A simple software fix could limit location data sharing

In recent years, location data sharing by wireless carriers has been a significant privacy problem. Sophisticated third-party companies were able to track where people are using the information that was gathered by carriers from their phones and other nearby towers. This allowed marketers, salespeople and even bounty hunters to make money. Despite promising to cease selling data, major US carriers AT&T, T-Mobile and Verizon continued this practice until the Federal Communications Commission proposed almost $200 million in combined fines. Carriers are still keen to learn as much as possible about you. Researchers now propose a simple solution to limit the amount of bulk location data that they can obtain from cell towers.Apps that allow you to access your GPS data are the mainstay of third-party location data. However, the location data that cell towers can provide has provided an alternative route. It's been obvious for years that there is little to be done to stop this leakage. This would likely mean that the systemic upgrades carriers loathe to make are required to cut off access to this data.On Thursday, however, network security researchers Paul Schmitt of Princeton University, and Barath Raghavan of University of Southern California will present a scheme called Pretty Good Phone Privacy. This can hide wireless users' location from carriers using a simple software update that any carrier can use without any tectonic infrastructure changes.Raghavan states that bulk data collection and its sale is the main problem. It is a privacy issue for users that carriers can collect location data, regardless of whether they are selling it. Our goal was to achieve backward compatibility. Because we knew that the telecoms wouldn't roll out any new products, we didn't want them to.Because each SIM card is assigned a permanent ID number (also known as an IMSI number or international mobile subscriber identification), the possibility to collect bulk location data over wireless networks exists. Your device will reach out to the nearest cell tower to present an IMSI number when it reboots, is inactive for a while or establishes a new connection. This number allows carriers to verify that you have paid your phone bill. It also informs the network about nearby cell towers. This interaction is used by surveillance tools called stingrays and IMSI catchers to get your location and even listen in on your texts and calls.AdvertisementWireless standards assign every device an individual, random rotating ID to make it harder for someone else to track you. There are already security measures in place. Users would be able to make the first IMSI step more private.Pretty Good Phone Privacy is a new concept that reimagines the billing process that networks use. Researchers propose installing portals on all devices that use an app or other operating system function to run periodic checks with a billing server in order to verify that the user is still active. The system would issue digital tokens that do not identify the device, but indicate whether the wireless account has been paid. The exchange would then funnel the device to the portal to determine if it wants to provide service. Researchers discovered that the system can accept any ID or IMSI number for each user if it has another method to confirm billing status.Schmitt says that when you attach to the network you will need to provide the IMSI number. This shows the backend database that your are a paying customer and the services you have subscribed. The system informs the rest the core about your access to the network. The calculus is changed by what we do with PGPP. Without knowing your identity, the subscriber database can confirm that you're a paying user. We have decoupled billing and authentication.Carriers would find it easier to update billing systems and distribute an app to their users than doing extensive network overhauls. Raghavan, Schmitt are currently working to turn their research into an app that can be promoted among US telecoms. They admit that it is unlikely that the entire industry will adopt PGPP soon, despite the ease of adoption. However, just a few carriers could make a difference, they claim. Because bulk location data is less reliable when a significant part of it is corrupted. For example, if 9 million Boost mobile subscribers broadcast the same or randomized IMSI numbers it would compromise the accuracy and utility of the whole data set.AdvertisementBruce Schneier, cryptographer, has become a project advisor after learning about PGPP in January.Schneier states that one carrier can do this on their own, without anyone's permission. This is something I can see smaller companies offering as a value-add. This allows for privacy at very low cost. This is the best thing.Standing apart on privacy in a monolithic, competitive wireless market could be a selling point. The big three carriers may try to prevent MVNOs adopting PGPP via contractual moratoria. Researchers say that some MVNOs are interested in the proposal.Between the potential threat of law enforcement and data access lossplus the need to distribute an application or get mobile operating system to participantscarriers might not be motivated to adopt PGPP. Schmitt points out that even though law enforcement may be against such a scheme it is still possible for carriers to do targeted location history lookups on specific phone numbers. The researchers believe that the approach would be legal under the Communications Assistance for Law Enforcement Act in the United States. This is due to the fact that PGPP only provides privacy protections for cell phone interactions that use data networks such as 4G and 5G. It does not attempt to integrate with older telephony protocols, which allow for traditional phone calls and SMS texts. For maximum privacy, users would have to rely upon VoIP calling and data-based message for maximum privacy.This approach also focuses IMSI numbers along with their 5G counterparts known Subscription Permanent Identifiers (or SUPI). It doesn't protect and occlude static hardware identifiers such as International Mobile Equipment Identity numbers (IMEI) or media access control addresses (MAC) addresses. They are not used in cell tower interactions that researchers want to anonymize but could be used for other tracking.It is important to have a simple solution for one location data exposure after years of data misuse, privacy concerns, and increasing privacy concerns.To be completely honest, my feeling now is "How did we not see that before?" Raghavan states. It's not "Wow, this was so hard to figure out." It's evident in retrospect.Schmitt says that this made us feel more comfortable as system researchers. The simpler the system, ultimately, the better it is.This story first appeared on wired.com