Is this entire story based on that one PDF, which appears to be from a PowerPoint presentation? Or is there some other supporting information?
http://www.cbc.ca/news2/pdf/airports_redacted.pdf
Reading this, I'm not even sure what information they actually had access to, or where it came from.
On Page 8:
Quote:
Tradecraft Development Data Set- Have two weeks worth of ID-IP data from Canadian Special Source – [redacted]
- Had program access to Quova dataset connecting into Atlas database
- Had seed knowledge of a single Canadian Airport WiFi IP address
|
It appears that Quova is the company that does geo-location tracking for websites. So, when you want to watch a US-based video and it says "this content is not available in your current location", you have Quova to blame (
http://en.wikipedia.org/wiki/Neustar_IP_Intelligence - now called Neustar).
From the context, it's hard to figure out what exactly the "Canadian Special Source" is. I don't think it's actually the airport WiFi network. I think it might be a Canadian email provider, or some other high-traffic website that provided 2 weeks worth of visitor information including unique device IDs and IP addresses.
The reason I think it might be an email provider is because on Page 7 it says:
Quote:
Data had limited aperture – Canadian Special Source
major CDN ISPs team with US email majors, losing travel coverage
|
So, this all makes me think that what they had was two weeks worth of people's phones and computers checking their email, and recording nothing more than the device ID and IP address of the connection. Then, they used all of those IP addresses and used the Quova data to determine the locations of those IP addresses. I think all they had from an airport WiFi was a single IP address for the free WiFi service at a single Canadian airport.
So, if I'm piecing this together correctly, the problem is that Quova data doesn't have localized precision. It's good enough to tell if a device is connecting from Canada or the US, but it can't tell if the device is connecting from a Starbucks or a Howard Johnson's.
By using just the connections at an IP address that's known to be an airport WiFi, they can assemble a profile of what the connections at an airport look like. Then, they can use the usage profiles from that airport to assemble other ones based on the movement of the devices.
The profiles they assemble all look slightly different depending on where they're from. Airports and hotels look similar, but hotels have multiple connections over multiple days from the same devices, where airports have single connections that don't repeat. Coffee shops and libraries have similar profiles except the devices are connected for a longer time at libraries.
The document then goes on the present scenarios where this information could be used:
- If you're tracking a suspect and know the device ID of his phone, you can monitor its movements and if it hits at a high value target such as an airport or a hotel, you can be alert to a possible attack.
- Or, the opposite, where you know a suspect was in certain locations at certain times but you know nothing else, you could use the collection of information to find any devices that connected to known networks in those locations. Once you know the device ID, you could trace it back to its owner.
Again, I think that's what the document is actually talking about, but I could be completely off-base. Also, it seems like there are many flaws in this method, not the least of which is that it doesn't appear to work if the device is connected over cell data instead of WiFi. Or, you know, if the suspect leaves his phone at home or turns it off.
It also doesn't explain what the "Special Source" is (I'm not sure it's an ISP's email server, but that's still the way I'm leaning) and how they collected this information. That is certainly a question that should be answered; but from what the document says, it doesn't seem like they collected data that is any more harmful to individual privacy than the people who sit on the side of the road and count cars.
