The US Department of Homeland Security reports that multiple US government agencies illegally used smartphone location data, breaching privacy regulations as they did. The big problem with privacy is that once you relinquish some of it, you never get it back. What makes it worse is when those who are supposed to protect your rights choose to undermine them. When they do so, they eat away at the thin protections we should all enjoy in the digital age. US agencies’ illegal use of smartphone data These are some of the reasons to be so concerned to learn from a newly released US Department of Homeland Security report that multiple US government agencies illegally used smartphone location data, breaching privacy regulations as they did. To do this, they purchased smartphone location data, including Advertising Identifiers (AdIDs) from data brokers that had been harvested from a wide range of apps. (There’s a useful article explaining how to disable AdID on Android and iOS devices at the EFF.org.) The agencies that have indulged in this include: US Secret Service US Customs and Border Protection (CPB) US Immigration and Customs Enforcement (ICE) This is the story As noted by 9to5Mac, Homeland Security has made available a redacted version of a previously classified report that reveals three separate US agencies broke the law in this way. It finds that the three agencies did not adhere to protections laid down in the E-Government Act of 2002 and the Homeland Security Act of 2002. The report says the agencies: “Did not have sufficient internal controls to ensure compliance with DHS privacy policies, and because the DHS Privacy Office did not follow or enforce its own privacy policies and guidance. Without a PIA in place, privacy risks may not be identified and mitigated.” We don’t know precisely how the agencies then used this information, as much of the document that has been made available is redacted. One use that is referred to, however, is combining the location data with other information to match an AdID to a specific person. This kind of information opens a person’s digital existence like a book, as Apple so well explained. No remediation as yet The initial report made eight specific recommendations it required the agencies to take to help prevent such disregard of privacy in the future. The redacted report confirms that three have not yet been met. The report implies at least one agency continues to use commercial telemetry data even though privacy impacts have not been completed. But the other two recommendations that the report confirms have not been enacted are worse, as they point to a culture in which privacy considerations are ignored: “We recommend that the Director, U.S. Immigration and Customs Enforcement develop and implement controls to ensure compliance with DHS privacy policies, specifically approval of Privacy Impact Assessments, when required, before developing or procuring information technology that collects, maintains, or disseminates information in an identifiable form. “We recommend that the Chief Privacy Officer, DHS Privacy Office include a statement on approved Privacy Threshold Analyses that use of the project, program, or system determined to be privacy sensitive is not authorized for operational use until approval of the required Privacy Impact Assessment.” The thing about all this is that it is simply not OK. While I’m certain the agencies concerned will say the end justifies the means, the fact that they indulged in these acts undermines the privacy that every individual and business should be able to rely on. Their disrespect for privacy laws serves to shave another sliver of liberty from us all, eroding digital business stability in one fallacious sweep. Say hello, wave goodbye What makes this even more egregious is that we can see that governments everywhere are seeking to undermine digital privacy. Whether that’s weird Israeli firms selling surveillance as a service, or legitimate bodies within democratic governments, or scary nation-state attacks by hostile nations or criminal entities, makes no difference at all. The issue is that if an agency — any agency — can ignore the laws surrounding privacy, then the only way to preserve privacy is to ensure the data doesn’t exist in the first place. We know Apple tries to do something akin to this — and the existence of the Privacy Reports it now provides across its systems makes even more sense in this context. We also know that rogue governments, including that of the UK, continue to seek to undermine privacy on a platform basis. This is bad for individuals and for business users. If governments feel they can ignore their own laws, then no one can be certain their data or information is safe. That’s bad for the bad guys, of course, but worse for everyone else, especially against a framework of increased international tension and nation-state backed industrial espionage. To me, this is once again a reason, if reason was ever needed, to argue against the imposition of any security back doors on any platform, as the actions these agencies have already taken exposes the very thin line between “normalized” surveillance and the protections of privacy law. Protect yourselves It’s also a very good argument for users on any platform to put their devices and the apps they carry on a privacy diet. For example, an iPhone user may want to open Settings > Content & Privacy Restrictions > Location Services and disable access to location data for all but their most regularly used apps. Apple earlier this year hosted a series of events across its retail stores to mark Data Privacy Week, sharing multiple tips to protect users on its platforms. What’s at stake? Think about it this way. Each time privacy protection is stripped away — for whatever reason — just a little bit, then everyone is impacted. That’s bad for individuals and bad for business. And when you consider the sheer quantity of information held about you on your digital devices, and the insight it can provide into you and your life, then it is pretty clear, as Apple CEO Tim Cook once said: “There’s probably more information about you on your phone than there is in your house.. Our smartphones are loaded with our intimate conversations, our financial data, our health records. They’re also loaded with the location of our kids in many cases.” Let’s keep it to ourselves. Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe. Related content news analysis Apple earnings: About that iPhone 'slump' in China Based on information from Thursday's earnings report, it seems that data pointing to an iPhone slump in China were over-baked. By Jonny Evans May 03, 2024 9 mins iMac iPhone Apple news analysis Apple confirms it will open up the iPad in Europe this fall The latest efforts to comply with Europe’s Digital Markets Act mean developers can offer to side load apps to both iPhones and iPads in the EU. Apple has also taken steps to improve what it offers to smaller and non-commercial developers in the By Jonny Evans May 02, 2024 6 mins iPad Apple Mobile Apps news Mosyle and Fleet bring new device management options to Apple enterprise Apple's growing enterprise market share is generating tons of opportunity for the company's partners in the device management market. Their approaches reflect the diversity of use. By Jonny Evans May 01, 2024 4 mins Apple Mobile Device Management Mobile Security feature Apple is intensely focused on its global AI efforts When the ship that is Apple moves in any direction, you can always count on careless whispers to expose the destination. From research labs to sophisticated AI models and Apple Silicon for server farms, here's what we've learned in just one By Jonny Evans Apr 30, 2024 6 mins Apple Artificial Intelligence Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe