"If I know your phone number, I can track your whereabouts globally."
I was shocked when I read that statement from security researcher Nick Petrillo almost eight years ago. But since then, the situation has only gotten worse.
Federal Communications Commission (FCC) regulations require cell phones to have tracking technology that can pinpoint their precise location, especially in densely-populated areas. Law enforcement, intelligence agencies, and hackers use this data to track you wherever you go. It's also now possible to merge cellular calling records with location information. This permits police to identify your network of friends or what data-mining experts call your "communities of interest."
This term used to describe this aggregate information is metadata, and it has much less legal protection than the actual content of your cell phone text messages or phone calls. For instance, in 2016, the National Security Agency (NSA) collected more than 151 million records about phone calls made by Americans. And no, these calls weren't all related to terrorism. That same year, the NSA obtained warrants to collect data on only 46 terrorist suspects.
Companies like Google are intensely interested in this information as well. In fact, for most of 2017, all Android phones (which are equipped with Google's operating system) automatically collected the addresses of nearby cellular towers. This data was then sent back to Google, the company with the motto "Don't be evil."
Google collected this information even if you disabled location services, didn't use any apps, or even had no SIM card in the phone. The data collection occurred as part of the practices Google used to manage notifications and messages on Android phones. Once security researchers outed the company about this practice, Google promised to discontinue it.
Don't be evil? Yeah, right.
What does your cell phone metadata reveal about you? In 2016, researchers at Stanford University decided to investigate what metadata can reveal. They designed an Android app they called MetaPhone and distributed it to more than 800 volunteers.
For eight months, the Android phones of the volunteers shared call and text logs with a server set up by the researchers. The data collected consisted of the time a call or text was sent or received, the duration of the call (or the length of the text message), and the phone number of the correspondent.
The raw data consisted of more than 62,000 phone numbers, 250,000 calls, and 1.2 million texts. To make sense of it all, the team set up a program to identify as many of the phone numbers as they could. After skimming publicly available data from social media websites like Facebook, performing basic Google searches, and using a public records retrieval service, they were able to identify the owner of 82% of the phone numbers. They were also able to identify the romantic partners of the volunteers with 80% accuracy.