Opinion | How to Track President Trump - The New York Times
►https://www.nytimes.com/interactive/2019/12/20/opinion/location-data-national-security.html
The meticulous movements — down to a few feet — of the president’s entourage were recorded by a smartphone we believe belonged to a Secret Service agent, whose home was also clearly identifiable in the data. Connecting the home to public deeds revealed the person’s name, along with the name of the person’s spouse, exposing even more details about both families. We could also see other stops this person made, apparently more connected with his private life than his public duties. The Secret Service declined to comment on our findings or describe its policies regarding location data.
The vulnerability of the person we tracked in Mr. Trump’s entourage is one that many if not all of us share: the apps (weather services, maps, perhaps even something as mundane as a coupon saver) collecting and sharing his location on his phone.
Americans have grown eerily accustomed to being tracked throughout their digital lives. But it’s far from their fault. It’s a result of a system in which data surveillance practices are hidden from consumers and in which much of the collection of information is done without the full knowledge of the device holders.
As a senior Defense Department official told Times Opinion, even the Pentagon has told employees to expect that their privacy is compromised:
“We want our people to understand: They should make no assumptions about anonymity. You are not anonymous on this planet at this point in our existence. Everyone is trackable, traceable, discoverable to some degree.”
We were able to track smartphones in nearly every major government building and facility in Washington. We could follow them back to homes and, ultimately, their owners’ true identities. Even a prominent senator’s national security adviser — someone for whom privacy and security are core to their every working day — was identified and tracked in the data.
“Tech companies are profiting by spying on Americans — trampling on the right to privacy and risking our national security,” Senator Elizabeth Warren, a Democrat running for president, told us. “They are throwing around their power to undermine our democracy with zero consequences. This report is another alarming case for why we need to break up big tech, adopt serious privacy regulations and hold top executives of these companies personally responsible.”
Despite the sensitivity of this information, it is put to everyday use. Packaged with millions of other data points, location information is turned into marketing analysis and sold to financial institutions, real estate investors, advertising companies and others. Companies say they vet partners carefully and tend to work with larger players that have a clear business case for receiving the data.
Like all data, the vast location files are vulnerable to hacks, leaks or sale at any point along that process. The data we reviewed was provided to Times Opinion by sources who asked to remain anonymous because they were not authorized to share it and could face severe penalties for doing so.
Multiple experts with ties to the United States’ national security agencies warned in interviews that foreign actors like Russia, North Korea, China and other adversaries may be working to steal, buy or otherwise obtain this kind of data. Only months ago, hackers working for the Chinese government allegedly targeted location data for people moving throughout Asia by breaking into telecom networks, according to a report by Reuters.
“People literally go to work every day, sit down at a desk, check the sports, send an email or two to their girlfriend and then start looking for databases they can steal,” said James Dempsey, the executive director of the Berkeley Center for Law and Technology. “They just do that 9 to 5, every day.”
The American government may conduct similar intelligence operations against its adversaries, experts said, though under stricter legal frameworks.
he possibilities for blackmail are endless. Once stolen, details on sexual interests and extramarital affairs can provide opportunities for extortion. Targets could be coerced in ways large and small, compelled to make decisions or take actions for a foreign government. Or the locations themselves could provide valuable intelligence about security practices, contacts, schedules and the identities of people in prominent and sensitive posts, with access to state secrets or critical infrastructure.
With no training and far more limited technical tools than those of a state intelligence service, we were able to use the location data — date, time and length of stay — to make basic inferences. By determining whether two people were in the same place at the same time, it was easy to zero in on spouses, co-workers or friends. Cataloguing their movements revealed even more associations, creating the map of a robust social network that would be nearly impossible to determine through traditional surveillance. In cases where it was difficult to identify an individual, associations offered more clues about workplaces and interests.
Even just commuting to work can be risky for people in prominent positions. “The easiest way to figure out how to get to you is know you always have the same routine,” said Mr. Rasser, the former Central Intelligence Agency officer. He said he mixes up his own routine, partly because the C.I.A. emphasized such methods when he joined.
Even areas once thought to be secure showed up in the data. Personal phones aren’t generally allowed inside the C.I.A. or the National Security Agency. But while no pings registered inside the C.I.A. headquarters, we found thousands of pings in the parking lots outside, with trails that led to the homes of likely employees.
Agencies with a need for heightened security are left in a vulnerable position. Phones are ubiquitous, and so long as granular location tracking remains legal, even the Defense Department must play along. “We cannot stop our workforce of 3.6 million people from living their everyday lives,” a senior department official told us.
Leaked location data may open the door to other cyber vulnerabilities. Foreign actors could learn movement details and infer meeting locations, which could be used to conduct a type of scam where targets receive fake emails — posing as a friend you just met with or a business you just visited — including a phony link meant to steal your password or install malware.
“Location tracking data of individuals can be used to facilitate reconnaissance, recruitment, social engineering, extortion and in worst-case scenarios, things like kidnapping and assassination,” warned Kelli Vanderlee, manager of intelligence analysis at the cybersecurity company FireEye.
Those are not theoretical threats. The phone of the Washington Post journalist Jamal Khashoggi, who was assassinated in 2018, was allegedly compromised, possibly allowing his location data to be used to follow him.
Last year, Strava, a company that makes a fitness app, released a global map showing 700 million activities that clearly revealed American military bases abroad. The Department of Defense issued its recent guidance after discovering the problem. The data reviewed by Times Opinion revealed several points on domestic military bases as well, showing how some of the nation’s most secure armed sites can be exposed.
The sources who provided the trove of location information to Times Opinion did so to press for regulation and increased scrutiny of the location data market. Some solutions exist that could help improve privacy while ensuring businesses can still perform some of the analysis they do today, like limiting the ability to identify individual paths, changing how long the information is stored and limiting how it’s sold.
So far, Washington has done virtually nothing to address the threats, and location data companies have every reason to keep refining their tracking, sucking up more data and selling it to the highest bidders.
#Géolocalisation #Sécurité #Surveillance #Démocratie_en_danger
