New York Times
By NOAM COHEN
A favorite pastime of Internet users is to share their location: services like Google Latitude can inform friends when you are nearby; another, Foursquare, has turned reporting these updates into a game.
But as a German Green party politician, Malte Spitz, recently learned, we are already continually being tracked whether we volunteer to be or not. Cellphone companies do not typically divulge how much information they collect, so Mr. Spitz went to court to find out exactly what his cellphone company, Deutsche Telekom, knew about his whereabouts.
The results were astounding. In a six-month period — from Aug 31, 2009, to Feb. 28, 2010, Deutsche Telekom had recorded and saved his longitude and latitude coordinates more than 35,000 times. It traced him from a train on the way to Erlangen at the start through to that last night, when he was home in Berlin.
Mr. Spitz has provided a rare glimpse — an unprecedented one, privacy experts say — of what is being collected as we walk around with our phones. Unlike many online services and Web sites that must send “cookies” to a user’s computer to try to link its traffic to a specific person, cellphone companies simply have to sit back and hit “record.”
“We are all walking around with little tags, and our tag has a phone number associated with it, who we called and what we do with the phone,” said Sarah E. Williams, an expert on graphic information at Columbia University’s architecture school. “We don’t even know we are giving up that data.”
Tracking a customer’s whereabouts is part and parcel of what phone companies do for a living. Every seven seconds or so, the phone company of someone with a working cellphone is determining the nearest tower, so as to most efficiently route calls. And for billing reasons, they track where the call is coming from and how long it has lasted.
“At any given instant, a cell company has to know where you are; it is constantly registering with the tower with the strongest signal,” said Matthew Blaze, a professor of computer and information science at the University of Pennsylvania who has testified before Congress on the issue.
Mr. Spitz’s information, Mr. Blaze pointed out, was not based on those frequent updates, but on how often Mr. Spitz checked his e-mail.
Mr. Spitz, a privacy advocate, decided to be extremely open with his personal information. Late last month, he released all the location information in a publicly accessible Google Document, and worked with Zeit Online, a sister publication of a prominent German newspaper, Die Zeit, to map those coordinates over time.
“This is really the most compelling visualization in a public forum I have ever seen,” said Mr. Blaze, adding that it “shows how strong a picture even a fairly low-resolution location can give.”
In an interview from Berlin, Mr. Spitz explained his reasons: “It was an important point to show this is not some kind of a game. I thought about it, if it is a good idea to publish all the data — I also could say, O.K., I will only publish it for five, 10 days maybe. But then I said no, I really want to publish the whole six months.”
In the United States, telecommunication companies do not have to report precisely what material they collect, said Kevin Bankston, a lawyer at the Electronic Frontier Foundation, who specializes in privacy. He added that based on court cases he could say that “they store more of it and it is becoming more precise.”
“Phones have become a necessary part of modern life,” he said, objecting to the idea that “you have to hand over your personal privacy to be part of the 21st century.”
In the United States, there are law enforcement and safety reasons for cellphone companies being encouraged to keep track of its customers. Both the F.B.I. and the Drug Enforcement Administration have used cellphone records to identify suspects and make arrests.
If the information is valuable to law enforcement, it could be lucrative for marketers. The major American cellphone providers declined to explain what exactly they collect and what they use it for.
AT&T, for example, works with a company, Sense Networks, that uses anonymous location information “to better understand aggregate human activity.” One product, CitySense, makes recommendations about local nightlife to customers who choose to participate based on their cellphone usage. (Many smartphone apps already on the market are based on location but that’s with the consent of the user and through GPS, not the cellphone company’s records.)
Because of Germany’s history, courts place a greater emphasis on personal privacy. Mr. Spitz first went to court to get his entire file in 2009 but Deutsche Telekom objected.
For six months, he said, there was a “Ping Pong game” of lawyers’ letters back and forth until, separately, the Constitutional Court there decided that the existing rules governing data retention, beyond those required for billing and logistics, were illegal. Soon thereafter, the two sides reached a settlement: “I only get the information that is related to me, and I don’t get all the information like who am I calling, who sent me a SMS and so on,” Mr. Spitz said, referring to text messages.
And a year after the court ruling outlawing this kind of data retention, there is a movement to try to get a new, more limited law passed. Mr. Spitz, at 26 a member of the Green Party’s executive board, says he released that material to influence that debate.
“I want to show the political message that this kind of data retention is really, really big and you can really look into the life of people for six months and see what they are doing where they are.”
While the potential for abuse is easy to imagine, in Mr. Spitz’s case, there was not much revealed.
This article has been revised to reflect the following correction: