32 comments

[ 3.4 ms ] story [ 96.8 ms ] thread
That's the job of the FBI - to investigate domestic crimes. But, why do private organizations so willingly participate in the tracking ecosystem? I suppose they're in the, "you have nothing to worry about if you're not doing anything illegal" camp! Hopefully they understand that they have the most to lose.
They hate us for our freedom.

Also, isn't this breaking the constitution? It bypasses needing a warrant respectively having a objective suspicion.

A generation ago our leaders derided China (and Russia) for this kind of pervasive spying on it's citizens. In the US we did the same thing just increasing costs by enriching the private sector on the way. That's not better. That's worse.
Perhaps we could overturn the third party doctrine. With legislation, preferably. And while we are at it, solve the underlying issue of pervasive data collection and sharing in the first place.
Who's selling the data is the far more serious issue here. Behind this is a remarkably well-structured syndicate. The supply chain looks something like this: consumer apps embed ad SDKs → those SDKs feed location signals into RTB ad exchanges → surveillance-oriented firms sit in the RTB pipeline and harvest bid request data even without winning auctions → that data flows to aggregators who don't have any direct relationship with consumers → and from there it's sold to government agencies, among others. The genius of this structure is that accountability dissolves at every layer. Each intermediary can claim they're just passing along "commercially available data." Nobody verifies whether consumers actually consented to their location data being collected and resold. The consent verification is always someone else's job. The real problem is that this data is buyable at all, by anyone, through an opaque multi-layered supply chain specifically designed so that no single entity bears responsibility for the end result.
Yikes. Why are private organizations so happy to participate in mass surveillance.
There was a great talk at the Chaos Computer Conference a few years ago how to diy this, sadly cant find it because web search seems dead nowaydays. If anyone knows, please chip in. It was a german researcher following german politicians who hilariously(scandalously?) related travel patterns
The government shouldn’t be able to contract out anything it isn’t permitted to do directly itself. We should have this in the law, get rid of qualified immunity for everyone including lawmakers, and reign in the government.
I have to give my age to my OS.

Yet they can't write a law to make this basic practice illegal.

Why do I feel like I'm not being represented _at all_?

This should be a surprise to absolutely no one. I think it sucks, but I also don't think it's anything new.
I'd really like to just have legislation to treat location data like audio or video under wiretapping provisions. If you collect my location info and convey it to a third party without my consent or a reasonable good-faith belief that I would consent, that ought to be treated similarly to recording without consent.

And consent needs to be granted explicitly for each party that might get access to my location, you can't just get blanket consent to sell my location to anyone, especially not with real-time identifiable location data.

Fair enough, but the wiretap laws are all phrased in terms of "conversation participant" -- a listener who every speaker is aware is listening. Some states require consent of all participants, others require consent of one participant.

In one-party states the consenting party has to be the one who makes the recording. In all-party-consent states, the verbal declaration that a recording is happening has to be part of the recording. It has to be verbal, so there is no "fine print loophole" -- you have to waste 2-3 seconds of everybody's time saying it out loud.

I like your idea, but the wiretap laws work so smoothly because they bootstrap off of things like "conversation participant" and "verbally granted in the recording itself" that don't carry over to location data.

Apple should take care of this. I would pay. Sadly it has gotten to this point
Nobody has explained to me how iOS ad SDKs across different apps can track individual users given that there hasn't been an accessible GUID on iOS for many years now.
In the US we live in a bizarre world of dual expectations.

The government is supposed to follow the law, be accountable, transparent, and must operate within a constrained, circumscribed zone of activity which is debated and discussed. That's at least how it's supposed to work.

Private companies are understood as amoral sharks who have no obligation to do anything other than operate in their narrowest self-interest, and the law is used as a club to beat them back from what they so clearly want to do, and will do if at all possible. They are unaccountable to anything other than the legal system and their share price. Suggesting that they might have any further obligation is tantamount to questioning whether capitalism should exist. It happens all the time on HN.

So of course the FBI would like to keep their hands mostly clean by having one of those accepted-to-be-horrible companies gather this data and then buy the resulting trove.

Isn't this is just a naked reach around the 4th amendment?!
I don’t thinks there’s any person who doesn’t know this information already, yet you keep seeing the same empty articles of “oh yes they collect your data using commercial apps”.. list all these apps to consumers, list the services too, list the companies that are selling them, so people will stop using them or at least limit its access. I know most social media are, but there are far more companies and apps that are willing to sell such data.
This is the reason why every company is collecting all the data they can. They can sell it to the government, which is likely still cheaper than having a bureaucratic behemoth collect that data.
Law enforcement should require a subpoena if they want to have location data for anyone. It really isnt a third party loophole issue.

Law enforcement should only be accessing location data if they have probable cause to believe a crime is happening. This invalidates the third party doctrine loophole and becomes an unreasonable search (and seizure of your privacy) under the 4th amendment.

Location data specifically should be treated as the most private data about a person. It should have the highest scrutiny for any access. It is more important than your financial records and medical records.