Now It's Personal: Mobile Nears The Privacy Third Rail

The online behavioral advertising world may be feeling a bit like Lindsay Lohan this morning -- right after Charlie Sheen went self-destructive super-nova. Whew! Lindsay must have thought -- at least the press is onto another whack job for a while. And so, in just a matter of days, persistent and growing attention to digital privacy issues and pending regulatory proposals took a hard left into Cupertino. The revelation that iPhones maintain on-board tracking of user locations (accessible to anyone with the device and the right software tools) just succeeded in moving the digital privacy discussion closer to the third rail that has been waiting for it all along: mobile.

You don't see issues like this splashed across the Drudge Report home page. But the "Phones Secretly Tracked Users" headline this morning at Drudge links to the Wall Street Journal feature by Julia Angwin and Jennifer Valentino-Devries.

The WSJ piece adds to the growing fire over Apple by tossing Google onto the flames. In previous reports it was revealed that Apple iPhones maintain a file record kept on board that includes all of the geo-locations of the device. In fact, there is a mapping program that can track these points visually for the user. The tracking seems to have started with last year's iOS 4 operating system update, and it included latitude, longitude and time stamp data that is transferred to the user's computer when the phone is synched. In other words, anyone who has access to the phone or to the PC can find out exactly where the user was, and when, going back nearly a year. The researchers who found this file reported it first at a conference this week and also insisted they could not find a similar file on Google's Android phones. 

But now WSJ chimes in with its own independent research. They found that at least an HTC Android model sent location data for the phone to Google several times an hour. Apple apparently had already admitted to lawmakers last year that they collect location data "intermittently" on the phones -- every 12 hours. But this seems to be a separate issue from the location record file kept on the device itself. It is unclear whether Apple is tapping that data.  

Security expert Alex Levinson has now rebutted the claim that the iPhone tracking file is newly discovered or "secret." He says researchers like him have known about it for a while. 

Whatever. None of these internecine details obscure the fact of the matter: a big, fat, beloved target just walked right into the middle of the data collection debates. And this time, it is personal. One of the truisms of mobile media is that almost any issue that bedevils online digital environments only gets amplified once the platform is on a person's body. Impatience with advertising is only heightened here. The possessiveness of a user towards the device increases. And when it comes to data tracking, issues that seemed less pressing and relevant to the everyday user on the Web suddenly feel much more urgent. This is the medium where every person feels he or she has a stake in the outcome, so it has the potential to take the entire data control issue to another level. 

And the introduction of Apple into the fray makes it personal on another level -- the association of a brand with a person, Steve Jobs. Not insignificantly, Congressman Ed Markey's recent letter to Apple was a letter to Jobs himself. "Apple needs to safeguard the personal location information of its users to ensure that an iPhone doesn't become an iTrack," he wrote.  Clever, and effective. By mucking about with Apple's own branding campaigns and addressing the issue specifically to the high-profile CEO, Markey has tried to elevate the issue to one of corporate responsibility and brand impact. We're not talking about data and ad firms no one but industry insiders ever heard of before.  

Several years ago at an OMMA Behavioral conference, one of the panelists in a discussion on privacy ended the session by blurting a dire warning. He said in effect that whatever we were discussing here today about data collection among Web sites was nothing compared to the form this controversy will take on cell phones. This is where it will really blow up, he contended.

I would double down on that point, because I think the mobile devices changes the conversation. Many of the arguments used to assuage worries about digital privacy online are simply less effective here. When data can be tied to specific device IDs, times and location, insistence that the resulting data is "anonymized" (no matter how true it may be) is very hard for the layman to swallow. Tracking Web behaviors is a whole order of magnitude less scary than tracking physical location. And the very idea that someone could swipe or even just access my phone, and be able to get a full record of my physical movements, is a new kind of creepy.  

To be sure, misinformation is all over the place already in this story. There is no direct evidence that Apple itself accesses the on board file of location data. But that is irrelevant, as we already know that location data does go back to both Apple and Google -- and countless other geo-location apps out there that don't give consumers any fair warning of what is going on.  It doesn't matter. Misinformed or not, both consumers and legislators will rightfully insist that the major mobile players provide greater clarity about what they collect, how it is used and what tools users will have to opt out. Neither Apple nor Google has given any satisfying public statement about this yet.  

One of the interesting differences the privacy issue on mobile has is that it may well center on two major consumer brands that are already trusted and generally liked. This could have a clarifying effect for everyone that we never got online. Apple and Google are in a position to take the lead on this issue and start a coherent, accessible dialogue on costs and benefits of mobile data tracking with consumers that no number of online associations and coalitions have managed to do. The fact that their brand reputations are at stake puts serious industry skin in the game of getting this right. Mobile forces the data issue to get personal, both for consumers and for the companies involved.  

Recommend (6) Print RSS
2 comments about "Now It's Personal: Mobile Nears The Privacy Third Rail".
  1. Roger Toennis from Liquid Media LLC , April 22, 2011 at 3:13 p.m.

    While I absolutely agree that the the thought of my location being tracked at all times by my iPhone is emotionally discomforting to my lizard hindbrain I also know intellectually in my frontal lobes that wireless carriers have had and still have the ability to very accurately track the physical location of EVERY mobile phone for almost 20 years now.

    Every time any CDMA/TDMA/2.5G/3G/4G device is connected to the wireless network the carrier can pretty accurately pinpoint your physical location using simple, server-side triangulation software whether you have GPS on your phone or not.

    And guess what...thats right...the NSA can look at that data.

    Yes, the thought that by stealing my gps smartphone/iPhone someone with a special device or software could gain access to my location data for a year is somewhat discomforting. All the more reason to not lose it, which is something I don't want to do anyway for reason likely more important than the release of my location information.

    Also don't forget that the reality is every time you swipe a credit card for a purchase the credit card company also knows your physical location.

    People need to just come to terms with the fact that in this modern age of credet/debit cards for payments, always on communication and mobile internet it's not particularly hard to figure out where you are, even if you don't have a GPS phone "secretly" tracking you.

    I mean really, folks. You bought a GPS phone that can track you within 20 feet of your location and you seriously didn't think that there might be the possibility that the technology is keeping an updated file of locations in order to deliver better performance on a lot of the location features you like to use?

    Plus let's think about this. Even with this in place it takes some significant effort to steal this data. On top of that we should also realize that 99.9999% of the time no one really friggin' cares where a given adult in the population is at physically.

    So if you have a reason to be in stealth mode physically because you are doing something nefarious then perhaps you should...hmmmm...maybe not take your phone with you to places where you never want anyone, ever, ever, ever to know you've been.

    Just a thought...

    R

  2. Andre Szykier from maps capital management , April 23, 2011 at 12:05 a.m.

    R Toennis makes a few non-factual comments, probably garnered from other media sources.
    1. First, CPSs can track by cell tower because that is how calls get transferred to maintain connection. Do they track these events and store them? No. It is all about billing and quality of service. Once the call is completed the billing transaction is recorded and no geo-tracking data is kept.
    2. NSA tracks all calls. Wrong again. Experiments with voice signature tracking at Verizon on behalf of the NSA shows that this science is not as advanced as we may think. NSA Harvester and FBI Echelon programs "sample" on different criteria. Storing the content of every email, voice conversation, Tweet and so on is nonsensical because of the time shift phenomenon: "there are not enough hours and people in a day to analyze all the traffic that flows. NSA uses the honeypot model as well as the channel sniffer model to put its limited resources to work focused on defined communication pipes with a higher probability of success.
    3. GPRS tracking is not granular enough to support real time location based mobile services. You can see how poor it is when you engage in these services. High resolution coordinates (1-10 metres) are not useful for law enforcement nor for advertisers because the physical characteristics of where you are when located, are invisible to the sender - you might as well be on the sea.
    4. Mobile carriers and software providers are interested in this feature because it provides true identification of the mobile user across spatial, time and usage dimensions. once you overlay specific user profile attributes, there is no anonymity and defensible metrics that can be delivered to advertisers. There is the holy grail that so far, has escaped the "Bell Heads" running the telecoms.

    Let's face it, in the words of one of the head executives at AT&T regarding the monetization of geo-enabled apps:

    "We love users to download and pay for apps...as long as they don't use them and clog up our spectrum"

    Now that's innovative thinking by the number 1 carrier in the US. Sound like Ma Bell in the eighties? You bet...