Identifying People from Mobile Phone Location Data

Turns out that it's pretty easy:

Researchers at the Massachusetts Institute of Technology (MIT) and the Catholic University of Louvain studied 15 months' worth of anonymised mobile phone records for 1.5 million individuals.

They found from the "mobility traces" - the evident paths of each mobile phone - that only four locations and times were enough to identify a particular user.

"In the 1930s, it was shown that you need 12 points to uniquely identify and characterise a fingerprint," said the study's lead author Yves-Alexandre de Montjoye of MIT.

"What we did here is the exact same thing but with mobility traces. The way we move and the behaviour is so unique that four points are enough to identify 95% of people," he told BBC News.

Here's the study.

EFF maintains a good page on the issues surrounding location privacy.

Posted on March 26, 2013 at 6:38 AM • 29 Comments

Comments

WinterMarch 26, 2013 8:01 AM

PS
I think that having ~4 url's visited by readers of this blog will be enough to identify them too.

DraganMarch 26, 2013 8:33 AM

I ripped the gps apk and all other location services out of my phone first day I had it. I can spend the 3 seconds it takes to enter my city for weather and other services without needing a 24/7 spying device

WinterMarch 26, 2013 8:47 AM

@Dragan
"gps apk and all other location services"

I assume they use the sell-tower data, not the GPS data. Good luck trying to remove that.

However, you can also use three or four handsets with call forwarding. One for at home, one for while commuting, and one for at work. Each one stays at their location of use. Maybe a fourth one for shopping and trips etc that is only activated when in use.

If they are all at different providers, you might make life of spies a little more difficult.

ASMarch 26, 2013 8:52 AM

Dragan's effort isn't much help. The phone company certainly knows where your phone is at all times, since it is associated with a tower and triangulated with others. Whether this information requires a warrant for police to access is an issue currently in the courts. But, you have no control over what the phone company does with that information internally or commercially, as far as I can tell. For all I know, they could be associating it with my CC number and selling it to the credit-rating agencies.

At this point, my take is this: the organizations I trust least already have unfettered access to this information. The best I can do is make the information useful to *me* as well, which means using the location software for the convenience of my family.

pensieriMarch 26, 2013 8:52 AM

There is a simple answer, but it comes at a cost some (many?) might not like to bear.

(1) Get hold of the most antique cell phone you can find. No bells and whistles. Just phone and text capability. (2) Leave it off until you want to make a call or send a text, or you are expecting one by arrangement by other means. (3) Switch it off again directly you have used it. (4) Celebrate your freedom from always being contactable. We used to live like that, and no one suffered unduly because of it.

(Clearly this will not work if you have to have a cell phone and keep it on because of your job.)

In case you think I am some sort of techno-Luddite, that is far from the case. I adopt various detailed strategies to keep my privacy online. But cell phones are impossible in terms of privacy: as long as they ping the local tower, someone somewhere - and, increasingly, more and more organizations, governmental and others - can track your movements.

Oh, and use cash whenever you can.

smithMarch 26, 2013 9:03 AM

This is nothing new, see "Understanding individual human mobility patterns" by Gonzalez, Hidalgo, and Barabasi in 2008. They used a data set of 6 million anonymized mobile phone users to find some interesting patterns. Relevant to this article, they showed that by ranking a user's locations by frequency then the probability of finding that user at a given location is proportional to the inverse of the rank. So needing only four data points isn't very surprising.

When you think about it, this is pretty obvious. I go to work and back home, with maybe a few other places like a grocery store and favorite coffee shop. Home and work alone would be enough to uniquely identify me.

LeoloMarch 26, 2013 10:56 AM

@pensieri : those are not very useful suggestions : first off, it makes you impossible to reach. Secondly, when you turn the phone on, you are creating a data point. To "anonymise" this data point, you either have to call from 3-4 specific public places (in which case why not use a pay phone) or never the same place twice (how are you going to remember this?)

boogMarch 26, 2013 11:41 AM

"Exact same thing" as fingerprints? Does that mean that impersonating someone could be as simple as following them around for a couple of days?

Not that there aren't easier methods, of course.

I'm just fearing the day that mobile phone location data might be used to condemn someone in a courtroom setting.

bcsMarch 26, 2013 12:06 PM

Does that imply: "each user had at least one set of at most 4 space/time points that are unique to that user" or "if you have 4 random space/time points from a person's track, it usually uniquely identified one cell phone"?

On another note, I'd bet the best points to nail down would be derived from the home and work locations plus commute times. Easy to get and give lots of repetitions to filter noise from.

cmurphyMarch 26, 2013 12:25 PM

The EFF position is ideal, but impractical. The information collected about people belongs to those who collect it. It is not a search of my person or my property. And restricting only the government from getting this information, while companies are allowed to freely share it, means the sovereign is demoted to that of corporations. So, who's the sovereign?

I think it takes a constitutional amendment to really fix this, and there's simply no incentive to do that.

ArclightMarch 26, 2013 1:38 PM

@pensieri

Tried this. The cell provider said it would be against the law for them to knowingly activate a phone without GPS in the USA. Good luck!

arclight

Quote:
"(1) Get hold of the most antique cell phone you can find. No bells and whistles. Just phone and text capability. "

-BMarch 27, 2013 6:15 AM

>So, who's the sovereign?

In the US it's (Constitutionally) The People.

Next question...

indeedMarch 27, 2013 11:51 AM

I like the 4 different phone idea but triangulation by tower is not very precise. In my country they always go off cached gps coords and many criminals have avoided convictions by just turning off their phones when they go to shoot up a nightclub

HimMarch 27, 2013 1:57 PM

I assume you are aware of the fact, that unless you remove the battery from your phone physically. You did not turn _anything_ off, right? Including your mic, gps etc...?

HerMarch 27, 2013 2:22 PM

Watch Malte Spitz @ TED talk from 2012 about your phone if you are not informed. .. That's only hakf the truth..

WaelMarch 27, 2013 7:06 PM

@Him

I assume you are aware of the fact, that unless you remove the battery from your phone physically. You did not turn _anything_ off, right? Including your mic, gps etc...?


You assumed wrong. I'm not aware of this fact. You do turn off _somethings_

IT'S MINE! ALL MINE!March 27, 2013 11:59 PM

Reality mining
- https://en.wikipedia.org/wiki/Reality_mining

Reality Mining Dataset - Publications and Findings
- http://realitycommons.media.mit.edu/realitymining3.html

"The GroupMedia project evolved from our work at the Wearable Computing Group, a.k.a. Borglab, driven by the need for more perceptual socially-aware applications for cell phones and PDAs. We measure speech speaking styles (speech feature processing), head-nodding, body motion (accelerometry) and physiology (galvanic skin response) to understand interest in conversations, effectiveness of elevator pitches, movie audience reactions, speed-dating, focus groups, and group interaction dynamics."
- http://groupmedia.media.mit.edu/

More:

- http://hd.media.mit.edu/TechnicalReportsList.html
- http://www.heinz.cmu.edu/~acquisti/research.htm

vasiliy pupkinMarch 28, 2013 10:07 AM

Looks like old pager provides location privacy versus cell phone: tower is broadcasting witout pinpointing location of pager when person is checking message. Right?
Any technical input is appreciated.

Clive RobinsonMarch 28, 2013 1:31 PM

@ vasiliy pupkin,

Looks like old pager provides location privacy versus cell phone

If you have a hunt back on this blog you will see that RobertT and myself outlined in reassonable depth how to go about using pagers to do this with "basher phones" and one or two other bits and bobs.

One way that I've thought about further since the "Moscow Rock" incident is using something similar.

Unlike mobile phones etc pagers are fairly light on their batteries and can be used as a "wake up" for more power hungry electronics (simply by hot wiring across their buzzer/vibrate output).

If you were to put a largish battery, pager, wakeup PIC circuit and a gumstick or Raspberry Pi single board Linux system setup as a wireless non broadcast AP in your own 'rock' or other casing you would have an effective electronic "dead letter drop box". Based on the prices I've seen for the bits you are probably looking at around 100USD for the electronics and the same again for a suitable case (the battery is going to be the realy expensive part as you would need "super cells" with a very long life and minimal self discharge).

Due to the range of WiFi style dongles with modified antennas I original considered putting one in a reasonable sized IP67 "locking junction box" style case with solar cells bonded to the top and fix it to the roof of a conveniant building near a pub / restaurant / park or other frequently populated area.

After a few experiments I found that the local shopping center with lots of cafes and book shops with coffee shops etc was probably the best place.

FigureitoutMarch 29, 2013 7:37 AM

@Clive Robinson
--Do you ask the owners of the building or just drink a lot of coffee and read books?

Clive RobinsonMarch 29, 2013 1:40 PM

@ Figureitout,

Do you ask the owners of the building or just drink a lot of coffee and read books?

A little of both, if it's not to busy you get left alone as you make the place look popular, if it's very busy they are often to busy to worry about you. If they do worry you you say you are waiting for a friend. Then with a very handy little gadget you can get from a toy shop, press a buttton and it sounds like an SMS has jusst come in on a phone, get your phone out and look at any old SMS frown get up and ask the waiter for directions to a different coffee shop saying your friend texted from there and make a dignified exit. The shop atleast got the price of one coffee (or herbal tea in my case) out of you.

Oh one thing you need to check is some places (including one or two MuckyD's) don't set up their WiFi AP properly and I've found certain VoIP protocols tunnel through quite nicely without neediing to be disguised as HTTPS traffic via stunnel etc... It's even truer of the local Mom&Pop Tea Shop...

LisaMarch 30, 2013 2:27 PM

I admit I don't really think much about the data my cell phone gives any person or organization about me. But the fact that they only need four data points to identify person is both creepy and fascinating at the same time.

Creepy that we can be spied upon so easily. Fascinating that we're such creatures of habit that we can be so easily identified by where we go and what we do.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..