It’s Tracking Your Every Move and You May Not Even Know

A favorite pastime of Internet users is to share their location: services like Google Latitude can inform friends when you are nearby; another, Foursquare, has turned reporting these updates into a game.

But as a German Green party politician, Malte Spitz, recently learned, we are already continually being tracked whether we volunteer to be or not. Cellphone companies do not typically divulge how much information they collect, so Mr. Spitz went to court to find out exactly what his cellphone company, Deutsche Telekom, knew about his whereabouts.

The results were astounding. In a six-month period — from Aug 31, 2009, to Feb. 28, 2010, Deutsche Telekom had recorded and saved his longitude and latitude coordinates more than 35,000 times. It traced him from a train on the way to Erlangen at the start through to that last night, when he was home in Berlin.

Mr. Spitz has provided a rare glimpse — an unprecedented one, privacy experts say — of what is being collected as we walk around with our phones. Unlike many online services and Web sites that must send “cookies” to a user’s computer to try to link its traffic to a specific person, cellphone companies simply have to sit back and hit “record.”

“We are all walking around with little tags, and our tag has a phone number associated with it, who we called and what we do with the phone,” said Sarah E. Williams, an expert on graphic information at Columbia University’s architecture school. “We don’t even know we are giving up that data.”

Tracking a customer’s whereabouts is part and parcel of what phone companies do for a living. Every seven seconds or so, the phone company of someone with a working cellphone is determining the nearest tower, so as to most efficiently route calls. And for billing reasons, they track where the call is coming from and how long it has lasted.

“At any given instant, a cell company has to know where you are; it is constantly registering with the tower with the strongest signal,” said Matthew Blaze, a professor of computer and information science at the University of Pennsylvania who has testified before Congress on the issue.

Mr. Spitz’s information, Mr. Blaze pointed out, was not based on those frequent updates, but on how often Mr. Spitz checked his e-mail.

Mr. Spitz, a privacy advocate, decided to be extremely open with his personal information. Late last month, he released all the location information in a publicly accessible Google Document, and worked with Zeit Online, a sister publication of a prominent German newspaper, Die Zeit, to map those coordinates over time.

“This is really the most compelling visualization in a public forum I have ever seen,” said Mr. Blaze, adding that it “shows how strong a picture even a fairly low-resolution location can give.”

In an interview from Berlin, Mr. Spitz explained his reasons: “It was an important point to show this is not some kind of a game. I thought about it, if it is a good idea to publish all the data — I also could say, O.K., I will only publish it for five, 10 days maybe. But then I said no, I really want to publish the whole six months.”

In the United States, telecommunication companies do not have to report precisely what material they collect, said Kevin Bankston, a lawyer at the Electronic Frontier Foundation, who specializes in privacy. He added that based on court cases he could say that “they store more of it and it is becoming more precise.”

“Phones have become a necessary part of modern life,” he said, objecting to the idea that “you have to hand over your personal privacy to be part of the 21st century.”

In the United States, there are law enforcement and safety reasons for cellphone companies being encouraged to keep track of its customers. Both the F.B.I. and the Drug Enforcement Administration have used cellphone records to identify suspects and make arrests.

If the information is valuable to law enforcement, it could be lucrative for marketers. The major American cellphone providers declined to explain what exactly they collect and what they use it for.

Verizon, for example, declined to elaborate other than to point to its privacy policy, which includes: “Information such as call records, service usage, traffic data,” the statement in part reads, may be used for “marketing to you based on your use of the products and services you already have, subject to any restrictions required by law.”

Sense Networks, a company that uses data from AT&T, uses anonymous location information “to better understand aggregate human activity.” One product, CitySense, makes recommendations about local nightlife to customers who choose to participate based on their cellphone usage. (Many smartphone apps already on the market are based on location but that’s with the consent of the user and through GPS, not the cellphone company’s records.)

Because of Germany’s history, courts place a greater emphasis on personal privacy. Mr. Spitz first went to court to get his entire file in 2009 but Deutsche Telekom objected.

For six months, he said, there was a “Ping Pong game” of lawyers’ letters back and forth until, separately, the Constitutional Court there decided that the existing rules governing data retention, beyond those required for billing and logistics, were illegal. Soon thereafter, the two sides reached a settlement: “I only get the information that is related to me, and I don’t get all the information like who am I calling, who sent me a SMS and so on,” Mr. Spitz said, referring to text messages.

Even so, 35,831 pieces of information were sent to him by Deutsche Telekom as an encrypted file, to protect his privacy during its transmission.

Deutsche Telekom, which owns T-Mobile, Mr. Spitz’s carrier, wrote in an e-mail that it stored six months’ of data, as required by the law, and that after the court ruling it “immediately ceased” storing data.

And a year after the court ruling outlawing this kind of data retention, there is a movement to try to get a new, more limited law passed. Mr. Spitz, at 26 a member of the Green Party’s executive board, says he released that material to influence that debate.

“I want to show the political message that this kind of data retention is really, really big and you can really look into the life of people for six months and see what they are doing where they are.”

While the potential for abuse is easy to imagine, in Mr. Spitz’s case, there was not much revealed.

“I really spend most of the time in my own neighborhood, which was quite funny for me,” he said. “I am not really walking that much around.”

Any embarrassing details? “The data shows that I am flying sometimes,” he said, rather than taking a more fuel-efficient train. “Something not that popular for a Green politician.”

This article has been revised to reflect the following correction:

Correction: March 31, 2011


An article on Saturday about the extent to which cellphone companies track and save customer location data misstated the relationship between AT&T and Sense Networks, which makes apps that serve ads to cellphone users based on their location. Sense Networks uses data from AT&T; the companies do not work together.


Michigan police can scan your phone’s data in less than 2 minutes

Michigan State Police issued a letter clearing things up a bit. It says MSP only use the data extraction devices (DEDs) if a search warrant is obtained or if the person gives consent to have his or her phone searched. Apparently, the “department’s internal directive” says only MSP specialty teams can use the DEDs on criminal cases, meaning they don’t use them at routine traffic stops. The statement said that DEDs are commercially available and are used regularly to transmit data from one cell phone to another when customers upgrade their device.]

If you’re a Michigan citizen, you may want to be careful about what you have on your cell phone. Apparently Michigan State Police have been using a high-tech mobile forensics device that can pull information from over 3,000 types of cell phones in under only two minutes.

The information the device is able to export is basically everything from your smartphone, including call history, deleted phone data, text messages, contacts, images, and GPS data. And don’t think you’ll be safe if your phone is password-protected, the device can get around that too.

The police don’t even need a warrant to scan your phone. They can pull your information without your consent, and without any reasonable cause. The Cellebrite UFED scanner has been used by MSP since at least August 2008.

It would be one thing if these scanners are being used on people who were suspected of a crime, but police officers are scanning the phones of drivers stopped in minor traffic violations.

Of course, the American Civil Liberties Union wasn’t so happy about this, and, in turn, the organization evoked the Freedom of Information Act and demanded that state officials open up the data they collected so that the ACLU can figure out if the drivers have good cause for having their data copied.

The ACLU said that by using the scanners to get the information without the owners knowledge, the MSP is violating the drivers’ Fourth Amendment rights, which protects citizens from unreasonable searches. MSP has issued a response sayng that it’s willing to oblige and provide the information about what the device has captured, but that there “may be a processing fee to search for, retrieve, examine, and separate exempt material.” That little fee is actually $544,680, which the MSP said would cover the time and effort needed for retrieving the detailed records and compiling the data and documentation describing what the police were doing with the data extractors.

That leads us to wonder just how much information has been captured from driver’s cellphones. It must be a lot if the price is so high. Or maybe it’s a tactic to get the ACLU off their back because the MSP doesn’t want the ACLU to see the information.


USB iHub is the perfect knockoff accessory for your Apple-centric existence

So, you waited in line for an iPad 2, snatched up an iPhone 4, and even bought one of those unofficial white conversion kits. You work all day on a MacBook Air with a Steve Jobs figurine sitting next to it on your desk — you’re exactly the person that the $9.99 iHub was created for. It’s not an official Apple product but, as far as knockoffs go, this is one of the more accurate facsimiles we’ve ever seen. This four-port USB hub looks quite a bit like an Apple TV, has a glowing logo up top, and comes in your choice of white or black. Even the packaging is convincingly Apple thanks to the clear plastic lid that lets you peek the wares within. Glimpse the glamor shots and the video below — we promise they’re 100-percent authentic, even if the iHub is not.