Feeds

back to article Brits' phone tracking, web history touted to cops: The TRUTH

Pollster Ipsos MORI is under fire for touting data on millions of EE customers - from their whereabouts to their browser history - to anyone with a chequebook, including London's Metropolitan Police. The Met shelved the deal when the Sunday Times learned of the mass info flogging. But private companies have been buying the …

COMMENTS

This topic is closed for new posts.

Page:

The surprising thing about this for me is that I was actually surprised they would do this.

9
0
Silver badge

The surprising thing is that anybody would be surprised that they would do this

0
0
Anonymous Coward

The surprising thing for me is when people were criticising Google and Apple about location tracking, where, when they didn't ever really do it, but when the telephone companies have always unashaedly collected, catalogued (indexed) and stored every conceivable bit of information about your location data, telephone calls and text messages. I have personally met individuals (at tech finance conventions) who claim they can do background checks on anyone and obtain any of this data for any individual. ANYONE AND EVERYONE. People don't understand this is standard practice for rich investors before they make an investment. The tech community have shown a questionable sense of priority in their outrage over privacy matters.

1
1
Silver badge
Meh

If

They want to use my data I have no problem, so long as they pay me £100 each time for the privilege.

5
0
Silver badge

Re: If

It's not your data though is it? It's theirs. But I get your point. They are making money indirectly from you paying for a service. Rather than make you pay through the nose for the service, they could be using this money to lower your bill.

Maybe you'll see a lower bill in future as EE now has alternate revenue streams.

(Yeah, I had trouble keeping a straight face when I was typing that)

0
0

Personal Information

>>The suggestion that we sell the personal information of our customers to third parties is misleading to say the least.<<

There is an issue here about what constitutes "personal information". Most people would agree that things such as bank details, etc are personal details that should be carefully protected. But when we go about our daily lives, there seems to be an assumption that where we go is not "personal information" and is therefore the property of any organisation that choose to collect and collate such data.

However, there is an argument that such information should be more carefully protected. For example, I attend a particular hospital once a month; and the analysis might well suggest that I'm going to the VD clinic. (The place I go to is next door; but doesn't show on the map) If a business such as an insurance firm were to take that info and then use it to suggest that I am a high risk, then that most people would accept that to be a clear violation of my personal information.

Of course if I found out that this was happening, I could then legally sue for reparations; but the onus would be on me to uncover the data breach, prove that they were at fault in court and then show that I had suffered as a result of that. Not always possible or easy.

15
0

Simple solution

Pop down the local supermarket, pick up a sim pack for anything between free and a fiver, get a paygo voucher and top up.

No registration with any carrier, just an anonymous phone.

1
1
Silver badge

Re: Simple solution

But if you can access the records of a specific phone, it isn't difficult (in most cases) to work out where the owner lives and where they work. Not very anonymous now, is it?

7
0

Re: Simple solution

You forgot to mention that you should pay by cash.

Also, don't use a phone with GPS as there is allegedly a way for the operator to send a query to the phone to get its GPS co-ordinates (if GPS is enabled)

Or just give up and realise that your right to privacy is a myth.

1
2
Anonymous Coward

Re: Simple solution

Privacy is a myth, although I have found a better method.

Sign up to O2, the signal is so bad around here, they'd never be able to trace me even if they wanted to.

10
0
Anonymous Coward

Re: Simple solution

"it isn't difficult (in most cases) to work out where the owner lives and where they work."

true... although all they could tell is that someone with a mobile phone lived somewhere nearby. I could stand in the middle of just about every street in every town and city and point at a handful of houses and be quite confident that someone in one of those houses had a mobile phone. Likewise for every office block, factory or shop.

They may tell someone is there, but, not who.

0
0
Anonymous Coward

Re: Simple solution

" I could stand in the middle of just about every street in every town and city and point at a handful of houses and be quite confident that someone in one of those houses had a mobile phone"

But how many of those people you are pointing at work in exactly the same area, and also visited Tesco at 8:14, where you were seen paying by credit card and on CCTV and later vistied the Shell petrol station where you also paid by credit card and were caught on CCTV.

May not be as easy as saying "where was Joe Bloggs at 15:25 on Tuesday" but if you are a suspect then they know who you are anyway.

1
0
Silver badge

Re: Simple solution

If that anonymous SIM stays overnight at a particular place, spends its working hours at another place, visits particular shops and so on, it can be correlated with other information to figure out who you are.

0
0
Anonymous Coward

Re: Simple solution

Go live in the countryside, there will only be one mast with which they will struggle at best to triangulate the signal.

Althrough you would have to take the battery out if you don't live there and plan on coming back to civilization.

Posted as AC for obvious reasons.

0
0
Anonymous Coward

Re: Simple solution

A few visits to your home, work and one or two places with CCTV would strip most of your anonymity, with the call, text and browsing data polishing off the rest. Unless you're prepared to use multiple phones and switch them on and off according to location, and similarly slice up your call list and avoid checking email, something's going to point to you eventually.

It never ceases to amaze me how few activities it actually takes to define you as quite unique to an observer.

1
0
Anonymous Coward

Re: Simple solution

I'm not sure if you're replying to me or the guy above me, but you do realise I was speaking from a point that by paying for your phone using CASH and only using PAYG they still wouldn't have it easy with my habits, I typically remove cell batteries on a regular basis and rotate my phone usages. If they only see myVPN.com as a website used via a PAYG phone in the sticks, good luck making any head tail (or foot even) sense of that!

0
0

Re: Simple solution

But you can't access a specific phone from the data being sold, that's the point.

It's still pretty anonymous, since the data is aggregated. You might be able to find out how many phones at the Google office go to Southgate at night, but not the address to which each individual phone went. As the article says the data is in blocks of 50, you could presumably work out that at least 50 Google employees live in Southgate. It's a bit of a leap from that to suggest they aren't paying income tax, but I think it's assumed. And why live in Southgate? You'd need a good reason.

0
0

Long spoons required

The Sunday Times alleges that MORI were offering individuals' data - presumably from their own sources linked to the EE stuff. Between 80 and 95% of individuals can be identified from anonymised blocks in any case so it's all a disengenuous. Simple answer is never sign up for any marketing material ever again and don't take part in any market research. They must have thought they had something to selll.... smells like a duck to me!

7
0

Need details

It's well know that anonymized (or pseudonymized) data can be de-anonymized if enough data points can be correlated with existing known data. So we really need details of what data EE sold to MORI - how was the data anonymized, how was it grouped together in these blocks?

2
0
Bronze badge

Re: Need details

http://www.bigbrotherwatch.org.uk/home/2013/05/everything-everywhere-ipsosmori-and-the-mystery-of-27m-peoples-data.html

0
0

Its not very anonymous is it..

This 'anonymous' record is at this address from 6pm till 7am every week day.

This 'anonymous' record is at this address on the banks of the Thames.

This 'anonymous' record met this 'anonymous' record at the offices for the News of the World

On sundays this anonymous record travels from this address to the address of Madam Whiplash between 5pm and 11pm.

8
0
Trollface

Re: Its not very anonymous is it..

HOW DO YOU KNOW WHAT I WAS DOING?!?

My career as an MP is over.

:(

3
0
Silver badge
Trollface

Re: Its not very anonymous is it..

Not yet it isn't, you can still fight this out in court. Just remember to put the lawyers down on expenses.

1
0

Re: Its not very anonymous is it..

AOL did something similar a few years ago, and it was demonstrated that a large number of users could be identified by this so-called anonymous data..

https://en.wikipedia.org/wiki/AOL_search_data_leak

4
0
Silver badge
Happy

Re: Its not very anonymous is it..My career as an MP is over.

No it isn't- it's going pretty much as people expect!

0
0

Re: Its not very anonymous is it..

...and very good.."Ouch!! thank you Miss".. Madam Whiplash is too. She even.. "Ouch!!! Thank you Miss" ...has a rather excellent... "Ouch!!! Thank you Miss" ...wifi connection at her location.

0
0
Bronze badge
Black Helicopters

Re: Its not very anonymous is it..

Don't bother with civil court. By "legal" people mean under the DP act, but under section 1 of RIPA they have committed a criminal offence punishable by time in prison. As an EE customer, I'm a victim of this crime and will make this known to the police when I've collected enough evidence.

2
0
Anonymous Coward

Re: Its not very anonymous is it..

As an EE customer, I'm a victim of this crime and will make this known to the police when I've collected enough evidence

And even then, don't be surprised to get the response, "It's not in the public interest to prosecute or bring charges" We've heard it before with Phorm.

Now where's my vomit bucket.

0
0
Bronze badge
Terminator

Re: Its not very anonymous is it..

"We've heard it before with Phorm"

That's what the IPCC is supposed to be for. With Phorm the person concerned didn't push it far enough, got some wishy-washy response about data protection act. Completely missed the boat.

I wasn't a victim of that crime so I wasn't in a position to do anything about it.

0
0
Big Brother

This is all entirely legal ?

No its not.

Not without consent of both parties to the communications, per The Regulation of Investigatory Powers (Monetary Penalty Notices and Consents for Interceptions) Regulations 2011... which (in the light of the Phorm affair) supposedly made it unambiguously illegal to intercept and disclose the content of communications without explicit consent from BOTH parties.

It it *not* legal.

See www.legislation.gov.uk/uksi/2011/1340/made

6
0
Silver badge

Re: This is all entirely legal ?

it's probably hidden in the fine print that the contract folks don't give you time to read.

1
1
Anonymous Coward

Re: This is all entirely legal ?

A contract does not, and cannot, trump law.

2
0

Re: This is all entirely legal ?

supposedly made it unambiguously illegal to intercept and disclose the content of communications without explicit consent from BOTH parties.

But the communication isn't being intercepted and the content not disclosed, so that area of RIPA doesn't really apply.

Doesn't mean it's not wrong of course, but I think you're going to struggle to apply anti-interception regulations to location tracking. You could argue that getting the phone's finer location is a communication between you and the Telco and their disclosure is therefore in breach, but I suspect it's shaky ground. As for cell based location, not a chance in hell of making that stick if you ask me.

2
0
Anonymous Coward

Re: This is all entirely legal ?

"A contract does not, and cannot, trump law."

Unless said contract specifically says that in agreeing to it you also agree to letting the vendor sell on your details. The law only says they have to ask your permission and you have to agree to it, not that it's illegal to sell it per se.

0
0
Gold badge
Unhappy

Re: This is all entirely legal ?

" which (in the light of the Phorm affair) supposedly made it unambiguously illegal to intercept and disclose the content of communications without explicit consent from BOTH parties."

Perhaps so but this is not "communications content" but "communications data".

This is the stuff the snoopers chart is designed to hand over (for free, en mass and identified) to HMG.

What we have here is more like the FBI putting one of those GPS trackers on a car owned by an alleged organized crime figure without a warrant. The judge (IIRC) decided actually your location is nobodies business but your own.

But it's still pretty dispicable.

0
0

Re: This is all entirely legal ?

This is not just location data (which in itself if bad enough)...

The information includes; "gender, age, postcode, --> websites visited <---, time of day text is sent [and] location of customer when call is made”.

1
0

Re: This is all entirely legal ?

Sorry. but it isn't illegal under RIPA .

The data for sale is classified under RIPA as "traffic data", and you can do anything you like with that without it being classified as interception (see RIPA s2.(5)) - consequently the order you mention does not apply, as no interception (as defined in RIPA - which is not even close to the everyday definition) has taken place. :(

It might be covered under the Data Protection Act, which only covers anonymised or aggregated data if the anonymisation or aggregation is not reversible - and many people think it is almost impossible to do that irreversibly.

However, even then it is not a criminal offense under the DPA.

Heck, it isn't even a criminal offense under the DPA to sell sensitive personal data. It's just a "breach of duty", and the civil penalties are paltry.

0
0
Bronze badge
Coffee/keyboard

Re: This is all entirely legal ?

Sorry I replied to somebody else pointing out that under RIPA a criminal offence has apparently been committed. There's no contract terms that get them out of this. You can't write contract terms that absolve you things like this - RIPA exceptions are on a per-communication basis, they don't work with whole-scale data mining of communications over a public network. It's illegal, nothing more to it.

Put it this way, the police need a warrant, and so do MI5, think of a reason some random company wouldn't given that the government could just farm this crap out to ISPs.

Put it another way. If they recorded all your phone calls, and had some small print that said "we may record all your phone calls" - do you think it would be legal? RIPA treats phone calls the same as internet traffic, emails, snail mail etc.

2
0
Bronze badge

Re: This is all entirely legal ? @Peter Fairbrother

If they intercept a URL like http://www.somesite.com/indes.php?userid=1221&name=JohnDoe&age=28 are you honestly going to suggest that PII has not been intercepted and shared here? This is part of the problem - there is no clear line between traffic data and the content of the communication. Trying to separate the two in terms of web usage is literally impossible. URLs must be considered part of the content of the communication because of the details they often contain.

0
0

Re: This is all entirely legal ?

I agree, a contract would not trump RIPA - but no offense under RIPA has been committed. Here is section 2, subsection 5 of RIPA:

"References in this Act to the interception of a communication in the course of its transmission by means of a postal service or telecommunication system do not include references to—

(a) any conduct that takes place in relation only to so much of the communication as consists in any traffic data comprised in or attached to a communication (whether by the sender or otherwise) for the purposes of any postal service or telecommunication system by means of which it is being or may be transmitted; "

If the data you are giving out is "traffic data" (as defined elsewhere in RIPA, see my next post) then giving it out is not interception, and therefore is not an offense under RIPA.

0
0
Bronze badge
Facepalm

Re: This is all entirely legal ?

The only traffic data relevent to the communication system is IP addresses, and there's no requirement to *store* it for the purposes of transmitting it. A postal worker can read the name/address off the front of a letter. They don't open the letter to see where it needs to go then record that information for all customers and try to flog it to the Met.

You do see the difference right? A system needs to see telephone numbers to route calls, it doesn't need to know who you're specifically calling at the other end, and what about.

Not for nothing but this stuff is all copy/pasted from the telecommunications act, the same intent applies. Criminal complaint update: looking for more proof this happened and a police force that isn't the Met near London.

0
0

I Did NOT sign up to FaceBook!!!1!!!

Why is their shit being imposed on me???1???

1
0
Gold badge
WTF?

WTF is this "line rental" b**locks?

Seriously.

What line?

I'm wondering if there is in bulk buying cell phone "lines" adding a small charge with the specific goal of not supplying any further information. IOW all billing details to all lines end up at the offices of (for example) "JS Enterprises." As to whose really using them, no need to ask, no need to know.

0
0

With the extra cash they make from this my contract should be a bit cheaper next year then? nah thought not.

0
0
Anonymous Coward

Meta-data

In comms, the meta-data is always as valuable, if not more valuable, than the actual comms data (voice whatever) itself.

Tracking naughty paddies in NI 20+ years ago c/o their new fangled mobiles. No need to get into the conversation itself, just see where the phones go, where they cluster & when. And absolutely, it can be tracked back to individuals.

1
0
Bronze badge

EE and Data Protection

Given they store client records in plain text and export them to India protecting data is not exactly the highest priority for Nothing NoWhere.

1
0
Bronze badge

Damn !

When I was with Orange the offshore call centre had signed me up under a phonetic version of my name and garbled my address. When switching to T Mobile (other arm of EE) I cleared this up so, presumably, the details passed onto Ipsos unethically by EE are now accurate.

Cue junk mail avalanche.

0
0

This post has been deleted by its author

Police Hunt Zombies - Official

Did no one else note this snippet:

'And police officers can, by law, request access to these databases to track suspects and the recently deceased.'

So, the recently deceased are on the move amongst us. When was this discovered? I think we should be told!

2
0
Bronze badge

@sferix Re: Police Hunt Zombies - Official

To be fair to the cops, for someone dead in the street with no ID, but with a cellphone -- the records would help identify the body so relatives could be contacted.

0
0

Page:

This topic is closed for new posts.