From: Seamus Ryan (seamus_iiu at domain yahoo.co.uk)
Date: Thu 09 May 2002 - 15:27:22 IST
Traffic records are kept.
What's worse is that Esat/O2 and Vodaphone Ireland keep the locator
records for a number of years.
Here's a mail I sent to a few people last November:
Not impressed by this at all at all. Next step is the subcutaneous
locator device. And people think I'm paranoid?
Irish Know Where You've Been
By Karlin Lillington
2:00 a.m. Nov. 9, 2001 PST
DUBLIN, Ireland -- Privacy advocates say most of the Irish population
is effectively carrying a potential "tagging device" because of the way
in which two Irish mobile telecommunications companies say they are
managing customer call records.
Irish operators Eircell and Digifone said they were holding customer
"locator records" -- which can pinpoint a phone user's location to
within a few dozen feet in urban areas -- for more than six years
because they believed they were required to do so to comply with the
Irish statute of limitations.
"This is quite shocking that we have this degree of information on
people's movements being stored, and shows the strong need for explicit
privacy protection legislation," said Malachy Murphy, co-chairman of the
Irish Council for Civil Liberties and head of its e-rights group.
Access to such information would provide a snapshot of an individual's
daily movements and phone contacts. "It's effectively like having a
tagging device on a person," Murphy said.
Nearly 70 percent of Irish people now own a mobile phone. The two Irish
companies combined hold nearly all of the Irish mobile market. A third
operator, Meteor, has only had its network up for nine months and said
it was complying with data privacy laws.
Holding an individual's locator records for longer than a few months is
illegal in Ireland and the European Union under the EU's strict data
privacy legislation. But despite the laws, European companies seem to
remain confused about what data they are required to retain legally for
accounting purposes, and what actions violate data protection laws.
Two weeks ago, British mobile operator Virgin Mobile revealed it had
been retaining all call records since its launch in 1999, also because
it believed it was required by law.
As with Irish operators Eircell (owned by mobile giant Vodaphone) and
Digifone (owned by British Telecom), Virgin said it believed it was
complying with data protection law.
Locator records are produced whenever a mobile is switched on. Records
are not simply limited to tracking the time, location and destination of
a call, but also include regular updates on the location of any
subscriber's phone within its network.
These are noted as the network automatically tracks the phone to keep it
within network coverage. Such network "paging" produces the occasional
static crackle over telephones, radios or computer screens sitting near
a mobile handset.
The revelation comes just as law enforcement and security agencies
within the European Union are attempting to require network operators to
retain such data.
A proposal from the EU's Telecommunications Council last summer to
retain electronic data was roundly rejected by both the European
Parliament and the Commission. But American and British agencies are
known to be pressuring the EU to weaken its data protection provisions
and allow electronic records to be retained for years.
Ironically, Irish mobile operators are apparently voluntarily and
illegally retaining data at the center of this major European privacy
debate, said Tony Bunyan, director of European privacy group Statewatch
The Irish Office of the Data Protection Commissioner said locator
records are supposed to be destroyed after they are used to prepare
customer bills, unless the records are permanently "atomized" so an
individual's name can never be reconnected to a given set of records.
But Eircell said it has the technical capability to reconnect the
Laurence McAuley, head of regulatory affairs for Eircell, said the
records were held "online" -- where they were associated with a name for
billing purposes -- for six months.
Afterward, the records are archived for six years but are atomized so
that "we can't use them for marketing purposes." However, McAuley added
the company could reconnect the records to an individual name if needed
and would do so if required by law enforcement.
But the assistant data commissioner for Ireland, Ronnie Downes, said
such information definitely could not be held under such conditions. He
noted that data protections existed not just to block unwanted marketing
but also to defend broader privacy rights.
The Irish Data Protection Commission had already requested detailed
information from all telecommunications operators about the kind of
customer data they collect and store, he said, and would ask for
clarification about the locator records.
McAuley also said Eircell was waiting to see whether pending
telecommunications amendments to the EU Data Protection Directives of
1995 and 1997 would require them to retain locator data for future
But Bunyan said it was a "nonsense argument" for European mobile
operators to say they were retaining the data for possible future
criminal investigations or in anticipation of revised laws. He said that
even in Britain, under the requirements of the widely criticized
Regulation of Investigatory Powers Act -- which gives broad surveillance
and investigation powers to British law enforcement -- the use of
locator data is tightly controlled.
"Over here in Britain, (law enforcement) must have a temporary,
month-to-month order for (mobile network operators) to retain data. Even
RIP requires individual warrants that are time-limited and proportionate
to the investigation," he said.
From: iiu-admin at domain taint.org [mailto:iiu-admin at domain taint.org] On Behalf Of
Sent: 09 May 2002 11:39
To: Tim; iiu at domain taint.org; ILUG
Subject: [IIU] Re: [ILUG] FW: ALERT: EU storing all net traffic
Traffic is kept?
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:16:43 GMT