Interesting People mailing list archives
Cell Phone Tracking, Data Creep, and Google (was "Cell Phone Bugging")
From: David Farber <dave () farber net>
Date: Tue, 5 Dec 2006 22:00:08 -0500
Begin forwarded message: From: Lauren Weinstein <lauren () vortex com> Date: December 5, 2006 12:46:02 PM EST To: dave () farber net Cc: lauren () vortex comSubject: Cell Phone Tracking, Data Creep, and Google (was "Cell Phone Bugging")
Dave, The cell phone tracking situation (about which concerned observers including myself have been raising the alarm for many years) is an example of what I call "data creep" -- information collected for one (often benign) purpose that ends up being used for other (frequently not benign) purposes. It would be difficult to justify the routine collection and storage of the voice content of all telephone calls (though, this may have become to a large extent technologically feasible, and in today's political/intelligence environment is something you can be sure some spooks and others might advocate -- so this is an issue of concern). On the other hand, cell phone tracking data (as Phil Karn points out) has always been routinely collected as part of the normal operation of cellular systems. The key question revolves around what is done with that data after it has fulfilled its network operation and any related billing functions. The tendency in most organizations is to hold onto whatever data they collect on the assumption that it might be useful down the line (for R&D, legal protection, or other reasons). After the data has been gathered (and storing data is cheap these days) it becomes available for potential internal and/or external abuses unless specific steps (time-based deletion, anonymization, cryptographic reduction, and so on) are employed that limit the abuse potential. The organizations collecting the data don't usually have evil purposes for that data in mind. But by holding on to that data horde when it's not legally required to do so (or when laws are passed requiring data retention beyond reasonable short-term periods) the abuse potential goes sky high from outsiders demanding access to that data for their own ends. We've seen this happen again and again with everything from cell phone tracking data to supermarket loyalty cards to automatic toll payment systems. DOJ vs. Google is another example, demonstrating how the mass of user data that Google (and other firms) have collected (in Google's case for benign internal purposes) was and will continue to be lusted over by all manner of government agencies and other entities, all willing to use that data in ways that Google, et al. did not intend and without their approval. DOJ vs. Google was only an initial round in this battle. There are only two reasonable approaches to limiting these problems. One is to pass and enforce laws that explicitly prohibit various forms of data abuse. Unfortunately, current trends are in exactly the opposite direction, with government pushing for broad data *retention* laws. The other approach is for firms to take steps to minimize the availability of data that can be easily abused in the first place (e.g. http://www.vortex.com/google-privacy-initiative ) to the extent legally permitted. There should always be a balance between the needs of firms to collect data, the desire of law enforcement and others to have access to data for legitimate and reasonable purposes, and the fundamental privacy rights of individuals. We are failing to strike that balance today, with individual privacy rights the big losers. --Lauren-- Lauren Weinstein lauren () vortex com or lauren () pfir org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, IOIC - International Open Internet Coalition - http://www.ioic.net Founder, CIFIP - California Initiative For Internet Privacy - http://www.cifip.org Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com - - -
From: DV Henkel-Wallace <dvhw () talima com> Date: December 5, 2006 6:56:02 AM EST
...
Somehow this tracking information has been immune to such controls and has been used in civil and criminal cases for years without any discussion. Are phone taps ever legitimately used in purely civil cases (e.g. divorce cases) or misdemeanors (e.g. speeding)?
... ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Cell Phone Tracking, Data Creep, and Google (was "Cell Phone Bugging") David Farber (Dec 05)