
The $24B Data Business That Telcos Don't Want to Talk About - larrys
http://adage.com/article/datadriven-marketing/24-billion-data-business-telcos-discuss/301058/
======
chollida1
Many hedge funds have started to consume this type of data.

There is a piece in WSJ that discusses how one fund, two sigma, uses cell
phone tracking data, as well as many other sources of data to build trading
signals.

[http://www.wsj.com/articles/how-computers-trawl-a-sea-of-
dat...](http://www.wsj.com/articles/how-computers-trawl-a-sea-of-data-for-
stock-picks-1427941801)

In fact, I think the biggest funds are putting more effort into this type of
big data exploration from funds than they are into trying to glean more
information out of the time series data provided by the exchanges data feeds.

10 years ago, being able to scrape the web was a competitive advantage for
funds, 5 years ago it was real time sentiment analysis of news reports.

Today, its being able to consume 100's of disparate data feeds and build alpha
generating signals from it.

~~~
Animats
Are they tracking the CEOs of companies in which they invest, or what?

Tracking A, B, and C-level executives should be very profitable. Who meets
with whom is valuable info. Especially when you also have their phone call
metadata. The activity in advance of a merger should be quite visible.

Tracking elected officials should reveal who influences whom, and who's
bribing whom. It may be possible to detect bribery to the level of
establishing probable cause for an investigation in that way.

~~~
exelius
No, it's more about understanding consumer sentiment about a product category
or company based on mining consumer information in aggregate. For example, a
hedge fund could know how many people went inside a Wal-Mart over the last few
months based on cellular location data. If there's an unfavorable downturn in
store traffic, the hedge fund can shift its investments based on information
that Wal-Mart won't report for another few months.

> Tracking elected officials should reveal who influences whom, and who's
> bribing whom. It may be possible to detect bribery to the level of
> establishing probable cause for an investigation in that way.

The way political fundraising is done in the US, most bribes look like
legitimate campaign finance money. In some states, it's even legal for a
candidate to simply redirect whatever is in his campaign fund directly into
his own bank account after the election. And even in states where that is
illegal, 501(c)4 / SuperPACs allow politicians to do whatever they want with
the money with no oversight.

With laws like that, why even bother to investigate bribery?

~~~
hackuser
>> Are they tracking the CEOs of companies in which they invest, or what?

> No ...

How could you know that? I doubt anyone would reveal it, and I don't see why
they wouldn't - for the unscrupulous (there are plenty of them), it could be
very valuable. Remember the story about Uber tracking journalists, for
example.

~~~
tomp
They _would_ track CEOs, if only they could. I'm guessing that even in the US,
mobile networks only share aggregate or anonymized data about customer
location, and don't allow for spying on specific individuals.

If you want to track CEOs, I'm guessing it would be much easier to track their
private jets or the license plates of company cars.

~~~
tunap
they MAY only share aggregate but what's stopping, for example, VZW using the
data to their own means? competitors use their towers, potential acquisitions,
market/political threats or other interesting entities. Laws and morals?
Hahaha!

~~~
exelius
Most telecoms won't do this because the potential reward simply isn't worth
the liability they would have for insider trading (if they get caught spying
on corporate execs, then the SEC will assume they spy on every corporate
exec). In fact, most big telecoms have a secret "VIP" program that flags
accounts of especially wealthy, influential or famous people and restricts
access to them unless you're on the "VIP" customer service team.

I'm sure hedge funds track CEOs, but they're not using data from Verizon to do
it.

~~~
tunap
They calculate risk:reward and do whatever nets the most profitable return.
Fines and fees are only anathema when the costs exceed the gains gotten from
illicit behavior. Otherwise, paying fines without admitting guilt is the
corporate way.

------
hackuser
I've been trying to think of a practical, effective way for smartphone end
users to protect their confidentiality. This is the simplest solution I've
come up with, but I'd appreciate any feedback:

Hardware:

* Tablet, or smartphone with baseband disabled.

* Cellular-wifi router (i.e., wifi hotspot), prepaid so the provider doesn't need your personal info.

.

Software:

* Android with per-app permissions controlled by user (e.g., user can enable/disable access to location data for particular apps). This could be a fork of Android or maybe there is security software that could be installed, such as on a rooted phone.

* VOIP app on phone

* VPN

.

By decoupling the baseband from the handheld computer (i.e., by keeping the
tablet and cellular connection on different devices), using the cellular
service without providing identifying info, and sending only encrypted data
over the cellular connection (via VPN), you would protect your confidentiality
from the cellular provider.

Because your phone number is decoupled from your cellular service (because you
use VOIP over a VPN), nobody can tie your phone number to your location.

Of course someone who is determined could track you down. Your identity needs
to be tied to your phone number or nobody will know how to call you; and your
VOIP vendor could point someone to your VPN provider, who could point them to
your cellular provider, who could figure out which hotspot you use. But I
think it does protect you from everyday mass surveillance.

Any thoughts on how practical or effective this would be?

~~~
TeMPOraL
The biggest problem with this I think is that it files in the face of the
goals and incentives of all service providers. They want your personal data
for marketing (not to mention engineering reasons like infrastructure
optimizations), and they need your personal data because government.

Some commenters mentioned that you can still get burner SIMs in Europe, but
last time I checked it was incredibly hard anywhere in the world (maybe I
don't know where to look) - even in China they want your official documents to
sell you a prepaid card. The reason I always been told, that sounds plausible
to me, is that easy access to burner phones leads to too much mess with
criminals using them for their criminal things, and with random pranksters
calling in fake bomb alerts.

~~~
jessedhillon
When I was in Europe and Latin America both, I could buy SIMs by writing down
whatever number I concocted for my DNI. Now, I actually wrote my passport
number down but nobody really looked. One time I used my CA drivers licence,
which could have been a Boy Scout troop membership card for all anyone cared.

~~~
e12e
Note that document forgery is a "real crime" most everywhere - so if you were
caught (perhaps due to some unrelated investigation) - it might not be the
best idea.

I'm not saying you shouldn't break the law to preserver your anonymity (at
your own discretion) -- I'm just saying it's something to take into
consideration. If you for example fear that you might get dropped in a black
site, fed polonium or pushed down some stairs over your on-line activities --
a little document forgery might be just the ticket.

------
sitkack
I would consider this illegal wire tapping. Just because the carrier has the
location data as part of its operations doesn't mean it can use that data for
any other reason besides providing service.

I am glad this story is out, I have seen airsage data and it is easy to
deanonymize. This company shouldn't be in business.

~~~
guelo
It is illegal but cops don't care because they want the same data. Time for a
massive class action lawsuit.

------
cm2187
I can understand that when people are using a free service, they are the
product. But mobile contracts are by no mean free. I find that amazing that
the TelCos would even contemplate charging their customers and at the same
time using them as products.

~~~
eslaught
Cable TV is also not free, but people put up with ads (at least in the US). In
fact, I'm not sure people even remember that one of the original propositions
of cable was that it was ad free.

I think a more accurate adage would be that if companies can get away with ads
(or gathering and selling personal data), then they will do so. Unfortunately
it would appear that giving money directly to service providers does not
actually protect you from such things, and I suspect the reason is fairly
straightforward: All companies are driven to increase margins as much as
possible, and will eventually feel financial pressure to try such measures.
Unless consumers object strongly (i.e.: leave the service in numbers large
enough to offset the benefits of a measure under consideration), such measures
will in general find their way into use.

So what we're really saying is consumers need to pay companies more than the
money would get otherwise. If consumers aren't willing to pay that price (and
it shouldn't surprise us if they aren't---this can be a lot of money), then we
shouldn't be surprised if such things show up, regardless of whether the
service is paid or not.

~~~
rhino369
>In fact, I'm not sure people even remember that one of the original
propositions of cable was that it was ad free.

That's mostly a myth. The original purpose of cable was to get TV signal in
areas where broadcast didn't go. The first basic cable channels were TBS--
which had advertisements--and Christian Broadcast Network--which probably
didn't. The unfiltered cable stations, for the most part, had advertisements.

You are likely remembering HBO, Cinemax, The Movie Channel advertisements.
They didn't have advertisements because you had to pay per channel.

------
mikeyanderson
It's crazy. I was at a big data conference and had a sales person tell me that
they are a broker for several of the large telcos and that you could use the
real world data of the as a datapoint for your programmatic ad buys. His
example was horrible—but he said that they found that diaper companies had a
shot at advertising to dads and getting moms to try a new brand so they used
cell data to look at porn usage, browsing patterns that show that they have a
child to do programmatic buys. It's getting way too creepy for me.

~~~
rizwank
What conference was that?

------
guelo
They are using public airwaves. "We" can regulate them. If there is any "we"
remaining in our shitty excuse for democracy.

------
malchow
I am always surprised that ad block users do not also refuse to use
smartphones.

If you ask me, I'd rather Amazon retarget a bag of chips at me via a 300x250
display ad than Verizon sell my location breadcrumbs to some unknown entity.

~~~
stonogo
Adblocking is available on mobile platforms.

~~~
mtgx
Not really available on Android. Google is using the "not interfering with
other apps" excuse to ban all adblockers from the store.

~~~
MikeNomad
Ghosted has a _web browser_ for Android. Works great on 5.1.1.

~~~
MikeNomad
$!#/# AutoCorrect... Ghostery has...

------
anon1mous
Yeah, privacy is dead and gone.

The other day I was in UK at a Tesco open doors event. They talked mainly
about tribes and agile, but also demoed a couple of new technologies.

Turns out they have face tracking operational on all their petrol stations.
And they have, in lab, cameras and software that does face recognition and eye
tracking. They plan to send targeted ads and coupons, based on what shelve
products caught customer's attention.

------
spankalee
Somewhat ironically, given many people's feelings about Google and tracking,
Google's Project fi might be the best network for privacy. Yes, Google targets
ads based on some portion of your profile, but they do not sell your data to
3rd parties like the carriers.

Edit: I got curious and it looks like fi excludes call data from being shared
with other Google services.
[https://support.google.com/fi/answer/6181037?hl=en](https://support.google.com/fi/answer/6181037?hl=en)

Disclaimer: I work for Google (not of fi) so take my opinion with whatever
size gain of salt you feel is appropriate.

~~~
randomfool
Fi traffic still traverses the telco's network. Unless Google has special
privacy clauses in place, there does not appear to be anything blocking Sprint
(et al) from implementing the 'what websites are users visiting while in your
store' feature mentioned in the article.

~~~
fsaintjacques
Except Telcos cannot link (time, ip) with a paid account when traffic is only
passing through them.

------
hackuser
I'm surprised that HN readers would find this surprising. It's well known that
cellular providers track user locations, Internet usage, and probably other
things. It's well known that a very widely used strategy is to collect as much
information as possible about end users by businesses for targeted sales and
marketing, and by governments for security/control (to varying degrees
depending on where you live, but it's even spread to poor nations such as
Sudan [1]).

Why is this story a surprise? I assumed it has been happening for a long time.

[1] [http://www.defenseone.com/technology/2015/10/african-
states-...](http://www.defenseone.com/technology/2015/10/african-states-hop-
tech-surveillance-bandwagon/122876/)

~~~
arca_vorago
I'm gonna try really hard to not go over the line of the recent rule about too
much negativity, but this line of _questioning /reasoning_ really pisses me
off. I see it quite a bit on reddit/twitter too. As a matter of fact, one time
Jacob Appelbaum asked why people do it and my response was that it seems like
a variation on the loaded question fallacy. Implies "you should have expected
X", therefore attempting to avoid actual discussion, or shifting of the
discussion via the overton window.

It's just such a useless statement. "Why is this a surprise?"

Well, first of all, I'm sure there are plenty of people who might not have had
any idea cell data was being used this way and on this scale. Second, I'm
willing to bet of the many who might have had a vague idea, this gives a more
concrete background with rough numbers to solidify the idea. Third, It's not a
surprise to those of us who have been paying attention, but the problem is
when we have said something in the past it almost invariably has been ignored
or dismissed as paranoid or crazy... At least until a good story or leak comes
out and gets enough attention to grab enough media mindshare. Edward Snowden
was a classic example of this at work. Sure, many of use knew about tempest
and echelon and five-eyes, knew about cell tower metadata issues via watching
ownership of said towers. Everytime with few exceptions though, publicly
stating these things got us called "conspiracy theorists".

Maybe you just use this as a rhetorical and are one of us that have been
paying attention, but this statement is not condusive whatsoever to
intellectual discussion of a subject, and we need to address it's fallacy when
we see it because it's too pervasive.

~~~
zer0defex
/choir

/agree

next instruction?

~~~
arca_vorago
Next instruction is to vote out all incumbents in congress and instate term
limits in order to shift the balance of power back to the people.

You left that pretty open so I took it where I wanted...

------
arca_vorago
One of my problems with this is how there is such a huge lack of alternatives
for some people. I dropped having a cell for almost a year, and it was
wonderful, in that I felt more secure about my privacy, but It also greatly
affected my interaction, observation, and awareness of my surroundings. After
meeting someone and getting a job that required on call though, it's now hard
for me to imagine how I could go back to that again. To me, it's one more way
that technology is evolving faster than people are keeping up with, but the
kicker is that it's ripe for abuse by negarious entities. As Thomas Drake
says, the Stasi's would have wet dreams about this tech today, and although
you may not thing the $currentpower is so bad, what happens when the next guy
uses the prescedent, forces the telcos to share, and dissapears anyone who
disagrees about $policy? Oh, and now he has enough data to walk the cat back a
few years and ex post facto you to $blacksite?

------
droopybuns
Google gets into "fiber," which is a strategic threat to carriers.

Carriers get into analytics, which is a strategic threat to google.

The headline is misleading- I think the carriers have been pretty upfront with
their shareholders about their intention to get into this space.

In a world with facebook, google, et.al., writing an article like this without
that context is incredibly cynical.

------
CurtMonash
Deanonymization technology is very good. Does that still surprise anybody
who's technically knowledgeable?

------
pdkl95
[https://projectbullrun.org/surveillance/2015/video-2015.html...](https://projectbullrun.org/surveillance/2015/video-2015.html#bernstein)

DJB's hilarious talk on this topic. ("I _AM_ the man in the middle!")

------
vonnik
Telcos are using deep learning to cluster and classify users, and model and
detect ab/normal behavior for everything from ads to fraud detection. Some are
using us: [http://deeplearning4j.org](http://deeplearning4j.org)

------
Aissen
See this paper "Header Enrichment or ISP Enrichment? Emerging Privacy Threats
in Mobile Networks":
[http://conferences.sigcomm.org/sigcomm/2015/pdf/papers/hotmi...](http://conferences.sigcomm.org/sigcomm/2015/pdf/papers/hotmiddlebox/p25.pdf)

For example Orange in Jordan adds an HTTP header with the phone number of the
client to every connection. And there are technical people out there still
saying HTTPS/TLS should not be mandatory…

------
r00fus
This says "Telcos" and then lists specific names. Do we know for sure that any
telcos (my concern is US-based) who do _not_ do this?

e.g.: T-mobile? I have less hopes for AT&T...

~~~
katekaye
I wrote this story and spent months trying to get these guys to talk. As I
note in the story, "Verizon and Sprint declined to comment for this story.
AT&T and T-Mobile said they don’t share consumer or location data with SAP,
Sybase, AirSage or Vistar."

~~~
sitkack
The data cannot for all intents and purposes be anonymized and still be
useful. I have seen airsage data, they give the user a new unique identifier
but it is consistent over a 30 day window. Very easy to deanonymize, the
unique identifiers are only opaque to people who can't do math.

~~~
e12e
Yeah, data anonymization doesn't really work, except perhaps for highly
aggregated data (eg: percentage of people out of work in a nation). It does
provide a small barrier in the form that "if you don't look, you won't see"
\-- so it might prevent _some_ inadvertent leaks of private information.

But it should rarely be considered a "security boundary" so to speak.

~~~
aianus
Why not? It's not hard to set up streaming filters that count how many people
visit a certain mall in realtime without ever persisting the raw location
stream.

~~~
e12e
Right. But when the data you have is detailed logs of individual movements,
second by second, meter by meter - stepping down to "number of unique IMEIs in
a 100 square km area" _is_ moving to "highly aggregated data". If that is what
is seen as anonymization, the yeah. But then you've pretty much reduced a
_dataset_ to _information_ that answers a specific question. Typically
anonymization is (AFIK/IMNHO) taken to mean taka a dataset that can answer
some questions, and transform it to a dataset that can _still_ answer some
questions we haven't come up with, _but_ avoids answering questions that lead
to identifying individuals. Eg: the problem with the NYC taxi driver data:

[http://arstechnica.com/tech-policy/2014/06/poorly-
anonymized...](http://arstechnica.com/tech-policy/2014/06/poorly-anonymized-
logs-reveal-nyc-cab-drivers-detailed-whereabouts/)

------
alecco
Sure, but it's short term. Calls and messages are dropping every month, even
on developing markets. The raise of WhatsApp and similar messengers (FB,
Hangouts) is exponential, no hyperbole.

Telcos are dead and they don't want to admit it. I'd bet my money on super
cheap mobile ISPs raising soon. Based on a completely different technology and
making better use of the mostly empty spectrum.

------
csense
If you're concerned about this, you should use an Android device with a no-
contract plan you pay for with cash.

~~~
darod
how would this circumvent the issue? you'd still have to get a plan with a
carrier. they can still track your location and your habits through the data
that you're sending through their network.

~~~
dublinben
They can't correlate that behavior with you as an individual if you don't
provide any personal information to the carrier. You could also just run your
traffic through a VPN and avoid all of this.

~~~
outside1234
do they really need us to provide personal information? they can get a +/\-
10m GPS lock on our home location.

~~~
dublinben
Several dozen people live within a 10m radius of where I do. I'm not even a
registered resident at that location, so they'll have a difficult time
correlating "my" data to my personal information.

~~~
e12e
There's proably, over the last year of your movements, a point which you've
made a purchase that can be linked to you. Maybe more than one, and those can
be matched against your behavioural data. Or maybe they have parking
information.

Perhaps you deal only in cash, and never give your name to a commercial entity
(Hotel, gun retailer, car rental or seller...) -- but for most people that
isn't true.

I also don't see why anyone would need your _exact_ address. The only use-case
that comes to mind is to send you postal mail. If they have your
SIM/IMEI/phone number/full name (see above) and behaviour patterns, if and
when they want to approach you "in person" that would be easy?

[ed: come to think of it, pair this data with an archive of public web cams,
and you could probably a) automatically pick out faces, and b) match recurring
faces with location data, to c) pair faces with recorded data streams. Makes
all those cameras in the UK seem even more creepy.]

------
mkj
How do telcos get GPS or wifi-level accurate location information? Are the
phones sending that (easy enough to disable with software changes) or some
other mechanism?

~~~
twsted
They get cell-tower-level accurate location information.

------
monksy
There are marketers out there who do ping your cell location so that they can
use that to market items to you.

------
pearjuice
I wonder where they get that number from.

------
cynoclast
Was anyone super annoyed by the gigantic unnecessary top menu that moves with
you as you scroll?

