NYT Easily Tracks Location Data From Capitol Riots, Highlighting Once Again How US Privacy Standards Are A Joke
from the watching-you-watching-me dept
First there was the Securus and LocationSmart scandal, which showcased how cellular carriers and data brokers buy and sell your daily movement data with only a fleeting effort to ensure all of the subsequent buyers and sellers of that data adhere to basic privacy and security standards. Then there was the blockbuster report by Motherboard showing how this data routinely ends up in the hands of everyone from bail bondsman to stalkers, again, with only a fleeting effort made to ensure the data itself is used ethically and responsibly.
Throughout it all, government has refused to lift a finger to address the problem, presumably because lobbyists don’t want government upsetting the profitable apple cart, government is too busy freely buying access to this data itself, or too many folks still labor under the illusion that this sort of widespread dysfunction will be fixed by utterly unaccountable telecom or adtech markets.
Enter the New York Times, which in late 2019 grabbed a hold of a massive location data set from a broker, highlighting the scope of our lax location data standards (and the fact that “anonymized” data is usually anything but). This week, they’ve done another deep dive into the location data collected from rioting MAGA insurrectionists at the Capitol. It’s a worthwhile read, and illustrates all the same lessons, including, once again, that “anonymized” data isn’t real thing:
“While there were no names or phone numbers in the data, we were once again able to connect dozens of devices to their owners, tying anonymous locations back to names, home addresses, social networks and phone numbers of people in attendance. In one instance, three members of a single family were tracked in the data.”
There’s been an endless list of studies finding that “anonymized” is a meaningless term, since it takes only a tiny shred of additional contextual data to identify individuals. It’s a term companies use to provide regulators and consumers with a false sense of security that data protection and privacy are being taken seriously, and that’s simply not true:
“The location-tracking industry exists because those in power allow it to exist. Plenty of Americans remain oblivious to this collection through no fault of their own. But many others understand what?s happening and allow it anyway. They feel powerless to stop it or were simply seduced by the conveniences afforded in the trade-off. The dark truth is that, despite genuine concern from those paying attention, there?s little appetite to meaningfully dismantle this advertising infrastructure that undergirds unchecked corporate data collection.”
The dystopian aspect of this has already arrived, yet this still somehow isn’t being taken seriously. Numerous US agencies already buy this data to bypass pesky things like warrants, and the US still lacks even a simple privacy law for the internet despite a steady parade of privacy-related scandals. Instead of having a serious conversation about this or other serious tech policy problems, we spent the last few years hyperventilating about TikTok.
Filed Under: anonymized data, insurrection, location data, privacy
Companies: ny times
Comments on “NYT Easily Tracks Location Data From Capitol Riots, Highlighting Once Again How US Privacy Standards Are A Joke”
I have seen the efforts of several individuals to make art from this tracking of movement. They drive, cycle and walk creating images in this tracking data and post it on the internet for lolz.
When the data brokers steal this art from the creators it is an infringement upon their intellectual property rights. When the data brokers sell this stolen property they have committed a felony.
I doubt this has wheels much less any traction, but it is funny in a gallows humor sort of way, how the rules are bent in order to facilitate the get rich quick schemes.
Re: Re:
It is a given that they have a EULA essentially giving them rights to use what you create because otherwise you might as well be trying to talk to /dev/null.
Re: Re:
"They drive, cycle and walk creating images"
"When the data brokers steal this art from the creators it is an infringement upon their intellectual property rights"
Fun idea, but I doubt it’s actionable in any way. To my understanding raw factual data (such as a list of GPS coordinates) wouldn’t be copyrightable on its own. It might be that arranging or rendering the data in a certain way would be a transformative process to make the resulting image copyrightable, but you’d have a hard time fighting that in court if the data it’s based on can’t be copyrighted. Especially since it seems the purpose of creating the art is not the art itself, but an attempt to force liability on to a third party.
Good luck if anyone ever decides to prosecute, but I think that chances are very slim.
Re: Re: Re:
Yes, it was a bit silly, but one can dream 🙂
Re: Re: Re: Re:
Given the increasing insanity of copyright maximalists getting what they want into law, maybe not forever. ;P
Re: Re:
"I doubt this has wheels much less any traction, but it is funny in a gallows humor sort of way, how the rules are bent in order to facilitate the get rich quick schemes."
Actually…given that it’s in theory copyrighted there might be more traction than almost any other complaint would get.
Dear New York Times,
It has come to our attention that you have names, phone numbers, and/or addresses relevant to the Jan 6 riot. In the interests of National Security, we would appreciate it if you would forward that information to us.
Sincerely,
Mr Smith
FBI Dept of Parallel Construction
Re: Dear New York Times,
What are they supposedly constructing?
Re: Re: Dear New York Times,
Parallels. It says so in the name.
Re: Dear New York Times,
The FBI Doesnt need the info, it is available live on instagram
Re: Dear New York Times,
Dear New York Times,
We appreciate the effort you put into tracking down those involved in the Insurrection. Now that you’ve completed that task, will you be focusing your efforts on the rioters and looters in Portland or is it only to be used against people you don’t like?
Re: Re: Dear New York Times,
Were you in an elevatornwhen you posted that?
Because it’s stupid on multiple levels.
Re: Re: Re: Dear New York Times,
Just pointing out that what can be used against people they don’t like can be used against people they like.
Re: Re: Re:2 Dear New York Times,
In my opinion, the folks here are well aware of this dilemma.
Any tool created for a well intentioned and useful purpose can and will be re-purposed into some sort of weapon which can and will eventually be used against everyone.
Your concern for the people of Portland is noted and appreciated I’m sure, even tho you seem to only support one side of that, whatever it is, where it’s people-protesting-police-brutality vs police vs fascist vs rando-good-samaritan vs rando-bad-samaritan vs three-letter-acronym vs some-other-three-letter-acronym.
Re: Re: Re:2 Dear New York Times,
And you thought that false equivalence and conspicuous omission of facts would send such a message?
Re: Re: Re:2 Dear New York Times,
Did you really think police weren’t already tracking BLM protestors?
https://theconversation.com/police-surveillance-of-black-lives-matter-shows-the-danger-technology-poses-to-democracy-142194
Re: Re: Re:3 Dear New York Times,
There’s a difference between the police doing it and thr NY Times taking it upon themselves to do it. The police are doing it to the Portland protestors and the Insurrectionists already, so what purpose would serve the NYT in doing the same thing, unless it was politically motivated.
Re: Re: Re:4 Dear New York Times,
"what purpose would serve the NYT in doing the same thing"
If nothing else, it’s a great example of how "anonymised metadata" is nothing of the sort. Also, the police and FBI have issued requests for help tracking suspects in these cases, and someone might well be motivated to help prosecute an attempt to overthrow democracy than they might be to track protestors who didn’t do that.
Re: Re: Re:5 Dear New York Times,
Wasn’t Parler known specifically for fucking it up even by their standards by not removing the geolocation tags from photos for one?
Re: Re: Re:6 Dear New York Times,
Yes and no. From my understanding, the stuff that was publicly visible on the site didn’t necessarily have that stuff, but when they were "hacked" they were storing the original versions of the files without that stuff being stripped. So, still bad practice as they shouldn’t really be storing those things for its own use, but they weren’t deliberately presenting the non-anonymised versions either.
Though, again, I could be mistaken as there have been a lot of conflicting reports about what was specifically leaked.
Re: Re: Re:7 Dear New York Times,
If you’re referring to the project to archive Parler content, that wasn’t a hack, they just scraped publicly available stuff. If there was a hack/leak, it’s something else I haven’t heard about and if you have information about that I would be interested.
https://www.vice.com/en/article/n7vqew/the-hacker-who-archived-parler-explains-how-she-did-it-and-what-comes-next
Re: Re: Re:8 Dear New York Times,
"If you’re referring to the project to archive Parler content, that wasn’t a hack"
Yeah, that’s why I put the word in quotes. But, as I understand it, the metadata thing is accurate.
Re: Re: Re:4 Dear New York Times,
"it was politically motivated"
It is politically motivated to point out how the captains of industry are spying upon everyone?
Do tell.
Is it bad to do things because you are politically motivated?
Does this also apply to those who stormed the capitol?
I’m so confused.
Re: Re: Re:2 Dear New York Times,
…and intelligent and honest people would be happy with the people in Portland and other cities being found and prosecuted for their crimes. Especially if they get the "let them go and track them later for normal arrests" treatment that the insurrectionist had, rather than the "kidnap them in unmarked vans off the street" treatment that some people had elsewhere.
Now, will you examine the difference between violence that happened organically as part of a protest again systemic violence (some of it caused by agitators, or even the police, and not the peaceful protestors), and an attempt to violently overthrow the results of a legitimate and fair election – and why those might get different responses that have nothing to do with idiotic team game partisanship?
Re: Re: Re:3 Dear New York Times,
I am well aware of the differences between the two and deplore both of them. Have you considered the difference between the police responses may be due to things like firebombing buildings with LEO’s inside, using fireworks like IEDs and attempting to blind officers with laser pointers whike the other was pretry much aided by some cops on scene?
Re: Re: Re:4 Dear New York Times,
Escalation solves everything. /s
Who is supposed to be the professional here?
Keep making excuses for the outrageous behavior and it will not go away … no matter who it is or what silly flag the wave or what stupid cosplay they engage in.
Is there anything at all to that saying Equal Enforcement Under The Law? Or is that just more bullshit?
Re: Re: Re:4 Dear New York Times,
"Have you considered the difference between the police responses may be due to things like firebombing buildings with LEO’s inside, using fireworks like IEDs and attempting to blind officers with laser pointers whike the other was pretry much aided by some cops on scene?"
Given how prevalent white supremacy group membership is in Law Enforcement, what makes you think the violence incurring in conjunction with the portland riots were triggered by the actual protestors?
There’s a bit of an issue with that argument, see, when the FBI starts digging into things and find the guy with the firebombs in their satchel were white power-aligned electric boogaloo-boys.
Also, the fact the police in Portland tended to "respond" pre-emptively might have a lot to do with what started out peacefully turning into an ugly mess.
There’s no exculpating the police in either example. The protestors in both cases do, however, differ quite widely in their goals and the methods employed to reach those goals.
Re: Re: Re:4 Dear New York Times,
Reminder: the ones setting fire to police departments and those participating in the terorrism at the Capitol are one and the same.
The Big one.
Even when they say they are Anon, they arnt. Or they change their minds.
The internet has made this very simple.
Get a name or address, and the internet is the BIG automated phone book.
Insert one of them and you will get a list 10,000 miles long. Inset the city and you can get down to 10-100, names and address’s.
There are a few sites that will give you Multiple address’s for the name, so you can use it to verify.
ALL this because the US Gov. didnt do something along time ago.
You SS# is NOT supposed to be used for Identification. and the credit Bureau, Loves the gov. for them NOT enforceing things.
Then for every Contract you sign that has money involved, its SENT to them.
What I do shudder to think about
is that we won’t get people to care until cops or senators are exposed, well, those with the power to do so.
Crocodile tears.
Next time the cookie warning for, say, cnn.com (but it’s pretty much universal, with some slightly larger or smaller hoops for different sites) comes up, try turning every tracking off. Seems easy enough: about 6 use cases which you block. Oh wait, there is "Legitimate Concern" which translates into "we really want to track you". So you change to that tab and disallow everything there.
Finished.
You imagine. Now click on any "Vendors" tab in some "Legitimate Concern" you just disabled. Look and behold: they still track you with "Legitimate Concern" so you disable this on every single one of them (some actually don’t have a "legitimate concern" and thus don’t need more action). (and "Legitimate concerns" are whatever a vendor wants them to be, including "create and track a personal profile" and similar).
You’ll be through that list of a few hundred vendors in less than 20 minutes if you have a good rhythm.
For visiting one web site.
When I read something like
I could puke. Really, the kinds of law that prescribe that you need to agree to collecting data, but have no issue with a "disagreement" consisting of several hundreds of clicks in seriously misleading menus that try to fool you into pretending that something happened (and actually with no guarantee that this procedure will result in anything tangible): that’s a real joke.
But section 230 is the problem in the mind of the politicians.
Re: Crocodile tears.
One could simply turn the cell phone off, remove the battery, wrap the thing in tinfoil, put it in the microwave and go about your business without your ball ‘n chain.
But there will be withdrawal symptoms huh.
Re: Re: Crocodile tears.
When talking about the rules for participating in an activity, the option of not participating in the activity is not really of relevance except as a distraction.
When you are part of a table saw safety panel, your contribution would likely be "you could simply switch it off".
Re: Re: Re: Crocodile tears.
When participating in an activity, let’s say an insurrection …
the option of not participating may keep your ass out of jail.
When you are ratting yourself out, a possible solution might be "you could simply switch it off".
Re: Re: Re:2 Crocodile tears.
Or "leave it the hotel room before you try overthrowing the government".
Of course, these geniuses were too interested in livestreaming their crimes for that to be an option in their minds, but they did have that option.
Re: Re: Crocodile tears.
Imagine using all those words just to say "phone bad"
Re: Re: Re: Crocodile tears.
What are the chances he was on mobile when he posted that?
Re: Re: Crocodile tears.
"One could simply turn the cell phone off, remove the battery, wrap the thing in tinfoil, put it in the microwave"
If you can do the first, but not bring yourself to just not turn it back on without doing the rest, that’s a personal problem on your part and you might need help with that.
Re: Crocodile tears.
"You’ll be through that list of a few hundred vendors in less than 20 minutes if you have a good rhythm."
Or you could block tracking cookies and install a decent adblocker and not have to think about it.
Nobody is making you carry the spy device around. If getting your regular rage hits from the undeletable Facebook and Twitter apps is worth being tracked like a convict with an ankle monitor, that’s your own decision.
Anyone above the level of "magic block with cat pictures" has to know how phones work, and that at the very least the phone company knows where it is. But I guess it’s easier to ignore that while staggering around like phone zombies.
Re: Re:
I find it interesting that some folk are very concerned, even violently, about vaccines containing chips to track your activities and yet they willfully carry a cell phone around wherever they go .. even the bathroom.
Re: Re: Re:
Where the humidity-hardened Alexa lives.
Re: Re: Re:
"Bill Gates is trying to track you through vaccines!" they say, on their tracking device…