Mobile location data 'present anonymity risk'

Scientists say it is remarkably easy to identify a mobile phone user from just a few pieces of location information.

Whenever a phone is switched on, its connection to the network means its position and movement can be plotted.

This data is given anonymously to third parties, both to drive services for the user and to target advertisements.

But a study in Scientific Reports warns that human mobility patterns are so predictable it is possible to identify a user from only four data points.

Researchers at the Massachusetts Institute of Technology (MIT) and the Catholic University of Louvain studied 15 months' worth of anonymised mobile phone records for 1.5 million individuals.

They found from the "mobility traces" - the evident paths of each mobile phone - that only four locations and times were enough to identify a particular user.

"In the 1930s, it was shown that you need 12 points to uniquely identify and characterise a fingerprint," said the study's lead author Yves-Alexandre de Montjoye of MIT.

"What we did here is the exact same thing but with mobility traces. The way we move and the behaviour is so unique that four points are enough to identify 95% of people," he told BBC News.

Sam Smith of Privacy International said: "Our mobile phones report location and contextual data to multiple organisations with varying privacy policies."

"Any benefits we receive from such services are far outweighed by the threat that these trends pose to our privacy, and although we are told that we have a choice about how much information we give over, in reality individuals have no choice whatsoever," he told BBC News.

www.bbc.co.uk...

From a CNN article entitled
"The Internet is a surveillance state" edition.cnn.com...

One: Some of the Chinese military hackers who were implicated in a broad set of attacks against the U.S. government and corporations were identified because they accessed Facebook from the same network infrastructure they used to carry out their attacks.

Two: Hector Monsegur, one of the leaders of the LulzSac hacker movement, was identified and arrested last year by the FBI. Although he practiced good computer security and used an anonymous relay service to protect his identity, he slipped up.

And three: Paula Broadwell,who had an affair with CIA director David Petraeus, similarly took extensive precautions to hide her identity. She never logged in to her anonymous e-mail service from her home network. Instead, she used hotel and other public networks when she e-mailed him. The FBI correlated hotel registration data from several different hotels -- and hers was the common name.

As you can see more and more of what we do is being tracked and can be used in a variety of ways against us. The question is what does the future hold and how might this information be used? It is already being packaged and sold to a variety of commercial interests, it is clearly also used by law enforcement, however what happens when this information ends up in the wrong hands? And would you feel comfortable that your data is being collected, stored, sold and then analyzed by interests abroad?