July 2007
Beer and Privacy (3 July 2007)
Belgian Court Rules ISPs Must Stop File-Sharing (5 July 2007)
The Greek Cellphone Tapping Scandal (6 July 2007)
Pen Registers and the Internet (7 July 2007)
Security and Usability: Windows Vista (13 July 2007)
Fidget Toys (13 July 2007)
Checkers: Solved (19 July 2007)
Secondary Uses and Privacy (20 July 2007)
Security Flaw in the iPhone (23 July 2007)
Hacking Forensic Software (26 July 2007)
Insider Attacks (28 July 2007)

Secondary Uses and Privacy

20 July 2007

There’s an interesting New York Times article on the use of cell phone tracking data for criminal prosecutions. It’s a classic example of secondary uses of data. Briefly, phone companies keep several months worth of tracking data: which cell sites talked to which phones, and when. This data can be subpoenaed by prosecutors and used as evidence in criminal cases. (Oddly enough, the story was in the New York section of the paper, not the national or technology sections.)

There are a variety of legal issues about the validity of such evidence that I’m not going to discuss. These include accuracy (did you know that during busy periods, your call may be handed off to a more distant cell site? I didn’t.), whether the location of the phone corresponds to the location of some particular person, etc. My focus here is on privacy.

First — as I discussed in an post on pen registers, the data is almost certainly available to prosecutors with little trouble. After all, subscribers voluntarily "give" their location to the phone company, and given that location data shows up on phone bills it’s hard to argue that people don’t know this. It might take specific statutory authority for prosecutors to get this without a subpoena, but such a law would almost certainly pass constitutional scrutiny.

Second, it’s not just criminal cases; similar data can be and has been used in things like divorce cases.

The root issue, though, isn’t legal. Rather, it’s one fundamental to the privacy problem: the secondary use of data. That is, data legitimately and properly collected for one purpose, with the consent of the subject and perhaps for necessary technical reasons (the cellular phone system can’t work if the network doesn’t know which towers are near which phones), can be retained and used for other purposes. The purpose of cell phone location data is first, to make the network function, and second, for billing records; it is not intended for use by divorce lawyers or prosecutors.

Ironically, there was an article a few days later in the technology section of the Times about GPS phone location-based services. This article does not mention the word "privacy". It’s instructive to look at the privacy policies of some of the service providers mentioned in the article. Where.com’s policy is pretty good; it tells you what it collects, doesn’t disclose personal information to third parties, solicits your consent before sending you marketing email, and promises that you’ll be notified if a new owner of the company plans to change the privacy policy.

Other policies aren’t as attractive from a privacy perspective. One states that "We maintain a database with this location and route information, and may keep such information indefinitely." It goes on to say

We may disclose to unaffiliated third parties without your consent information about you that we collect, including information that we collect through your registration to be a customer, through one of our promotions, or through your request to us or one of our partners for details about our services. Such third parties may use this information (including your name, telephone number, and email and mailing addresses) to promote their products and services to you.

Lots of what we do in a digital world creates data. Curtailing secondary uses is key to maintaining privacy.