Liberties fear over mobile phone details
Records which map out users' whereabouts held indefinitely
Stuart Millar and Paul Kelso
Saturday October 27, 2001
The Guardian
One of the fastest growing mobile phone providers is indefinitely
storing
information that allows its customers' movements over the last two years
to
be mapped to within a few hundred metres.
As the government rushes through emergency anti-terror legislation that
would require vast amounts of electronic communications data to be
retained
in the name of national security, the Guardian has established that
Virgin
Mobile has been storing the location records of its 1m customers since
the
network launched in November 1999.
Last night, the privacy watchdog, the information commissioner, told the
Guardian that it would be investigating the practice to establish
whether it
contravenes regulations governing retention of communications data.
When calls are made or received on a mobile phone, the call is
automatically
logged at the nearest base station through a "locator code", allowing
the
networks to track the geographical usage pat terns of their customers.
In
urban areas where there is a high density of base stations, the
information
is currently accurate to within a few hundred metres. When the new breed
of
3G - third generation - phones comes on stream, probably next year, they
will enable the users' location to be pinpointed to within a couple of
metres.
Current regulations do not specifically cover location data, dealing
only
with the broad areas of traffic and billing data. Data protection
legislation, however, requires companies to ensure that personal
information
about individuals is processed for limited purposes and is not kept for
longer than is necessary.
Virgin Mobile is co-owned by Sir Richard Branson and One2One, which
provides
the network infrastructure.
A spokeswoman told the Guardian: "As we are a virtual network, the phone
locator codes of Virgin Mobile customers are stored for us by One2One.
These
codes have been stored since launch - ie almost two years - and there
are no
plans to destroy this data for the foreseeable future."
She said they were required to keep the information for billing purposes
for
up to six years under financial regulations.
But Vodafone, Britain's biggest network, by contrast, retains the data
for
only a year for billing purposes, to prevent fraud or help police
investigations. BT Cellnet failed to respond to requests for information
about their policies. Orange refused to say what data they retained but
said
their policy was in accordance with regulatory requirements.
The Virgin revelation has appalled civil liberties campaigners. Caspar
Bowden, director of the independent think-tank, the Foundation for
Information Policy Research, said there was a serious danger that the
information could be misused.
"Sensitive data revealing where you are, and who you talk to could be
pulled
into a central databases for public demonstrations, health and safety,
tax,
or minor crime," he said. "Collecting the streams of thought of the
population and processing them by computer is a good definition of a
police
state."
Campaigners were already concerned about the human rights implications
of
the home secretary, David Blunkett's emergency anti-terror bill. It
includes
"measures to enable communication service providers to retain data
generated
in the course of their business, namely the records of calls made and
other
data", although not the content.
Home Office and communications industry officials met on Wednesday to
discuss a voluntary code of practice under which companies would be
required
to retain data for an extended period "in the interests of protecting
national security".
A Home Office spokeswoman said that electronic communication data had
been
crucial to the investigation into the September 11 attacks, and that the
industry had co-operated with British police and FBI requests for
information. "What we're seeking to do is work with the industry to
extend
the period over which information is retained."
Acccess to that information is governed by the Regulation of
Investigatory
Powers Act, which allows law enforcement agencies to access the
companies'
records.
But critics say the measures will only be effective in tracking the
movements and communications traffic of law-abiding citizens because
they
will be easily circumvented by terrorists or serious criminals.
"Professional terrorists know how to cover their tracks, for example
they
use pre-paid mobile phones once and throw them away," said Mr Bowden.
"Reports of the September 11 hijackers indicate they used web-based
email
from public terminals. It is not persuasive to argue for privacy to be
sacrificed in the name of fighting terrorism if the measures would not
be
effective."