Stories Behind The Numbers III: A Probe into the Mobile Phone Location Data Tracking Industry

Data Analytics is reshaping our society and economy in many ways, and there is one subfield that stands out especially with its enormous potential and versatility. Geospatial Analytics is defined by the Environmental Systems Research Institute (ESRI) as a process of modeling problems geographically through tying geospatial coordinates to data of interest. Adding time and location context to datasets enables us to explore the inner workings of our own physical world and visualize patterns that would otherwise go unnoticed without the context of a layered map.

Modern technologies – such as mobile phones, GPS, remote sensors, and satellite imaging – provide a wealth of data tied to geospatial coordinates that can be brought to life in mapping software like ArcGIS. All sorts of professional fields make use of this powerful technology to help solve real-world problems. Environmental researchers can use Geospatial data to monitor deforestation, identify high-risk regions and educate the local populace. Geospatial data can aide city planners in designing urban facilities to be more energy-efficient and less disruptive to the surrounding environment. Geospatial analysis is an incredibly powerful tool for public health professionals used for monitoring and combating infectious disease outbreaks, such as the global pandemic we are dealing with today. There are several Geospatial dashboards that anyone can use to track COVID-19 cases in their region in real-time, such as this one constructed by researchers at John Hopkins University.

Our Runway team could go on and on about the many positive use case scenarios for geospatial data, and plan to highlight those in future blog posts. However, for this blog post we will be examining an important ethical dilemma that has accompanied the advent of this powerful technology and affects just about every individual who owns a smartphone. That dilemma is the unregulated surveillance and tracking of human movement.

Anyone who saw Christopher Nolan’s The Dark Knight may remember how Bruce Wayne’s tech-savvy business associate Lucius Fox developed (fictional) sonar cell phone technology that could track the locations of individuals through sounds waves emitted by their mobile phones. They may also remember the look of horror on Lucius’s face when he saw that Master Bruce had taken his surveillance technology, and applied it to every single individual mobile phone in Gotham City in a desperate attempt to track down the maniacal Joker.

“This is too much power for one person,” Lucius says when Bruce asks for help in tracking down the Joker, “Spying on thirty million people is not part of my job description.”

Lucius’s valid concerns are assuaged at the end of The Dark Knight when the surveillance system self-destructs once they finally have the Joker in custody (Sorry if that was a spoiler!). Fortunately, this was just a comic book movie and nothing resembling such surveillance technology exists in real life…right?

Well, imagine this scenario: A private company asks you to keep a tracking device on you at all times, that this tracker will sporadically send precise geographical coordinates of your location to a cloud database at various points throughout the day. On top of that, said company also owns the rights to this “anonymous” data to do with as they please. Would anyone really say yes to that? Most of us would probably take that tracking device and throw it off a bridge. Well in reality, millions of us unwittingly say yes to this all the time, every time one of the apps on our smartphones asks us in a subtle pop-up message: “Permission to enable location sharing?”

Many of the applications on our devices – whether it’s Uber, Instagram, or our favorite weather app - contain features that track our geospatial coordinates throughout the day as part of their function or for added convenience. It may surprise you to know that there is an entire industry dedicated to harvesting, storing, and commodifying this data, and it isn’t Wayne Enterprises and the ever-trustworthy Lucius Fox. The majority of these location data companies are listed below in Figure 1. Companies like FourSquare use this data primarily for studying consumer behavior and contributing to the ever-evolving field of individualized, targeted advertising. They can legally operate under the claim that the geospatial data they’re collecting from mobile phones is “consented, anonymous and secure”. The data is anonymous in the sense that they are tracking the movements of devices which are not directly tied to their owner’s identity, but can such information really stay anonymous? And just how secure is this data in the hands of these companies operating quietly in a largely unregulated industry? These are the questions that New York Times reporters Stuart Thompson and Charlie Warzel had when they initiated The Times Privacy Project to investigate this issue in 2019. For the remainder of this blog post, we will discuss the findings of this Project and hopefully shed more light on what we are agreeing to when we “Enable location sharing” on our favorite weather app.

The Times Privacy Project was published in 2019, and is based off a data file obtained by New York Times journalists that tracked the movements of over 12 million smartphones between 2016 and 2017. The dataset contains over 50 billion rows, each one of those rows containing geographical coordinates documented by an app on an individual’s phone. This was the largest of these geospatial coordinate datasets ever to be analyzed by journalists, and they decided to explore just how difficult it might be to match the coordinates of individual devices with the actual people using them to Tweet, send Snaps and check the weather on a daily basis. The data coming from each individual phone contains a unique tag, which means a device can be followed throughout the day on a map as it continuously sends its geospatial coordinates up to the cloud. Below is an example of this from The Times Privacy Project. Figure 2 shows data points from over 10,000 different smartphones within Central Park in New York City over a given period. Figure 3 isolates the data from just one of these mobile phones, while Figures 4 & 5 shows the individual’s locations and routes of travel in the greater NYC area throughout the duration of the project. The journalists from the New York Times called the process of matching the geotagged location data to the identities of actual people “child’s play” and were easily able to plot out the daily lives of thousands of individuals using the database. In their analyses, the Times reporters were able to track the movements of a Microsoft employee interviewing for a job at Amazon, of celebrities visiting the Playboy Mansion, and even the precise daily movements of the President of the United States!

“DNA is probably the only thing that is hard to anonymize than precise geolocation information,” said Georgetown Law Professor and Privacy Researcher Paul Ohm in an interview with the Times researchers, “Describing geolocation data as ‘anonymous’ is a completely false claim.”

The idea that there are private interests with the power to plot out the daily lives of any individual, down to the POTUS himself is undoubtedly disturbing. One would hope that if data this sensitive was being passed between companies through transactions, there would be strict regulations and security measures in place to ensure such information doesn’t fall into the wrong hands. However, to this date, Congress has passed no laws regarding location data sharing. The responsibility rests squarely on the shoulders of the companies themselves to keep this information safe and use it ethically. That is a massive amount of trust to place in a small number of private interests. Is this social contract and the potential risks involved worth it for whatever societal benefits may come from commodifying the location data in our mobile phones? What do you think Lucius Fox would say about this corporate practice?

For any who may feel disturbed by the notion of a private company collecting data on your constant whereabouts, here are a few steps you can take to reduce the amount of geospatial data being shared from your device. As we stated earlier, there are many incredible ways that the field of Geospatial Analytics can help businesses flourish and researchers solve important world problems. But the practice of commodifying surveillance data that can be easily de-anonymized and used to map out peoples’ personal lives deserves a higher level of scrutiny.