The surprising thing about this for me is that I was actually surprised they would do this.
Brits' phone tracking, web history touted to cops: The TRUTH
Pollster Ipsos MORI is under fire for touting data on millions of EE customers - from their whereabouts to their browser history - to anyone with a chequebook, including London's Metropolitan Police. The Met shelved the deal when the Sunday Times learned of the mass info flogging. But private companies have been buying the …
-
-
Tuesday 14th May 2013 06:29 GMT Anonymous Coward
The surprising thing for me is when people were criticising Google and Apple about location tracking, where, when they didn't ever really do it, but when the telephone companies have always unashaedly collected, catalogued (indexed) and stored every conceivable bit of information about your location data, telephone calls and text messages. I have personally met individuals (at tech finance conventions) who claim they can do background checks on anyone and obtain any of this data for any individual. ANYONE AND EVERYONE. People don't understand this is standard practice for rich investors before they make an investment. The tech community have shown a questionable sense of priority in their outrage over privacy matters.
-
-
Tuesday 14th May 2013 09:06 GMT Crisp
Re: If
It's not your data though is it? It's theirs. But I get your point. They are making money indirectly from you paying for a service. Rather than make you pay through the nose for the service, they could be using this money to lower your bill.
Maybe you'll see a lower bill in future as EE now has alternate revenue streams.
(Yeah, I had trouble keeping a straight face when I was typing that)
-
-
Monday 13th May 2013 13:59 GMT Magister
Personal Information
>>The suggestion that we sell the personal information of our customers to third parties is misleading to say the least.<<
There is an issue here about what constitutes "personal information". Most people would agree that things such as bank details, etc are personal details that should be carefully protected. But when we go about our daily lives, there seems to be an assumption that where we go is not "personal information" and is therefore the property of any organisation that choose to collect and collate such data.
However, there is an argument that such information should be more carefully protected. For example, I attend a particular hospital once a month; and the analysis might well suggest that I'm going to the VD clinic. (The place I go to is next door; but doesn't show on the map) If a business such as an insurance firm were to take that info and then use it to suggest that I am a high risk, then that most people would accept that to be a clear violation of my personal information.
Of course if I found out that this was happening, I could then legally sue for reparations; but the onus would be on me to uncover the data breach, prove that they were at fault in court and then show that I had suffered as a result of that. Not always possible or easy.
-
-
-
Monday 13th May 2013 15:04 GMT Anonymous Coward
Re: Simple solution
"it isn't difficult (in most cases) to work out where the owner lives and where they work."
true... although all they could tell is that someone with a mobile phone lived somewhere nearby. I could stand in the middle of just about every street in every town and city and point at a handful of houses and be quite confident that someone in one of those houses had a mobile phone. Likewise for every office block, factory or shop.
They may tell someone is there, but, not who.
-
Monday 13th May 2013 18:12 GMT Anonymous Coward
Re: Simple solution
" I could stand in the middle of just about every street in every town and city and point at a handful of houses and be quite confident that someone in one of those houses had a mobile phone"
But how many of those people you are pointing at work in exactly the same area, and also visited Tesco at 8:14, where you were seen paying by credit card and on CCTV and later vistied the Shell petrol station where you also paid by credit card and were caught on CCTV.
May not be as easy as saying "where was Joe Bloggs at 15:25 on Tuesday" but if you are a suspect then they know who you are anyway.
-
-
Wednesday 15th May 2013 08:08 GMT Mr Spigot
Re: Simple solution
But you can't access a specific phone from the data being sold, that's the point.
It's still pretty anonymous, since the data is aggregated. You might be able to find out how many phones at the Google office go to Southgate at night, but not the address to which each individual phone went. As the article says the data is in blocks of 50, you could presumably work out that at least 50 Google employees live in Southgate. It's a bit of a leap from that to suggest they aren't paying income tax, but I think it's assumed. And why live in Southgate? You'd need a good reason.
-
-
Tuesday 14th May 2013 06:51 GMT Anonymous Coward
Re: Simple solution
A few visits to your home, work and one or two places with CCTV would strip most of your anonymity, with the call, text and browsing data polishing off the rest. Unless you're prepared to use multiple phones and switch them on and off according to location, and similarly slice up your call list and avoid checking email, something's going to point to you eventually.
It never ceases to amaze me how few activities it actually takes to define you as quite unique to an observer.
-
Tuesday 14th May 2013 18:23 GMT Anonymous Coward
Re: Simple solution
I'm not sure if you're replying to me or the guy above me, but you do realise I was speaking from a point that by paying for your phone using CASH and only using PAYG they still wouldn't have it easy with my habits, I typically remove cell batteries on a regular basis and rotate my phone usages. If they only see myVPN.com as a website used via a PAYG phone in the sticks, good luck making any head tail (or foot even) sense of that!
-
-
-
Monday 13th May 2013 14:02 GMT LesPaulCustom
Long spoons required
The Sunday Times alleges that MORI were offering individuals' data - presumably from their own sources linked to the EE stuff. Between 80 and 95% of individuals can be identified from anonymised blocks in any case so it's all a disengenuous. Simple answer is never sign up for any marketing material ever again and don't take part in any market research. They must have thought they had something to selll.... smells like a duck to me!
-
Monday 13th May 2013 14:12 GMT Ian 62
Its not very anonymous is it..
This 'anonymous' record is at this address from 6pm till 7am every week day.
This 'anonymous' record is at this address on the banks of the Thames.
This 'anonymous' record met this 'anonymous' record at the offices for the News of the World
On sundays this anonymous record travels from this address to the address of Madam Whiplash between 5pm and 11pm.
-
-
-
Tuesday 14th May 2013 03:45 GMT streaky
Re: Its not very anonymous is it..
Don't bother with civil court. By "legal" people mean under the DP act, but under section 1 of RIPA they have committed a criminal offence punishable by time in prison. As an EE customer, I'm a victim of this crime and will make this known to the police when I've collected enough evidence.
-
Tuesday 14th May 2013 20:14 GMT Anonymous Coward
Re: Its not very anonymous is it..
As an EE customer, I'm a victim of this crime and will make this known to the police when I've collected enough evidence
And even then, don't be surprised to get the response, "It's not in the public interest to prosecute or bring charges" We've heard it before with Phorm.
Now where's my vomit bucket.
-
Tuesday 21st May 2013 11:37 GMT streaky
Re: Its not very anonymous is it..
"We've heard it before with Phorm"
That's what the IPCC is supposed to be for. With Phorm the person concerned didn't push it far enough, got some wishy-washy response about data protection act. Completely missed the boat.
I wasn't a victim of that crime so I wasn't in a position to do anything about it.
-
-
-
-
-
Monday 13th May 2013 14:50 GMT dephormation.org.uk
This is all entirely legal ?
No its not.
Not without consent of both parties to the communications, per The Regulation of Investigatory Powers (Monetary Penalty Notices and Consents for Interceptions) Regulations 2011... which (in the light of the Phorm affair) supposedly made it unambiguously illegal to intercept and disclose the content of communications without explicit consent from BOTH parties.
It it *not* legal.
See www.legislation.gov.uk/uksi/2011/1340/made
-
-
-
Monday 13th May 2013 15:31 GMT Anonymous Coward
Re: This is all entirely legal ?
"A contract does not, and cannot, trump law."
Unless said contract specifically says that in agreeing to it you also agree to letting the vendor sell on your details. The law only says they have to ask your permission and you have to agree to it, not that it's illegal to sell it per se.
-
Tuesday 14th May 2013 03:52 GMT streaky
Re: This is all entirely legal ?
Sorry I replied to somebody else pointing out that under RIPA a criminal offence has apparently been committed. There's no contract terms that get them out of this. You can't write contract terms that absolve you things like this - RIPA exceptions are on a per-communication basis, they don't work with whole-scale data mining of communications over a public network. It's illegal, nothing more to it.
Put it this way, the police need a warrant, and so do MI5, think of a reason some random company wouldn't given that the government could just farm this crap out to ISPs.
Put it another way. If they recorded all your phone calls, and had some small print that said "we may record all your phone calls" - do you think it would be legal? RIPA treats phone calls the same as internet traffic, emails, snail mail etc.
-
Wednesday 15th May 2013 21:30 GMT Peter Fairbrother 1
Re: This is all entirely legal ?
I agree, a contract would not trump RIPA - but no offense under RIPA has been committed. Here is section 2, subsection 5 of RIPA:
"References in this Act to the interception of a communication in the course of its transmission by means of a postal service or telecommunication system do not include references to—
(a) any conduct that takes place in relation only to so much of the communication as consists in any traffic data comprised in or attached to a communication (whether by the sender or otherwise) for the purposes of any postal service or telecommunication system by means of which it is being or may be transmitted; "
If the data you are giving out is "traffic data" (as defined elsewhere in RIPA, see my next post) then giving it out is not interception, and therefore is not an offense under RIPA.
-
Tuesday 21st May 2013 11:32 GMT streaky
Re: This is all entirely legal ?
The only traffic data relevent to the communication system is IP addresses, and there's no requirement to *store* it for the purposes of transmitting it. A postal worker can read the name/address off the front of a letter. They don't open the letter to see where it needs to go then record that information for all customers and try to flog it to the Met.
You do see the difference right? A system needs to see telephone numbers to route calls, it doesn't need to know who you're specifically calling at the other end, and what about.
Not for nothing but this stuff is all copy/pasted from the telecommunications act, the same intent applies. Criminal complaint update: looking for more proof this happened and a police force that isn't the Met near London.
-
-
-
-
-
-
Monday 13th May 2013 15:27 GMT Ben Tasker
Re: This is all entirely legal ?
supposedly made it unambiguously illegal to intercept and disclose the content of communications without explicit consent from BOTH parties.
But the communication isn't being intercepted and the content not disclosed, so that area of RIPA doesn't really apply.
Doesn't mean it's not wrong of course, but I think you're going to struggle to apply anti-interception regulations to location tracking. You could argue that getting the phone's finer location is a communication between you and the Telco and their disclosure is therefore in breach, but I suspect it's shaky ground. As for cell based location, not a chance in hell of making that stick if you ask me.
-
Monday 13th May 2013 15:47 GMT John Smith 19
Re: This is all entirely legal ?
" which (in the light of the Phorm affair) supposedly made it unambiguously illegal to intercept and disclose the content of communications without explicit consent from BOTH parties."
Perhaps so but this is not "communications content" but "communications data".
This is the stuff the snoopers chart is designed to hand over (for free, en mass and identified) to HMG.
What we have here is more like the FBI putting one of those GPS trackers on a car owned by an alleged organized crime figure without a warrant. The judge (IIRC) decided actually your location is nobodies business but your own.
But it's still pretty dispicable.
-
Monday 13th May 2013 19:56 GMT Peter Fairbrother 1
Re: This is all entirely legal ?
Sorry. but it isn't illegal under RIPA .
The data for sale is classified under RIPA as "traffic data", and you can do anything you like with that without it being classified as interception (see RIPA s2.(5)) - consequently the order you mention does not apply, as no interception (as defined in RIPA - which is not even close to the everyday definition) has taken place. :(
It might be covered under the Data Protection Act, which only covers anonymised or aggregated data if the anonymisation or aggregation is not reversible - and many people think it is almost impossible to do that irreversibly.
However, even then it is not a criminal offense under the DPA.
Heck, it isn't even a criminal offense under the DPA to sell sensitive personal data. It's just a "breach of duty", and the civil penalties are paltry.
-
Tuesday 14th May 2013 08:24 GMT Vimes
Re: This is all entirely legal ? @Peter Fairbrother
If they intercept a URL like http://www.somesite.com/indes.php?userid=1221&name=JohnDoe&age=28 are you honestly going to suggest that PII has not been intercepted and shared here? This is part of the problem - there is no clear line between traffic data and the content of the communication. Trying to separate the two in terms of web usage is literally impossible. URLs must be considered part of the content of the communication because of the details they often contain.
-
-
-
Monday 13th May 2013 15:52 GMT John Smith 19
WTF is this "line rental" b**locks?
Seriously.
What line?
I'm wondering if there is in bulk buying cell phone "lines" adding a small charge with the specific goal of not supplying any further information. IOW all billing details to all lines end up at the offices of (for example) "JS Enterprises." As to whose really using them, no need to ask, no need to know.
-
Monday 13th May 2013 16:13 GMT Anonymous Coward
Meta-data
In comms, the meta-data is always as valuable, if not more valuable, than the actual comms data (voice whatever) itself.
Tracking naughty paddies in NI 20+ years ago c/o their new fangled mobiles. No need to get into the conversation itself, just see where the phones go, where they cluster & when. And absolutely, it can be tracked back to individuals.
-
Monday 13th May 2013 17:39 GMT Fihart
Damn !
When I was with Orange the offshore call centre had signed me up under a phonetic version of my name and garbled my address. When switching to T Mobile (other arm of EE) I cleared this up so, presumably, the details passed onto Ipsos unethically by EE are now accurate.
Cue junk mail avalanche.
-
This post has been deleted by its author
-
Tuesday 14th May 2013 07:16 GMT Anonymous Coward
Ignoble intent
Among this and the thousand other data pimping exercises we're subjected to, I think quite the most depressing is the purpose. None of this energy or genius is going into curing cancer, improving crop yields, exploring the planets, improving education or even building a better mousetrap. Apart from allowing plod to add two and two to get seven, the sole miserable use for this is to try to sell us things we don't want at prices we don't like in ways that we find deeply irritating and often invasive in themselves. To ice the cake, we get to provide all of the input whether we like it or not, but get none of the benefit except for vague, wafty handwaving in the direction of cheaper, better blah, blah, blah. What was that Thatcher/Blairite crap about choice?
I couldn't give a toss how legal it is; it is immoral, plain and simple, and anyone who thinks otherwise is frankly delusional.
-
-
Tuesday 14th May 2013 11:34 GMT Graham Cobb
Check out ORG blog
Unfortunately there is also nothing in there which says they can't. And they would claim that if it is "anonymised" then it isn't personal data any more. And where can we (or the data protection authorities) check up on how well it is "anonymised"?
That is why the latest Open Rights Group blog calls for: "Ask for users’ permission before offering their anonymised data. Make this legally required in data protection, helpfully being debated right now."
-
-
Tuesday 14th May 2013 11:43 GMT Anonymous Coward
My phone contract is up for renewal. Guess where I won't be going.
Although, just because EE have been found out, it doesn't mean Vodafone, O2 and 3 don't do it too.
How anonymised is this data? If they can get a location and an activity, surely they will know you were surfing iffy websites in the sanctity of your own bathroom