It is wildfire season in the West, and hurricane season has arrived for the Atlantic and Gulf Coast states. As for tornadoes and severe thunderstorms, their season never really ends, but their range and frequency shifts northward with the heat.
Millions of Americans make a habit of tracking the weather via apps on our smartphones. Given half a chance, those apps – and the advertisers and other commercial buyers who pay for the data they collect – track us right back.
It has been no secret for some time that many weather apps, and many other apps of all kinds, do more with their users’ data than merely deliver a pizza, a ride or a severe weather alert. Those functions, which are why users download the apps in the first place, are tailored to each of us. We give permission for our devices to share our location data so we can benefit from their services. If you want an app to direct you to the nearest open gas station or Big Mac, it needs to know where you are.
But app developers can do more with our data than deliver individual services. As long as they disclose their usage in their user agreement (which everyone carefully reads before pressing “Accept,” right?) they can also anonymize our data – stripping out identifiers such as our name and telephone number, substituting a random stream of characters – and use that information for other purposes. Maybe you are checking your social media account while on a business trip and an advertisement for a nearby club where your favorite band is playing happens to pop up in your feed. Everyone knows this is no accident.
If you gave the social media platform access to your location, you might get such an ad directly within that platform. But even if you didn’t, much online advertising these days is sold through data brokers and automated auctions. If you have given your weather app permission to track your location “in the background,” meaning at times when you are not using the app (perhaps because you always want to be alerted to nearby tornadoes), its maker may sell your location in real time to the data broker. The broker then uses it to direct an ad on a different platform to your phone.
Some people find this loss of privacy and autonomy disturbing. Many others don’t care. If you have ever run low on fuel while driving in a remote part of Nova Scotia in the middle of the night, you can appreciate a function that can take you to a convenience store with available gasoline, even if it is on a First Nation reserve that you might never have found on your own.
But this so-called anonymized data is less anonymous than you might think. It is also being sold to parties who have no interest in letting you know how much they want to know about you.
The Internal Revenue Service experimented with buying commercially available location data, The Wall Street Journal recently reported. The Service used it to try to identify individuals connected to tax evasion and other financial crimes. The government’s lawyers concluded that this approach allowed investigators to get around the need to demonstrate probable cause and obtain a warrant, which the Supreme Court has ruled is necessary to acquire location data directly from a phone company.
This seems like an aggressive legal position for the government to take. But we will not know if it is too aggressive until someone gets arrested and prosecuted on the basis of such data, when it can be tested in court. This may not happen very soon. The Journal reported that the IRS did not renew its data-gathering contract after the data produced no useful leads.
In theory, an anonymized phone that, say, appeared at multiple storefronts suspected of money-laundering could be traced to an owner if the phone spent every night at the same location. In practice, criminals are probably familiar with the concept of burner phones, like at least half the teenagers in America. They are also doubtless familiar with the fact that when a modern phone is completely powered down, it cannot be readily traced (although the National Security Agency reportedly had that capability a number of years ago). It seems that good money-launderers never take their work home with them.
Today’s dominant smartphone platforms, Google’s Android and Apple’s iOS, give users a lot of control over which apps can access location data and when. This control isn’t perfect – there are some location tracking features you can’t turn off – but it does allow users some say in when they are tracked. I try to live by a rule of never doing anything without a good reason, and that applies to how I manage my own apps. I don’t care to have Facebook or Instagram share my location with the world; if I want to say anything about a place, I’ll say it myself. So I don’t give those apps access to my location at all. Neither do I share it with any apps that don’t need it for the purpose I intend to use them.
As for the others, I allow access to my location only when I’m using the app. This brings up another housekeeping measure: Out of habit, I close my apps (on an iPhone, you swipe up) when I am finished using them. Some people never close their apps. In theory, apps that you aren’t actively using are “frozen” in standby mode. They shouldn’t be able to track you unless you gave them permission for background location use. But if you don’t force close your apps, you are trusting that they’re really as frozen as they appear – or you are effectively OK with the apps tracking you at all times.
If that doesn’t bother you, it certainly doesn’t bother me. I assume you are not laundering any money. You are probably just looking for an open gas station in the middle of the night or trying to avoid any rogue tornadoes.