NYT Easily Tracks Location Data From Capitol Riots, Highlighting Once Again How US Privacy Standards Are A Joke

from the watching-you-watching-me dept

First there was the Securus and LocationSmart scandal, which showcased how cellular carriers and data brokers buy and sell your daily movement data with only a fleeting effort to ensure all of the subsequent buyers and sellers of that data adhere to basic privacy and security standards. Then there was the blockbuster report by Motherboard showing how this data routinely ends up in the hands of everyone from bail bondsman to stalkers, again, with only a fleeting effort made to ensure the data itself is used ethically and responsibly.

Throughout it all, government has refused to lift a finger to address the problem, presumably because lobbyists don’t want government upsetting the profitable apple cart, government is too busy freely buying access to this data itself, or too many folks still labor under the illusion that this sort of widespread dysfunction will be fixed by utterly unaccountable telecom or adtech markets.

Enter the New York Times, which in late 2019 grabbed a hold of a massive location data set from a broker, highlighting the scope of our lax location data standards (and the fact that “anonymized” data is usually anything but). This week, they’ve done another deep dive into the location data collected from rioting MAGA insurrectionists at the Capitol. It’s a worthwhile read, and illustrates all the same lessons, including, once again, that “anonymized” data isn’t real thing:

“While there were no names or phone numbers in the data, we were once again able to connect dozens of devices to their owners, tying anonymous locations back to names, home addresses, social networks and phone numbers of people in attendance. In one instance, three members of a single family were tracked in the data.”

There’s been an endless list of studies finding that “anonymized” is a meaningless term, since it takes only a tiny shred of additional contextual data to identify individuals. It’s a term companies use to provide regulators and consumers with a false sense of security that data protection and privacy are being taken seriously, and that’s simply not true:

“The location-tracking industry exists because those in power allow it to exist. Plenty of Americans remain oblivious to this collection through no fault of their own. But many others understand what?s happening and allow it anyway. They feel powerless to stop it or were simply seduced by the conveniences afforded in the trade-off. The dark truth is that, despite genuine concern from those paying attention, there?s little appetite to meaningfully dismantle this advertising infrastructure that undergirds unchecked corporate data collection.”

The dystopian aspect of this has already arrived, yet this still somehow isn’t being taken seriously. Numerous US agencies already buy this data to bypass pesky things like warrants, and the US still lacks even a simple privacy law for the internet despite a steady parade of privacy-related scandals. Instead of having a serious conversation about this or other serious tech policy problems, we spent the last few years hyperventilating about TikTok.

Filed Under: , , ,
Companies: ny times

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “NYT Easily Tracks Location Data From Capitol Riots, Highlighting Once Again How US Privacy Standards Are A Joke”

Subscribe: RSS Leave a comment
43 Comments
Anonymous Coward says:

I have seen the efforts of several individuals to make art from this tracking of movement. They drive, cycle and walk creating images in this tracking data and post it on the internet for lolz.

When the data brokers steal this art from the creators it is an infringement upon their intellectual property rights. When the data brokers sell this stolen property they have committed a felony.

I doubt this has wheels much less any traction, but it is funny in a gallows humor sort of way, how the rules are bent in order to facilitate the get rich quick schemes.

PaulT (profile) says:

Re: Re:

"They drive, cycle and walk creating images"

"When the data brokers steal this art from the creators it is an infringement upon their intellectual property rights"

Fun idea, but I doubt it’s actionable in any way. To my understanding raw factual data (such as a list of GPS coordinates) wouldn’t be copyrightable on its own. It might be that arranging or rendering the data in a certain way would be a transformative process to make the resulting image copyrightable, but you’d have a hard time fighting that in court if the data it’s based on can’t be copyrighted. Especially since it seems the purpose of creating the art is not the art itself, but an attempt to force liability on to a third party.

Good luck if anyone ever decides to prosecute, but I think that chances are very slim.

This comment has been deemed insightful by the community.
Anonymous Coward says:

Re: Re: Re:2 Dear New York Times,

In my opinion, the folks here are well aware of this dilemma.

Any tool created for a well intentioned and useful purpose can and will be re-purposed into some sort of weapon which can and will eventually be used against everyone.

Your concern for the people of Portland is noted and appreciated I’m sure, even tho you seem to only support one side of that, whatever it is, where it’s people-protesting-police-brutality vs police vs fascist vs rando-good-samaritan vs rando-bad-samaritan vs three-letter-acronym vs some-other-three-letter-acronym.

nasch (profile) says:

Re: Re: Re:2 Dear New York Times,

Just pointing out that what can be used against people they don’t like can be used against people they like.

Did you really think police weren’t already tracking BLM protestors?

https://theconversation.com/police-surveillance-of-black-lives-matter-shows-the-danger-technology-poses-to-democracy-142194

This comment has been deemed insightful by the community.
PaulT (profile) says:

Re: Re: Re:4 Dear New York Times,

"what purpose would serve the NYT in doing the same thing"

If nothing else, it’s a great example of how "anonymised metadata" is nothing of the sort. Also, the police and FBI have issued requests for help tracking suspects in these cases, and someone might well be motivated to help prosecute an attempt to overthrow democracy than they might be to track protestors who didn’t do that.

PaulT (profile) says:

Re: Re: Re:6 Dear New York Times,

Yes and no. From my understanding, the stuff that was publicly visible on the site didn’t necessarily have that stuff, but when they were "hacked" they were storing the original versions of the files without that stuff being stripped. So, still bad practice as they shouldn’t really be storing those things for its own use, but they weren’t deliberately presenting the non-anonymised versions either.

Though, again, I could be mistaken as there have been a lot of conflicting reports about what was specifically leaked.

nasch (profile) says:

Re: Re: Re:7 Dear New York Times,

From my understanding, the stuff that was publicly visible on the site didn’t necessarily have that stuff, but when they were "hacked" they were storing the original versions of the files without that stuff being stripped.

If you’re referring to the project to archive Parler content, that wasn’t a hack, they just scraped publicly available stuff. If there was a hack/leak, it’s something else I haven’t heard about and if you have information about that I would be interested.

https://www.vice.com/en/article/n7vqew/the-hacker-who-archived-parler-explains-how-she-did-it-and-what-comes-next

This comment has been deemed insightful by the community.
PaulT (profile) says:

Re: Re: Re:2 Dear New York Times,

…and intelligent and honest people would be happy with the people in Portland and other cities being found and prosecuted for their crimes. Especially if they get the "let them go and track them later for normal arrests" treatment that the insurrectionist had, rather than the "kidnap them in unmarked vans off the street" treatment that some people had elsewhere.

Now, will you examine the difference between violence that happened organically as part of a protest again systemic violence (some of it caused by agitators, or even the police, and not the peaceful protestors), and an attempt to violently overthrow the results of a legitimate and fair election – and why those might get different responses that have nothing to do with idiotic team game partisanship?

Norahc (profile) says:

Re: Re: Re:3 Dear New York Times,

Now, will you examine the difference between violence that happened organically as part of a protest again systemic violence (some of it caused by agitators, or even the police, and not the peaceful protestors), and an attempt to violently overthrow the results of a legitimate and fair election – and why those might get different responses that have nothing to do with idiotic team game partisanship?

I am well aware of the differences between the two and deplore both of them. Have you considered the difference between the police responses may be due to things like firebombing buildings with LEO’s inside, using fireworks like IEDs and attempting to blind officers with laser pointers whike the other was pretry much aided by some cops on scene?

Anonymous Coward says:

Re: Re: Re:4 Dear New York Times,

Escalation solves everything. /s

Who is supposed to be the professional here?

Keep making excuses for the outrageous behavior and it will not go away … no matter who it is or what silly flag the wave or what stupid cosplay they engage in.

Is there anything at all to that saying Equal Enforcement Under The Law? Or is that just more bullshit?

Scary Devil Monastery (profile) says:

Re: Re: Re:4 Dear New York Times,

"Have you considered the difference between the police responses may be due to things like firebombing buildings with LEO’s inside, using fireworks like IEDs and attempting to blind officers with laser pointers whike the other was pretry much aided by some cops on scene?"

Given how prevalent white supremacy group membership is in Law Enforcement, what makes you think the violence incurring in conjunction with the portland riots were triggered by the actual protestors?

There’s a bit of an issue with that argument, see, when the FBI starts digging into things and find the guy with the firebombs in their satchel were white power-aligned electric boogaloo-boys.

Also, the fact the police in Portland tended to "respond" pre-emptively might have a lot to do with what started out peacefully turning into an ugly mess.

There’s no exculpating the police in either example. The protestors in both cases do, however, differ quite widely in their goals and the methods employed to reach those goals.

ECA (profile) says:

The Big one.

Even when they say they are Anon, they arnt. Or they change their minds.

The internet has made this very simple.
Get a name or address, and the internet is the BIG automated phone book.
Insert one of them and you will get a list 10,000 miles long. Inset the city and you can get down to 10-100, names and address’s.
There are a few sites that will give you Multiple address’s for the name, so you can use it to verify.
ALL this because the US Gov. didnt do something along time ago.

You SS# is NOT supposed to be used for Identification. and the credit Bureau, Loves the gov. for them NOT enforceing things.
Then for every Contract you sign that has money involved, its SENT to them.

David says:

Crocodile tears.

Next time the cookie warning for, say, cnn.com (but it’s pretty much universal, with some slightly larger or smaller hoops for different sites) comes up, try turning every tracking off. Seems easy enough: about 6 use cases which you block. Oh wait, there is "Legitimate Concern" which translates into "we really want to track you". So you change to that tab and disallow everything there.

Finished.

You imagine. Now click on any "Vendors" tab in some "Legitimate Concern" you just disabled. Look and behold: they still track you with "Legitimate Concern" so you disable this on every single one of them (some actually don’t have a "legitimate concern" and thus don’t need more action). (and "Legitimate concerns" are whatever a vendor wants them to be, including "create and track a personal profile" and similar).

You’ll be through that list of a few hundred vendors in less than 20 minutes if you have a good rhythm.

For visiting one web site.

When I read something like

Plenty of Americans remain oblivious to this collection through no fault of their own. But many others understand what’s happening and allow it anyway. They feel powerless to stop it or were simply seduced by the conveniences afforded in the trade-off.

I could puke. Really, the kinds of law that prescribe that you need to agree to collecting data, but have no issue with a "disagreement" consisting of several hundreds of clicks in seriously misleading menus that try to fool you into pretending that something happened (and actually with no guarantee that this procedure will result in anything tangible): that’s a real joke.

But section 230 is the problem in the mind of the politicians.

This comment has been deemed insightful by the community.
David says:

Re: Re: Crocodile tears.

When talking about the rules for participating in an activity, the option of not participating in the activity is not really of relevance except as a distraction.

When you are part of a table saw safety panel, your contribution would likely be "you could simply switch it off".

TRX says:

Nobody is making you carry the spy device around. If getting your regular rage hits from the undeletable Facebook and Twitter apps is worth being tracked like a convict with an ankle monitor, that’s your own decision.

Anyone above the level of "magic block with cat pictures" has to know how phones work, and that at the very least the phone company knows where it is. But I guess it’s easier to ignore that while staggering around like phone zombies.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...