FT.com
December 27, 2013 6:54 pm
By Daniel Thomas, Telecoms Correspondent
©Shaun Curry
Personal data has been transformed into a valuable new
currency in the digital age, with revelations over government surveillance and
how companies are able to commercially exploit our data at the forefront of the
debate.
FT Data blog: Your mobile operator knows where you’ve
been
This animated map shows a year’s worth of Dan Thomas’s
mobile phone data obtained from his mobile operator
But how much information is potentially available on the
average smartphone user? As an experiment, I decided to access my own data
files from third parties to find out.
The results were surprisingly revealing, showing my
favourite lunch locations, sporting preferences and even the methods I use to
get our newborn son to sleep at night.
All companies in the EU will now give users data held on
them on request, but the telecoms groups have come under particular scrutiny
given how much information they hold is shared with government departments.
Even a relatively superficial trawl of the data they hold
can be used to compile an accurate log of movements and communications.
A request to my mobile operator resulted in hundreds of
pages of information, which would also be accessible to public sector bodies
and civil servants under the Regulation of Investigatory Powers Act 2000 in the
UK. The information included who I called, texted or emailed, as well as when
and where I was when messages were received, but did not stretch to the content
of these communications. The telecoms groups need to keep records for up to a
year and will hand over details if requested by a government body with
sufficient authority. Last year, public authorities submitted 570,135 requests
for communications data.
There is a fairly wide group that can request such
information, which falls short of proving the “tapping” of content that has
caused controversy in the light of the information provided by Edward Snowden
into US surveillance operations. In the UK, such content interception can be
carried out by the telecoms groups but only through a court order, signed off
by the secretary of state.
Nevertheless, the information also has a commercial value
for the mobile operators, which can custom fit advertising for brands based on
anonymised but still personal details such as my location, gender, age, device
information and district address.
So what can those with the required level of clearance or
commercial privilege glean from my data? Firstly, that I am good for regular payments
on a reasonably expensive smartphone contract. Then there is data about who I
have called or texted, which can be used to create a network of people I am in
regular contact with, even if the names and content are not included. The
police, for example, can use such information to link people involved in crimes
or terrorist activity.
Where it starts to feel uncomfortably like personal
surveillance is the extent of location-based information, given the
effectiveness of tracking by mobile operators based on the radio tower
connected to a mobile handset.
Unsurprisingly, my data shows that I spend the vast amount
of my time where I live and work in London, plus a lot of time in the City, as
you might expect for a financial journalist.
There is evidence of the plentiful business meetings in
Westminster, Holborn and Canary Wharf, and lunches in Mayfair and Farringdon.
Evenings out in the West End are made clear by my phone attaching to the mast
on Dean Street in Soho (seemingly above the Townhouse) and summertime visits to
the Oval to watch cricket. I am pretty certain that the cell tower above the
Five Bells pub in Finchley is picking up the long walks trying to get my child
to sleep. Indeed, our baby’s age can be worked out pretty easily by the dozens
of calls made in and around the north London hospital where he was born in the
spring.
So far, so revealing. But it is not just mobile operators
that store data. There are many other companies that hold information on
people, ranging from banks to transport groups, although not many will be
covered by legislation forcing them to hold on to or provide access to
information especially if based outside the UK. Many use this data for
marketing purposes, however, often with the user’s permission, including through
the use of cookies on websites.
Similarly detailed location information is collected by the
makers of handsets that can be used by any application that has been given
approved access to a phone’s location, such as Google Maps.
Technology companies also receive requests from governments
and courts around the world to hand over user data, with Google for example
reporting more than 25,000 such requests just in the first six months of the
year.
As a user of Google, I have received almost 3,000 emails in
the last four weeks but sent a mere 719, which is about right given how few
emails warrant even reading, let alone replying to. Facebook, likewise, holds a
wide variety of information, from which events I have been invited to
(including “Night of the aROCKalypse”) messages sent and received, and the
content posted by myself or my friends. The website allows the user to choose
how much data can be viewed, with targeted ads offered based on what friends
share and like, and where you have visited.
For all communications and internet groups, these data
points are valuable in customising advertising and content. The collection,
storage and distribution of data from communications and internet use is no
longer in its infancy. Now, the question is to what extent can people control
the use of it, and even benefit through personalised services.
Wide difference in availability of personal details
All communications groups based in the EU will give users
data held on them on request, although some are better at responding than
others, writes Dan Thomas.
The easiest way to obtain data from companies is through a
subject access request. This can be made through a form that most companies
should have on their websites, or provide on request.
This is normally a simple process where individuals can list
what information they require – although there is also normally a processing
fee involved and a wait of several weeks.
There is wide difference in availability of data held by
internet groups. Companies such as Google make it easy to search through the
information they hold, ranging from location to preferences through various
parts of its websites (such as https://maps.google.com/locationhistory/ or www.google.co.uk/ads/preferences).
Websites and applications such as Facebook provide details
through account settings, while companies such as Microsoft can be contacted
directly with requests for data.
However, drilling into data held by other websites and
applications on your phone can become more difficult, particularly as they are
often based in other countries.
Others have sought to find and use what companies hold on
them. Malte Spitz, a politician for Germany’s Green party, gathered all the
data held by Deutsche Telekom, which he combined with information such as
Twitter feeds, blog entries and websites.
While the search may be painfully slow and laborious, an
occasional data audit updating user preferences and assessing the extent of
third party access to your personal data should be a new year’s resolution for
most people. Everyone should know who has what information and how they use it.
No comments:
Post a Comment