Carriers Selling Your Data: a $24 Billion Business

An anonymous reader writes: It goes without saying that cellphone carriers have access to tons of data about their subscribers. They have data about who you call, what sites you visit, and even where you're located. Now: "Under the radar, Verizon, Sprint, and other carriers have partnered with firms including SAP to manage and sell data." The article describes some of the ways this data is used by marketers: "The service also combines data from telcos with other information, telling businesses whether shoppers are checking out competitor prices on their phones or just emailing friends. It can tell them the age ranges and genders of people who visited a store location between 10 a.m. and noon, and link location and demographic data with shoppers' web browsing history. Retailers might use the information to arrange store displays to appeal to certain customer segments at different times of the day, or to help determine where to open new locations." Analysts estimate this fledgling industry to be worth about $24 billion to the carriers, and they project huge growth over the next several years. The carriers are trying to keep it a tightly held secret after seeing the backlash from the public in response to government snooping, which involves much less private data.

A design for a privacy respecting phone system:

I wrote up a way to solve this a long time ago. Too bad we as a society don't bother to fix things. Silly arguments like protecting existing companies business models seem to win over protecting people:

Phones connect to the nearest cell tower, and identify themselves. The matching of a phone's signal to a particular phone/SIM/person is done for 2 reasons: so they can be notified in the event of a call, or other incoming connection request, and for billing (only paying customers can use the service).

In short: if your phone is on, your cell network phone provider knows where it is.

Unfortunately, you can't just choose some network provider you trust: there are very few choices, and making new providers is inefficient and impractical. However, we can design a system where you don't provide them with nearly as much information.

First, consider a very common case: you have network access through some means other than the cell network. In this case, you should be able to shut down the cell radio, and use the other network (such as Wifi). Assuming basic privacy practices (or using a network you trust) you can get decent privacy this way. A simple approach would to to just start up a Tor hidden service, and wait to get notified over it for incoming calls. Texts and other small non latency sensitive data could be delivered directly that way. Connection requests for calls could be sent over the secured channel, and the end user could decide to open a direct (less private, but lower latency) connection. They would of course still want to encrypt that, but it could still reveal your location should you accept calls in that manner.

A similar approach can be used to use ephemeral IDs when connecting to cell phone towers (or even untrusted ISPs in general). When you connect, you provide a request which they can forward to a third party you specify in the request. This will be encrypted, and will ID you with your chosen third party, which will be billed for your connection, and in return will bill you for the data use. When someone wishes to contact you, they can send a request to said third party, which can record and forward their message, reject it, report you as unavailable etc. In the case of something like a phone call, they would forward the caller's information to the ISP currently providing your connection along with your current ephemeral ID. If you decide to accept the request, you can open a direct connection (with the privacy implications involved), reject it, or opt to open a proxied connection through said third party, which would provide an extra layer of encryption and destination hiding.

You could get new ephemeral IDs as frequently as desired, and perhaps even have multiple ones at once. This wont hide the location from which you connect, but it will help disassociate you from it.

The idea basically resembles dynamic DNS. You get a record published for how to find a service that will location you (The IP for your DNS server /third part ID system), and it can respond in a variety of ways, either directing traffic to you, through a proxy, to a offline responder/mailbox/voicemail or providing some error message. You then periodically check in with the server and update it on what to do with incoming requests. In the case or working with Cell providers and other ISPs, there may also be some billing implications that the server handles on your behalf and forwards later if appropriate).

If desired, there could be multiple levels of these services, which would basically amount to Tor hidden services.

Original on my site

How is this under the radar?

[the_Bionic_lemming]

You agreed to the EULA. This isn't under any radar - It's what you agreed to.

latest update was loaded

[dltaylor]

The latest software update for my phone was loaded with this kind of carrier (Virgin Mobile on Sprint) crap (yes, I have complained to VM, but no, they're not going to take it back). Fortunately, HTC has tools to delete things from the "ROM", so it isn't permanent on the phone I have.

Anonymous data? Remember AOL Search?

Even aggregate data has its malicious uses, but such data is rarely anonymous. Remember the AOL search history release?

https://en.wikipedia.org/wiki/AOL_search_data_leak

AOL released the "ANONYMIZED" search history of its users, only to find it was quite easy to datamine their identity... just from this one set of data. If you have multiple sets, it becomes trivial to do so. e.g. they visit the pizza ordering page, you have the customer list for the pizza place, so you know that that user's details, and by extension all of the other stuff, and if their searches contain "Herpes cures" and "Herpes Clinic", then I wouldn't share a pizza with them.

Even as aggregate data it can be misused. Recall Choicepoint?

http://www.theguardian.com/commentisfree/2006/jul/08/comment.mainsection4

They were the company that analyzed the voting roll in swing states for likely Democrat voters, then analyzed for matching names in other states to create "scrub lists", lists of people to be scrubbed from the electoral role on false claim of fraud. So if Bob Jones in Florida was likely to vote Democrat, they'd find another Bob Jones in another state, and add him to the scrub list to block his vote.

By analyzing the individual wards for bias, they could determine which wards should receive defective voting machines to swing the vote. Hanging chads were not randomly distributed. Those faulty machines were sent largely to black districts.

That was AGGREGATE data, they didn't know how an individual "Bob Jones" would vote, they knew the voting likelihood of his demographic.

One of the tricks used was to send "confirm your residency to be allowed to vote" letters out.... to students (students on *aggregate* vote Democrat) during the summer break requiring a signature from them on receipt. So the student was away on holiday, couldn't get the letter and wouldn't be allowed to vote. The vote was during term time, so they knew the student would be there for the vote, but not for the letter.

This data would let them fine tune such strategies, and often (see AOL) down to individuals.

Re:Anonymous data? Remember AOL Search?

[TheRaven64]

ChoicePoint is obviously evil. The more subtle one is one of the services that Facebook offers. In most elections, a large percentage of voters either won't vote, or will vote for a particular party and won't have their minds changed by anything. This means that the election is usually decided by the swing voters - the 5-10% who are undecided. Facebook can, fairly accurately, identify who the swing voters are and, for each one what issues they find most important. More than that, it is willing to sell this information and to sell targeted advertising space. You can buy ads to target swing voters in constituency X, who think that issue Y is important. They'll only see the ad showing that your candidate has strong views that align with theirs on that issue. Someone else will see ads showing that the most important issue for your candidate is the thing that they care about. This is far harder to detect than something as blunt as ChoicePoint. The people seeing the ads have no idea that they're targeted, they only know that a particular candidate looks as if he or she really understands the issue of importance to them.

I WOULD use a vpn ...

[TheGratefulNet]

but I'm on android 4.x and 4.x is marked 'wont fix' by google and their vpn (ipsec, I think; not sure which component is broken) just will not work.

https://code.google.com/p/andr...

hey google fans, care to try to defend google, here?

I'm not able to (easily) upgrade beyond 4.x on my phone and vpn is still broken. do you guys find this behavior (wontfix) acceptable?

I sure wish I could run my vpn again. funny that on my ancient nexus one (which is stuck on 2.2) runs the vpn software just fine. and I know that on a 5.x phone it also runs fine. why google ignores this show-stopper bug, I have no idea; but 'upgrade to a new phone' is never a good answer when its JUST a software fix that lazy-assed google refused to backport.