“This is the tip of the iceberg,” one person told me. “The public has zero idea,” wrote another.
I wrote an article in May about a company that bought access to data from the major U.S. cellphone carriers. My reporting showed that the company, Securus Technologies, allowed law enforcement to get this data, and officers were using the information to track people’s locations without a warrant. After that article ran, I started getting tips that the use of location data from cellphones was more widespread than I had initially reported. One person highlighted a thread on Hacker News, an online forum popular with technologists. On the site, people were anonymously discussing their work for companies that used people’s precise location data.
I called sources who knew about mapping and location data. Many had worked in that field for more than a decade. I also partnered with other Times reporters, Natasha Singer and Adam Satariano, who were looking into something similar. These conversations were the start of an investigation into how smartphone apps were tracking people’s locations, and the revelation that the tipsters were right — selling location data was common and lucrative.
On a big investigation like this one, hours and even days of work can go into a single paragraph or even a sentence. This is especially true in technology investigations because the subject matter is so detailed; combing through data and conducting technical tests is time consuming.
Aaron Krolik, a software engineer on our interactive news desk, helped us test apps. For apps to send GPS data to companies, the information has to be transmitted from the phone to a computer server far away. Aaron used a technical tool that could read and record all that data as it was sent from the phone. He also used more complicated computer security research techniques to help reveal many of the transmissions. We sat in glass-doored meeting rooms in the New York Times building and poked around on apps for hours.
At the same time, Natasha, Adam and I contacted companies that use location data, clients of those companies, former employees, app makers and computer security researchers. We interviewed over 50 people for this piece and corresponded by email with dozens of companies to make sure we got their side of the story.
Finally, we were ready. We had a rough draft of an article about an interesting new economy using people’s location data. We found that these companies, many of them small start-ups, examined location data to determine people’s preferences and target them with advertising. They were using it to help retailers learn more about their customers, or hedge funds beat the market by analyzing foot traffic at stores. Some of them also sold the data.
Then I talked with someone who had access to some information from one of the dozens of companies in this industry and thought the public should know more about it. When we reviewed this data, we realized we had something the average smartphone user would never typically see. It blew us away.
Michael Keller, a reporter and programmer on the tech investigations team with me, put the data points on a map, and they covered the entire city. With this amount of data, the first mapping program he tried was frustratingly slow. So he built a program he called QueryMe, which let us look at the phones passing through different locations or at the paths of individual devices.
We had committed to not identifying anyone without permission, so we looked at our own paths first. We were curious whether there were devices that spent a lot of time in our own apartment buildings as well as at our offices. Unfortunately, our entire team is fairly tech-savvy, and many of us don’t have location services enabled all the time. We weren’t in this slice of data, as far as we could tell. Fortunately, I found a few people who allowed us to pull their location data and be identified.