The FBI and other law enforcement agencies are currently evaluating social media posts in particular that those involved in the storming of the US Capitol in the heat of the moment and for targeted self-staging in large numbers. An extensive leak of cellular data from the day of the attack on the US Congress on January 6th from the scene of the incident in Washington is now fueling the debate about how reliable the information is, whether it can also be evaluated by authorities and how transparent the area-wide Tracking the citizens makes.
The “eye of god”
An informant provided the New York Times according to a post on Friday a data set with around 100,000 location information for thousands of smartphones by supporters of ex-US President Donald Trump, rioters and passers-by. The measured values allowed a look at the events of the “dark day” in the style of the “Eye of God”, writes the newspaper. They revealed that around 130 of the captured cell phones were in the Capitol when the mob stormed the House of Parliament.
About 40 percent of the cell phones found near the rally stage on the National Mall during the speeches by Trump and his supporters also appeared on the set during the Capitol Siege, according to the report. This makes it clear that many of the audience were actually incited and marched to the congress building.
Journalists could associate “anonymous data” with people
Although the data did not contain any names or phone numbers, the journalists said they were able to connect dozens of devices with their owners and thus link apparently anonymous location information to the names, addresses, profiles in social networks and phone numbers of those present. In one case, traces of three members of a family could have been found.
The authors were able to reconstruct how Trump supporters traveled to the capital from states such as South Carolina, Florida, Ohio and Kentucky in the days before the attack, with the “pings” recorded neatly along the major highways. Stops at gas stations, restaurants and motels were recognizable. In many cases, the traces then led from the Capitol directly back home.
“Yes, we were in”
The reporters claim to have traced a phone that the data said was in the Capitol to a user in Kentucky. His identity was confirmed, for example, on his Facebook page, where photos of him could be seen “as he stood on the steps of the building during the occupation”. Another shot shows a crowd in front of the Capitol and its wide open doors. “Yes, we were inside,” was the comment that has since been deleted along with the pictures.
When asked about the contributions, the pest exterminator insisted never to have entered the Capitol. “It is impossible for my phone to say I was inside,” the authors quote. The data spoke a different language, but you couldn’t rely on it one hundred percent. Location information is sometimes accurate to within a few meters, while others are quite fuzzy. Location companies work with measured values from GPS sensors, WLAN hotspots and Bluetooth signals, for example. The quality depends on the settings of the phone and the network connection. Aspects such as population and building density also play a role.
Unique ID for every smartphone user
The newspaper had already received the location data of more than 12 million smartphone users in 2019, which was recorded by weather apps and map services. At the time, reporters even managed to trace Trump’s ways. The new set now also contained a unique ID for each smartphone user. This made it even easier to identify individuals by comparing them with other databases.
The corresponding Mobile Advertising ID, as a kind of supercookie, enables advertising networks to track people on the Internet and on apps. Privacy advocates consider the associated promise of anonymity to be a farce. Several companies offer tools that allow anyone with access to location information to match IDs with other databases.
“It is naive to believe that …”
In no time at all, you could have linked over 2000 apparently anonymous devices from the data set with e-mail addresses, birthdays and age, the authors explain. Service providers such as Cuebiq published lists of customers who could receive such IDs along with precise location information. Companies such as Adobe and Google, but also start-ups such as Hivestack, Mogean, Pelmorex and Ubimo are listed on it. Cuebiq officially prohibits the merging of location data with personal information. However, smartphone users have no right to information in the USA. There are also no deletion periods for the companies.