Kapil Sibal wants to take your mobile phone and turn it into a handy little government tracking device that you have in your pocket all day, every day.Since the mobile became ubiquitous, every government and his dog has been interested in accessing users’ location data. The only surprise is that it has taken Sibal this long to force networks to hand it over.
Location data is easily gathered from mobile phones, whether they have a GPS unit or not. Fuzzy location data can be acquired simply by signal strength triangulation between three cell towers, but the rapid spread of GPS has provided data accurate down to the metre scale.
Until now, that information was kept by the mobile companies and a few handset makers, sometimes to provide context to improve personalisation, but often just because it’s possible to log, so why not? Just last year Apple, for example, caught a slap on the wrists last year for logging its iPhone users’ location wherever they went.
But if you have nothing to hide, you have nothing to fear, right? This is the standard kneejerk response of the stupid and the authoritarian and belies either a chronic lack of thought or a cavalier attitude to privacy.
Just think about what your location can give away about you. It’s not just where you work and where you live, it can tell others what religion you might be by telling them what temple or church you go to. It can track your hobbies and interests by logging which shops or sports grounds or events you go to. And it doesn’t take much data to reveal who you hang out with.
Indeed, this latter point was clearly demonstrated by Alberto Escudero-Pascual whose month-long experiment tracking the mobile phones in his department revealed his colleagues personal relationships. If you want the government to know who you’re friends with, who you socialise with, and who you’re sleeping with, phone tracking’s great. You might think you’re fine with that, but are you really?
Because what happens to your freedom if you’re suspected of being a terrorist? Let’s say that misfortune means that you live near a suspected terrorist. Sadly, you also happen to work near where he works. That means you often end up eating lunch in the same place. From the data, that suggests that you and he might have a relationship, given that you spend so much time in the same places.
Data has no common sense. It can’t discriminate. So when the police do a sweep to pick up suspects, the risk that you’ll get detained as well is far higher than it would have been without the phone tracking.
Is this a genuine risk? Well, there’s no doubt that law enforcement agencies like to cast their nets widely. In the UK we have had, since 2006, country-wide vehicle tracking via an automatic car numberplate recognition system. The police had a particular interest in identifying vehicles moving ‘in convoy’, that is, if you happened to be driving the same route as a known criminal at the same time, the police wanted to know more about you. The intent was to mine the data for potential relationships between criminals which can then be used to influence police action.
There’s no doubt in my mind that Kapil Sibal has something similar in mind. The government is creating a “centralised monitoring system to tap mobile phones instantly” according to the Indian Express. It would be no surprise to find out that they were planning on collecting location data from all operators and stuffing it into a big database so that they can data mine it.
And therein lies a very big problem, both for the government and Indians. Data mining is a nice idea, but very hard to do well especially when it’s difficult to test your algorithms thoroughly. It would be easy to find suspects, but problematic to validate those findings. The risks of false positives are high.
But, as we’ve again seen in the UK, gathering lots of your data in one spot threatens your personal security, it doesn’t protect it. The biggest vulnerability in the UK police database, for example, are corrupt police officers selling access to the data or using it for personal purposes. A report from the Information Commissioner’s Office last year found that over 900 officers had been disciplined, dismissed or convicted of database abuse offences between 2007 and 2010. Imagine what would happen with a database of the movements of millions of Indians.
There is massive hole in the plan, however: off-contract SIMs. The movements of a mobile phone are only useful if they can be tied to their owner. Unregistered SIMs are easy enough to get and criminals are already using them. Smarter criminals also swap SIMs regularly, ensuring that even if their identity is tied to a particular SIM, the data log doesn’t go back very far.
So, what will Kapil Sibal end up with? Lots of data about ordinary Indians and very little useful information about the criminals and terrorists that he wants to find. Good one, Sibal.
Sep 20, 2014