A subsidiary of Google's parent company Alphabet, Sidewalk Labs, is using real-time mobile location data from millions of cellphone users collected over long periods of time in order to help urban planners make critical decision on transportation and land use. The program, known as Replica, gathers and anonymizes cellphone user data, then models simulations which allow civil engineers see when, how and where people travel in Urban areas.
"Replica provides a full set of baseline travel measures that are very difficult to gather and maintain today, including the total number of people on a highway or local street network, what mode they’re using (car, transit, bike, or foot), and their trip purpose (commuting to work, going shopping, heading to school)," wrote Nick Bowden of Sidewalk Labs last year.
The problem? According to The Intercept, transportation authorities in cities adopting the technology such as Kansas City, Portland and Chicago have no clue where the data is coming from, and Sidewalk's lack of transparency has raised questions over privacy rights.
"The privacy concerns are pretty extreme," said urban technology expert and author, Ben Green, in an email to The Intercept. "Mobile phone location data is extremely sensitive."
An Associated Press investigation showed that Google’s apps and website track people even after they have disabled the location history on their phones. Quartz found that Google was tracking Android users by collecting the addresses of nearby cellphone towers even if all location services were turned off. The company has also been caught using its Street View vehicles to collect the Wi-Fi location data from phones and computers. -The Intercept
While Sidewalk claims that the data they collect from unspecified third-party vendors is "de-identified" - a process by which an individual's identifying information is stripped from the dataset," location data can be used to "re-identify" a person based on their habits.
"It’s obvious what home people leave and return to every night and what office they stop at every day from 9 to 5 p.m," said Tamir Israel, a staff lawyer at the Canadian Internet Policy & Public Interest Clinic.
If Sidewalk Labs has access to people’s unique paths of movement prior to making its synthetic models, wouldn’t it be possible to figure out who they are, based on where they go to sleep or work? “We see a lot of companies erring on the side of collecting it and doing coarse de-identifications, even though, more than any other type of data, location data has been shown to be highly re-identifiable,” he added. -The Intercept
In short - while Sidewalk claims to go to great lengths to safeguard privacy because the data they use is already de-identified (using methods such as aggregation, differential privacy techniques, or outright removal of unique behaviors, according to The Intercept), their lack of transparency means we have no way to know if this is true or not.
Sidewalk says they buy their data from telecommunications companies and companies which aggregate mobile location data from various apps. "We audit their practices to ensure they are complying with industry codes of conduct," said Bowden. "No Google data is used. This extensive audit process includes regular reporting, interviews, and evaluation to ensure vendors meet specified requirements around consent, opt-out, and privacy protections."
Yet because the exact sources of data have not been revealed, it is unclear whether Replica draws from the ranks of unregulated apps that profit from indefinite privacy policies to continuously collect users’ precise whereabouts. Publicly available documents from cities piloting or purchasing Replica offer conflicting information about Replica’s exact sources of data. A document from the Illinois Department of Transportation describes Replica’s data sources as “mobile carrier data, location data from third-party aggregators and Google location data, to generate travel data for a region.” This data sample, it adds, “is not limited to Android devices” and “is collected from individuals for months at a time, allowing for a complete picture of individual travel patterns.” In Portland, documents filed with its city council state that the data is sourced from “Android Phones and Google apps.” Officials at the Portland Bureau of Transportation told Oregon Public Broadcasting that some of the sources of Sidewalk Lab’s mobile location data may also come from other sources, not yet known to them. Minutes from a regional transit planning meeting for Kansas City suggest that it’s possible for Replica “to get data on things like Uber & Lyft,” while a city PowerPoint states that the tool is “based off of Google data.” -The Intercept
"Replica is a perfect example of surveillance capitalism, profiting from information collected from and about us as we use the products that have become a part of our lives," says Brenda McPhail who heads up the Canadian Civil Liberties Association's Privacy, Technology and Surveillance Project.
"We need to start asking, as a society, if we are going to continue to allow business models that are built around exploiting our information without meaningful consent."