First let’s talk about assholes.

I recently read a rather brilliant book called “Build” by Tony Fadell, who led the team that invented the iPod and who founded Nest.

It’s basically a primer designed to mentor people building companies and what you should look out for along your journey. It’s an easy read. I highly recommend it to anyone who is trying to build a business. One of the chapters in Tony’s book is about the various types of assholes you’ll meet along the way. In this chapter he does a splendid job of categorizing them into the following basic types:

• Political Assholes: the risk averse assholes who take credit for everything and who are focused only on reaching the top
• Controlling Assholes: the micromanaging assholes who strangle all creativity
• Asshole Assholes: the aggressive or passive aggressive assholes who suck at work and suck at everything else
• Mission-Driven Assholes: these are the ‘good’ assholes who are unrelenting and crazy passionate about the product. But they also listen. Yes… Mr. Jobs was a mission-driven asshole

So all this got me thinking. 

Could the world of location harvesters and personal information brokers — or as I like to call them, “PIBs” — also be classified into various types of assholes? 

Call me a chicken, but I suddenly hear the many lawyers I’ve come to know and love over the years whispering warning signals in my ear…

So on second thoughts maybe I’ll just leave the job of asshole classification to you lot. 

Now of course much has already been written about location harvesting and location privacy. It’s been the topic of many articles and many blogs and I’m sure there’s more to come. Rather than regurgitate past articles I thought I would at least draw your attention to various ‘Happenings’ in this world. Hopefully I’ll provide a little bit of something you didn’t already know. Perhaps I can also provide an additional perspective. 

So let’s look at the spectrum — from the good to the bad to the ugly. 

And let’s start with the ugly.

I’m sure you’d agree that ugly part of location harvesting is surveillance. I’m assuming you’ve all read about misuse of Apple AirTags to track people and the emerging legislative efforts to prevent it so I’m not going to cover that in detail here. 

Instead I did want to draw your attention to an organization called Fog Data Science that has been singled out by the Electronic Frontier Foundation (EFF). They provide “a proprietary platform [that] analyzes billions of commercially available location signals to provide insight into digital device locations and movement patterns”. Their typical customers are law enforcement agencies. To quote EFF:

Fog Data Science is a company that purchases raw geolocation data originally collected by applications people use every day on their smartphones and tablets. Those applications gather location data about where your phone is at any given moment and sell it to data brokers, who in turn sell it most often to advertisers or marketers who try to serve you ads based on your location. That’s where Fog swoops in. According to documents created by the company, Fog purchases “billions of data points” from some “250 million devices” around the United States, originally sourced from “tens of thousands” of mobile apps. Then, for a subscription fee that many law enforcement agencies are happy to pay, Fog provides access to a massive, searchable database of where people are located. 

This means that police can open up their Fog map and do a number of things. They can draw a box and see identifiers representing every device within that geographical area at a given time frame. They can also use a device’s ID to trace that device’s precise location history over months or even years. Fog does not require police officers to obtain a warrant or other court order before acquiring this location data (unlike communication service companies that hold their customers’ location data and generally do require a court order). Likewise, many police departments that use Fog do not require their officers to get a warrant.

Just catching the bad guys? Or is this potentially very ugly?

Ok, so this is what happens, but let’s go into how the data get built…

Well, just about any mobile app developer on the planet wants to get analytics on how, when and where their app is being used. As an app developer you don’t have to develop your own analytics software, you can simply leverage a third party API — or strictly speaking — an SDK ¹. Many app developers also want to generate advertising revenue, and of course there’s an SDK for that too.  No surprise, but these SDK providers don’t provide you the SDK just for your benefit. They provide it primarily for their own benefit. They suck all the usage information out of the apps that use their SDK into one giant data “lake”. This can equate to trillions of locations, each with its own time stamp and device identifier. 

That’s a ton of data. 

But wait, there’s more.

Back in the old days, Personal Information Brokers,  or PIBs, used to rely on data collected from national censuses to provide demographic data down to the city block level. Over the years these data have been refined and expanded with tons of other data, for example, information on financial transactions, product registrations, warranties, loan applications — the list goes on. Not only is the data now hugely enriched it’s now available at the household or even the individual level. These companies now know an enormous amount about your income & age, your immediate family, your lifestyle and your spending habits.

Here’s the thing though: the advent of mobile devices has brought a seismic revolution to this data marketplace.

No longer are you limited to just getting personal information on where people live. Now you can pick any location and get personal information on the people that are there now. Or even information on the people that are predicted to be at a location at some point in the future. And you can even tell where they came from and predict where they’ll go next.

How is this done?

One way to accomplish this is to take all the location data and timestamps mined from the app SDKs to see where devices spend the night. Bingo. Now you can marry the location data and device ID to the detailed income, age, lifestyle and spending habit data for a particular household or individual. And now all of that demographic data can travel with the ID of the device. 

In other words: you now know the demographics of the people at any location at any time. 

Because there is so much money in the advertising business there are a ton of companies piling into this location information business². One such company is Placer.AI. Others include Foursquare, Near, PlaceIQ, SafeGraph, Unacast, and Veraset. In Placer.AI’s case you can take any location, for example, a shopping center, and get information on the visits by time period, the aggregated demographics of the visitors, where they came from and where they went to afterwards:

How is this data being used? Well one example is outdoor advertising, a.k.a. “out of home” or OOH advertising. More specifically it is being used for electronic billboards. 

Using all the location data mined from apps — which is now married to rich demographics — billboard owners can not only tell how many people pass a billboard everyday but they can also tell the demographics of the people that pass it by time-of-day. So, they can run one ad on Monday morning to match the demographics of the people on their morning commute and a different ad on Saturday afternoon to match the demographics of the weekend traffic. And if you’re standing by a screen, say at a bus stop, the screen can use the SDK running inside an app on your phone to show you an ad that’s personalized to your device ID. 

If you want to learn more, I suggest you read this great article in Consumer Reports from Thomas Germain: “Digital Billboards Are Tracking You. And They Really, Really Want You to See Their Ads.” Thomas explains:

When we go out into public, we are often surrounded by screens showing ads. They can be on the side of the road, at the gym, in store windows, in doctors’ offices, and in elevators. You might assume that the marketing messages are playing on a loop, but sometimes these ads are changing because people like you are nearby.

Data including your gender, age, race, income, interests, and purchasing habits can be used by a company such as Five Tier to trigger an advertisement right away. Or, more often, it will be used for planning where and when to show ads in the future—maybe parents of school-age children tend to pass a particular screen at 3 p.m. on weekdays, while 20-something singles usually congregate nearby on Saturday nights.

Then the tracking continues. Once your phone is detected near a screen showing a particular ad, an advertising company may follow up by showing you related ads in your social media feed, and in some cases these ads may be timed to coordinate with the commercials you see on your smart TV at night.

It doesn’t stop there. Advertisers are keenly interested in “attribution,” judging how well a marketing campaign influences consumer behavior. For instance, is it better to target people like you with online ads for fast food right after you see a restaurant’s new TV commercial, or to wait until after you drive by a new billboard the next day? The advertising industry looks for the answers by watching where you go in person, what you do online, and what you buy with your credit card.

It doesn’t stop there. 

There are two additional ways you might be tracked:

• Ultrasonic Beacons in Ads: Ads on any TV, any radio or electronic displays can embed ultrasonic sound waves that humans can’t hear. But your device’s microphone can hear them just fine. Coded in the sound waves are data telling your device what ad is playing. The SDKs running in the background in that app your downloaded are happily listening out and transmitting the information back to a server. Now the advertiser knows how many people heard the ad, where it was heard and can also deduce the demographics of the people that were in the vicinity at the time. A lot of the tech for this seems to have been pioneered by a company called Silverpush about 10 years ago. They claim 150+ brands use them, including, eh-hem, Apple. So the technology is not new. Kaveh Waddell at the The Atlantic wrote a good article about it back in 2015: “Your Phone Is Listening—Literally Listening—to Your TV”.

• Facial Recognition in Stores: so here’s the concept: you go to a TV/appliance store. While you’re there you linger in front of the latest Samsung TVs. At the same time a camera is watching you and assigning an ID to your face. A little later you pick up a charger for your phone and head to the cashier to buy it. The cameras are still watching you. When you make the transaction the store now has your personal information from your credit card. Eureka! Now they can match that face ID to you. Now they know you lingered in front of those Samsung TVs. Nice. So now you can enjoy the ads for Samsung TVs with that special discount coupon when you get back home.  For further reading  take a look at Kim Hart’s article in Axios: “Facial recognition surges in retail stores”.

If you find all this rather depressing and you haven’t totally given up there are a few things you can do:

• On Apple devices you should definitely “Ask app not to track”.
• I’d recommend the location setting for most of your apps be “Only when using”. 
• Don’t grant apps access to things they shouldn’t need. For example, does a weather app really need access to your microphone?
• Got a Smart TV? Make sure you check those information sharing settings very, very carefully. Better yet, don’t connect your TV to the internet. Instead use a third party device like Apple TV, Google Chromecast, Amazon Fire stick or Roku. 

[Somebody from the land of Android — please chime in with some additional suggestions…]

Is there any good that can come from location harvesting? 

Well it turns out yes — absolutely there is.  Let me end with two good examples:

• Disaster Recovery: disasters happen all too often. When they do the First Responders need to know where people are, and more importantly who’s been left behind. A very visible example of this was Hurricane Katrina in New Orleans. But it’s not just in America. It’s a global problem. As I write this Hurricane Fiona is battering Puerto Rico and Typhoon Nanmadol is battering Japan. And then there are wildfires, earthquakes and wars. In all cases the people and organizations responsible for public safety are desperate to get a clear and current understanding of where people are or, as they call it in the industry, a ‘situational awareness’. Companies and organizations in the location harvesting business should look to do some good and not just focus on figuring out how to make the next buck. It’s very difficult for disaster response  organizations to get a clear picture – the big companies that have this data don’t have any products designed to provide the needed information. I’ve experienced this having worked for a few large mapping organizations during my career. In the event of some disaster organizations would call, sometimes in desperation, to see how we might be able to help. There was never a clear answer. No product. No easy solution. Organizations have to go begging to anyone they can think of who might be able to help. To give them their due it is normally the cellular carriers that end up coming through. But still I’m not sure they have a readily available product for these situations. So, while there is tremendous potential there is clearly much more work to be done. I would respectfully suggest that the big boys — Apple, Google, Esri and the many hundreds of carriers of the world — step up to the plate and create a product that would benefit humanity. And yes — it can be done in such a way that doesn’t compromise privacy. @Google in particular: to a certain extent you do this already, it’s just not a product for first responders³

• Transportation Planning: this is a lesser example than Disaster Recovery, but nonetheless still very valid and important. I’m sure you’ve all been stuck in traffic jams. Additionally there have probably been times when you’ve wished there was a public transit stop or route where one didn’t exist. Or perhaps you pine for a dedicated bike lane on a particularly busy street. Addressing these concerns is the work of transportation planners globally. Getting the information they need to make data informed decisions is hard. Really hard. In a perfect world they’d be able to mine anonymous, aggregated data feeds from the organizations that have it so better decisions could be made. It’s the same situation as for disaster recovery — the data exist, it’s just not in a form that’s easily consumable by the organizations that need it. Kudos to Strava for getting into this business with their Strava Metro product. Ditto Uber for the Uber Movement product. But what about those big boys in Cupertino and Mountain View?

What’s stopping location data from being widely used for these two important cases? Mainly I think it’s cold feet from the big tech companies. They don’t want to be seen as sharing personal data, particularly with governments. But it’s happening anyway (see Fog Data Science). Big tech should figure out a way to enable location sharing for the general good in a non-creepy way. They’re smart — I know they can do it. Society as a whole would benefit. 

Thanks for reading this far. I look forward to your commentary…

---

¹ Good article from Shanika Wickramasinghe: “SDK vs API: What’s The Difference?”

² I found this great chart in an article from Jon Keegan and Alfred Ng in the Markup: “There’s a Multibillion-Dollar Market for Your Phone’s Location Data” listing 47 companies in the business. It’s about a year old, so there’s probably more companies to add to the list:

³ Note Google’s “busyness score” in Green Park near Buckingham Palace in London during the Queen’s funeral on Monday. Note the unusual spike: