Tuesday, June 17, 2008

It's amazing..

.. what you see on TV these days.

The local news just had this story about a shopping mall in Portsmouth where mobile tracking technology by Path Engineering has been installed - which I have tracked to this story from the Register.

"By installing receivers around a shopping centre the company can pick up communication between handsets and base stations, enabling them to track shoppers to within a metre or two - enough to spot the order in which shops are visited. Two UK shopping centres are already using the tech, with three more deploying in the next few months."

As far as one can tell, the tracking is completely non-identifying ; the shopping centre and path both do not know personal mobile phone numbers nor corresponding user names. The TV report showed predictable reactions: why weren't we told; I don't like it; I've got nothing to hide; etc.

So what do people think? Despite the obvious knee jerk reaction, as the info is completely non attributable to identified individuals, I really can't see a problem. You could get exactly the same results (at greater cost) by posting tellers at each shop or destination in the shopping centre to do counts all day, every day - would anyone object to that on privacy grounds?

(Hmm - I suppose yes, if they could identify the shoppers. Technology actually has the privacy advantage here of being blind. Here we're pre supposing CCTV isn't used in some way to identify the mobile shoppers - which despite what El Reg suggests would be extremely difficult to arrange in real time.)

I think it's important here to seperate technophobic squeamishness from real privacy concerns. (This is also not like Phorm where anonymity had been artificially imposed and could easily be "broken". Here the mobile tracking system simply doesn't know your personal phone number or your name.)

Of course you need to seperate it too from a consent-based tracking system which can be abused by forced or mistaken consent to reval significant personal data, like Sniff. Which I'm sure everyone else has blogged enough about by now.


And completely off-topic, in the Guardian today, I nearly choked on my post-swim coffee at the ostensible discovery that gay men and heterosexual women (and straight men and lesbians)apparently have similar shaped brains. If true this could destroy several decades of careful academic work on cultural construction :)

And now Newsnight is trying to tell me that Obama will be made or broken by Internet bloggers. Possibly time to turn off the TV and write some more of the third edition of Law and the Internet instead :)

7 comments:

Anonymous said...

Hi Lilian.

as always, the devils in the details....,
and looking at the limited tech explanation on ElReg for some answers.

so let me be perfectly clear on this, as i understand it, your telling me, this shopping centre
in Portsmouth, have Installed mobile tracking technology by Path Engineering so they can:

use MY Mobile Phone Equipment *without* MY consent to save themselves long term Money?.....

force MY Mobile Equipment to re-aquire a Dynamic IP address, so forcing my Phone to use far more Battery power as it high power transmits "the network issues a TMSI (Temporary Mobile Subscriber Identity) which is only valid until the next authentication.

A TMSI is like a dynamic IP address, so punters can be tracked as they move around the centre."

they do all his without My consent, without signing a contract with my for use of my Property, or making a derivative work (traceing logfile, or whatever)without consent.....

it seems several UK and EU Laws apply here, and are being broken with this system,and thats before we even look at it in tech/legal detail.

dont you agree ?

BTW Lilian have you read the
Phorm thread http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated.html ?

IM a;so very suprised given your biling above "panGloss
A UK-based cyberlaw blog by Lilian Edwards. Specialising in online privacy and security law....."

that you havent Blogged about ISP/ Phorm/Webwise.


you should give ALexanders paper a read to see the legal points to start you off if Phorm somehow passed you by, and your most welcome to come over to the CF thread.

for other readers that are not so tech , you can read the latest revised Flyer with links now
and also the fact sheet.

print a few of them off, and pass them to all your friends, tell them to do the same and help get the facts out.

http://www.inphormationdesk.org/Phorm_Factsheet.pdf
http://www.inphormationdesk.org/Phorm_Flyer.pdf

popper

Anonymous said...

sorry missed Alexanders paper URL

Dissertation - A Critical Analysis of the BT covert trials in 2006/2007
http://www.paladine.org.uk/phorm_paper.pdf

you an keep upo speed on the CF thread, or if you prefer Alexanders new NoDPI (Deep Packet Inspection/Interception site here

Say NO! to Deep Packet Inspection
https://nodpi.org/

Popper

pangloss said...

Dear popper

I haven't blogged about Phorm because, among other time consuming tasks, I've been writing a not entirely uncritical assessment of it for a chapter of the third edition of Law and the Internet. Which is the main reason along with travel, conference papers, exams, marking and many such matters that this blawg has had to take a back seat for six weeks or so. It does not indicate I think it is without flaw :)

pangloss said...
This comment has been removed by the author.
pangloss said...

ps

RE your comments on the Portsmouth mal, I don't know too much about the technology but no I don't agree.

a) "use MY Mobile Phone Equipment *without* MY consent to save themselves long term Money?....."

I don't think they are "using" it. Anymore than tellers who count you off as you go into Boots are "using" your body.. Observing or counting something is not the same as using it and does not usually require consent (nor should it or strange consequences follow).

b)It is your own choice not theirs whether you choose to turn your phone on and off so as to disrupt the TMSI tracking. This would indeed be wrong if they were doing something illegal or requiring yourprior consent but I don't think they are..

c) "it seems several UK and EU Laws apply here, and are being broken with this system"

Not DP law I think, as the data processed is entirely non personal data as its stands from what is reported. If it could be associated with data likely to fall into the hands of the data controller which helped identify lidividual data subjects (the mall, let us say) - such as CCTV pics of every person whose phone was tracked by TMSI as they went round the mall- then the situation would be different. But there is no indication that is being done (and indeed if they wish to avoid DP complications, as I suspect they do, the mall and Pathway will avoid that at all costs).

What other laws could apply? Well conceivably it could be interception without consent under RIPA but again without going into too much detail, I don't think so. There's no "communication" being intercepted as such ; merely a tracking of the capacity to initiate or receive such a communication. RIPA was not designed to cover this.

It might be "unauthorised access" to a computer or data under the CMA s 1. That one is, a little, interesting. But it is a criminal offense with strong requirements of knowledge and intent to do wrong (in a criminal sense) which I doubt are met here.

Finally it might simply be an innominate breach of the human right to a private life under Art 8 f te ECHR. But that would very much be a last resort and the failure of three other pieces of legislation to cover this situation makes me feel that this is not a situation the law regards as invasive of the personal privacy of any particular individual.

This may mean there is a gap in our laws to protect the COLLECTIVE privacy of the herd - but that would be such a novel gap I think it would have to go to new legislation.

Without prejudice etc and my bill is to follow :)

Anonymous said...

It may be that Portsmouth’s mobile phone tracking has a bit more in common with Phorm. You consider that in the case of Phorm “anonymity had been artificially imposed.” Path Intelligence’s Toby Oliver has been reported as saying that the more revealing IMSI will be captured, when available. See Spy Blog’s Path Intelligence FootPath(tm) mobile phone tracking - a few more details.

Choosing to throw away some of the bits from an IMSI, to be left with only the handset’s home country, is artificial in the same way that Phorm’s processing is.

Anonymous said...

many thanks for your Insight Lilian, it is most welcome seeing a legally trained person giving their Personal View (Without prejudice etc OR a bill is to follow OC ;), to help us on our way were possible.

BTW, i posted you Blog to the thread as your so informative ;)

and im sure the membership will be interested in this "third edition of Law and the Internet" when the time comes.

is it a free online PDF available to your interested layman/woma, or a special Legal people only bimonthy closed paper available only at the http://www.soton.ac.uk/ilaws/?

i notice it also mentions Tim Berners-Lee is somehow involved in the AC or ILAWS, but im not clear
i what capacity.

it seems Kent and his PR teams want to help Tim understand Phorm LOL, and it also appears Kent doent like the Anti Phorm Advocates ,ask Alexander ;)

many thanks,Popper.