Virgil: Google Tracks You, Uber Hacks You

In this photo illustration, A woman is silhouetted against a projection of a password log-
Leon Neal/Getty Images, Edit

Here’s a headline that might be of particular interest to the 107 million Americans who have an Android phone or other mobile device: “Google collects Android users’ locations even when location services are disabled.”

Everyone, of course, should be concerned that a single corporation has flouted all the norms of personal privacy that we’ve built up over the centuries.

The scoop from Quartz Media details that since the beginning of 2017, mobile devices running the Android operating system track the location of the user, even when the device is turned off, and even when there’s no installed SIM card.  It seems that each device has been automatically storing up the information, no matter what—and then, when it’s connected to the Internet, it sends it all to Google.

How does Google do this?  Android devices have been relating their location to cell phone towers, and after that, it’s easy—and the more towers in a given area, the easier.  When contacted by Quartz, Google didn’t deny the practice,  volunteering some weaselly words to the effect that it would cease the practice—maybe.  (We might also note that  around the world, Google claims two billion active users; no one knows what’s happening to all that information.)

As the Quartz author, Keith Collins, puts it, “The result is that Google … has access to data about individuals’ locations and their movements that go far beyond a reasonable consumer expectation of privacy.”

Ah yes, “privacy”—now there’s a concept!  It’s a bit retro, maybe, but still, in the minds of most of us, privacy is vital.  Indeed, the Quartz writer observes that privacy can be a matter of life and death:

The practice is troubling for people who’d prefer they weren’t tracked, especially for those such as law-enforcement officials or victims of domestic abuse who turn off location services thinking they’re fully concealing their whereabouts.  Although the data sent to Google is encrypted, it could potentially be sent to a third party if the phone had been compromised with spyware or other methods of hacking.  Each phone has a unique ID number, with which the location data can be associated.

In other words, you’re being tracked, and you could also be hacked.

Speaking of hacked, we might pause over some more news—this a scoop from Bloomberg—that Uber, the car service, was hacked and lost the data of some 57 million people.  It’s also noteworthy that the hack occurred in October 2016, and that, at the time, Uber paid a ransom to the hackers to keep them hushed up—and it was hoped also that they would delete the stolen data.

Moreover, the Uber hush-money plan would seem to be a flat-out violation of several laws.  For openers, federal statutes require that victims of a privacy breach be notified immediately, and in addition, it’s typically not legal for companies to make secret-conspiracy payments to criminals.

Of course, as we can all now see a year later, the hack didn’t stay hushed.  And while we’re at it, we can wonder: Did the missing data really get deleted?

Yes, Uber said to Bloomberg that no Social Security numbers, credit card information, trip location details, or other data were taken. But should we really believe them?  And for that matter, what are the chances that this was some sort of inside job?  And if so, what are the chances that it could happen again?  Indeed, if its system is that porous, how can we be sure that Uber would even know what it has and what it doesn’t have—or rather, what’s secure and what’s not?

Presumably, the Uber hack will be fully investigated, but Virgil wonders: When will the investigators find the time?  After all, there have been so many hacks in the last year or two that it’s not even clear that Uber’s makes it into the top ten.

So there we have it: Google tracks you, and Uber hacks you.  Actually, come to think of it, we could well be getting both from both — both companies tracking and hacking.

At some point, the American people are going to conclude, for the sake of their privacy and security, that we can’t let this much power be concentrated into the hands of a few arrogant, irresponsible, and, frankly, neglectful, individuals and their companies.  This isn’t just corporate malfeasance causing harm to individuals; this is malfeasance that jeopardize our economic and even national security.

Fortunately, there’s a powerful historical precedent for solving this problem: regulation and, possibly also, antitrust litigation, as we saw at the beginning of the 20th century, under the leadership of President Theodore Roosevelt.

As a nation, we’ve been down the dark and winding road of corporate misbehavior before, and after a difficult period, we came out the better for it.  So now today, we had better re-learn those old lessons.


Please let us know if you're having issues with commenting.