When Politico published Supreme Court Justice Samuel Alito’s draft opinion that would undo Roe v. Wade, a number of commentators observed how hard it would be for women in states that had made abortion illegal to safely travel to abortion clinics elsewhere. Their phones’ location histories would give them away, or maybe their search histories would. Even their texts might do so.
If people want to travel incognito to an abortion clinic, according to well-meaning advice, they need to plan their trip the way a CIA operative might – and get a burner phone. As a cybersecurity and privacy researcher, I know that wouldn’t be good enough to guarantee privacy.
Using a maps app to plan a route, sending terms to a search engine and chatting online are ways that people actively share their personal data. But mobile devices share far more data than just what their users say or type. They share information with the network about whom people contacted, when they did so, how long the communication lasted and what type of device was used. The devices must do so in order to connect a phone call or send an email.
Who’s talking to whom
When NSA whistleblower Edward Snowden disclosed that the National Security Agency was collecting Americans’ telephone call metadata – the Call Detail Records – in bulk in order to track terrorists, there was a great deal of public consternation. The public was rightly concerned about loss of privacy.
Researchers at Stanford later showed that call detail records plus publicly available information could reveal sensitive information, such as whether someone had a heart problem and their arrhythmia monitoring device was malfunctioning or whether they were considering opening a marijuana dispensary. Often you don’t have to listen in to know what someone is thinking or planning. Call detail records – who called whom and when – can give it all away.
The transmission information in internet-based communications – IP-packet headers – can reveal even more than call detail records do. When you make an encrypted voice call over the internet – a Voice over IP call – the contents may be encrypted but information in the packet header can nonetheless sometimes divulge some of the words you’re speaking.
A pocket full of sensors
That’s not the only information given away by your communications device. Smartphones are computers, and they have many sensors. For your phone to properly display information, it has a gyroscope and an accelerometer; to preserve battery life, it has a power sensor; to provide directions, a magnetometer.
Just as communications metadata can be used to track what you’re doing, these sensors can be used for other purposes. You might shut off GPS to prevent apps from tracking your location, but data from a phone’s gyroscope, accelerometer and magnetometer can also track where you’re going.