March 25, 2013
Your Predictability Helps Your Smartphone Betray Your Privacy
Enid Burns for redOrbit.com — Your Universe Online
With privacy settings locked down on even the most secure devices, researchers at the Massachusetts Institute of Technology (MIT) and the Catholic University of Louvain in Belgium conducted a 15-month study and determined that it takes four locations and times to identify a particular user. The study was published in the journal Scientific Reports.
The researchers analyzed 15 months worth of anonymized mobile phone records from 1.5 million individuals to study their behavior patterns. The team discovered mobility traces and found that people, however random their daily lives may seem, are both predictable and identifiable.
"This formula shows that the uniqueness of mobility traces decays approximately as 1/10 power of their resolution. Hence, even coarse datasets provide little anonymity. These findings represent fundamental constraints to an individual's privacy and have important implications for the design of frameworks and institutions dedicated to protect the privacy of individuals," the study reported.
The findings, while largely of an academic nature, also have clear implications for the real world. Most people have cell phones, and many of those are smartphones. Each phone is traceable by the mobile phone's carrier but also by many apps that run on those smartphones. Not only can the carrier identify a person based on the locations they visit, but an app publisher or advertiser is also able to use location data to identify a user.
In addition to advertisers who might use the data, BBC News suggests that city planners may use these data sets to determine where to place a shopping center, allocate emergency services or implement other infrastructure to local areas. The article also notes that the availability of such data may eventually lead to a new generation of social scientists.
Identifying individuals by location is not new to the mobile generation. The study points out that in 1930, "Edmond Locard showed that 12 points are needed to uniquely identify a fingerprint. Our unicity test estimates the number of points p needed to uniquely identify the mobility trace of an individual. The fewer points needed, the more unique the traces are and the easier they would be to re-identify using outside information."
Advertisers and other commercial enterprises use location data to serve more relevant, timely ads. An advertiser may target a user who is down the street from a restaurant or store, or send an ad to workers in a business district as lunchtime approaches. Such advertising is often opt-in. Users agree and share their location data when they download and install an app. The user has to change the location settings on his phone, and has the ability to change that back to block the particular app. However, the study looked at location data in a more unrestricted form.
Researchers conducted their study from April of 2006 to June of 2007 in an undisclosed western country. Each time the user interacted with a mobile phone operator network by initiating or receiving a call or text message, the location of the connecting antenna was recorded.
Other studies have looked into predicting the movement of mobile users. Nokia initiated a Mobile Data Challenge to come up with methods to track and predict the present and future locations of mobile users.