Phone Data: Tracking Them Tracking You

It will probably come as no surprise to most that the amount of information available to telecom companies is voluminous and comprehensive.

It may even be apparent to anyone who owns a smartphone that the data can be re-sold to other businesses which can use the information to craft specific offers to the phone owner.

The assumption is that the more individually tailored the offer, the more likely it is that the recipient will respond positively and visit the location being promoted or buy whatever is for sale.

There is nothing illegal about this. So far. There is, however, a growing debate about the extent to which the information should be made available to others. There is even a nascent discussion looming about who really owns all of this information and why the person who generates it shouldn't get a piece of the action. As the following article explains, hundreds of pages of data are available about the average smartphone user. What is not yet available is comprehensive policy as to how it can and should be used. The trade-off between privacy and convenience seems to have been settled firmly on behalf of convenience. The question is just how settled now that the extent of the data available is becoming apparent - and whether anything can be done about it even if people want it to be. JL

Daniel Thomas reports in the Financial Times:

How much information is potentially available on the average smartphone user? As an experiment, I decided to access my own data files from third parties to find out.

Personal data has been transformed into a valuable new currency in the digital age, with revelations over government surveillance and how companies are able to commercially exploit our data at the forefront of the debate.

The results were surprisingly revealing, showing my favourite lunch locations, sporting preferences and even the methods I use to get our newborn son to sleep at night. All companies in the EU will now give users data held on them on request, but the telecoms groups have come under particular scrutiny given how much information they hold is shared with government departments.
Even a relatively superficial trawl of the data they hold can be used to compile an accurate log of movements and communications.
A request to my mobile operator resulted in hundreds of pages of information, which would also be accessible to public sector bodies and civil servants under the Regulation of Investigatory Powers Act 2000 in the UK. The information included who I called, texted or emailed, as well as when and where I was when messages were received, but did not stretch to the content of these communications. The telecoms groups need to keep records for up to a year and will hand over details if requested by a government body with sufficient authority. Last year, public authorities submitted 570,135 requests for communications data.

There is a fairly wide group that can request such information, which falls short of proving the “tapping” of content that has caused controversy in the light of the information provided by Edward Snowden into US surveillance operations. In the UK, such content interception can be carried out by the telecoms groups but only through a court order, signed off by the secretary of state.

Nevertheless, the information also has a commercial value for the mobile operators, which can custom fit advertising for brands based on anonymised but still personal details such as my location, gender, age, device information and district address.
So what can those with the required level of clearance or commercial privilege glean from my data? Firstly, that I am good for regular payments on a reasonably expensive smartphone contract. Then there is data about who I have called or texted, which can be used to create a network of people I am in regular contact with, even if the names and content are not included. The police, for example, can use such information to link people involved in crimes or terrorist activity.
Where it starts to feel uncomfortably like personal surveillance is the extent of location-based information, given the effectiveness of tracking by mobile operators based on the radio tower connected to a mobile handset.
Unsurprisingly, my data shows that I spend the vast amount of my time where I live and work in London, plus a lot of time in the City, as you might expect for a financial journalist.
There is evidence of the plentiful business meetings in Westminster, Holborn and Canary Wharf, and lunches in Mayfair and Farringdon. Evenings out in the West End are made clear by my phone attaching to the mast on Dean Street in Soho (seemingly above the Townhouse) and summertime visits to the Oval to watch cricket. I am pretty certain that the cell tower above the Five Bells pub in Finchley is picking up the long walks trying to get my child to sleep. Indeed, our baby’s age can be worked out pretty easily by the dozens of calls made in and around the north London hospital where he was born in the spring.
So far, so revealing. But it is not just mobile operators that store data. There are many other companies that hold information on people, ranging from banks to transport groups, although not many will be covered by legislation forcing them to hold on to or provide access to information especially if based outside the UK. Many use this data for marketing purposes, however, often with the user’s permission, including through the use of cookies on websites.
Similarly detailed location information is collected by the makers of handsets that can be used by any application that has been given approved access to a phone’s location, such as Google Maps.

Technology companies also receive requests from governments and courts around the world to hand over user data, with Google for example reporting more than 25,000 such requests just in the first six months of the year.

As a user of Google, I have received almost 3,000 emails in the last four weeks but sent a mere 719, which is about right given how few emails warrant even reading, let alone replying to. Facebook, likewise, holds a wide variety of information, from which events I have been invited to (including “Night of the aROCKalypse”) messages sent and received, and the content posted by myself or my friends. The website allows the user to choose how much data can be viewed, with targeted ads offered based on what friends share and like, and where you have visited.

For all communications and internet groups, these data points are valuable in customising advertising and content. The collection, storage and distribution of data from communications and internet use is no longer in its infancy. Now, the question is to what extent can people control the use of it, and even benefit through personalised services.

Wide difference in availability of personal details

All communications groups based in the EU will give users data held on them on request, although some are better at responding than others, writes Dan Thomas.
The easiest way to obtain data from companies is through a subject access request. This can be made through a form that most companies should have on their websites, or provide on request.
This is normally a simple process where individuals can list what information they require – although there is also normally a processing fee involved and a wait of several weeks.

There is wide difference in availability of data held by internet groups. Companies such as Google make it easy to search through the information they hold, ranging from location to preferences through various parts of its websites (such as https://maps.google.com/locationhistory/ or www.google.co.uk/ads/preferences).

Websites and applications such as Facebook provide details through account settings, while companies such as Microsoft can be contacted directly with requests for data.

However, drilling into data held by other websites and applications on your phone can become more difficult, particularly as they are often based in other countries.

Others have sought to find and use what companies hold on them. Malte Spitz, a politician for Germany’s Green party, gathered all the data held by Deutsche Telekom, which he combined with information such as Twitter feeds, blog entries and websites.

While the search may be painfully slow and laborious, an occasional data audit updating user preferences and assessing the extent of third party access to your personal data should be a new year’s resolution for most people. Everyone should know who has what information and how they use it.