Tockar acknowledged that most people might not be too worried about such analysis, so he decided to dig a little further. He turned his attention to a strip club in the Hell’s Kitchen neighbourhood, searching for taxi pick-ups in the early hours. He soon identified a frequent customer and tracked the person’s journey back to their home address. It didn’t take long to find them online and – after a quick search on social media – Tockar knew what the man looked like, how much his house was worth, and what his relationship status was. Tockar chose not to publish any of this information, but it wouldn’t have taken much effort for someone else to come to the same conclusions. ‘The potential consequences of this analysis cannot be overstated,’ Tockar noted.
With high-resolution GPS data, it can be extremely easy to identify people.[46] Our GPS tracks can easily reveal where we live, what route we take to work, what appointments we have, and who we meet. As with the New York Taxi data, it doesn’t take much to spot how such information could be a potential treasure trove for stalkers, burglars, or blackmailers. In a 2014 survey, 85 per cent of US domestic violence shelters said they were protecting people from abusers who’d stalked them via GPS.[47] Consumer GPS data can even put military operations at risk. During 2017, army staff wearing commercial fitness trackers inadvertently leaked the exact layout of bases when they uploaded their running and cycling routes.[48]
Despite these risks, the availability of movement data is also bringing valuable scientific insights, whether it’s allowing researchers to estimate where viruses might spread next, helping emergency teams support displaced populations after natural disasters, or showing planners how to improve city transport networks.[49] With high-resolution GPS data, it’s even becoming possible to analyse interactions between specific groups of people. For example, studies have used mobile phone data to track social segregation, political groupings and inequality in countries ranging from the United States to China.[50]
If that last sentence made you feel slightly uncomfortable, you wouldn’t be alone. As the availability of digital data increases, concerns about privacy are growing too. Issues like inequality are a major social challenge – and undoubtedly worthy of research – but there is intense debate about how far such research should delve into the details of our incomes, politics or social lives. When it comes to understanding human behaviour, we often have a decision to make: what is an acceptable price for knowledge?
Whenever my collaborators and I have worked on projects involving movement data, privacy has been hugely important to us. On the one hand, we want to collect the most useful data we possibly can, especially if it could help to protect communities against outbreaks. On the other, we need to protect the private lives of the individuals in those communities, even if this means limiting the information we collect or publish. For diseases like flu or measles, we face a particular challenge, because children – who are at high risk of infection – are also a vulnerable age group to be putting under surveillance.[51] There are plenty of studies that could tell us useful, interesting things about social behaviour, but would be difficult to justify given the potential infringement on privacy.
In the rare instances where we do go out and collect high-resolution GPS data, our study participants will have given consent and know that only our team will have access to their exact location. But not everyone has the same attitude to privacy. Imagine if your phone had been leaking GPS data continuously, without your knowledge, to companies you’ve never heard of. This is more likely than you might think. In recent years, a little-known network of GPS data brokers has emerged. These companies have been buying movement data from hundreds of apps that people have given GPS access, then selling this on to marketers, researchers and other groups.[52] Many users may have long forgotten they installed these apps – be it for fitness, weather forecasts or gaming – let alone agreed to constant tracking. In 2019, US journalist Joseph Cox reported that he’d paid a bounty hunter to track a phone using second-hand location data.[53] It had cost $300.
As location data becomes easier to access, it is also inspiring new types of crimes. Scammers have long used ‘phishing’ messages to trick customers into giving sensitive information. Now they are developing ‘spear phishing’ attacks, which incorporate user-specific data. In 2016, several residents of Pennsylvania, USA received e-mails asking them to pay a fine for a recent speeding offence. The e-mails correctly listed the speed and location of the person’s car. But they weren’t real. Police suspected that scammers had obtained leaked GPS data from an app, then used this to identify people who’d been travelling too fast on local roads.[54]
Although movement datasets are proving remarkably powerful, they do still have some limitations. Even with very detailed movement information, there is one type of interaction that is near impossible to measure. It’s an event that is brief, often invisible, and particularly elusive in the early stages of outbreak. It’s also one that has sparked some of the most notorious incidents in medical history.
The doctor checked into room 911 of Hong Kong’s Metropole Hotel at the end of a tiring week. Despite feeling unwell, he’d made the three-hour bus trip across from Southern China for his nephew’s wedding that weekend. He’d come down with a flu-like illness a few days earlier and hadn’t managed to shake it off. However, it was about to get much worse. Twenty-four hours later, he’d be in an intensive care unit. Within ten days, he would be dead.[55]
It was 21 February 2003, and the doctor was the first case of sars in Hong Kong. Eventually, there would be sixteen other sars cases linked to the Metropole: people who’d stayed in rooms opposite the doctor, beside him, or along
