Gleaning PII from the space-time-travel trail

IBM technologist Jeff Jonas thrives on big data sets and personally identifiable information (“PII”). He built his career catching Vegas casino cheats by correlating database records, and now develops “next generation identity analytics” at IBM. I don’t consider myself a privacy fanatic, but I still count a document Jonas compiled on the vast amount of PII and transactional data captured by private companies to be one of the most alarming things I’ve read. (See for yourself: Appendix H, “The Landscape of Available Data” in The Markle Foundation Task Force’s Creating a Trusted Network For Homeland Securityfull doc PDF).

So when Jeff Jonas’ head starts spinning about the privacy ramifications of the mobile device location data that cell phone providers have access to, it behooves one to pay attention. From his blog post on “space-time travel data,” a sampling of items your mobile provider could identify:

(a) The top 10 places you spend the most time (e.g., 1. a home address, 2. a work address, 3. a secondary work facility address, 4. your kids school address, 5. your gym address, and so on);

(b) The top three most predictable places you will be at a specific time when on the move (e.g., Vegas on the 215 freeway passing the Rainbow exit on Thursdays 6:07 – 6:21pm — 57% of the time);

(c) The first name and first letter of the last name of the top 20 people that you regularly meet-up with (turns out to be wife, kids, best friends, and co-workers – and hopefully in that order!)

(d) The best three predictions of where you will be for more than one hour (in one place) over the next month, not counting home or work.