rosenow from accessing his account. Nor did they provide the government with access to any of Rosenow’s digital information without further legal process.”

The court also claimed that Rosenow had already consented to these preservation requests when he accepted Yahoo!’s terms of service:

“It also is worth noting that Rosenow consented to the ESPs [electronic service providers] honoring preservation requests from law enforcement under the ESPs’ terms of use.”

We obtained a copy of the Ninth Circuit’s briefing for you here.

Keep reading

AI Used to Tap Massive Amounts of Smart Meter Data

The global market for Smart Electricity Meters estimated at US$10.5 Billion in the year 2020, is projected to reach a revised size of US$15.2 Billion by 2026, growing at a CAGR of 6.7% over the analysis period.

For utilities aiming to modernize their grid operations with advanced solutions, smart electricity meters have emerged as an effective tool that can flawlessly address their various energy T&D needs in a simple and flexible manner.

Single-Phase, one of the segments analyzed in the report, is projected to record 6.2% CAGR and reach US$11.9 Billion by the end of the analysis period. After a thorough analysis of the business implications of the pandemic and its induced economic crisis, growth in the Three-Phase segment is readjusted to a revised 7.9% CAGR for the next 7-year period.

In the coming years, the growth of smart electricity meters market will be driven by the increasing need for products and services that enable energy conservation; government initiatives to install smart electric meters in order to address issues of energy requirement; the ability of smart electric meters to prevent energy losses due to theft and fraud, and to reduce the costs involved in manual data collection; increasing investments in smart grid establishments; the growing trend of integration of renewable sources to existing power generation grids; rising T&D upgrade initiatives especially in developed economies; increasing investments into construction of commercial establishments such as educational institutions and banking institutions in both developing and developed economies; and emerging growth opportunities in Europe with the ongoing rollouts of smart electricity meter rollouts in countries such as Germany, the UK, France, and Spain.

Keep reading

Adults and Children Continuously Targeted for Data Extraction, Surveillance and Censorship

It isn’t an exaggeration to say that not a single day goes by without a new data exploit, hack, breach, leak, or scandal involving censorship by private companies and government agencies. Of course, this is all compounded even further by the fact that more devices contain more sensors that connect to the internet than ever before, offering many new methods for targeting groups and individuals. It has been estimated that by 2030 there could be 125 billion devices — potentially 15 per user — that in some way will comprise the ever-expanding Internet of Things ecosystem.

Amid this sea of two-way data traffic, we have a massive amount of targeted advertising and personally identifiable information extraction that has shown very often to all be done without users’ consent. If there is consent at all, it very likely is through lenthy and confusing Terms and Conditions that almost no one reads in their entirety. Worse still is the proven targeting of children’s data. Lawmakers continue to attempt to rein in these consumer-unfriendly practices, but their current proposals will likely do more harm than good. At this point it should be obvious that even if legislative measures are effectively created, such a waiting game only leaves all of us, including our kids, increasingly vulnerable at any given moment. People want – and deserve – to become personally responsible for their own security and privacy.

Fortunately, there are residential proxy providers on the opposing side that understand the rising awareness by the public of these data violations and creepy intrusions. These companies are doing everything they can to offer the tools necessary for individuals to protect their family’s data and privacy, while also offering increasing freedom to reach the websites that we do want to visit.

Keep reading

Find Out and Fix What Big Data Says About You

I thought I knew all about the information that consumer reporting agencies were collecting on me. Then I discovered The Work Number—a database that reports every paycheck I’ve received from my company, with net and gross amounts, going back to my hire date six years ago.

Another consumer reporting agency shows the results of a 2016 echocardiogram. (It was normal.) Yet another tracks insurance claims on my home and car. If I’d made too many returns at retail stores or bounced a check at a casino, that could show up in a database as well.

“Any data point that someone can track, there’s going to be a bureau or someone gathering information and selling that information,” says Matthew Loker, a consumer protection attorney in Arroyo Grande, California.

Unfortunately, not all the information being reported is accurate—and mistakes can have serious consequences. Loker says one of his clients lost a lucrative job offer because an employment screening company confused her with a drug smuggler. By the time the error was fixed, the position was filled. Other people have been denied insurance, apartments, bank accounts, and government benefits because of database errors.

But discovering and correcting mistakes is no small task.

Keep reading

CIA Collecting Data on Americans

Two Democrat senators say the CIA has been operating a secret program that collects data on Americans.

Sens. Ron Wyden of Oregon and Martin Heinrich of New Mexico sent a letter to intelligence officials looking for additional details about the undisclosed data repository. The letter, sent April 2021, was declassified on Thursday with portions of it blacked out.

Both Wyden and Heinrich are members of the Senate Intelligence Committee.

In the letter, Wyden and Heinrich requested the declassification of a report by the Privacy and Civil Liberties Oversight Board [PCLOB] on a CIA bulk collection program.

statement released on Thursday by the two Senators said: “The letter, which was declassified and made public today reveals that “the CIA has secretly conducted its own bulk program,” authorized under Executive Order 12333, rather than the laws passed by Congress.

“The letter notes that the program was ‘entirely outside the statutory framework that Congress and the public believe govern this collection, and without any of the judicial, congressional or even executive branch oversight that comes from [Foreign Intelligence Surveillance Act] collection.'”

“What these documents demonstrate is that many of the same concerns that Americans have about their privacy and civil liberties also apply to how the CIA collects and handles information under executive order and outside the FISA law. In particular, these documents reveal serious problems associated with warrantless backdoor searches of Americans, the same issue that has generated bipartisan concern in the FISA context,” Wyden and Heinrich said in the statement.

Keep reading

Concerned about Your Privacy? 6 Ways to Reduce the Amount of Internet Data that Has Been Collected on You

Most businesses want to generate as much profit as possible.  That’s always been true.  Data collection can be very profitable – sometimes even more so than selling products and services.  Data collection for the purpose of marketing more products and services to customers as well as selling customer data to third parties is sometimes referred to as “Surveillance Capitalism”.  Many businesses collect personal data on customers even when customers aren’t aware of it or have freely consented to it.  The examples are countless and include utility companies that install hazardous electric, gas, and water “Smart” Meters (see 123) on homes throughout communities worldwide.

It’s overwhelming to think about how much data has been collected on us – even children.  The good news is that there are ways to reduce some of this.

Keep reading

Facebook, Google, and Snapchat Are Bypassing Apple’s APP Tracking Transparency and Still Collecting Data on Users

Downloading “free” apps onto devices more often than not allows app providers to collect personal data on users.  Of course, companies that manufacture and sell devices tend to collect personal data on users too (see 12345).  Having access to this data allows companies and providers to analyze users’ habits and preferences so they can market additional products and services to them.  They can also sell users’ data to 3rd parties.  This practice is sometimes referred to as “Surveillance Capitalism.”  As more customers are becoming aware of this, more want to be able to “opt out” of privacy invasive data collection.  Companies aren’t necessarily making this easy though.  Recently Verizon was exposed for automatically enrolling its customers into a new program that scans users’ browser histories.  Facebook, Google, and Snapchat are now also being exposed for continuing to collect data on without users’ knowledge or consent.

Keep reading

Verizon accused of collecting customer browsing history (and more)

The My Verizon App has been accused of secretly collecting a user’s browser information, tracking apps, location, and contacts, for the purposes of understanding user interests. The mobile network provider appears to be automatically enrolling users in the data collection feature.

Input was first to report about Verizon’s “Custom Experience” feature that is concealed in the My Verizon app. There is also the “Custom Experience Plus” feature that is more invasive in data collection.

According to Verizon, the purposes of these features are to “personalize” users’ experience and “give you more relevant product and service recommendations” through the “information about websites you visit and apps you use on your mobile device.”

The company further states that a user “must opt in to participate and you can change your choice at any time.” However, it appears users are automatically enrolled.

Keep reading