Republicans Are Tracking Cellphones And Targetting Voters - Here's How To Stay Private
You probably remember, back in 2016, during the run-up to the eletction, there was a Trump for President lawn sign on practically every street. While they looked innocent enough, these flimsy-looking notices held hidden beacons that quietly collected information from passing cellphones and mobile devices and sent messages to them – whether they wanted them or not.
There’s every indication that 2020 will see more Republican campaigns following phones and using beacon technology to influence voters in their favor. But what does that mean in terms of our right to privacy and is it compromising the security of our devices?
Big Brother, Beacons, & Bluetooth – Trump for President Lawn Sign
During the last national election campaign, it was reported that a Republican candidate used beacons attached to campaign lawn signs to send messages to smartphone users without their consent and without them needing to install any specific app.
Small, discreet, and cheap, beacons use Bluetooth to ping smartphones in the area, send notifications, and collect data. For election candidates, that means they can communicate with users, sending them text messages encouraging them to head to the polls.
Far more accurate than GPS, beacons can tell you “this person is standing in this corner on this floor of this building, whereas GPS would just tell you that they’re probably around this building”. That’s according to engineer Bennett Cyphers of the Electronic Frontier Foundation (EFF).
As scary as that sounds, it’s not quite as disturbing as the recent changes made to Donald Trump’s campaign privacy policy. An online tool that tracks changes on the presidential campaign websites in the run-up to the 2020 elections noticed that Trump’s privacy policy had been altered to include a clause that states, “We may also collect other information based on your location and your Device’s proximity to ‘beacons’ and other similar proximity systems, including, for example, the strength of the signal between the beacon and your Device and the duration that your Device is near the beacon”.
Beacons aren’t only used to turn Trump for president lawn signs into Bluetooth watchdogs, however, and have also been used for political gain at rallies and other public events. Using a process known as geofencing, beacons are positioned in the geofenced area. When smartphone users enter that area, the beacons can ping their phones and access their ID numbers which, in turn, will lead them to more in-depth personal information and details of their voting habits.
It’s neat, but highly invasive and shouldn’t come as too much of a surprise after the Cambridge Analytica scandal, nor considering the Democrats’ willingness to embrace data mining, and technology to create a powerful, and very expensive, digital campaign.
All that glistens isn’t gold, however, and as nasty as beacons may sound, they no longer have carte blanche to access just any passing smartphone – not like they did back in 2016.
Beacons and Their Boundaries
Three years ago, beacons had almost no boundaries whatsoever, beyond the distance from a Bluetooth connection, and any passer-by could start receiving messages via either Android or iPhone devices without their consent. Smartphone manufacturers have responded, however, and tweaked a few things to give their users a little more privacy and control.
There was a time when iOS devices with a beacon notification app installed could be targeted by any beacon but, in the latest iOS version, the app must now request the user’s permission before accessing any device’s Bluetooth connection.
Up until December last year, Android users could be pinged anywhere, at any time regardless of whether a beacon notification app was installed or not. Once revealed, this so-called “open beacon format” became a hotbed of controversy.
Using beacons like those operated by Google’s Nearby service, companies could monitor your web browsing habits, your streaming or television viewing habits, or even ascertain in exactly which part of a store you’re standing. This information could then be used to send you a targeted text message, informing you of a specific sale or, in the case of a political campaign, to try and influence your voting habits.
These days, beacon technology isn’t quite so invasive and, according to Beaconstac, a company that manufactures beacons, the latest beacons “do not collect or store any personally identifiable information” and “can only deliver notifications if the end-user has a beacon-aware app and has their Bluetooth and Location services enabled”.
Even the EFF admit that smartphone manufacturers have improved security and cracked down in the more invasive aspects of beacon technology while, in the same breath, noting that in 2016, it was possible to set up a beacon that listened in for every phone that entered its vicinity. From the pings a phone sends while searching for a Wi-Fi hotspot, it would be possible for that beacon to then collect MAC, or media access control, addresses.
If a technician can then link those unique identifiers to an individual’s identity, then it would be possible to “gather data about where people are going without them ever installing any kind of apps or ever having any kind of interaction with you”. It’s that’s not indicative of Big Brother watching you, I don’t know what is.
Is Your Smartphone Stalking You?
In much the same way as the Cambridge Analytica Facebook scandal revealed just how much influence data mining can give a political party, using Bluetooth beacons to track phones and target voters can have a similar effect. The trouble is, such influence can give certain parties an unfair advantage and sway elections accordingly, although the results have so far been mixed.
Last year, a senior White House aide and a group known as Catholic Vote used location data from Catholic churchgoers in Dubuque, Iowa to target them with campaign adverts. Although this used geofencing techniques rather than the Bluetooth beacons hidden in the Trump for president lawn signs, it’s just as intrusive, if not more so. Although the data is theoretically anonymized, it’s becoming increasingly clear that anonymous data isn’t really as anonymous as those mining it would like us to think.
Although the Catholic Vote group defended their data mining, saying that the data collection method they used, “does not allow you to collect personal information”, privacy advocates disagree. Even your location data is enough to give a clear idea of who you are and what your interests are, giving politicians plenty to work with when it comes to sending your targeted adverts and securing your vote.
Furthermore, says the New York Times, marketing groups and businesses using similar data collection methods for targeted advertising claim it’s the patterns they’re after, more than the identities but, at the end of the day, is much of a muchness. Even if the information a specific app or beacon collects doesn’t reveal the name of the smartphone owner’s or their inside leg measurement, those with access to the raw data can figure it out in a matter of hours anyway.
What’s possibly even more worrying is that marketing experts, like Joseph Sorrentino, say beacon technology and geofencing as so simple that, “Pretty much anyone with an advertising budget and the ability to do some Google searching and the ability to find a data broker who’s willing to play ball with a small player can do what Steve Bannon did”.
Although not all politicians have jumped on board with the beacon technology, there’s plenty of others that have. Inevitably, marketing departments and data mining companies are having a field day. One advertising firm based in Long Island admitted to targeting individuals in emergency rooms, sending them advertising campaigns for personal injury lawyers. On a more positive note, some colleges are introducing beacons to keep track of attendance.
Not only did the recent changes to the Trump campaign website’s privacy policy alert watchdogs to the very real possibility of the Republicans once again using beacons as part of their digital campaign, but further digging revealed additional changes that would have a serious legal impact on any users resistant to such invasions of their privacy.
According to Deep Dive Duck, another website monitoring service, an arbitration clause has also been added to Trump’s campaign website, which means any users wishing to take legal action against the campaign must appear before a single arbiter and forfeit the right to various legal avenues, including class action and jury trials. Deep Dive Duck’s CEO, Peter Bray, views such arbitration clauses as suspicious because they “significantly limit legal recourse”.
The bottom line is, the Republicans seem willing enough to invade your privacy but unwilling to give you the power to complain about it.
Avoid Being Tracked by Republican Campaigns Following Phones
With Republican campaigns following phones, its time for voters and smartphone users alike to up the ante and improve security on their mobile devices.
While Europeans have legislation to protect their privacy in the form of the GDPR, it seems unlikely that the Trump administration has any desire to go in that direction, especially not when its tracking policies are paying dividends. Sadly, without the law to protect you, that means you must rely on your own ingenuity.
Of course, you could leave your smartphone at home but that has its drawbacks and kind of belies the point of it being a mobile device in the first place. Some other more practical tips on how to prevent beacon tracking include:
1 Switch off Bluetooth
Every time you turn Bluetooth on, you open a door and allow anyone in, regardless of whether they knocked first or not. If you minimize your Bluetooth usage, you can also reduce your vulnerability to beacon trackers and cybercriminals. This type of attack can even work on devices that are already using Bluetooth to connect to something else. It may not be the most convenient, especially if you’re a fan of Bluetooth headphones, but it is one way to keep politicians from forcing their campaign mantra onto you without your consent.
2 Limit Permissions
We’re often in a hurry when setting up new apps on our smartphones or attempting to use them for the first time and it’s tempting to simply allow them access to whatever they want. This isn’t doing anything for your device security, however, and nor is it helping you protect your right to privacy.
3 Disable Location
As with Bluetooth, there are certain circumstances when you need your smartphone’s location feature on, but when you’re not using it, turning it off can lower the risk of beacon tracking. Turning off your location also means that trackers and beacons won’t know precisely where you’ve been, what shops you visited, or how long you waited for the bus. That may not sound important but Republican campaigns following phones will use anything they can get their hands on to mine data and use it to their advantage.
4 Use a VPN
A Virtual Private Network is a handy cybersecurity tool that masks your IP address by replacing it with the address of a secure VPN server. As each IP address is assigned geographically, this makes it much harder for anyone to find out where you are, where you were, or where you might be going. The best VPNs create a tunnel through which all your data travels and which is protected by a thick layer of military-grade encryption.
5 Mask your MAC address
While a VPN can hide your IP address, masking your MAC address requires a slightly different approach. If you block your MAC address altogether, you won’t be able to connect to the internet or any other devices. Instead, if you’re using an older device, you can mask it using a piece of software like the Technitium MAC Address Changer or, on the latest Android and iOS devices, by activating the MAC randomization feature.
6 Install Antivirus Software
The first antivirus software was developed in 1983 and this aspect of cybersecurity has spent the past 30 years trying to stay one step ahead of the bugs, viruses, and cybercriminals responsible for them. Some antivirus packages include some level of Bluetooth security and can also reduce tracking issues by blocking adverts and preventing unauthorized devices or beacons from accessing your phone without first asking for your consent.
The best antivirus software, like McAfee’s impressive stable of packages, gives users the ability to block Bluetooth access without locking out their Bluetooth mouse, keyboard, or headphones.
Bluetooth Beacons and Their Vulnerabilities
One of the problems with Republican campaigns following phones is that the beacons they’re using aren’t the most sophisticated when it comes to security. The company that supplied beacons to an unknown political party, Beaconstac, uses both Google Eddystone and iBeacon technology.
Unfortunately, the Eddystone beacons are susceptible to attack, with certain vulnerabilities that make it possible for unauthorized persons to hack into them and reconfigure them to share a completely different message to the one intended.
Once in charge, a hacker could push through unauthorized updates which would act much like phishing attacks but would be more difficult to identify simply because they’re less common and therefore less familiar. According to one cybersecurity expert, “With Eddystone, we could well be facing a new and dangerous vector for malware” which is even more reason to get some effective cybersecurity tools in place, including some reliable antivirus protection.
Conclusion
Protecting your privacy gets more complicated every day, especially with new technology like beacons popping up in hidden places and increasing both your awareness and employing cybersecurity best practices can help to keep your information, and your location, private.
If you don’t want politicians, advertising companies, and data miners to know you visited the gynecologist last month or that you’ve been going to WeightWatchers meetings religiously for over a year, you need to up your game.
Beacon technology can, according to Beaconstac’s website, send notifications via an app that the user has consented to install, or via the “NearBee SDK integrated in a popular app to display relevant campaigns. These tiny devices talk to all Bluetooth enabled smartphones in its range”. It’s this second method that’s the most worrying and invasive as it doesn’t require user consent per se.
The most effective defense against smartphone stalking is simply leaving your smartphone at home or throwing it away but, for most of us, that’s tantamount to cutting off a limb. A more rational approach is to turn both your Bluetooth and device location off whenever you’re not using them. Using a combination of antivirus software and a VPN can also keep many threats and prying eyes at bay.
With things only just starting to hot up in the 2020 election campaigns, the likelihood is, the Republicans will only be increasing their beacon usage so, if you want to avoid a barrage of notifications encouraging you to attend local rallies and vote Republican, you need to get your cybersecurity ball rolling today.
After all, Reid Vines, Vice President for Majority Strategies has indicated that “Trump’s re-election quest will be the most sophisticated data-driven campaign we’ve ever seen.” And, quite possibly, the one that will most violate your privacy.
Article comments