Chapter 18 Quiz
Instructions: Select the best answer for multiple-choice questions. Answer short-answer questions in 2–4 sentences unless otherwise specified.
Multiple Choice
1. The chapter describes smartphone surveillance as involving "reversed economics." This refers to:
a) The fact that smartphones cost more than traditional surveillance equipment b) The phenomenon whereby the person being surveilled pays for and maintains the surveillance apparatus c) The reversal of traditional Fourth Amendment protections for digital data d) The fact that smartphone data collection benefits consumers more than companies
Answer: b) The phenomenon whereby the person being surveilled pays for and maintains the surveillance apparatus
2. Which location tracking method requires no special app permission and is collected by carriers regardless of user settings?
a) GPS triangulation from satellites b) WiFi positioning from access point signals c) Cell tower data d) Bluetooth beacon tracking
Answer: c) Cell tower data
3. An SDK (Software Development Kit) embedded in a smartphone app is relevant to surveillance because:
a) It encrypts location data before transmission, providing privacy protection b) It can collect behavioral and location data independently of the app's visible function and transmit it to third-party data brokers c) It is required by law for all apps that request location permissions d) It determines whether an app complies with GDPR
Answer: b) It can collect behavioral and location data independently of the app's visible function and transmit it to third-party data brokers
4. Research by Yves-Alexandre de Montjoye at MIT found that, to uniquely identify 95% of individuals in a location dataset, one needs:
a) Name and home address b) Phone number and carrier information c) Four location data points (four places and times) d) At least two weeks of continuous location tracking
Answer: c) Four location data points (four places and times)
5. A geofence warrant differs from a traditional search warrant in that it:
a) Requires a higher standard of probable cause b) Specifies a place and time and requests data about everyone present, rather than specifying an individual suspect c) Can only be used for terrorism investigations under the USA PATRIOT Act d) Is issued by federal courts, not state courts
Answer: b) Specifies a place and time and requests data about everyone present, rather than specifying an individual suspect
6. What did the Supreme Court rule in Carpenter v. United States (2018)?
a) Geofence warrants are unconstitutional b) The government generally needs a warrant to obtain historical cell phone location data from carriers c) App location permissions constitute user consent to government access d) The third-party doctrine applies to all smartphone data
Answer: b) The government generally needs a warrant to obtain historical cell phone location data from carriers
7. "Digital exhaust" refers to:
a) The energy consumption of data centers that process surveillance information b) Data generated as an unintentional byproduct of digital activity, rather than intentionally produced content c) Data that becomes unusable ("exhausted") after a certain period of time d) The environmental impact of smartphone manufacturing
Answer: b) Data generated as an unintentional byproduct of digital activity, rather than intentionally produced content
8. WiFi "probe requests" are relevant to location tracking because:
a) They require the phone to connect to a WiFi network, which logs the connection b) They are broadcast automatically by WiFi-enabled phones searching for known networks, and can be logged by nearby access points to track presence c) They transmit a device's location to Apple or Google for the WiFi mapping database d) They are only sent when a user explicitly searches for a WiFi network
Answer: b) They are broadcast automatically by WiFi-enabled phones searching for known networks, and can be logged by nearby access points to track presence
9. The chapter cites the Stanford MetaPhone project for demonstrating that phone metadata can reveal:
a) The content of encrypted messages b) Sensitive information such as medical conditions, religious affiliations, and romantic relationships c) Device location with the same precision as GPS d) Whether a user is engaged in criminal activity
Answer: b) Sensitive information such as medical conditions, religious affiliations, and romantic relationships
10. A "tower dump" in the context of law enforcement refers to:
a) A leak of internal data from a cell carrier to journalists b) The disposal of outdated cell tower equipment c) A law enforcement request for records of all devices that connected to a specific cell tower during a specific time window d) The mass deletion of cell tower records as required by data retention limits
Answer: c) A law enforcement request for records of all devices that connected to a specific cell tower during a specific time window
11. According to the chapter, which smartphone sensor requires no user permission to access and can be used for gait analysis and behavior inference?
a) GPS b) Camera c) Microphone d) Accelerometer
Answer: d) Accelerometer
12. The chapter argues that smartphone data is "voluntary" only in an "impoverished sense." Which of the following best captures this argument?
a) Smartphone use is legally compelled in many jurisdictions b) The practical necessity of smartphone use in modern life and the absence of meaningful alternatives makes "voluntary" a misleading description c) Smartphone users are deliberately deceived about data collection through false advertising d) Young people begin using smartphones before they are legally capable of consent
Answer: b) The practical necessity of smartphone use in modern life and the absence of meaningful alternatives makes "voluntary" a misleading description
13. Which investigation documented that federal agencies including the Department of Homeland Security had purchased smartphone location data from commercial brokers without seeking warrants?
a) The EFF's Atlas of Surveillance project b) The ACLU's state surveillance report series c) Motherboard/Vice's reporting on SafeGraph and X-Mode d) The New York Times' investigation of Ring partnerships
Answer: c) Motherboard/Vice's reporting on SafeGraph and X-Mode
14. When Jordan downloads their Google Takeout archive, which element do they find most personally alarming?
a) The record of their online purchases b) Their YouTube viewing history c) The precise record of visits to the campus health clinic and attendance at a Pride rally d) Their contact list stored in Google Contacts
Answer: c) The precise record of visits to the campus health clinic and attendance at a Pride rally
15. "Gait fingerprinting" refers to:
a) A biometric security feature used to unlock smartphones b) The use of accelerometer data to identify individuals by the distinctive pattern of their walking c) A database maintained by law enforcement of how persons of interest walk d) A forensic technique for analyzing footprint evidence
Answer: b) The use of accelerometer data to identify individuals by the distinctive pattern of their walking
True / False
16. Turning off GPS on a smartphone fully prevents location tracking by apps.
Answer: False. GPS is one of three location tracking methods. Cell tower data is collected by carriers regardless of GPS settings. WiFi positioning occurs when WiFi is enabled. Accelerometer data may also support location inference.
17. Location data can be used to infer religious affiliation, medical status, and political activity even without knowing the content of any communications.
Answer: True. Repeated presence at religious institutions, medical facilities, and political events is detectable through location data and allows inference about these sensitive attributes.
Short Answer
18. Explain the concept of "re-identification" of supposedly anonymous location data. Why is this concept important for evaluating location data brokers' privacy claims? (4–6 sentences)
Model answer: Re-identification is the process of linking nominally anonymous data — in which identifying information like name and phone number has been removed — back to specific individuals, using other available data points. Research by de Montjoye at MIT demonstrated that just four location data points are sufficient to uniquely identify 95% of individuals in a large location dataset, because most people have distinctive enough routines that even a few location observations narrow the field to a single person. Location data brokers routinely describe their products as "anonymized" to satisfy legal requirements and public relations needs; this description is technically accurate in a narrow sense (names are not included) but functionally misleading because the data remains personally identifiable in practice. For evaluating location broker privacy claims, re-identification means that the "anonymization" of a dataset does not provide genuine privacy protection for individuals in it. The legal and regulatory implication is significant: if anonymized location data is practically equivalent to identified location data, it should receive the same legal protections — which current U.S. law does not provide.