Carriers Won't Comment On Location Data Collection, Security
Your 'Anonymous' Stored Location Data Isn't Really Anonymous
Wireless carriers like AT&T and Verizon are only just starting to cash in on user location data
, which once collected is sold to everyone from city planners to marketers. There's really only porous consumer protections in place governing this data collection, said data creates new delicious targets for hackers, and as a recent study highlighted
, it's very easy to identify users individually despite claims this data is "anonymized" and therefore safely secured.
Russell Brandom over at The Verge
has a good report that reiterates all of this, pointing out that there's no real solid third-party standard in place to ensure that the aggregation algorithms used during the sale of this data are actually secure:
The strength of the de-identification tools is usually specified in the contract between the carrier and whoever they’re selling to (leaks are bad business, after all), but there are no third-party specifications to live up to. Unlike encryption, where public audits and white-hat attacks are accepted as a gold standard of security, nobody's ever put these aggregation algorithms to the test. And each step taken to preserve privacy makes the data less useful to the businesses who are footing the bill.
Historically, carriers have argued that by signing up for services you waive your right to privacy. Not too surprisingly, neither AT&T or Verizon want to talk too much about user privacy, lest security and privacy folk (or regulators) threaten the untold billions they stand to make via this bold new frontier in data harvesting:
When we asked Verizon, they said they had "technical, procedural and administrative safeguards in place," and declined to elaborate. AT&T Adworks did not respond to requests for comment. There’s a reason they don’t want to talk about it. It’s hard to design an airtight data system, and even harder to talk about it in a reassuring way. It’s unsettling to realize how much data we leave behind, and how eager companies are to scoop it up and sell it off.
Promises that things will stay secure may not mean much given both companies' history with consumer privacy
. Meanwhile, getting improved consumer protections passed is an impossible gauntlet given the combined lobbying power of marketing, telecom and content industries. That leaves one wondering just how colossal of a location data security breach we're going to need to see before we realize these players might need a little oversight.
It's like having someone sniff through your trash ... ... before you put it outside the door.
And when it comes to marketing, if I want to buy something, I'll do the research and I'll do the shopping. I'm not interested in unwanted crap in the mail, or crap on the web, or worse, someone spying on what I do (it is what it is, spying), and then using that gathered information in an attempt to direct my browsing habits or attempt to flood my email with unwanted spam, or worse, phone calls to the home if they happen to snag my phone # from a form I filled out at a totally unrelated site.
Unless I give specific permission for a specific entity, all my data should be considered off limits.