in ,

Mass cellphone surveillance experiment in Spain, Hacker News


Mass cellphone surveillance experiment in Spain

October 29, 2019 – Carlos Fenollosa

Spanish Statistics Institute will track all cellphones for eight days(2 min, link in Spanish,via)

A few facts first:

  • Carriers geotrack all users by default, using cell tower triangulation. They also store logs of your calls and sms, but that is a story for another day.
  • This data is anonymized and sold to third parties constantly, it’s part of the carriers business model
  • With a court order, this data can be used to identify and track an individual …
  • … which means that it is stored de-anonymized in the carrier servers
  • This has nothing to do with Facebook, Google or Apple tracking with cookies or apps
  • You cannot disable it with software, it is done at a hardware level. If you have any kind of phone, even a dumbphone, you are being tracked
  • It is unclear whetherenabling airplane mode stops this tracking. The only way to make sure is to remove the SIM card and battery from the phone.

This is news because it’s not a business deal but rather a collaboration between Spain’sNational Statistics Instituteand all Spanish carriers, and because it’s run at a large scale. But, as I said above, this is not technically novel.

On paper, and also thinking as a scientist, it sounds very interesting. The actual experiment consists on tracking most Spanish phones for eight days in order to learn about holiday trips. With the results, the Government expects to improve public services and infrastructures during holiday season.

The agreement indicates that no personally identifiable data will be transferred to the INE, and I truly believe that. There is nothing wrong about using aggregated data to improve public servicesper se, but I am concerned about two things.

First of all, Spain is a country whereCongress passed a law to create political profiles of citizens by scraping social networks—Fortunatelyrejected by the Supreme Court– and alsoblocked the entire IPFS gateway to silence political dissent.

I’d say it is quite reasonable to be a bit suspicious of the use that the Institutions will make of our data. This is just a first warning for Spanish citizens: if there is no strong backlash, the next experiment will maybe work with some personal identifiable data, “just to improve the accuracy of results”. And yada yada yada, slippery slope, we end up tracking individuals in the open.

Second, and most important. This is no longer a topic of debate! We reached a compromise a few years ago, and the key word isconsent.

All scientists have to obtain aninformed and specific consentto work with personal data, even if it is anonymous, because it is trivially easy to de-anonymize individuals when you cross-reference the anonymous data with known data: credit cards, public cameras, public check-ins, etc. In this case, once again, the Spanish institutions are above the law, and also above what is ethically correct.

No consent, no data shared, end of story. Nobody consented to this nor were we given an option to opt out.

P.S. Of course, this is a breach of GDPR, but nobody cares.

Tags:law,security

Comments? Tweet

Brave Browser
Read More
Payeer

What do you think?

Leave a Reply

Your email address will not be published.

GIPHY App Key not set. Please check settings

Show HN: I created an algorithm to help me achieve Product-Market Fit, Hacker News

New insight into how colon functions – Deccan Chronicle, Deccanchronicle.com

New insight into how colon functions – Deccan Chronicle, Deccanchronicle.com