How Tracking Someone’s Movements Can Make Them Look Guilty, Even When They’re Not
Last month, the NY Times published a really great article by (the always innovative) tech reporter Kashmir Hill, in which she tested out a bunch of those location tracking tools by hiding them (with permission) on her husband, Trevor Timm, executive director of the Freedom of the Press Foundation. It was a great and eye-opening article, looking both at how well (mixed bag) some of those tracking tools worked, and how easy (often much more than you'd expect) it was to hide them on someone. Here's just a snippet, though the whole article is worth reading.
Within two hours of my putting all the trackers in our car, my husband, who has an iPhone, got an alert about the AirTag, after running an errand.
The problem was that he couldn't find it. The alert said he could make the AirTag play a sound, but when he attempted to do so, his phone wouldn't connect to the device. This happened multiple times, and he started to get frustrated. Is it in my shoe?" he asked me at one point, taking his blue Nike off and peering at it. You have to tell me. I don't want to destroy my shoe looking for it."
The one time his iPhone connected to the AirTag in the car, so he could play the noise, it was so hard to tell where it was coming from that he gave up looking for it after five minutes.
The critics were right: Apple's safeguards against nefarious use weren't foolproof.
I had meant to write up a post about it at the time, but am kind of glad I got busy and didn't get around to it, because now, Timm has been able to write an article from his own perspective on how all of this played out. And the key lesson learned was that even if you weren't doing anything bad, it's entirely possible for people to suspect you of being up to no good based solely on your location info.
As he notes, it's quite easy to assume a lot without knowing what's actually happening.
At lunch time, Kashmir texted me, Are you somewhere fancy?" Perplexed, I responded no. I learned later her location trackers suggested that I had stopped at the private club Dumbo House. Imagine the interpretations! In fact, I was at a food court directly below Dumbo House eating a taco.
And that can have very serious real-world implications:
Despite what some readers said in the comments section of the article and on social media, I have a trusting wife, and I was happy to play a small role in highlighting the privacy implications of emerging technology. But when I heard and saw all of these misinterpretations about my day, I couldn't help but think of all the people who might be surveilled without their consent, whether it's by a spouse, an employer or law enforcement.
My mind kept wandering back to a Times investigation about a deadly incident in Kabul. In August, the Pentagon announced a drone attack against a driver who was suspected of having a bomb in his car, posing a threat to troops at the airport in Kabul. At the time, the defense officials called it a righteous strike." Journalists on the ground would later conclusively show the victim was not a terrorist; he was an aid worker.
This, of course, goes beyond just location tracking, but with lots of other info as well. We've talked for years about the uncanny valley of advertising," in which poor ad targeting, based on confused interpretations of data makes the ads feel creepier than is necessary. With advertising it's maybe not such a big deal. But, in lots of other scenarios, you can see how that data in the wrong hands isn't necessarily just dangerous for what can be done with it, but what might happen if someone totally misinterprets it.
Hill spying on Timm with his permission is, at the very least, a harmless and somewhat lighthearted way of looking at all of this. But it really does a great job at highlighting the very real risks as well. In theory, it should give people pause about interpreting data without context, but I fear it's unlikely to do so.