Your Smartphone is a tracking device.

“Every year, private companies spend millions of dollars developing new services that track, store and share the words, movements and even the thoughts of their customers,” writes Paul Ohm, a law professor at the University of Colorado. “These invasive services have proved irresistible to consumers, and millions now own sophisticated tracking devices (smartphones) studded with sensors and always connected to the Internet.”

Mr. Ohm labels them tracking devices. So does Jacob Appelbaum, a developer and spokesman for the Tor project, which allows users to browse the Web anonymously. Scholars have called them minicomputers and robots. Everyone is struggling to find the right tag, because “cellphone” and “smartphone” are inadequate.

In just the past few years, cellphone companies have honed their geographic technology, which has become almost pinpoint. The surveillance and privacy implications are quite simple. If someone knows exactly where you are, they probably know what you are doing. Cellular systems constantly check and record the location of all phones on their networks — and this data is particularly treasured by police departments and online advertisers. Cell companies typically retain your geographic information for a year or longer, according to data gathered by the Justice Department.

What’s the harm? The U.S. Court of Appeals for the District of Columbia Circuit, ruling about police use of tracking devices, noted that GPS data can reveal whether a person “is a weekly church goer, a heavy drinker, a regular at the gym, an unfaithful husband, an outpatient receiving medical treatment, an associate of particular individuals or political groups — and not just one such fact about a person, but all such facts.” Even the most gregarious of sharers might not reveal all that on Facebook.

There is an even more fascinating and diabolical element to what can be done with location information. New research suggests that by cross-referencing your geographical data with that of your friends, it’s possible to predict your future whereabouts with a much higher degree of accuracy. This is what’s known as predictive modeling, and it requires nothing more than your cellphone data.
If we are naïve to think of them as phones, what should we call them? Eben Moglen, a law professor at Columbia University, argues that they are robots for which we — the proud owners — are merely the hands and feet. “They see everything, they’re aware of our position, our relationship to other human beings and other robots, they mediate an information stream around us,” he has said.

Over time, we’ve used these devices less for their original purpose. A recent survey by O2, a British cell carrier, showed that making calls is only the fifth-most-popular activity for smartphones; more popular uses are Web browsing, checking social networks, playing games and listening to music. Smartphones are taking over the functions that laptops, cameras, credit cards and watches once performed for us.

If you want to avoid some surveillance, the best option is to use cash for prepaid cellphones that do not require identification. The phones transmit location information to the cell carrier and keep track of the numbers you call, but they are not connected to you by name. Destroy the phone or just drop it into a trash bin, and its data cannot be tied to you. These cellphones, known as burners, are the threads that connect privacy activists, Burmese dissidents and coke dealers.

What can the rest of us do? Leaving your smartphone at home will help, but then what’s the point of having it? Turning it off when you’re not using it will also help, because it will cease pinging your location to the cell company, but are you really going to do that? Shutting it down does not even guarantee it’s off — malware can keep it on without your realizing it. The only way to be sure is to take out the battery. Guess what? If you have an iPhone, you will need a tiny screwdriver to remove the back cover. Doing that will void your warranty.
http://www.propublica.org/article/thats-no-phone.-thats-my-tracker

Startup company uses a smartphone compass to track people indoors.
The Finland-based startup, Indoor Atlas, launched last week as spin-off from the University of Oulu. The company’s technology, intended for mobile software developers to use in other apps, is a new approach in the growing market for systems that track people inside.

The company says its method pinpoints people more accurately than many current methods, which typically employ the Wi-Fi or radio signals detected by a smartphone and are precise to within several meters. Indoor Atlas says its approach is accurate to between 10 centimeters and two meters, depending on the building. That’s the difference between, say, knowing a shopper is in the freezer section versus knowing he is standing in front of the ice cream. It also does not require a building to have any special equipment.

The market for indoor location technologies is beginning to explode (see “The Indoor Positioning System Era“). Google Maps first launched an indoor “My Location” feature last November, partnering with large retailers, airports, and now museums to upload floor plans. Other companies, such as Nokia and chip maker Broadcom, are also developing their own technologies, and Apple and Microsoft are following Google’s indoor mapping endeavor. Bruce Krulwich, a mobile industry analyst at Grizzly Analytics, has tracked at least 40 startups focused on indoor positioning globally, and IMS Research predicts there will be at least 120,000 indoor venue maps available to consumers by 2016 (see “Bringing Cell-Phone Location-Sensing Indoors,” and “Using Wi-Fi for Navigating the Great Indoors“).
http://mashable.com/2012/07/16/indoor-atlas/

EFF to FCC: Consumers face uphill battle in fight for mobile device privacy. 
EFF filed comments with the Federal Communications Commission about the privacy and data security practices of mobile wireless service providers. Mobile privacy is an issue we've been increasingly concerned about in the wake of the Carrier IQ privacy scandal, which was part of the inspiration for our Mobile User Privacy Bill of Rights. Citing recent academic research as well as troubling industry practices, EFF called the FCC's attention to some of the major pitfalls in modern mobile privacy norms. We urged the FCC to consider consumer rights in evaluating carrier obligations to protect user privacy and called for more transparency about carrier data collection and retention policies.

Modern cell phones raise grave and well-known privacy and security issues. A recent UC Berkeley study of Americans' use of mobile phones and privacy found widespread understanding that sensitive personal information such as text messages, contact lists, and voicemail is stored on phones, and that substantial percentages of respondents with smartphones used them to engage in activities that might generate sensitive information, including visiting websites, using social networks, and using location services.... These activities can reveal communications with circles of contacts, health-related or other personal research queries, and a wide variety of intellectual and political interests, to name just a few revealing types of information.

The UC Berkeley study also found that Americans generally dislike the idea that carriers retain location data: 46% responded that carriers should not retain such data at all, while 28% answered that location data should be kept for less than a year. Obviously, Americans believe that this data should be private, and thus carrier retention policies do not meet the ordinary consumer's needs.

Current industry practices also raise concerns about the security of data on the device itself, which can be compromised by current carrier practices of delaying or even blocking security updates. EFF reported on this problem in 2011, noting that "although Apple, Google, and Microsoft should develop security fixes faster, they are fundamentally limited by carrier intransigence."
These factors and others contribute to the perfect storm that allows companies to disregard the privacy of their users and gives users meager meaningful choice when it comes to safeguarding their data on mobile devices.

The FCC solicited feedback on mobile device privacy, and this is our first submission in the current round of filings. We expect to file reply comments at the end of the month. Read more about the FCC process or submit reply comments yourself.

EFF's full comments:
https://www.eff.org/sites/default/files/EFF%20FCC%20Mobile%20Privacy%20Comments.pdf