Tuesday, February 09, 2021

 

NYT Easily Tracks Location Data From Capitol Riots, Highlighting Once Again How US Privacy Standards Are A Joke

from the watching-you-watching-me dept

First there was the Securus and LocationSmart scandal, which showcased how cellular carriers and data brokers buy and sell your daily movement data with only a fleeting effort to ensure all of the subsequent buyers and sellers of that data adhere to basic privacy and security standards. Then there was the blockbuster report by Motherboard showing how this data routinely ends up in the hands of everyone from bail bondsman to stalkers, again, with only a fleeting effort made to ensure the data itself is used ethically and responsibly.

Throughout it all, government has refused to lift a finger to address the problem, presumably because lobbyists don't want government upsetting the profitable apple cart, government is too busy freely buying access to this data itself, or too many folks still labor under the illusion that this sort of widespread dysfunction will be fixed by utterly unaccountable telecom or adtech markets.

Enter the New York Times, which in late 2019 grabbed a hold of a massive location data set from a broker, highlighting the scope of our lax location data standards (and the fact that "anonymized" data is usually anything but). This week, they've done another deep dive into the location data collected from rioting MAGA insurrectionists at the Capitol. It's a worthwhile read, and illustrates all the same lessons, including, once again, that "anonymized" data isn't real thing:

"While there were no names or phone numbers in the data, we were once again able to connect dozens of devices to their owners, tying anonymous locations back to names, home addresses, social networks and phone numbers of people in attendance. In one instance, three members of a single family were tracked in the data."

There's been an endless list of studies finding that "anonymized" is a meaningless term, since it takes only a tiny shred of additional contextual data to identify individuals. It's a term companies use to provide regulators and consumers with a false sense of security that data protection and privacy are being taken seriously, and that's simply not true:

"The location-tracking industry exists because those in power allow it to exist. Plenty of Americans remain oblivious to this collection through no fault of their own. But many others understand what’s happening and allow it anyway. They feel powerless to stop it or were simply seduced by the conveniences afforded in the trade-off. The dark truth is that, despite genuine concern from those paying attention, there’s little appetite to meaningfully dismantle this advertising infrastructure that undergirds unchecked corporate data collection."

The dystopian aspect of this has already arrived, yet this still somehow isn't being taken seriously. Numerous US agencies already buy this data to bypass pesky things like warrants, and the US still lacks even a simple privacy law for the internet despite a steady parade of privacy-related scandals. Instead of having a serious conversation about this or other serious tech policy problems, we spent the last few years hyperventilating about TikTok.


No comments: