New York Times, Location Tracking, and Privacy
Welcome to Marketing BS, where I share a weekly article dismantling a little piece of the Marketing-Industrial Complex — and sometimes I offer simple ideas that actually work.
If you enjoy this article, I invite you to subscribe to Marketing BS — the weekly newsletters feature bonus content, including follow-ups from the previous week, commentary on topical marketing news, and information about unlisted career opportunities.
Thanks for reading and keep it simple,
Phones, Pings, and Privacy
Everybody knows that mobile phones can track your location. But so what — could anyone really do something with that information? On December 19, The New York Times published a bombshell report, revealing some surprising ways that your daily whereabouts might be analyzed — and monetized — without your knowledge, let alone your permission.
Anonymous sources provided Times journalists with a database that tracked the movement of mobile phones:
[The database included] more than 50 billion location pings from the phones of more than 12 million Americans as they moved through several major cities, including Washington, New York, San Francisco and Los Angeles.
Co-authors Stuart A. Thompson and Charlie Warzel offered a tabloid-style warning: “If you could see the full trove, you might never use your phone the same way again.”
Here are the article’s core ideas:
Location-tracking services claim that all the data they collect is anonymous, secure, and given with consent. In reality, none of those three claims are true.
The dataset did not contain “unique identifiers” (like email addresses or phone numbers). Nevertheless, the journalists could easily spot some interesting patterns (like people who slept over at the Playboy Mansion!).
Let’s consider the process of tracking one “anonymous” phone. If the device spends weekdays at 1 Infinite Loop in Cupertino, you could assume that the phone’s owner works for Apple. Check where the phone spends most nights, and you can connect a workplace with a personal residence; from there, a simple reverse address lookup could yield a person’s name. Suppose that same phone visited the Playboy Mansion (or a cannabis dispensary, fertility specialist, or divorce lawyer) — you could imagine companies disciplining employees for their behavior. Moreover, nefarious parties could threaten to expose people’s medical secrets or marital indiscretions.
How Did We Find Ourselves in this “Big Brother” Situation?
The phone records reviewed by the Times journalists were traced to a “location data company” — one of many shadowy businesses that collect, analyze, and monetize information.
How do these location data companies access our information?
In January 2019, an article in Motherboard proved that phone carriers like AT&T, T-Mobile, and Sprint were selling customers’ real-time location data.
But the process outlined in Motherboard dealt with the tracking of single devices; bail bond firms were buying the location data to find (and apprehend) specific people.
The Times article describes a far more pervasive trend, dealing with the bulk collection of millions of user accounts.
Who is responsible for the sale of our private location information?
The major phone carriers have denied the unauthorized sale of time and location data (although it’s not like tech companies haven’t played fast and loose with privacy information in the past).
On your smartphone, you’ve probably downloaded dozens of third-party apps — Uber, Netflix, Starbucks, CNN, Angry Birds, Domino’s, etc. Third-party apps collect location data from the phone carriers. In turn, many of those third-party apps sell that information to the location data companies.
But why can the third-party apps access our private information?
The short answer: because we let them!
For example, when you download a weather app, a prompt screen asks if you agree to share your location data. Most of us readily agree, in the name of convenience. When I open my weather app, I WANT it to know where I am, so it can provide the accurate forecast of whatever city I’m visiting.
Think about rideshare apps like Uber or Lyft. If you refuse to share your location data, you would have to manually input your pick-up address each time you hail a ride. In theory that’s a small inconvenience, but in practice we find that step so annoying that we happily allow the apps to access our location.
What happens when you ask consumers how they feel about sharing data? The vast majority of people claim that the dangers of data collection outweigh the personal convenience. Take a look at these survey results in a November 2019 report from Pew Research Center:
81% of Americans think the potential risks of data collection by companies about them outweigh the benefits…. Relatedly, 72% of adults say they personally benefit very little or none from company data collection about them.
Let’s consider some options for balancing privacy and convenience:
Should the phone carriers stop allowing third-party apps to access location data? (which would seriously reduce the convenience of those apps).
Should the operating systems for Apple and Android (Google) devices stop allowing third-party apps to access location data? (once again limiting the usefulness of those apps).
Should Apple and Google police how third-party apps use our personal location data? (and how would that be technologically possible, given that the carriers are the ones who provide the real-time location data?)
If Apple and Google did police all third-party apps, how would regulators feel about the use of their duopoly to control the data available to these third-party providers?
Apple has taken a small step in “dealing” with this problem. Their latest software update (iOS 13, released in September 2019) sends pop-up messages that remind users which apps have recently pinged their location. If you rarely use an app that is regularly tracking your location, you might consider revoking its permissions. This approach seems like a reasonable trade-off between annoyance (the pop-up) and increased privacy transparency.
Are Better Ads Worse Ads?
Before we completely restrict third-party app’s access, we should consider how the location data companies are using our personal information. Are they actually blackmailing people for going to the Playboy mansion?
In most cases, the location data companies are selling information to advertisers who want to improve their ability to target consumers. As I noted in an earlier post, “behavioral targeting is a marketing gimmick that advertisers are willing to pay significantly for (2.7x more per impression), despite being only marginally better at generating revenue (+4%).” That said, research confirms that SOME simple targeting is valuable. For instance, if you operate a smoothie shop in Denver, you are better off advertising to people who regularly spend time in Denver (compared to people who do not).
Ads that “follow you around” seem creepy, but are they really that bad?
In the UK, Sky Media Group ran a test-and-control trial of “programmatic television ads” over a five-year period. For the control group, Sky followed the standard practice of broadcasting the exact same commercials to everyone watching the same program. In the test group, Sky streamed different commercials to each viewer, personalizing the ads based on their geographic and demographic profile.
The result? Viewers in the test group “channel switched” 48% less and were 49% more likely to recall specific advertisements in post-view surveys. In other words, consumers enjoyed watching the commercials AND companies benefitted from greater brand recognition.
We find similar results with digital ad spending. Navdeep Sahni and Charles Zhang of Stanford Business School ran an experiment (with 3.3 million users) to study whether people were interested in seeing more or less advertising when using search engines.
Sahni and Zhang reached some clear conclusions:
Our data rejects that users are, overall, averse to search advertising targeted to them. … The usage of the search engine (in terms of number of searches, and number of sessions) is higher among users who see higher levels of advertising, relative to the control group.
Furthermore, the researchers identified some benefits of the search engines with more ads:
Higher levels of advertising increased traffic to newer websites … convey[ing] relevant new information, which is unknown to the search engine, and therefore missed by the organic listings algorithm. Hence, search advertising at the margin we study makes consumers better off on average. [Emphasis mine]
“Everyone” claims to hate advertising. More accurately, I think most people dislike advertising that interrupts what they want to be doing (commercials for television, pop-up ads on websites, etc.).
But the research confirms two key points:
When we’re forced to watch or read advertisements, we find relevant ads far more interesting than not relevant ads.
When we use search engines, ads provide helpful information that we would otherwise miss.
We Know Who You Are
Why is so much ink spilled on the perils of privacy invasion?
I think the reason is pretty clear: targeted ads seem “icky” and dystopian. The idea that a nameless corporation knows how often you visit a coffee shop seems invasive, if not dangerous.
Who can forget the iconic scene from The Minority Report, where Tom Cruise’s character is bombarded by personalized ads?
Every part of the Times article was designed to scare readers — from the ominous title (“Diary of your Every Movement”) to the assertion that “you might never use your phone the same way again.” The frightening tone is not a coincidence; inducing panic is an age-old journalistic technique for generating readership.
If acquiring and sharing location-based data was as bad as the Times article alleges, then WHY IS THE NEW YORK TIMES ACQUIRING AND SHARING YOUR LOCATION-BASED DATA?
The Times privacy page outlines their terms and conditions in plain language — they are not hiding their intentions behind opaque legal jargon. Check out a sampling of key phrases:
We track and store data about how you visit and use Times Services, particularly through our websites and apps. The items we log include: o Your location o Device identifiers o Advertising identifiers Some of our apps can provide content based on your GPS location, if you enable this feature (e.g., the New York Times Real Estate app). [Emphasis mine]
Essentially, the New York Times tracks your GPS movements exactly the same way that the location data companies can monitor your whereabouts. But at least the Times does not sell your data, right? Not so fast — take a closer look at their privacy terms:
There are situations when we share your information with third parties beyond our service providers… [For example,] we may share your name and mailing address (among other information) with other reputable companies that want to market to you by mail. [Emphasis mine]
Because the Times only shares data with “reputable” companies, their implication is clear — OTHER businesses are the ones responsible for the illicit processing of your private information. You know, the types of companies that might blackmail you for visiting the Playboy mansion.
If tech companies will not safeguard us from privacy violations, should we turn to the government? In 2018, the Europe Union implemented the General Data Protection Regulation (GDPR), a sweeping set of rules that will likely influence policies in other jurisdictions. The state of California, for example, recently moved ahead with data privacy laws (although there are many significant differences from the GDPR).
Who would you rather trust with your digital privacy — the government or Amazon?
Over the last year, various governmental agencies took actions that should make Americans wary of government intervention.
Here is a Vice report on the DMV:
Departments of Motor Vehicles in states around the country are taking drivers’ personal information and selling it to thousands of businesses, including private investigators who spy on people for a profit. [Emphasis mine]
The Times themselves reported on the FBI’s far-reaching collection of data. Over the last 18 years, the agency has made over 500,000 demands for data from tech, telecom, and financial companies:
The demands can scoop up a variety of information, including usernames, locations, IP addresses and records of purchases. They don’t require a judge’s approval and usually come with a gag order, leaving them shrouded in secrecy. [Emphasis mine]
When Facebook proposed encrypting messages to ensure privacy, the Attorney General pushed back. A Wall Street Journal article provided details:
U.S. Attorney General William Barr has asked Facebook to hold off on plans to add encryption throughout its messaging services, citing public safety … Mr. Barr [asked] the company to delay the encryption plan until it figures out a way to provide government access to the services for investigative purposes. [Emphasis mine]
If we can’t trust the government, maybe we can still have faith in schools? A report from the Washington Post dispels that hope:
Records and interviews show that colleges are building vast repositories of data on prospective students — scanning test scores, zip codes, high school transcripts, academic interests, web browsing histories, ethnic backgrounds and household incomes for clues about which students would make the best candidates for admission. [Emphasis mine]
In all four of these examples, the collection of user data could be rationalized by highlighting the positive outcomes:
The FBI can apprehend criminals.
The Attorney General can improve public safety.
The university can ensure the best students are admitted.
The DMV will, I guess, subsidize the costs of providing personalized customer service…
In reality, though, our governments and non-profit organizations have not demonstrated a judicious set of transparent principles for collecting and sharing our personal information.
Fundamentally, the fears raised in the New York Times article are not grounded in concerns about privacy. The bigger issues relate to trust — which companies and organizations can we trust? Generally speaking, we don’t care what companies and organizations DO, because our opinions are shaped by who they ARE. And as I wrote in “Vaping, Juul, and Bad Companies,” we now live in a world where the big tech companies are stuck in the “bad box” of public opinion. An exposé on location data companies is the sort of journalism that captures public attention — even if the article relied more on hyperbole than nuance.
For now, I will continue to allow Uber to track the location of my phone — even if I receive an invitation to the Playboy mansion.
Keep it simple,
If you enjoyed this article, I invite you to subscribe to Marketing BS — the weekly newsletters feature bonus content, including follow-ups from the previous week, commentary on topical marketing news, and information about unlisted career opportunities.
Edward Nevraumont is a Senior Advisor with Warburg Pincus. The former CMO of General Assembly and A Place for Mom, Edward previously worked at Expedia and McKinsey & Company. For more information, including details about his latest book, check out Marketing BS.