One Nation, TRACKED

If you own a mobile phone, its every move is logged and tracked by dozens of companies. No one is beyond the reach of this constant digital surveillance. Not even the president of the United States.

The Times Privacy Project obtained a dataset with more than 50 billion location pings from the phones of more than 12 million people in this country. It was a random sample from 2016 and 2017, but it took only minutes — with assistance from publicly available information — for us to deanonymize location data and track the whereabouts of President Trump.

A single dot appeared on the screen, representing the precise location of someone in President Trump’s entourage at 7:10 a.m. It lingered around the grounds of the president’s Mar-a-Lago Club in Palm Beach, Fla., where the president was staying, for about an hour. Then it was on the move. The dot traveled to the Trump National Golf Club in Jupiter, about 30 minutes north of the hotel, pinging again at 9:24 a.m. just outside the compound. The president was there to play golf with Prime Minister Shinzo Abe of Japan. There the dot stayed until at least 1:12 p.m., when it moved to the Trump International Golf Club in West Palm Beach, where the world leaders enjoyed a private lunch. By 5:08 p.m., the phone was back at Mar-a-Lago. The president had what he called a working dinner with Mr. Abe that night.

Note: Driving path is inferred. Satellite imagery: Maxar Technologies, Microsoft, Earthstar Geographics.

The device’s owner was easy to trace, revealing the outline of the person’s work and life. The same phone pinged a dozen times at the nearby Secret Service field office and events with elected officials. From computer screens more than 1,000 miles away, we could watch the person travel from exclusive areas at Palm Beach International Airport to Mar-a-Lago.

[Related: Where Even the Children Are Being Tracked — We followed every move of people in one city. Then we went to tell them.]

The meticulous movements — down to a few feet — of the president’s entourage were recorded by a smartphone we believe belonged to a Secret Service agent, whose home was also clearly identifiable in the data. Connecting the home to public deeds revealed the person’s name, along with the name of the person’s spouse, exposing even more details about both families. We could also see other stops this person made, apparently more connected with his private life than his public duties. The Secret Service declined to comment on our findings or describe its policies regarding location data.

The vulnerability of the person we tracked in Mr. Trump’s entourage is one that many if not all of us share: the apps (weather services, maps, perhaps even something as mundane as a coupon saver) collecting and sharing his location on his phone.

Americans have grown eerily accustomed to being tracked throughout their digital lives. But it’s far from their fault. It’s a result of a system in which data surveillance practices are hidden from consumers and in which much of the collection of information is done without the full knowledge of the device holders.

Freaked Out?

3 Steps to Protect Your Phone

For the nation’s security agencies, however, privacy is critical to the safety of military, defense and security operations across the country and abroad. If threats to that privacy have seemed abstract in the past, the trove of location data we have analyzed has brought them into sharp relief. Military and intelligence officials have long been concerned about how their movements could be exposed; now every move is. As a senior Defense Department official told Times Opinion, even the Pentagon has told employees to expect that their privacy is compromised:

“We want our people to understand: They should make no assumptions about anonymity. You are not anonymous on this planet at this point in our existence. Everyone is trackable, traceable, discoverable to some degree.”

We were able to track smartphones in nearly every major government building and facility in Washington. We could follow them back to homes and, ultimately, their owners’ true identities. Even a prominent senator’s national security adviser — someone for whom privacy and security are core to their every working day — was identified and tracked in the data.

White House F.B.I. Supreme Court Capitol Building White House F.B.I. Supreme Court Capitol Building White House F.B.I. Supreme Court Capitol Building Supreme Court Capitol Building Note: Period of one month. Satellite imagery: Microsoft and DigitalGlobe

While the Constitution prevents companies from sharing location data with the government without a warrant, there are no federal protections limiting how they use or share it privately. No such protections are currently being debated before Congress — even though we found that we could track people through Congress’s own halls as easily as any place else.

When we reached out to some lawmakers to show what we found, the outrage proved bipartisan.

“This is terrifying,” said Senator Josh Hawley, Republican of Missouri, who has called for the federal government take a tougher stance with tech companies. “It is terrifying not just because of the major national security implications, what Beijing could get ahold of. But it also raises personal privacy concerns for individuals and families. These companies are tracking our kids.”

“Tech companies are profiting by spying on Americans — trampling on the right to privacy and risking our national security,” Senator Elizabeth Warren, a Democrat running for president, told us. “They are throwing around their power to undermine our democracy with zero consequences. This report is another alarming case for why we need to break up big tech, adopt serious privacy regulations and hold top executives of these companies personally responsible.”

Agencies can limit how their employees use location-sharing apps and services, but that doesn’t mean those guidelines will be strictly enforced — or extended to personal devices.

But no matter how comprehensive an organization’s policies and regulations are, getting everyone to follow them is nearly impossible as many of these apps' surveillance practices are not visible to consumers.

“The human being is the weak link,” said Martijn Rasser, a former Central Intelligence Agency officer who is now a senior fellow in the technology and national security program at the Center for a New American Security. “It’s really difficult to enforce a lot of these rules and regulations. Sometimes, all it takes is one person to violate the rules to completely negate the purpose of having those rules in the first place.”

Despite the sensitivity of this information, it is put to everyday use. Packaged with millions of other data points, location information is turned into marketing analysis and sold to financial institutions, real estate investors, advertising companies and others. Companies say they vet partners carefully and tend to work with larger players that have a clear business case for receiving the data.

Like all data, the vast location files are vulnerable to hacks, leaks or sale at any point along that process. The data we reviewed was provided to Times Opinion by sources who asked to remain anonymous because they were not authorized to share it and could face severe penalties for doing so.

Multiple experts with ties to the United States’ national security agencies warned in interviews that foreign actors like Russia, North Korea, China and other adversaries may be working to steal, buy or otherwise obtain this kind of data. Only months ago, hackers working for the Chinese government allegedly targeted location data for people moving throughout Asia by breaking into telecom networks, according to a report by Reuters.

“People literally go to work every day, sit down at a desk, check the sports, send an email or two to their girlfriend and then start looking for databases they can steal,” said James Dempsey, the executive director of the Berkeley Center for Law and Technology. “They just do that 9 to 5, every day.”

The American government may conduct similar intelligence operations against its adversaries, experts said, though under stricter legal frameworks.

Using the data, we identified people in positions of power by following smartphone pings as they moved around the White House, Capitol Hill, the Supreme Court and other government facilities. In many cases, the data trails led back to the smartphone users’ homes. In this series, we did not name any of the identified people without their permission. And the data below has been obscured to protect device owners.

Senior Officials and Security Staff Data has been obscured to protect device owners. Secret Service agent White House Pentagon U.S. Capitol Secret Service agent White House Pentagon U.S. Capitol Technology at the Supreme Court White House Pentagon U.S. Capitol Department of Defense official White House Pentagon U.S. Capitol Director at a House committee White House Pentagon U.S. Capitol Advisor for a Senator White House Pentagon U.S. Capitol Note: Driving path is inferred. Source: Microsoft, DigitalGlobe (satellite imagery)

Connecting a ping to a person was as easy as combining home and work locations with public information. A seemingly random set of movements turned into a clear individual pattern after we added just one other piece of information.

Plenty of corroborating information is already floating around dark corners of the web, given the frequent high-profile data breaches of the past decade. Consider what China already knows: In 2015, a federal database containing the personal information of more than four million people with security clearances was stolen by Chinese hackers presumed to be state actors.

“From those very detailed documents, they may gather a good deal of information about a person,” said David S. Kris, a co-founder of the consulting firm Culper Partners and former assistant attorney general for the national security division of the Department of Justice. Mr. Kris said he was also included in the data that was hacked. “The more you can combine location-based data into a mosaic with other information, the more likely you are to gain real insight into an adversary.”

Location data potentially gives any enemy an opening for attack. Russians, whose intelligence apparatus has worked for decades to disrupt American democracy, could simply leak location information to embarrass the government, the legal system or particular officials.

“Think about Russia’s efforts to undermine public trust and confidence in our democratic institutions,” Suzanne Spaulding, senior adviser at the Center for Strategic and International Studies and a former under secretary at the Department of Homeland Security, told us. “Think about all of the ways they could use location data to do that. Think about tracking judges everywhere they went and how you could use that to undermine confidence in our courts and our justice system.”

After Ms. Spaulding raised the danger of tracking judges, we checked the data file for courthouse employees. In minutes, we found dozens of potential targets by watching smartphones sharing their precise locations inside Washington courthouses. One person whose movements we traced has a role in the technology division, which controls servers containing data for the Supreme Court.

For people with political power, knowing those locations could put their safety — and our national security — at risk. Experts told Times Opinion that foreign governments could use the data to monitor sensitive sites and identify people with access to them, and their associates.

“Not everybody in the department has a national security position, not everybody has access to classified or higher-level stuff,” the senior Defense official said. “But everyone in the department is of some interest or value to a lot of adversaries just by virtue of being a member of the Defense Department, just by working at the Pentagon.”

A typical day

at the Pentagon Satellite imagery: Imagery

The possibilities for blackmail are endless. Once stolen, details on sexual interests and extramarital affairs can provide opportunities for extortion. Targets could be coerced in ways large and small, compelled to make decisions or take actions for a foreign government. Or the locations themselves could provide valuable intelligence about security practices, contacts, schedules and the identities of people in prominent and sensitive posts, with access to state secrets or critical infrastructure.

With no training and far more limited technical tools than those of a state intelligence service, we were able to use the location data — date, time and length of stay — to make basic inferences. By determining whether two people were in the same place at the same time, it was easy to zero in on spouses, co-workers or friends. Cataloguing their movements revealed even more associations, creating the map of a robust social network that would be nearly impossible to determine through traditional surveillance. In cases where it was difficult to identify an individual, associations offered more clues about workplaces and interests.

In one case, it proved difficult to confirm the identity of a man listed in public records who had a common name. Examining his associations revealed that he met multiple times with someone carrying another phone that was being tracked. That person was, we soon learned, his brother. That piece of information doubled the pool of digital breadcrumbs to follow, ultimately helping confirm both of their identities.

Now consider elections. Bad actors could monitor candidates and elected leaders for intelligence that could be leaked or used to blackmail them. There are also no regulations limiting how long location data can be stored. Data swept up today may prove valuable in the future, as everyday citizens rise to positions of authority and influence only to have their precise movements from years gone by reviewed for damaging insights.

Defense contractors and employees at secure locations like power plants are all at risk.

Nuclear power station in Florida Satellite imagery: Vexcel Imaging, Microsoft and DigitalGlobe

We found smartphone pings at all of these sorts of sites. In one case, someone who spent their weekdays at the Pentagon visited a mental health and substance abuse facility multiple times.

Even just commuting to work can be risky for people in prominent positions. “The easiest way to figure out how to get to you is know you always have the same routine,” said Mr. Rasser, the former Central Intelligence Agency officer. He said he mixes up his own routine, partly because the C.I.A. emphasized such methods when he joined.

The threats will only grow as more data is collected and shared. More apps will enter the marketplace using tracking technology. And companies are becoming more sophisticated at collecting location data, adding signals from Wi-Fi networks and Bluetooth beacons. They also often rely on one-time consent or disclosures that don’t explicitly state what’s collected or shared.

Experts emphasized how location data has joined many other kinds of sensitive information in the espionage toolkit, showing how intelligence agencies must continually adapt to the digital age.

“We need to learn to operate with fewer secrets,” Ms. Spaulding said.

Even areas once thought to be secure showed up in the data. Personal phones aren’t generally allowed inside the C.I.A. or the National Security Agency. But while no pings registered inside the C.I.A. headquarters, we found thousands of pings in the parking lots outside, with trails that led to the homes of likely employees.

Central Intelligence Agency Satellite imagery: Microsoft and DigitalGlobe

Similarly, there were no blackout areas in many sensitive government buildings. We observed thousands of pings inside the Pentagon, on military bases, in F.B.I. headquarters and in Secret Service facilities across the country. (Intelligence facilities also have secure areas where certain electronic devices aren’t permitted.)

The risks posed by location-tracking remain largely unaddressed by the government. Beginning last year, the Department of Defense prohibited geolocation features and functionality from being used by its workers on devices in “operational areas” like foreign military bases. For all other locations, the department said it would consider the risks and issue specific recommendations to personnel.

For now, the department does not issue guidance to employees about downloading specific apps, including those that might share location data with third parties. “Instead, we focused on certain core characteristics of the geolocation functionality and identified what risks those characteristics posed,” a department spokesman, Lt. Col. Uriah L. Orland, said in an email.

Agencies with a need for heightened security are left in a vulnerable position. Phones are ubiquitous, and so long as granular location tracking remains legal, even the Defense Department must play along. “We cannot stop our workforce of 3.6 million people from living their everyday lives,” a senior department official told us.

We haven’t identified any serving elected representatives in our data, but we found a former House representative and dozens of prominent public officials, including chiefs of staff, security officials and subcommittee staff members.

Given their proximity to public figures with public schedules and their presence at training sites and field offices, Secret Service agents were particularly easy to identify. With little difficulty, we were able to track a Secret Service agent who spent most of his daytime hours in the West Wing of the White House. He also joined President Trump at the National Cathedral the day after the inauguration.

United States Secret Service

James J. Rowley Training Center Satellite imagery: Microsoft and DigitalGlobe

While the data reviewed by Times Opinion is from three years ago, similar information is being collected daily and often resold to third parties, meaning anyone with current access to such data could feasibly, in near real time, track people within arm’s reach of the president or other powerful figures.

“If you want to take action against someone, you have to find them first,” said Mr. Kris, the former Department of Justice official. “I’m wary of breathless, pearl-clutching, speculative, sensationalistic counterintelligence concerns. This doesn’t strike me as falling into that category. I think there is a legitimate concern here.”

Leaked location data may open the door to other cyber vulnerabilities. Foreign actors could learn movement details and infer meeting locations, which could be used to conduct a type of scam where targets receive fake emails — posing as a friend you just met with or a business you just visited — including a phony link meant to steal your password or install malware.

“Location tracking data of individuals can be used to facilitate reconnaissance, recruitment, social engineering, extortion and in worst-case scenarios, things like kidnapping and assassination,” warned Kelli Vanderlee, manager of intelligence analysis at the cybersecurity company FireEye.

Those are not theoretical threats. The phone of the Washington Post journalist Jamal Khashoggi, who was assassinated in 2018, was allegedly compromised, possibly allowing his location data to be used to follow him.

Last year, Strava, a company that makes a fitness app, released a global map showing 700 million activities that clearly revealed American military bases abroad. The Department of Defense issued its recent guidance after discovering the problem. The data reviewed by Times Opinion revealed several points on domestic military bases as well, showing how some of the nation’s most secure armed sites can be exposed.

“An adversary can still glean a lot from your whereabouts on the base itself,” said Mr. Rasser, the former C.I.A. officer. “If you’re always at a certain part of the base, at a certain time, you can start piecing together what the function of that corner of the base could be based on the person’s job duties.”

Using base locations as a guide, Times Opinion accurately surmised the job title of a commander in the U.S. Air Force Reserve. He regularly traveled to the Pentagon and visited Joint Base Andrews, perhaps best known as the home of the president’s airliner, Air Force One.

Joint Base

Andrews Satellite imagery: Microsoft and DigitalGlobe

It’s not necessary for someone to visit sensitive locations to be open to scrutiny or criticism. Location data could become a powerful political tool, exposing the private lives of wealthy elites who prefer to adopt a more egalitarian persona. It is not difficult to imagine efforts to undermine a political campaign by exposing travels through private airports or visits to expensive restaurants and luxurious spas.

The sources who provided the trove of location information to Times Opinion did so to press for regulation and increased scrutiny of the location data market. Some solutions exist that could help improve privacy while ensuring businesses can still perform some of the analysis they do today, like limiting the ability to identify individual paths, changing how long the information is stored and limiting how it’s sold.

So far, Washington has done virtually nothing to address the threats, and location data companies have every reason to keep refining their tracking, sucking up more data and selling it to the highest bidders.