An oft-repeated refrain among the privacy conscious is that a cellphone is really a tracking device that lets you make calls. But a major new study suggests the digital trail left by a cellphone can identify more than mere movements—it can be used as a “fingerprint” to identify people with a striking degree of accuracy.
In a report published this week, a team including researchers from MIT and Harvard revealed that anonymized cellphone location data demonstrate patterns of behavior that could be used to identify a person. They were able to “uniquely identify 95 percent of the individuals” so long as they had hourly updates showing cellphone location and could measure it against four distinct “spatio-temporal points” on a map. The finding was significant. It illustrates “fundamental constraints to an individual's privacy,” according to the researchers.
The data on the 1.5 million people were obtained from an unnamed cellphone operator in a “small European country” and covered a 15-month period. Location data over time, for instance, could be used to help pinpoint where users worked, where they shopped, where they went to relax on the weekends, where and when they left the country and from which airport they departed, and more. Of course, the researchers didn’t identify any users by name in their study—but the point is that it wouldn’t be difficult to do, much like how “anonymous” AOL searches were able to be traced back to individuals in 2006.
“Given the amount of information that can be inferred from mobility data, as well as the potentially large number of simply anonymized mobility datasets available, this is a growing concern,” the report noted. “The information that can be inferred from [the data] highlights the importance of understanding the privacy bounds of human mobility.”
It’s fairly common for app providers to gather location data on users. The researchers pointed out that an estimated one-third of the 25 billion apps downloaded from the Apple App Store access a user’s geographic location, and about 50 percent of all iOS and Android traffic is available to ad networks. Cell location data are widely used by law enforcement, too, with authorities in some cases using “tower dumps” to obtain information showing the movements of all individuals in a target area at a specific time. The Justice Department has recently claimed that users have no reasonable expectation of privacy over their location data—though this latest study may go some way to discrediting that argument. It may also fuel support for a proposal being pushed by Sen. Al Franken, D-Minn., that would force app providers to ask users for consent to record their movements.
Incidentally, as a supplement to the study, it’s worth checking out this excellent interactive graphic produced last year by German news outlet Zeit Online. It offers a practical insight into how much can be gleaned about a person using location data and information mined from social media websites—showing how large datasets can be pieced together to map out and monitor movements and behavior over time.