When You're the Apple of Their Eye

VIDEO: Tech giant stores locations of Wi-Fi hotspots and nearby cell towers, not users.PlayABCNEWS.com
WATCH Apple Puts iPhone Tracking Rumors to Rest

The World Wide Web seems to be making the world less wide. Everyone is connected to everyone and everything else, and that is changing the way many things are done, particularly advertising and marketing. The past decade or so has seen a radical evolution in the way marketers define and reach their target markets. Gone are the days when the Sunday insert sufficed for advertisers looking to pinpoint potential customers. These days, advertisers want to know exactly who their customers are, what they want, and now, thanks to mobile technology, where they are.

How did we get here? For centuries, advertisers communicated with potential customers through print media. Even before the advent of truly mass electronic media, magazines and newspapers provided advertisers the ability to "target" customers or groups of customers likely to be interested in a particular product or service by virtue of niche sections or issues. In fact, one reason newspapers have sections is to accommodate advertisers wishing to communicate more directly with, say, those especially interested in sports or automobiles. Similarly, since many magazines devoted coverage to singular interests; advertisers could be confident that people who bought magazines about fishing, for example, would also buy rods and reels. In the 21st century, however, print media is giving way to electronic communication, not just for the obvious reasons of ease and speed, but also because the combination of technology and the Internet have provided many new ways for advertisers to locate their customers more precisely.

In the last week there has been a spate of publicity focused on the recent discovery that Apple's iPhone routinely collects and preserves location data via its GPS feature. Although at first it was thought that this information was transmitted only to the cellular carriers (who operate under very strict privacy laws, such that the information can only be accessed by court order), the Wall Street Journal recently reported that both the iPhone and Android-based phones not only collect the data but transmit it on a regular basis—up to several times an hour—to Apple and to Google respectively.

[Related: Apple's Secret Tracking Prompts Outrage, Lawsuit]

Perhaps all of this doesn't bother you. Maybe you don't have a smartphone or maybe you have disabled its tracking feature. Maybe you think, aside from the philosophically scary aspects of data collection, that you don't give a damn who knows where you've been. The revelation was nonetheless enough to prompt Senator Al Franken, who chairs the Judiciary Subcommittee on Privacy, Technology and the Law, to write a strongly worded letter to Apple's Chairman and CEO Steve Jobs, asking the Silicon Valley superstar exactly why Apple is collecting the information. The Senator also pointed out that, "The existence of this information—stored in an unencrypted format—raises serious privacy concerns… anyone who gains access to this single file could likely determine the location of a user's home, the businesses he frequents, the doctors he visits, the schools his children attend, and the trips he has taken—over the past months or even a year."

[Update: After this article was published, Sony announced that it would offer identity theft protection services to PlayStation Network and Qriocity account holders in the United States, and was making similar arrangements for its customers in other countries and territories.]

Your Smartphone: An Intravenous Line into Your Financial Bloodstream

I couldn't agree more with the Senator and I believe that data collection from smartphones is worth your attention for a very simple reason: you don't know who's got information about you, or how they intend to use it. The stated purpose of data collection, about locations, and everything else, is targeted marketing. Where you go can reveal so many things about you: what you like, what you might buy, where it is you stand on the economic ladder. Now there is nothing wrong with targeted marketing in and of itself; in fact, many people who use Gmail find those very effectively targeted ads served up when they log in to their account convenient and useful. The problem is that that there is a secondary use for the collected data. In the wrong hands that information can be used to make you more vulnerable to the attacks of clever identity thieves. It's very simple—the more information that is collected about you, and the more companies that collect it, the more likely it becomes that the wrong guys get access.

[Related: The End of Digital Innocence: What Does the Epsilon Breach Mean?]

As Sen. Franken pointed out, "Anyone who finds a lost or stolen iPhone or iPad or who has access to any computer used to sync one of these devices could easily download and map out a customer's precise movements for months at a time."

You need to think of your smartphone as a sort of intravenous line—a tap into your financial bloodstream. Every company involved in the provision of your cell phone service, and the provision of services available through your cell phone, is probably collecting data about you in some way, shape, or form.

Last December, the Wall Street Journal also reported that Pandora, the popular music service with a very popular iPhone app, was collecting data on its users and transmitting that data regularly to eight different tracking companies. No matter how benign the intentions may be of the people who are "following" you electronically, the mere fact that information is being collected by folks with whom you are totally unfamiliar creates risks.

[Related: Digital Footprints: The Do Not Track proposal]

If the bad guys know that you visit a particular store in person as well as online, their phishing attack (in which a group of people are targeted) becomes a spear phishing attack (in which an individual is targeted). If they know where you go and who you are, they can correlate that information with facts gleaned from other sources and ultimately perform a far more credible impersonation of you.

In all those apocalyptic vision-of-the-future novels, the threat was aimed at personal freedom. But the clear and present danger today is aimed at your wallet. To thwart the cyber ninjas there are things that can be done and things that you must do. The single most important thing is the creation of legislation covering at least two areas: first, creating strict privacy laws codifying best practices for companies in the business of collecting this data, including strict penalties if systems are breached no matter who is at fault; and second, creating laws to provide disclosure to consumers as to who is collecting what and how, giving the consumer the ability to "opt out" at all times.

Practical Steps to Protect Yourself from Your Phone

More important than these macro solutions for which the government is ultimately responsible, are the steps that you can take to protect yourself. The same Internet technology that creates the risks also provides defenses against them. Here are some things you can do to reduce your risks considerably:

* Make sure that you have the most up-to-date security software, firewalls and malware protections on your computer and communication devices.

* Check your bank and credit card accounts online daily.

* Invest in a good credit or identity monitoring service.

Think of the cost of these steps in money and time as the very reasonable cost of the enormous convenience of the Internet and smartphones. Here are a few other best practices when it comes to making sure you are never compromised by your smartphone:

* Disable your GPS function unless you really need it.

* Be careful with certain apps because many of them track your movements as well.

* Never, ever, click on an e-mail (or respond to a text) unless you are absolutely certain of its authenticity. And even if you are convinced it is authentic, you might still wish to go to your browser and type in the name of the organization with which you wish to do business yourself.

Finally, it wouldn't be a bad idea to turn off your cell phone once in a while. I know how hard this might be for some of us—especially me. Frankly, I go through communication withdrawal every time I simply reboot my cell phone. It's that sense of disconnection from the rest of the planet. Trust me, I get it.

[Resource: 12 Tips for Protecting Your Identity]

This work is the opinion of the columnist and in no way reflects the opinion of ABC News.

Adam Levin is chairman and cofounder of Credit.com. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit.