“If I know your phone number, I can track your whereabouts globally.”
I was shocked when I read that statement from security researcher Nick Petrillo almost eight years ago. But since then, the situation has only gotten worse.
Federal Communications Commission (FCC) regulations require cell phones to have tracking technology that can pinpoint their precise location, especially in densely-populated areas. Law enforcement, intelligence agencies, and hackers use this data to track you wherever you go. It’s also now possible to merge cellular calling records with location information. This permits police to identify your network of friends or what data-mining experts call your “communities of interest.”
This term used to describe this aggregate information is metadata, and it has much less legal protection than the actual content of your cell phone text messages or phone calls. For instance, in 2016, the National Security Agency (NSA) collected more than 151 million records about phone calls made by Americans. And no, these calls weren’t all related to terrorism. That same year, the NSA obtained warrants to collect data on only 46 terrorist suspects.
The Lifeboat Strategy Best Price: $45.58 Buy New $145.95 (as of 09:40 UTC - Details)
Companies like Google are intensely interested in this information as well. In fact, for most of 2017, all Android phones (which are equipped with Google’s operating system) automatically collected the addresses of nearby cellular towers. This data was then sent back to Google, the company with the motto “Don’t be evil.”
Google collected this information even if you disabled location services, didn’t use any apps, or even had no SIM card in the phone. The data collection occurred as part of the practices Google used to manage notifications and messages on Android phones. Once security researchers outed the company about this practice, Google promised to discontinue it.
Don’t be evil? Yeah, right.
What does your cell phone metadata reveal about you? In 2016, researchers at Stanford University decided to investigate what metadata can reveal. They designed an Android app they called MetaPhone and distributed it to more than 800 volunteers.
For eight months, the Android phones of the volunteers shared call and text logs with a server set up by the researchers. The data collected consisted of the time a call or text was sent or received, the duration of the call (or the length of the text message), and the phone number of the correspondent.
The raw data consisted of more than 62,000 phone numbers, 250,000 calls, and 1.2 million texts. To make sense of it all, the team set up a program to identify as many of the phone numbers as they could. After skimming publicly available data from social media websites like Facebook, performing basic Google searches, and using a public records retrieval service, they were able to identify the owner of 82% of the phone numbers. They were also able to identify the romantic partners of the volunteers with 80% accuracy.
Next, the researchers dug deeper into the data to determine who the volunteers were corresponding with. They discovered that one volunteer suffered from cardiac arrhythmia; a second one had multiple sclerosis. A third suspected she was pregnant. A fourth was likely cultivating marijuana.
Again, this study was carried out by researchers using rudimentary, essentially home-made tools. Imagine what intelligence agencies like the NSA can do with the exponentially larger data sets and analysis tools they possess.
A case now before the Supreme Court, Carpenter vs. United States, will determine how much constitutional protection there is for location data – if any. Under current law, you don’t have a “reasonable expectation of privacy” that your cell phone location data will remain private. That’s because you know that the phone company or another third party has access to it. As ridiculous as the “expectation of privacy” test might sound, that’s the current state of the law.
I don’t have much faith that the Supreme Court will overturn the longstanding expectation of privacy test. Even if it does, the requirements to acquire this information will likely be very easy to meet. And for private companies like Google, it would be child’s play to change their terms of service to force anyone using their services to opt in to such data collection.
I have a simple recommendation for anyone seriously concerned about revealing their data to third parties: get over it. Because the only way out is to throw away your cell phone, then take draconian measures to protect yourself.
Here’s what you need to do: After throwing away your cell phone, replace it with several anonymous prepaid cell phones. Buy phones with Wi-Fi cards so that you can connect to the Internet. Be prepared to throw away your anonymous cell phone—potentially, after only a single call. Also, purchase prepaid calling and prepaid data. Pay in cash. Activate your phone at a pay phone—not with a phone connected to you in any way. Don’t give out your real phone number when you activate the phone.
How to Be Invisible: P... Best Price: $6.87 Buy New $7.92 (as of 12:20 UTC - Details)
Since you don’t have a service contract, would-be metadata analyzers have no way of associating “you” with the cell phone. Naturally, you should give your number only to people you trust.
To keep your prepaid cell phone anonymous, insert the battery and turn it on only when you’re making or expecting a call. Dial *67 to defeat (some) caller ID for calls in the US. For calls in other countries, check the code for that country.
The Wi-Fi card in your cell phone lets you connect to the internet anywhere you can find an unencrypted Wi-Fi signal. But be careful. Anyone can pinpoint your physical location and monitor your activity on an unencrypted network. Monitoring an unencrypted network is perfectly legal, because wiretapping laws don’t prohibit monitoring an electronic communications system that’s “readily available to the general public.”
What happens when you run out of minutes or use up your data allotment? The cell phone provider will try to convince you to top-up online with a credit card. Don’t do it. Just buy another prepaid card with cash.
No, it’s not very convenient. And it may not be legal for much longer—the FBI wants to ban anonymous sales of cell phones. Get yours while you still can!
Reprinted with permission from Nestmann.com.