Company Tracks Iowa Caucusgoers by their Cell Phones

It's not just governments. Companies like Dstillery are doing this too:

"We watched each of the caucus locations for each party and we collected mobile device ID's," Dstillery CEO Tom Phillips said. "It's a combination of data from the phone and data from other digital devices."

Dstillery found some interesting things about voters. For one, people who loved to grill or work on their lawns overwhelmingly voted for Trump in Iowa, according to Phillips. There was some pretty unexpected characteristics that came up too.

"NASCAR was the one outlier, for Trump and Clinton," Phillips said. "In Clinton's counties, NASCAR way over-indexed."

Kashmir Hill wondered how:

What really happened is that Dstillery gets information from people's phones via ad networks. When you open an app or look at a browser page, there's a very fast auction that happens where different advertisers bid to get to show you an ad. Their bid is based on how valuable they think you are, and to decide that, your phone sends them information about you, including, in many cases, an identifying code (that they've built a profile around) and your location information, down to your latitude and longitude.

Yes, for the vast majority of people, ad networks are doing far more information collection about them than the NSA­ -- but they don't explicitly link it to their names.

So on the night of the Iowa caucus, Dstillery flagged all the auctions that took place on phones in latitudes and longitudes near caucus locations. It wound up spotting 16,000 devices on caucus night, as those people had granted location privileges to the apps or devices that served them ads. It captured those mobile ID's and then looked up the characteristics associated with those IDs in order to make observations about the kind of people that went to Republican caucus locations (young parents) versus Democrat caucus locations. It drilled down farther (e.g., 'people who like NASCAR voted for Trump and Clinton') by looking at which candidate won at a particular caucus location.

Okay, so it didn't collect names. But how much harder could that have been?

Posted on March 2, 2016 at 6:34 AM • 23 Comments

Comments

Clive RobinsonMarch 2, 2016 7:35 AM

Okay, so it didn't collect names. But how much harder could that have been?

Probably not very, but then "did they need to?"

A name after all is just a tag by which we are indexed, just like our social security number and many other tags down to "Chris's mum" or just "mummy".

The tags express a relationship that in turn often expresses one or more rolls within life/society an individual has.

From a data usage point of view the "name" tag, nice though it is, is of little real use, except "in the last mile" of CRM where somebody has to "stroke the individual"...

M. WelinderMarch 2, 2016 8:13 AM

> Okay, so it didn't collect names. But how much harder could that have been?

That depends on the desired accuracy:

10%: probably trivial
50%: easy
90%: getting harder
99%: very hard
100%: not even the NSA

In other words, the success criterion is different for (say) road-pricing
in London (50% would be fine; we'll catch them next time) and spotting
incoming ICBMs (50% would be a disaster; there is no next time).

jaysonMarch 2, 2016 8:58 AM

So of the people who carry cell phones, a subset of whom carry smart phones, a subset of those who have location tagging enabled, a subset of which devices also responded to particular ads they have gathered data.

What could possibly be wrong with drawing conclusions from that data?

/sarc

MenloeparkMarch 2, 2016 9:03 AM

So this date could also be collected at all voting locations for all official elections nationwide, routinely.

Correlated with tons of other available personal data -- "secret ballots/voting" will eventually be rendered moot.

Of course, the government's collect-it-all standard has likely already eliminated secret-balloting in major elections. It's relatively easy technically to ID individuals in a voting booth with their actual voting selections, if one is not too fussy about legalities and/or directly controls the voting "systems" in use.

But maybe totally open & public voting has some significant benefits when dealing with a highly secretive and intrusive government?

"The people who vote decide nothing-- the people who count the vote decide everything" (Joe Stalin)

rMarch 2, 2016 9:43 AM

@jayson

location tagging, at least as noticed on my numerous androids: is enabled by default on firefox, chrome and webkit. The difference is in the user prompts as to individual instance/site permission.

i-zombiesMarch 2, 2016 9:56 AM

They're not cellphones, they are MOBILE TRACKERS/RECORDERS. And the World Bank reckons that 75% of the global population has one.

Appelbaum: Cell phones are tracking devices that make phone calls. It’s sad, but it’s true. Which means software solutions don’t always matter. You can have a secure set of tools on your phone, but it doesn’t change the fact that your phone tracks everywhere you go. And the police can potentially push updates onto your phone that backdoor it and allow it to be turned into a microphone remotely, and do other stuff like that. The police can identify everybody at a protest by bringing in a device called an IMSI catcher. It’s a fake cell phone tower that can be built for 1500 bucks. And once nearby, everybody’s cell phones will automatically jump onto the tower, and if the phone’s unique identifier is exposed, all the police have to do is go to the phone company and ask for their information.


Resnick: So phones are tracking devices. They can also be used for surreptitious recording. Would taking the battery out disable this capability?

Appelbaum: Maybe. But iPhones, for instance, don’t have a removable battery; they power off via the power button. So if I wrote a backdoor for the iPhone, it would play an animation that looked just like a black screen. And then when you pressed the button to turn it back on it would pretend to boot. Just play two videos.

Resnick: And how easy is it to create something like to that?

Appelbaum: There are weaponized toolkits sold by companies like FinFisher that enable breaking into BlackBerries, Android phones, iPhones, Symbian devices and other platforms. And with a single click, say, the police can own a person, and take over her phone.

And let's not forget the iconic NSA slide (rare accurate analysis):

"Who knew in 1984... that this would be Big Brother [referring to the i-phone].... and the zombies would be paying customers?"

Yep - The Walking Dead isn't a horror series, we are truly living it.

All this FBI - Apple stuff is great theater, but a smokescreen to hide the fact that not a single phone is safe, nor likely ever will be.

Yet, bad guys win hands down, every day of the week, by simply binning technology for all nefarious planning; the ultimate 'going dark' that cannot be beaten despite the size of the security apparatus.

Life's a bitch if you're Stasi once the zombies work that one out hey? Charlie Sheen---- winning!

PS Does Skeptical only raise his goon head when they start losing court cases? Seems that way.

Anonymous CowMarch 2, 2016 10:41 AM

@jayson: add another wild card to your theory: the smartphone carried by a person is actually owned by the person's employer. Any characteristics derived from such phone usually belongs to the employer and not the person who possesses the phone. Have fun interpreting the data noise!

IoT segueMarch 2, 2016 10:49 AM

Companies like this are only one small part of the problem. Think Big (IoT), because Big Brother does:

Here's Crapper:

"In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials,” Clapper told a Senate panel as part of his annual “assessment of threats” against the US.

Uh oh. But don't forget the CIA Betrayus:

Items of interest will be located, identified, monitored and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvesters – all connected to the next-generation internet using abundant, low-cost, and high-power computing.

So, along with dumping your cellphone permanently, civil libertarians might want to lose Stasi Barbie, the latest dishwasher, Fit Bit, some thermostats, household DropCams, various smart televisions that like to listen to your voice, X-Box Kinnect, Amazon Echo, GM's Onstar Program, smart fridges yada yada yada........

Basically re-live that 70s show if you want to secure your privacy since the spooks will hack everything, everywhere without fail given the amoral code they live by. Guaranteed. As Judge Orenstein noted in giving the freaks a backhander in court recently:

In a world in which so many devices, not just smartphones, will be connected to the Internet of Things, the government's theory that a licensing agreement allows it to compel the manufacturers of such products to help it surveil the products' users will result in a virtually limitless expansion of the government's legal authority to surreptitiously intrude on personal privacy.

Don't entertain the thought either that any Court losses will deter the freaks. Only by removing these vectors completely can you win and give it to the man.

"Winning"

DanielMarch 2, 2016 2:14 PM

I don't think that getting the names is worth the cost benefit. The primary reason this data is valuable is political advertising and political framing. For example, I was surprised that young parents went Republican because the narrative I keep hearing is how young people are more liberal than their parents and look to Europe. This data suggests that may only be true for young single people and that young parents are more conservative generally.

The point that I'm trying make is that much political strategy is focused around the demographics of groups. In such cases, names are meaningless.

David LeppikMarch 2, 2016 2:41 PM

@Daniel, if they can map the data to the house you live in, they can sell it to the door-knockers to remind you to get out and vote-- or to avoid reminding you.

Slime Mold with MustardMarch 2, 2016 3:04 PM

MIT's Technology Review did an excellent article on data mining for campaigns. When phones are added, it becomes horrifying:

"Obama’s campaign began the election year confident it knew the name of every one of the 69,456,897 Americans whose votes had put him in the White House"

https://www.technologyreview.com/s/509026/how-obamas-team-used-big-data-to-rally-voters/
(Java Script required :(


@ Daniel
"When Wagner was hired as the DNC’s targeting director, in January of 2009, he became responsible for collecting voter information and analyzing it to help the committee approach individual voters by direct mail and phone."

Getting people to the polls really is the end game. The US has something like 57% turnout for presidential elections.

DanielMarch 2, 2016 4:06 PM

@David and Slime.

There are pre-existing voter and party registration lists for that. What is powerful about this data is the way that it can be correlated with interests and preferences. Voter registration rolls will tell you who has and who has not voted in the past and thus who door one needs to knock on. But what voter registration rolls won't do is tell the person who shows up at the door what to say...

So one doesn't need to get names and addresses from the cellphone. What one needs to get are the interest and preferences.

Slime Mold with MustardMarch 2, 2016 4:54 PM

@ Daniel

"interest and preferences". True enough. Over the last few years, the level of detail for sale is astounding. I and family members have worked for campaigns. Usually some consulting firm tells the campaign what to spend - based on what they think their opponent is spending (and trying to go one level better), and the "foot power" (door knockers) available. You have to train door knockers not to let on how much they know about a voter - it freaks them out.

Mass media buys can't be too varied or overly tailored because voters can get the impression that the candidate is sucking up to everyone (which they usually are, but you can't let people know that).

Oh ... "door knockers" and "phone bankers" interchangeable.

ThunderbirdMarch 2, 2016 5:00 PM

So of the people who carry cell phones, a subset of whom carry smart phones, a subset of those who have location tagging enabled, a subset of which devices also responded to particular ads they have gathered data.

What could possibly be wrong with drawing conclusions from that data?

Dewey Wins!

fernMarch 2, 2016 5:52 PM

Slime Mold with Mustard, Javascript isn't actually required for that page. It's just invisible by default. Use "View / Page Style / No Style" in Firefox.

rMarch 2, 2016 8:39 PM

@fern,

Protip on the css override...
It's a love/hate kinda thing w it i guess, thanks.

Dirk PraetMarch 2, 2016 8:42 PM

@ Slime Mold with Mustard, @ Menlopark

Obama’s campaign began the election year confident it knew the name of every one of the 69,456,897 Americans whose votes had put him in the White House"

Which made me kinda wonder how this can be reconcilable in any way with the secrecy of the ballot, as set forward in:

- Article 21.3 of the UDHR: "The will of the people...shall be expressed in periodic and genuine elections which...shall be held by secret vote or by equivalent free voting procedures."
- Article 23 of the American Convention on Human Rights, that grants to every citizen of member states of the Organization of American States the right and opportunity "to vote and to be elected in genuine periodic elections, which shall be by universal and equal suffrange and by secret ballot that guarantees the free expression of the will of the voters"

Some digging reveals that although elections in the US are mostly held by secret ballot, there would appear to be no such thing as a constitutional right to a secret ballot according to a 2012 verdict delivered by Denver US District Judge Christine Arguello. Which makes this yet another case where customary international law is blatantly ignored in the land of the free and the home of the brave.

Needless to say that none of this tracking bonanza would fly in any country where the secrecy of the ballot is guaranteed either by its constitution or other statute.

SoWhatDidYouExpectMarch 3, 2016 10:06 AM

Additional concerns in this vein:

http://www.cbsnews.com/news/25-apple-watch-comes-with-a-major-catch/

Read the entire post.

Also:

http://www.cbsnews.com/news/why-auto-insurers-want-to-watch-you-breathe-sweat-and-swear/

If they don't have your name, they can get it. Further, they will probably couple all of this data with your credit report and all other available data (legitimately or otherwise) so it can be used "against" you. This includes your SSN. Once they get it, then by default, the bad guys have it.

HIPAA protection the 1st item above (well, attempt to).

When nobody can afford insurance any more, that takes care of the 2nd item above.

SoWhatDidYouExpectMarch 3, 2016 3:54 PM

More on tracking:

U8 Smartwatch Engages In Covert Traffic With Chinese IP Behind Your Back

http://yro.slashdot.org/story/16/03/03/203230/u8-smartwatch-engages-in-covert-traffic-with-chinese-ip-behind-your-back

These "personal tracking devices" are everywhere, and so are the watchers!

Who watches the watchers?

If their data was just as available to EVERYBODY, then we would have something different to deal with. But that won't happen, which makes their actions subversive if not criminal.

BoppingAroundMarch 3, 2016 4:13 PM

[re: apple watch] SoWhatDidYouExpect,
I like the way they frame it — as a reward. Also makes me wonder how long
until there will be lifehack articles regarding fooling such devices.

swwMarch 4, 2016 12:43 PM

re: voting confidentiality, one of the big reasons it's a big deal is to prevent intimidation to vote a specific way. Yes, if you know that someone is likely to vote for candidate A, you can send a guy over to say "I'll break your kneecaps if I see you at the polling station". But with confidential votes, you CAN'T say "If your voting slip says you voted for candidate B, I'll give you a hundred bucks". There was a time when that happened, before standardized ballots; candidates would provide their own voting slips and you could tell "someone dropped a red one in the box -> that was a vote for candidate B".

dar7ylMarch 4, 2016 4:13 PM

Jason said: "So of the people who carry cell phones, a subset of whom carry smart phones, a subset of those who have location tagging enabled, a subset of which devices also responded to particular ads they have gathered data. What could possibly be wrong with drawing conclusions from that data?"

With the ubiquity of the smart phone today, and the sample size they did acquire, the odds are (pun intentional) that the statistical validity of the data is quite high.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.