The U.S. Government Buys Cell Phone/App Location Data

4 Likes

Sad, isn’t it? Just goes to show that government isn’t part of the solution because it is part of the problem.

3 Likes

Big Brother does not like it when you’re sad!

1 Like

That’s nothing. 10 years before, everyone bought user classification data about target group. Today everyone snitches with localization data. And its everywhere. Your Supermarket/Walmart like safe and track your Phones Mac Address in House or offer you a free WLAN. And many accept it.

I take my focus on Software and Algorithms try to chance your behavior to match calculations in future about it. Which use Location an Messaging Data from the past…

1 Like

That’s why you hardware kill the WiFi in the Librem 5 when you leave home.

With or without hardware kill, MAC address randomisation can also be useful to defeat that kind of tracking (and that is somewhat useful even if you choose to use the “free” WiFi).

In either case, it needs to cover Bluetooth as well. (In the Librem 5, by definition, hardware killing the WiFi also kills the Bluetooth.)

1 Like

I must be missing something, because I do not see what is new in EFF’s article, other than the extent of the problem and naming names.

Especially since 9/11, intelligence agencies and law enforcement have been skirting already extremely poor laws by “outsourcing” or using the force of government to coerce private parties to hand over data. Where they cannot coerce, they pay.

Years ago, I remember a lecture on the death of privacy back when MySpace was still referenced. If my memory serves, US Marshalls used information purchased from a pizza delivery company to capture a fugitive.

As many have said before in these fora and elsewhere, I do not think most people care about the information they are handing over. They like the “freebies.” (Sigh, I keep hearing the inane “I have nothing to hide.” argument.) Nor do they appreciate that their data is not compartmentalized and not necessarily going to be used for the purpose given. The recent Twitter fine for misusing 2FA information is a case in point. Even if there is a written privacy policy, companies ignore it when convenient–I have experienced this myself more than once–and government agencies probably take advantage.

I also find it sad when people do seem to care about these issues. Some of anti-COVID vaccine folks fear the government is introducing trackers in the vaccines, and they take and post videos of their “proof” with their smartphones! Stasi’s dream come true.

The proposals in the article will not work unless the laws are actually enforced. The current laws rarely are, especially when the government is one of the customers! Additionally, there is no incentive for companies to do as EFF proposes unless they want to be viewed as a “privacy-oriented” company. In my view, even that is an illusion; there is too much money to be made. There is finally little to no recourse for the consumer.

Like you, I read T&Cs and privacy policies, do my best to thwart trackers, refuse to give information when I can, still use cash, etc. Sometimes, it seems futile.

(Is it not ironic that the EFF’s article has “Share it” links to Facebook, Twitter, and others? I realize it wants to get the word out, but…)

2 Likes

Who needs educating more than those users?

2 Likes

I think what’s exceptional here is the concept of government/military/law enforcement purchasing data from brokers that’s already aggregated, and at least partially based on mobile app (and other) data. Normally, one would assume that agencies must submit authorized legal demands (subpoenas, court orders, search warrants) directly to telecoms, Apple, Google, etc., which I know they still do. But outright purchase of such combined and collated data from third-party commercial data brokers seems to be bypassing the established legal requirements.

I know most agencies have subscriptions to the likes of LexisNexis for the purpose of discovering address history, personal identifiers, cohabitants, financial assets, etc., but those contracts wouldn’t include such things as fine-grained location tracking and data usage. By law, they would have to submit the legal demands directly to telecoms and cloud services for that kind of data.

@amarok, thanks for your comment. I focused on acquiring the information, not from where it was coming. That is a good point.

@Gavaudan, my comment was somewhat tongue-in-cheek, but I wish that article would indeed educate many of those folks.

1 Like

Its true, it looks weird. You can read my post as more thinking out loud than as a correction.

I rarely see those anti-social media buttons. I despise them so much that I load up every browser on every device with NoScript, uBlock Origin +numerous blocklists, AND Privacy Badger (although the latter is not available for Pale Moon), and continually frenzy-ban any attempted connection to Google or Facebook.

Except for Epiphany, which apparently doesn’t have any built-in options to actively fight those things. (I think there used to be browser extensions for Epiphany, so WTH?) And the only reason I use Epiphany at all is because some websites refuse to operate for me, or try to force captchas for access, which won’t work on my locked down browsers. (I also can’t sufficiently darken website text on Epiphany.)

And finally, I have Pi-hole set up, but I’m not routing VPN traffic through it at the moment. If, by some freak happenstance, I’m browsing without the VPN, Pi-hole will catch any remaining offenders. (My Roku is also not behind a VPN.)

1 Like

I presume they are paying a fair market rate and not the government toilet seat style markup?

Don’t worry Canada does this garbage as well so it’s not just Americans getting hosed. If Purism ever gets AweSim into Canada i’d sign up in a nano second.

https: //odysee.com/@RebelNews:9/exclusive-public-health-agency-of-canada-paid-200k-to-telus-for-cell-phone-tracking-data:b

2 Likes

A Canadian version would have to be something like: “Awesim-hey-buddy”.

1 Like

@Gavaudan, @amarok, I did not mean to ‘disappear’ on you; I have been indisposed the past week. (No, not Covid, In spite of the example in my earlier post, I am not an anti-vaxxer nor do I have any sympathy for them.)

I too use uBlock Origin in advanced mode–since the death of uMatrix–so I can block scripts. I do not see the buttons either unless I enable scripting, but I can still see a couple of the placeholders.

For organizations like EFF, it is difficult to walk that line. As you point out, one would want to reach the largest audience, but, at the same time, one also supports the very same companies that abuse us and sell their information to third-parties, including the US government.

From what I read at EFF, IAPP, and privacy sites elsewhere, I do not think I am being paranoid. While the GDPR has short-comings, the patchwork of (poor) laws in the US just do not work. Most people are not even aware some of these laws exist. Unfortunately, the situation is also much like the AEC/NRC when I was growing up. It was charged with advancing nuclear technology and regulating it at the same time. We have the same here: a US government charged with protection by law, but collecting all the information they can, legally and illegally, on US citizens and others.

1 Like

(Warning: Clicking the link below will take one to YouTube. Sorry, but Deutsche Welle appears to stick their reports there. I used a public computer to view this video, since I avoid Google like the plague.)

Here is a timely and related report from Deutsche Welle on what governments, in this case the police, might do with data they are collectioning on citizens. (It is in English. The run-time is much less than 20 minutes if one skips the ads.) It is about “predictive policing.” Would you want a computer to chew on your data and predict that you are likely to commit certain crimes in certain areas?

2 Likes

[TIP: You can use a browser extension like LibRedirect to automatically open privacy-abusing links in privacy-respecting alternate sites instead. :slight_smile: Available for Firefox, and probably Chromium browsers]

For Pale Moon, there is: URL Rewriter.

There’s a movie about that…

2 Likes

@amarok, thanks for the tip. I do not use any of those services, except rarely YouTube, but I will keep it in mind.

@Gavaudan, I guess it is unfortunate that it is more than a movie. As reported, predictive policing has been and is being used.

One might think that one of the main examples in the report is an ex-criminal and deserves to be on the watch list. I hear, however, echoes of Niemöller’s words that end: “When they came for me, there was no one left to speak out.”

The report also mentions that teens are targeted. If that is true, it should be easy to collect their data. Former colleagues and friends–we are all former hardware and software developers–have noted that their kids really do not care about this issue at all. They use social media and provide information without a second thought. As the original post claims, much of that falls in the government’s hands in one form or another.

1 Like

And at the risk of starting a flame war1, the recent overturning of Roe v. Wade has turned the spotlight onto how state governments might seek to acquire data from period-monitoring apps and the like, as well as search terms, as well as location data. (I think you can see why location data would be interesting to the state government for this specific purpose.) It all just took a more sinister turn (and not hypothetical either).

For those states that have “bounty laws”, it is also reasonable to wonder about whether private individuals can and will obtain the same data, instead of or in addition to the government.

So

maybe kids just got given a reason to care.

1 So to be clear … the purpose here and of this topic is not to debate whether abortion should be legal, or the merits of Roe v. Wade, or its overturning … but to keep the focus firmly on the what, how and why of governments in the US buying or otherwise obtaining data.

I assume a reference to Minority Report.

1 Like