Melvins Research 1

Chapter 2 - Literature Review
most appreciated.
The
sis
title
Chapter 2
: An
anal Lite
ysis
of rat
the
rela ure
tion
revi
ship
bet ew:
wee
n Pri
indi
vidu vac
als
y,
perc
epti Mo
ons
of bile
priv
acy ph
and
one
mob
ile tec
pho
ne hn
loca
tion olo
data
gy
-a
grou and
nde
d Leg
theo
ry al
stud
fra
y.
me
Andrea
Gorra, wor
Leeds
Metrop k
olitan
Univers
ity, UK When examining the
Comme
subject area of
nts
sent to communications data
a.gorra
retention broadly
@leeds
met.ac three areas need to
.uk
be taken into
would
be account: a)
technol the role of
ogical geographical location
matter within mobile phone
s, b) technology, the
social second part
values discusses the
such relevant privacy
as related literature, and
privacy the final part of this
and chapter examines
civil the legal framework
libertie relevant to mobile
s, and phone location data.
c) law Grounded theory
enforc methodology has
ement been used to guide
issues collection and
(Whitle analysis of empirical
y and data for this study
Hosein (for more detail see
, 2005; Chapter 3 -
Raab Research
and Methodology). GT
Bennet methodology is an
t, inductive method,
2006). which means that
Accord typically only a very
ingly broad review of
this literature takes place
chapte before collecting the
r has data. However in
been addition to this initial
divided review, the literature
into is visited again after
three the data collection
parts; has been

the completed. This
first study has followed
part this approach with
focuse the benefit that a

s on second review of the
literat . Particularly the
ure development of the
could final GT categories,
be which was
guide supported by written
d by and visual memos,
finding has prompted the
s from review of further
all literature.
three The literature
empiri discussed in this
cal chapter is a result of
data this iterative process
collect and some literature
ions -
particularly relevant
pilot
to the findings from
study,
study will be revisited
intervi
in Chapter 5 and
ews
brought into relation
and
to the empirical
survey
findings.
Andrea
Gorra Page
14
understanding of the
role of location data.
2.1 P A brief history of
a
mobile phone
r
t telephony is provided
1 and followed by an
:
Mexplanation of the
o relevance of the
b cellular network
il
e architecture to mobile
p phone location data.
h
o Following this a
n technical overview of
e mobile
l
o communications
c network architecture
a
is provided and finally
ti
o location-based
n services and
d
a techniques of locating
t a mobile phone are
a
discussed.
This
2.1.1 Background
section to mobile
present phone
location data
s
essenti The mobile phone is
al a key technology in
technic an increasingly
al mobile and
backgr connected world.
ound to Growing
mobile technological
cellular convergence and
networ ubiquitous
ks in networking leave
order behind a continuous
to and lasting trail
provide revealing information
an about those involved
in the ation supplied by a
comm mobile phone can be
unicati very specific,
on. depending in cell
Pickin size and cell shape,
g up which will be
on this explained later in
electro this section.
nic Location-based
trail services (LBS) for
makes mobile phones (see
it section 2.1.3) are
possib predicted to grow in
le to the near future (see
identif Lyon, 2005). A
y the market research firm
locatio predicts that LBS
n of revenues will reach
comm 622m by 2010
unicati (Moore, 2006).
on
The mobile phone
device
s and as a location
individ technology brings
uals together the
are following three key
indirec features:
tly
1) identification
locata of the
approximate
ble by
location of
carryin the handset
g their 2) on a
mobile continuous
basis
phone
3) in real-time
. In
some The combination of
cases, these features
the means that mobile
locatio phone users can

n potentially have
inform their geographical

locati mobile phone
on service provider,
and and potentially
move shared, as
ments discussed in the
traced final part of this
at any chapter (2.3 Part 3:
time Legal framework
or all relevant to mobile
the phone location
time. data). This makes
In the mobile phone
additi unique in
on, a comparison to other
log of location identifying
all technologies, such
data as CCTV or RIFD,
gener particularly as a
ated mobile phone tends
by a to be carried by one
mobil person on a regular
e or sometimes even
phone continuous basis.
is CCTV for
stored
Andrea Gorra Page
by the
15
connecting to the
wireless network
exampl
(Hosein and
e can
Escudero-Pascual,
track
2002). However, this
individu
is limited to the size
als in
and the geographical
real
area covered by this
time
network.
but not
continu
Location data can be
ously,
perceived as both a
RFID
threat and an
tags
opportunity. There
can
are many
also
opportunities that the
reveal
attribute location can
locatio
offer to businesses,
n
governments and
informa
individuals. However,
tion but
knowing a persons
tend
location at any given
not to
moment in time can
do this
also have
in real-
implications for
time or
privacy, civil liberties
oa
and social justice
consta
(Clarke, 2000; Lyon,
nt
2005).
basis.
WiFi
2.1.1.1 History of
networ mobile phone
ks can telephony
also be The development of
used to wireless
locate communication
the systems started in
positio the 1930s with the
n of the use of 'Walkie-
device talkies' during the
Seco allowed
nd communication
World between mobile
War users in cars and
to the public fixed
enabl network.. In the
e foot 1960s, Bell Systems
soldie launched the
rs to Improved Mobile
stay Telephone Service
in (IMTS), which laid
conta the basis for
ct commercial-sector
with mobile
the communications.
headq Developments in
uarter microprocessor
s technologies in the
(Elliott late 1970s and early
and 1980s enabled the
Philip introduction of the
s, reliable wireless
2004) communications
. In system, the so-
1946, called first
AT&T generation.
Bell
introd First generation
network - 1G
uced
The first generation
the
wireless technologies,
first
also known as 1G,
comm
were relatively simple
ercial
and used analogue
radiot
signals. Mobile phone
eleph
handsets based on 1G
one
technology were
servic
mainly used by
e in
government agencies
the
and the military before
US,
this technology came
which
into coverage of a very
general large area by using
use in only one transmitter
the mast. The coverage
busines area of a mast was
s fairly large, up to
domain 150km, and required
in the minimal infrastructure.
1980s In order to connect via
(Elliott large distances, the
and base station as well as
Philips, the mobile phone had
2004). to transmit
The simultaneously at high
system power. This meant
s in that the mobile
Europe phones were larger
and the than todays handsets
USA and used to be built
had in into car boots.
commo Moreover, due to the
n that limited number of
they available frequency
provide channels, only a small
d number of
Andrea Gorra Page
16
waves to a base
station where the
subscr
signal is
ibers
reconstructed as
could
accurately as
be
possible and relayed
conne
to its destination.
cted to
Noticeable
the
differences in quality
mobile
occur due to errors
phone
recreating the signal
networ
wave. In addition,
k
analogue signals are
(Walke
relatively easy to
et al.,
intercept, as they are
2003).
transmitted in the
1G
clear (Deitel et al.,
syste
2002).
ms
were
Second generation
based networks - 2G
on In the late 1980s and
analog early 1990s, the
ue popularity of wireless
signals communications grew
which and increased the
are demand for network
radio capacity. Together
transm with the
issions disadvantages of
sent in analogue 1G
a systems, this led to
wave- the development of
like the second
form. generation wireless
The system based on
mobile digital technology.
device Digital signals have
sends different transmission
the properties than
analogue signals and
use and send to its
binary destination. This
coding process results in a
using lower error rate than
sequen analogue
ces of transmission
0s and correction which
1s to results in clearer
constru voice reception
ct a (Deitel et al., 2002).
signal's In addition, digital
unique traffic is relatively
pattern. simple to encrypt in
Digital order to prevent
signals eavesdropping
use (Stallings, 2005).
digital
sample GSM, the Global
rs and System for Mobile
codecs Communications,
to fundamentally differs
convert from the 1G system
analog because of its use of
ue cellular network
voice architecture, which
data will be explained in
into subsequent sections.
digital GSM, also known as
data. second generation
Digital network or 2G, was
signals first developed in the
can be 1980s through a pan-
precise European initiative,
ly involving the
duplica European
ted by Commission,
the telecommunications
receivi operators and
ng equipment
base manufacturers. GSM
station is an open non-
propriet by companies and
ary and consortia from
interop different European
erable countries were
digital trialled and led to the
standar agreement of the
d for main characteristics
cellular of the new system
mobile (Steele et al., 2001).
system
s GSM is still in use
operati to date by all
ng in European countries
the 900 and has also been
and adopted in other
1800 continents, such as
MHz Africa and South
band. America. There are
In over 540 million
1986, a GSM subscribers in
number Europe, plus
of another 18 million
differen Europeans using
t 3GSM networks,
prototy which are the 3G
pe service delivered
system
over the evolved
s put
GSM core network
forward
Andrea Gorra Page
17
Protocol (WAP)
(GSM (Elliot and Philips,

Europ 2004).
e, Second and a half
generation
2005).
networks - 2.5G
With 2.5G technologies
GSM represent a state of
it was development
also between 2G and 3G
made and have overcome
possib the limited data and
le to primarily voice-
send centred services of
and the 2G networks. In
receiv the 1990s and early
e 2000s higher
limited transmissions rates

amou and always-on
nts of connectivity were
data enabled by General
Packet Radio
via the
Services (GPRS).
Short
Data transmission
Messa
speeds were now 10
ging
times faster with
Servic
115kbits per second
e
and based on
(SMS)
packet-switching
and
technology
mobile
(International
intern
Telecommunication
et Union, 2003). Packet
browsi switching optimises
ng via the use of bandwidth
the available in a
wirele network and
ss minimises the time it
Applic takes for data to
ations travel across the
networ is the successor to
k. The the 2G and 2.5G
increas systems. 3G
ed improved previous
data systems by
transm providing enhanced
ission security and
rates encryption features,
of improvements in
2.5G screen displays and
compa the ability to handle
red to multimedia data,
earlier such as graphics
system and video
s help streaming. 3G
to allows faster data
transfe exchange with data
r data transmission rates
such up to 1920kbits per
as second, which
mobile enables the support

interne of greater voice and
t data customers.
conten Support can be

t (Elliot provided for a wide
and variety of mobile
Philips, equipment. 3G
2004) technologies were
first introduced in
Third Japan in 2001 and
genera spread to Europe
tion
networ and the USA in
ks - 2002. UMTS
3G
(Universal Mobile
Third
Telecommunications
gener
System) is the third
ation
generation mobile
mobile
phone technology
teleph
mainly used in
ony
Europe and also in
(3G)
Japan. It uses the
GSM Elliott and Philips
infrast (2004) describe as
ructur aims of all 3G
e and networks the
UMTS following:
/GSM
dual- 1) world-wide
mode connectivit
y and
phone
roaming
s sold throughout
in Europe,
Europ Japan and
North
e are
America
able 2) high data
to transmissio
make n rates and
broad
and
bandwidth,
receiv suitable for
e calls multimedia
on content
3) efficient
both
spectrum
netwo utilisation
rks. (Philips and Elliot,
2004)
Gorra Page
Andrea 18
red by Bell Labs, the
research subsidiary
2.1.1.2 of the US telephone
The
cellula company AT&T that
r laid the foundations
conce
pt for today's second
and third generation
In
mobile phone
terms
systems (US Patent
of
full-text and image
locatio
database, 1972). The
n data
essence of this
the
patent was to reduce
most
the area covered by
crucial
an antenna. In the
concep
1G system, only one
t was
antenna served a
the
very large area,
introdu
whereas in the 2G
ction of
this area was broken
the
down into several
cellular
cells.
networ
k
Each area or cell is
archite
served by a single
cture
base station and is in
with
the approximate
the
centre of each cell.
change
Due to the increased
from
number of cells in the
the 1G
2G system compared
to the
to 1G, many more
2G
masts were needed
system
and this enormously
. In
increased the costs
1972,
of infrastructure. Now
a
it was possible to
patent
reuse the same
was
frequency over
registe
relatively small
distanc distance
es, transmissions
enablin between mast and
g handset were not
covera necessary anymore,
ge for awhich resulted in
greater decreasing sizes of
numbermobile phone
of handsets and
subscri improved handset
bers. operating times.
This Adjacent cells cannot
resulte use the same
d on frequency, as this
the one could result in
hand in interference. Hence,
the it is necessary to only
reduce re-use frequencies in
d size cells that are
of sufficiently distant to
antenn each other. The
as, and transmission power
on the of a base station has
other to be limited to
hand in prevent interference
reduce with frequencies from
d other cells and to
distanc reduce health
es concerns (Stallings,
betwee 2005).
n
antenn This concept of
as. using an increased
Anothe number of smaller
r effect cells required a
of this mechanism to switch
new a user's connection
system from cell to cell.
was Hence, cells were
that the arranged in a
long- hexagonal pattern to
enable phone user moves
all within a cell towards
anten its boundary. This
nas to makes it easier to
be the determine when to
same switch a user to an
distan adjacent antenna
ce and which antenna
apart, to chose. In
which comparison a square
is pattern, would only
benefi provide an equal
cial distance to the
when centre of four cells
a (see Figure 2.1).
mobile
Andrea
Gorra Page
19
In practice, cells have
irregular shapes and
a precise hexagonal
pattern is often not
used due to
topographical
limitations,
restrictions on
positioning antennas
and different amounts
of traffic volumes as
some cells have
Fig more mobile phone

ure users than others. In
2.1:
Con addition, the
tras coverage can overlap
ting
hex in looser shaped cells
ago (Philips and Elliot,
nal
and 2004). Different
squ shaped cells have an
are
patt impact on the
ern accuracy of mobile
(aft
er phone location
Stal tracking based on the
ling
s, Cell-ID, as smaller
200 cells provide a more
5)
accurate result than
larger cells.
Andrea
Gorra Page
20
from 27 percent
to 78 percent in
2.1.1.3 2005 (National
Increa
sing Statistics (2005).
the The increasing
capaci
ty of a number of mobile
mobile
users has caused
phone
networ the necessity to
k
enhance the
The network capacity.
re According to the
wa Mobile Operators
sa Association
con (2006), base
sid stations can only
era carry a maximum
ble of around 120
incr calls at the same
eas time.
e in
the A mobile phone
pro network can be
port made suitable for
ion an increased
of number of phone
hou users in several
seh ways:
old 1- Add new

channels (if
s possible)
wit 2- Frequency
ha borrowing
from adjacent
mo cells
bile
3- Cell sectoring
pho o
ne
sin d
i
ce v
199 i
8- d
e
99
r
s
e
c
t
o
r
s
p
e
r
c
e
l
l
)
o each
sector has
its own
subset of
channels
15 the
base
station
has to
use
directi
onal
antenn
as
2- Cell splitting
15 genera
lly
cells
are 6.5
to
13km
in size
o power
level of
antenna is
reduced to
keep
signal
within cell
15 since
the
cells
are
small
rom
one
Base
trans
ceive
r to
anot
her)
have
to
take
place
2- Micro cells
15 Anten
nas
move
lower
down,
e.g.
from
top of
buildin
gs to
smalle
r
buildin
gs or
lamp
posts
o Cell
size is
decreased
and a
reduction
of power
takes
place
o
Micr
o
cells
are
usua
lly in
plac
e on
the
high
stree
t
wher
e
great
traffi
c
gs, 2005)
To summarise, due
to an increasing
number of mobile
phone users, more
mobile masts have
been put up. This
has resulted in
smaller cells that can
cope with the higher
traffic volumes. In
some cases, citizens
have raised protests
against new masts
being put up in
residential areas
mainly due to
concerns about
health risks
originating from the
obase stations (Mast
10
Sanity, 2006). The
-
use of smaller cells
400
met
leads to a higher
res
accuracy for mobile
radi
us
phone location
circ
le
identification based
(Stallinon Cell-ID.
Gorra Page
21
Andrea
Health concerns are
based on the
Even
radiation emitted by
though
mobile phone
this is
handsets and base
not the
stations. The latter
most
emits radiation
accurat
continuously and
e
much more
method
powerfully. An
, the
independent expert
cell-id
group on mobile
or mast phones (IEGMP),
in use also known as the
is a Stuart Group, was
pre- established by the
requisit Minister for Public
e for Health Tessa Jowell
more in 1999 to consider
accurat concerns about
e ways possible health
of effects from the use
determi of mobile phones
ning a and bases stations
handse (Independent Expert
t's Group on Mobile
locatio Phones, 2000). The

report concluded that
n (as
no clear indication of
discuss
short and medium
ed in
term health hazards
section
could be found. A
2.1.4,
precautionary
below).
approach to the use
of mobile phone
2.1.1.4 technologies was
Health
concer recommended until
ns in more scientific
mobile
teleph evidence was
ony available. A more
recent Protection Board
report states that the main
by the conclusions reached
board in the Stewart report
of in 2000 still apply
Nation today (National
al Radiological
Radiol Protection Board,
ogical paragraph 19, 2004).
Andrea
Gorra Page
22
2.1.2 Technical overview of mobile communications support
An essential part of a mobile phone network's tasks is to monitor the location of

every registered mobile phone device, as mobile phone users are free to roam
throughout the coverage area of a cellular network. Therefore the network must
possess some way to track mobile phones so that it can successfully route incoming
calls and text messages to them. Mobile phone location data is an inherent feature
of mobile communication and for this reason some technical background to mobile
communication is provided in this section. At first the interplay between mobile
phone handset and mobile phone base stations is explained, followed by what
happens when a call takes place. It should be noted that this section only touches
on the general principles of mobile communications based on cellular wireless
networks. Detailed technological developments are not described here as they are
not of relevance for this study.
2.1.2.1 Overview of the cellular network architecture

The GSM network architecture consists of three parts which are essential to enable
mobile communication: the mobile phone handset, the base station and network
subsystem. Each of these elements of a mobile phone network is described in more
detail in subsequent sections to explain how the position of a mobile phone handset
can be identified. See Figure 2.2 for an overview of the key elements of a cellular
network. A mobile phone network continuously generates a host of information
which is stored in various databases. The most relevant databases for determining
a mobile phone handsets location are the visitor location register (VLR) and home
location register (HLR) database.
Mobile Station Base Station Subsystem Network Subsystem
BSC VLR HLR
Public switched
MSC telephone
BSC network
SIM EIR AuC

Base station
Walters and Kritzinger, 2000; Walke, 1999)
Figure 2.2: GSM network architecture (after Andrea Gorra Page 23

handsets and
contains the
Mobile
international mobile
phone
hands subscriber identity
et and
(IMSI), which is used
SIM
card to identify the
A subscriber to the
mobile system. The mobile
phone phone handset or
handse device is uniquely
t identified by the IMEI
contain number (International
sa Mobile Equipment
radio Identity) and
transce depending on the
iver, mobile phone
digital contract personal
signal details about the user
proces are known by the
sors service provider.
and a Customers of
remova monthly paid
ble contracts need to
smart register their personal
card, and bank details with
known their service provider,
as whereas for a pre-
subscri paid contract
ber registration is not
identity always necessary
module (Stallings, 2005).
(SIM).
The Base station
subsystem: Base
SIM station (BS) and
card base station
controller (BSC)
can be
The base station
transfer
subsystem (BSS)
red
is responsible for
betwee
handling traffic and
n
com- as mobile phone
muni masts) and the
catio base station
ns controller (BSC).
betw Each base station
een transceiver includes
a a radio antenna
mobil which handles the
e radio-link protocols
phon with the mobile
e phone and a link to
and one of the base
the station controllers
netw and is assigned to a
ork single cell. The base
subs station controller
yste manages allocation
m. of radio channels,
The reservations of radio
BSS frequencies and
consi handovers of mobile
sts of phone handsets from
two one cell to another
elem within the BSS. The
ents, BSC can either be
one located with a BST or
or can control multiple
more
BST units, hence
base
serves multiple cells.
statio
A group of BSCs is
n
connected to a
trans
mobile switching
ceive
centre (MSC) via
rs
microwave links or
(BST
telephone lines
)
(Hubaux and Znaty,
(com
2000; Steele et al.,
monl
2001).
y
referr
Network
ed to subsystem: MSC,
HLR, switched telephone
VLR,
networks (PSTN) or
AuC,
EIR digital integrated
The services digital
networ network (ISDN). The
k NS controls
subsy handovers between
stem cells in different
(NS) base station
provid subsystems,
es a authenticates users
link and validates their
betwe accounts. It also
en the provides functions
cellula for worldwide
r roaming of mobile
networ users. The main part
k and of the network
fixed subsystem (NS) is
networ the mobile services
ks switching centre
such (MSC), which is
as the supported by the
analog following four
ue databases that it
public controls.
Gorra Page
Andrea 24
type and subscription
type. Typically, GSM
a)
Home networks have only
locatio
one HLR (Walke,
n
registe 2003). In addition,
r
databa dynamic information
se about the mobile
(HLR)
subscriber is stored,
The
for instance the
home
current location area
locatio
(LA). A location area
n
consists of one or a
register
number of cells. As
databa
soon as mobile
se
phone user leaves
(HLR)
his current LA, this
contain
temporary data held
s an
in the HLR is
entry
immediately updated
for
(Steele et al., 2001).
every
SIM b) Visitor location
card register database
(VLR)
issued,
The visitor location
includin
register (VLR) is a
g
temporary database
details
that maintains
such
information about
as
subscribers that are
telepho
currently physically
ne
in the region
number
covered by the
,
mobile switching
mobile
centre (MSC).
equipm
Entries are added
ent
when visitors enter
number
the VLR domain
,
and deleted when
equipm
visitors leave the
ent
VLRs domain.
The n area and records
VLR whether or not the
stores subscriber is active
inform and other
ation parameters
trans associated with the
mitted subscriber. The VLR
by the also contains
HLR, information that
such enables the network
as to find a particular
authe subscriber in the
nticati event of an incoming
on call.
data,
teleph c) Authentication
centre database
one (AuC)
numb The authentication
er, centre database
agree (AuC) handles
d authentication and
servic encryption keys
es, for all subscribers
allowi
in the home and
ng the
visitor location
MSC
registers. It stores
to
data needed to
make
authenticate a call
a
and to encrypt
conne
both voice and
ction.
data traffic.
It
tempo
d) Equipment
rarily identity register
database (EIR)
stores
The Equipment
a
identity register
users
database (EIR) lists
last
stolen phones, stores
known
subscriber and
locatio
equipment numbers
(IMEI) k or to be monitored.
of It can block calls from
phones stolen mobile stations
that areand prevent network
to be use by handsets that
banned have not been
from approved (Walke,
the 2003).
networ
Andrea
Gorra Page
25
architecture
works,
2.1.2.2
described
Steps
in below is what
makin
ga happens
mobile when a call
phone
call takes place
T between two
o mobile users
within an area
d controlled by
e the same
m mobile
o switching
n centre (MSC)
s (after
t Stallings,
r 2005; Walters
a and
t Kritzinger,
e 2000).
Step 1: A mobile
unit is turned on -
h
initialisation
o
The mobile phone
w
scans and selects the
strongest setup
t control channel. The
h mobile phone selects
e the base station
antenna of the cell
c within which it will
e operate, which must
l not always be the
l geographically
u closest base station
l due to interference
a patterns or other
r electromagnetic
phenomena. A so-
called scanning procedure
handsh is repeated frequently
ake and if the phone
takes enters a new cell, a
place new base station is
betwee selected.
n
Step 2: Call
mobile origination - request
phone for connection
handse A mobile phone
t and initiates a phone call
the by sending the
mobile number of the called
switchi mobile phone on the
ng pre-selected setup
centre control channel. The
throughmobile phones
the receiver first checks
base that the setup
station, channel is idle by
which scanning the base
is used stations forward
to control channel,
identify also known as
the reverse control
mobile channel. When an
phone idle is detected, the
user mobile is able to
and to transmit on the
register corresponding
its reverse control
locatio channel to the base
n. As station, which then
long as in turn sends the
the request to the MSC.
mobile
Step 3: Paging
phone
The MSC completes
is
the connection to the
switche
called mobile phone
d on,
by sending a paging
this
messa position of the mobile
ge to phone. The mobile
particul phone network is
ar aware of the current
base position of a phone
station because it is stored
s in the VLR. Hence,
depen only the relevant
ding on base station and
the those base stations
called in surrounding cells
mobile are addressed. Each
numbe BS transmits the
r. paging signal on its
Which own assigned setup
base channel.
station
Step 4: Call
s are accepted
paged The called mobile
depen phone recognises
ds on its number on the
the setup control
mobile channel it
phone monitors
networ frequently (see
k step 1). The
provide mobile phone then
r but is
responds to the
also
relevant base
depen
station, which in
dant
turn sends the
on the
response to the
physic
MSC. The MSC
al
sets up a
Andrea Gorra Page
26
in turn notifies its
mobile phones. The
conn
two mobile phones
ection
tune to the
betwe
channels assigned
en
by the base station.
the
callin
2.1.3 Mobile
g and
location-
called based
services
mobil (LBS)
e
Location-based
phon
services are
e. At
information services
the
accessible with
same
mobile devices
time,
through the mobile
the
network and utilizing
MSC
the ability to make
select
use of the location of
s an
the mobile device
availa (Virrantaus et al.
ble 2001 in Steiniger et
traffic al., 2006). Location
chan services are available
nel to operators of all
within commonly used
each mobile phone
base networks in Europe:
statio GSM (2G), GPRS
n's (2.5) and UMTS
cell (3G).
and The value of
notifie knowing the

s location of a
each mobile phone
base handset has been
statio acknowledged by
n, private and public
which sector services.

The location-based
geo services (LBS) are
grap commonly
hic distinguished:
locat
Safety and
ion security
of a o
mob
E
ile m
pho e
r
ne
g
can e
eith n
c
er
y
be
use s
e
d to
r
enh v
anc i
c
e
e
exist s
ing
(
servi
E
ce u
appli r
o
catio
p
ns e
or to :
crea
E
te 1
new 1
2
one
,
s.
The U
S
follo
:
wing
cate E
9
gori
1
es 1
of )
o D
Ro a
ads
t
ide
i
ass
ista n
nce g
o
Navigation and
Chi information
ld services
find
er o Traffic
o and
Ass weather
et reports
trac o
kin Navigatio
g n
o
informatio
Em
plo n (Find
yee the
saf quickest
ety route /
o
Ret Find my
enti nearest
on ) o
of
traff Tourist
ic services
dat
a, Tracking services
incl and logistical
udi telematics
ng o
loc
atio
F
n
dat i
a in e
the l
EU d
Soc
ial S
t
o
a
Ga
me f
s f
o
M
Fri
a
end n
find a
er g
o e
m
ent e
(Jo n
b t
sch o Alerts
edu on
ling unauthoris
) ed
locations
Fle
et
(Sources: Elliot and
ma
Phillips, 2004; m-
naglocation.com, n.d. ;
em Qualcomm, 2003)
Gorra Page
Andrea 27
not initiated by the
mobile phone user
These
and primarily
LBS
encompass security
typicall
and safety related
y use
applications, such as
either
location tracking for
active
emergency services
or
and tracking of work
passiv
force for business
e
users.
locatio
Location-based
n
services need to
reques
meet the
ts. The
expectations of
former
subscribers and of
are
initiate mobile phone
d by operators in terms of
the implementation and
mobile cost requirements.

phone Performance
user, requirements of LBS
for include consistency,
exampl start time and

e, accuracy. The
when a requirements for

mobile accuracy vary
phone depending on the
user application - the
wants majority of
to find applications require
the accuracy of 10-100
neares metres range.

t bank. Implementation
Passiv requirements
e consider impacts on
locatio handsets, e.g. drain
n on batteries, roaming
reques between networks
ts are (2G to 3G) and
networ account by operators
k include handset
expans costs, infrastructure,
ions. expansion
Costs maintenance and
to take return on investment
into (Qualcomm, 2003).
Andrea
Gorra Page
28
technologies,
emergency response
2.1.3.1
Locati times and thus
on- consequences of
enhan
ced injuries can be
emerg reduced. Around 180
ency
call million emergency
servic calls are made in the
es
European Union
In
every year of which
many
60 to 70 percent
emerge
originate from mobile
ncies
phones. Possibilities
people
for emergency call
do not
management are
know
being investigated by
their
European initiatives
exact
(European
locatio
Commission, 2003).
ns,
In the US, business
which
drivers for location-
is
based services
particul
include government
arly
mandates such as
importa
Enhanced 911 (E911)
nt
that require the
when
incorporation of
making
location-
the
determination
emerge
capabilities in mobile
ncy call
phones. The USs
from a
Federal
mobile
Communication
phone.
Commission (FCC)
By
required US mobile
using
phone service
locatio
providers to provide
n-
public safety
identifyi
agencies with
ng
location information
in the ', Europe's
event universal
of an emergency
emergenumber, will be
ncy. able to inform the
Particul emergency
ar services about the
perfor callers location
mance based on Cell-ID.
charact Mobile phone
eristics service providers
for will share location
locatio information with

n the relevant
determi emergency
nation service. In
were Europe, opposed
specifieto the USA, no

d specific
performance
(Centre
standards have
for
been set for the
Democ
member states.
racy
Article 6 of the
and
Directive on
Techno
logy, Universal Service
2006). and Users Rights

relating to
In Electronic
Eur Communications
ope, Networks and
call Services
s (2002/22/EC of 7
mad March 2002) states
e by
that:
mob
Member States
ile
shall ensure that
pho
undertakings which
ne
operate public
to
telephone networks
'112
make y call number 112"
caller (European
locati Commission,
on 2002). This makes
infor it a legal
matio requirement for
n mobile phone
avail service providers to
able deliver location
to enhanced 112
autho services across
rities Europe.
handl
ing In the EU, similar to
emer the US and Canada,
genci consumer consent for
es, to use of location data

the for emergency
exten services is implied.

t The European Union
techn has left it to voluntary

ically efforts by industry to
feasi exploit the
ble, commercial
for all capabilities of
calls location-based
to the services, however,
singl has made it
e mandatory for mobile
Euro phone operators to
pean pass on the location
emer of callers as it is
genc technically possible
for them (Gow, 2004).
Gorra Page
Andrea 29
fying the location of
a device can be
2.1.4 Ddivided into network
i
fcentric, handset
fcentric methods or
e
ra combination of
eboth. Network
n
tcentric techniques
locate a device
m
ebased on
tinformation supplied
h
oby the network or
d
with help of a
s
number of mobile
f
phone base
o
rstations, no handset
enhancements are
l
onecessary. Handset
c
centric methods
a
trequire an upgrade
i
nto the mobile device
gas the location is
acalculated by the
mobile phone itself
m
ofrom signals
breceived from base
i
lstations. Satellite
ebased technologies,
psuch as GPS (see

h2.1.4.2) are an
o
nexample for
ehandset- centric
positioning
The (Steiniger, 2006).
vario
us The following
techn location
iques technologies are
for relevant to mobile
identi phone location
dat rent methods.
a
and Table 2.1: Mobile
phone
will
location
be technolog
des ies and
supported
crib mobile
ed communi
cation
tog
standard
eth
er
with
thei
r
part
icul
ar
perf
orm
anc
e
and
impl
em
ent
atio
n
cha
ract
erist
ics.
Tabl
e
2.1,
belo
w,
list
the
diffe
Supported in mobile
Mobile phone location technology
communication standard
Cell of origin (COO) GSM, GPRS, and UMTS
AOA (Angle of Arrival) GSM, GPRS
TDOA (Time Difference of Arrivals) GSM, GPRS
E-OTD (Enhanced Observed Time Difference) GSM and GPRS
OTDOA (Observed Time Difference of Arrival) UMTS
A-GPS (Wireless Assisted GPS) GSM, GPRS and UMTS
Andrea
Gorra Page
30
2.1.4.1 Network-based mobile phone positioning
Cell of origin (COO)

The simplest technique to identify the location of a mobile handset is based on cell-
id, also known as Cell of origin (COO), see Figure 2.3. Since a mobile phone can
be situated anywhere within a cell, the accuracy of these methods depends on cell
size, which can vary from a few hundred metres to several kilometres (for more
detail see section 2.1.2.1 above).
This method of locating a mobile phone is the least accurate but also the most
inexpensive one, as it does not require individual handsets or network infrastructure
to be altered. The location of the cell used by the mobile phone can be identified
within about three seconds (Lyon, 2005). Accuracy of the Cell-ID method can be
improved by specifying the cell sector, as each base station typically has multiple
antennas, each covering a sector of the cell (see Figure 2.4). For example, a base
station with three antennas will produce a cell with three 120 degree sectors. By
detecting the antenna with which the handset registers, the location can be
narrowed down to a sector of the cell (D'Roza and Bilchev, 2003).
Mobile Phone
Base Station
Figure 2.3: Cell-of-Origin tracking Figure 2.4: Sectorisation of a cell

(after Walke, 1999) (after D'Roza and Bilchev, 2003)
Andrea Gorra Page 31

is moving, this is not
a very exact method
Angle (Steiniger et al.,
of
Arrival 2006). The base
(AOA) stations need AOA
A equipment to identify
techniq the direction of the
ue phone's signal. The
known AOA equipment
as compares the angle
Angle between the caller
of and various receiving
Arrival base stations and
(AOA) uses triangulation to
determi determine the caller's
nes a longitude and
user's latitude. Limitations of
locatio the AOA technique
n by include its reduced
measur accuracy; for
ing the example when
angles various forms of
from signal interference
which aoccur. This can be
mobile due to signals
phone' bouncing caused by
s high buildings, which
signals results in a weaker
are signal or none at all.
receive AOA is known to
d by work best in less
two or populated areas, as
more there is a lower
base likelihood of
station interference. Many
s. companies combine
Becaus AOA with TDOA
e the according to Deitel et
mobile al. (2002). AOA is
device more accurate than
COO nce of Arrival (TDOA)
and the technique measures
handse the time it takes a
ts do mobile phone signal
not to reach the
have to receiving tower and
be two additional
modifie towers. The signal's
d. travel time allows
Howev determining the
er, it user's distance from
can each tower, which in
prove turn allows
costly calculating the user's
to position. By
modify calculating the user's
and distance from the
configu receiving tower and
re the two adjacent towers,
base a (virtual) set of arcs
station is created, which
s intersection indicate
(Lyon, the handset's
2005).
location. Handsets
do not need to be
Time
Differe modified to utilise
nce of this location
Arrival
(TDOA technique, as the
) calculation of the
The position is done by
Time the network provider
Differe (Deitel et al., 2002).
Andrea
Gorra Page
32
ID. The distance
between handset
Enhan and base station is
ced
Obser calculated based on
ved the different times it
Time
Differe takes a signal to
nce arrive at the base
(E-
OTD) stations once it
Enhan leaves the handset.
ced Accuracy can
Obser theoretically reach
ved 30 metres but can lie
Time in reality between 50
Differe and 125 metres
nce (Lyon, 2005).
(E-
OTD),
Base station
uses
triang
ulation
betwe
en at
least
three Serving

differe Base station
base station
nt
Figure 2.5: E-OTD
base (after Lyon, 2005)
station
s to E-OTD only works in
provid GSM and GPRS
e networks, requires an
more upgrade to the mobile
accura network
te infrastructure, and
locatio uploading of software
n to base stations to
identifi ensure compatibility.
cation The base stations
than need to be fitted with
Cell- location
measur greater accuracy than
ement cell-of-origin but at a
units slower speed of
(LMUs) response, typically
and, by around five seconds
measur (Prasad, n.d.).
ing the Differing from TDOA,
signal the calculation of the
from position is done by
the the mobile phone
mobile handset and for this
phone, reason a handset
the update in the form of
LMUs software modification
can is necessary
triangul (Steiniger et al.,
ate the 2006). A similar
users technique known as
positio OTDOA (Observed
n. This Time Difference Of
techniq Arrival) operates only
ue in 3G networks
offers (Deitel et al., 2002).
Andrea
Gorra Page
33
calculated by
comparing time
2.1.4.2 signals from several
Satellit
e- satellites, of which
based each has to have a
mobile
phone direct line of sight to
positio the receiver. At least
ning
three satellites are
Global necessary to
Positi
determine the
oning
Syste receiver's two-
m
dimensional location
(GPS)
(i.e. latitude and
The
longitude). To
Global
achieve additional
Positio
and more accurate
ning
information, for
Syste
example altitude, four
m
or more satellite
(GPS)
signals are required.
uses a
The 24 satellites orbit
set of
the earth twice a day,
satellit
transmitting radio
es and
ground signals from
receive approximately
rs to 12,000 miles above
determ the Earth. The
ine the satellite system,
locatio based on spy
n of a satellites utilised
GPS- during the Cold War,
enable was originally
d developed by the
device. USA Department of
A Defence to help
GPS's troops and missiles
receive locate themselves on
r maps. In the 1980s,
locatio the US government
n is made the system
availab handsets are that
le for GPS receivers
civilian consume a
use. considerable amount
Once a of battery power, are
GPS fairly expensive, and
receive location positioning
r has does not tend to
been work from inside
acquir buildings as a direct
ed, the line of sight with
locatio satellites is needed.
n In addition, in urban
identify areas the GPS signal
ing can bounce of
service building walls and
is free distort the result
to use (Monmonier, 2002;
and Lyon, 2005).
accura
te to Assisted GPS
an Assisted GPS (A-
averag GPS) links to the
e of 15 terrestrial-based
metres system of cell sites
. to speed up the
Howev process of
er, the calculating a
drawb handsets position.
acks A-GPS can be
for combined with Cell-
GPS ID, E-OTD or
receive OTDOA. It requires
rs that an update to the
have handset and network
been infrastructure and
integra shares the same
ted
drawbacks as all
into
GPS receivers
mobile
(Lyon, 2005).
phone
s from 2011 and to
Galile offer at least the
o-
Europ same performances
ean as GPS (European
Satellit
e Commission, 2006b).
Naviga Galileos navigation
tion
Syste infrastructure, which
m will consist of 30
Galileo satellites and relevant
is a ground infrastructure,
Europe is funded by the
an European Union and
satellitethe European Space
navigat Agency (European
ion Commission, 2006a).
system Galileo is under civil
currentl control and aims to
y in ensure that European
develo economies are
pment. independent from
It aims other states systems,
to such as GPS. GPS is
provide a
positio
ning Andrea Gorra Page
34
service
military
system
by the
United
States
and is
made
availabl
e to
civil
users
Figure 2.6:
without Accuracy of
positioning
any
methods (after
guarant Steiniger et al.,
2006)
ee for
continu As can be seen
ity. from the graphic
above (Figure
Figure
2.6), the most
2.6
below accurate ways of
shows determining a
a mobile phones
compa geographical
rison location involve
of the
the satellite based
accura
system GPS.
cy of
positio Location
ning identification by
metho cell-ID is the least
ds accurate method,
used however this
by
technique makes
mobile
use of the default
phone
properties of
s:
mobile phones. In
other words,
every mobile
pho ted by Cell-ID
ne without any
can modifications of
be either software or
loca hardware.
Andrea
Gorra Page
35
signal, irrespective of
mobile phone
2.1.5 S
network generation
u
mand network provider.
m
This first part of the
a
rchapter has
y
explained this
Pprocess by providing
a
ran overview of the
tcellular GSM network
1architecture and
techniques used for
locating a mobile
As can
phone. Location
be
information as part of
seen
other
from
communications data
this
can be stored for
short
future data-mining
discuss
and analysis, as for
ion of
example for
technic
commercial location-
al
based services or for
backgr
law enforcement
ound,
purposes, as
the
discussed in Part 3 of
locatio
this chapter (section
n of
2.3). The automatic
every
generation of
mobile
digitised personal
phone
data about every
can be
mobile user and its
identifi
storage on a long-
ed by
term basis, may also
triangul
bear negative
ating
aspects that can
the
impact in individuals
mobile
privacy, as discussed
phone
in the next section.
Andrea
Gorra Page
36
of privacy
definitions.
2.2 P Following this, legal
a
and technological
r
t matters relevant to
2 privacy are
:
P reviewed together
ri with issues of
v surveillance and
a
c social justice. In
y addition, this section
addresses the role
The
of privacy
secon
enhancing and
d part
invading
of this
technologies, and
chapt
finally explores the
er
relationship
focus
between location-
es on
based services and
the
privacy in the
repres
literature.
entati
on of
2.2.1 Setting the
privac scene
y in
The difficulty of
the
defining the concept
literat
of privacy is often
ure
used as an
and
introduction to
starts
reviews of privacy
off by
literature (see for
introd
example Introna,
ucing
1997; Solove, 2002;
and
Bennett, 2004). Alan
classif
Westin, a renowned
ying
US privacy scholar,
the
comments on this
wide
subject matter that
range
"no definition of
privac interest individuals
y is have in leading a life
possib free from
le interference by
becau others. Despite this
se apparent
privac slipperiness of the
y notion of privacy,
issues numerous scholars
are have not ceased to
funda provide their
menta thoughts on this
lly subject over the last
matter several decades:
s of such as regarding
values the impact of
, technologies on
intere privacy (Cavoukian
sts and Tapscott, 1995;
and Agre and
power Rotenberg, 1997;
" Bennett, 2004),
(Westi surveillance and
n, privacy (Clarke,
1995, 1988; Lyon, 1994;
quote Zureik, 2005) or
d in regarding
Gellm communications
an interception in the
1998, information age
p. (Diffie and Landau,
194).). 1998).
He
sugge Fried (1968 in Singh
sts and Hill, 2003)
under observes that privacy
standi is of high value for
ng people because it
privac allows for
y as transactions that
an result in trust, which
otherwi the modern age
se (Privacy International,
without 2003b). Despite the
the apparent difficulties in
reassur finding a suitable
ance of characterisation of
privacy privacy, a right to
would privacy is enshrined
not be in international
possibl treaties, conventions,
e. and agreements. In
Privacy 1948, the UN
is seen declared privacy to
as an be a fundamental
interest human right in Article
of the 12 of the Universal
human Declaration of Human
person Rights (UDHR). The
ality UDHR consists of 30
and by Articles which outline
some the United Nations
believe General Assemblys
d to be view on human rights
the guaranteed to all
most people. Yet, privacy
essenti was declared a
al fundamental right in
human the Universal
right of Declaration of Human
Andrea Gorra Page
37
Council of Europe
released the
Rights
European Convention
,
on Human Rights,
differi
which states in its
ng
Article 8.1 that
from "Everyone has the
an right to respect for his
absol private and family life,
ute his home and his
right, correspondence". It
which has been established

under the
is
jurisprudence of the
inviola
European Court of
ble.
Human Rights
Funda
(ECtHR) (see for
menta example Kopp v
l Switzerland (1999)
rights 27 EHRR and Halford
may v United Kingdom
under (1997) 24 EHRR 523)
certai that interception of
post and
n
telecommunications
circu
from business and
mstan
private premises falls
ces
within the scope of
be Article 8.1 and
remov therefore ensures
ed private conversations
(Gaun to individuals (Davis,
tlett, 2003). However,
1999). Article 8.2 ECHR

allows interference
Shortly with this right to
after respect for private
the and family if it is
UDHR necessary in a
the democratic society in
the more detail see
interest section 2.2.3.1).
s of
nationa Meanwhile, some
l philosophers believe
securitythat privacy rights are
, public unequivocal and
safety unconditional
or the (McWhirther and
econo Bible, 1992;
mic Velasquez, 1992 in
well- Singh, 2003).
being Goodwin (1991 in
of the Singh, 2003)
country interprets privacy as
, for thea two-dimensional
prevent concept requiring
ion of space and
disorde information, whereas
r or Gavison (1980)
crime, identifies the
for the following three
protecti elements of privacy:
on of secrecy, anonymity
health and solitude. Fried
or (1968) defines
morals, privacy as "control
or for over knowledge
the about oneself", which
protecti corresponds to
on of Westin's (1967,
the quoted in Garfinkel
rights and Gene, 2002, p.
and 205) definition
freedo "Privacy is the claim
ms of of individuals, groups
others" or institutions to
(ECHR determine for
, Article themselves when,
8.2) how, and to what
(for extent information
about s to self, that is
them is the extent to
commu which we are
nicated known to others
to
and the extent
others"
to which others
.
have physical
Westin
access to us
supplie
2) Privacy as
s the
control over
followin
information, that is
g views
not simply limiting
of
what others know
privacy,
about you, but
1 controlling it. This
) assumes
P individual
ri autonomy in that
one can control
v
information in a
a
meaningful way.
c
Privacy is again
y
suggested to
a
comprise the two
s
factors control and
li
knowledge by
m
Foxman and
it
Kilcoyne (1993 in
e Singh, 2003), in
d other words to
a have control over
c what information is
c collected and the
e knowledge that a
s data collection
takes place
Andrea Gorra Page
38
g two aspects;
protection of personal
and
territory and
includin
protection against
g the
governmental
purpos
intrusion. This relates
e of
to the traditionally
collecti
recognised desire to
on.
balance the power
These
between government
definiti
and private
ons
individuals, as
predom
discussed by
inately
Nissenbaum (1998).
relate
to the
2.2.2 Privacy
categor categories
ies of
The range of
informa
scholarly thoughts
tion
on privacy above
privacy
as indicates that there
discuss seems is no
ed in universally
the accepted definition
next of privacy. For
section these reasons, it

. seems the most
Theore useful approach to

tical come to terms with
approa the concept of

ches to privacy by applying
privacy different categories
predomor spheres of
inantly privacy. All
differen definitions of
tiate privacy supplied by
betwee the various authors

n the above can be
followin assigned to one or
more of the
follo rke, 1999;
wing Gauntlett, 1999;
priva Privacy
cy International,
cate 2003b):
gorie 1) Information
privacy
s.
2) Privacy of
Th communication
s
e
3) Bodily privacy
foll
4) Territorial
owi
privacy
ng
fou In addition to these
r categories, Introna
sph (1997) suggests the
ere following three
s of privacy categories,
priv which share the
acy element of personal
are information as a
co common
mm characteristic.
onl These particularly
y relate to the
ide empirical findings of
ntifi this study, which will
ed be discussed in
(se detail in subsequent
e chapters:
for 5) privacy as no
access to the
exa person
mpl 6) privacy as
e control over
personal
Nis information
sen 7) privacy as
bau freedom from
judgement by
m, others
199
These seven privacy
8;
categories as listed
Cla
above are
comm combined.
only In the context of
referre mobile phone
d to in location data and
the its long-term
literat storage, the most
ure obvious threat to
and privacy is towards
are the right to respect
detaile for private life as
d in contained in Article
the 8 ECHR (see
followi section 2.2.3.1).
ng; Information relating
the to an individuals
two
geographical
categ
location and
ories
gathered on a
relatin
continuous basis
g to
can be classified as
inform
privacy invasive
ation
according to six out
(a+f)
of the following
have
seven privacy
been
categories:
Gorra Page
Andrea 39
regarding modern
information and
a)
Inform communication
ation
technologies (ICTs).
privac
y, f) Mason (1986)
Privac
identifies two forces
y as
contro related to information
l over
that threaten
perso
nal individual privacy. For
inform
one part the growth
ation
of information
The
technology with its
categor
ability to generate,
ies of
store and analyse
'inform
great amounts of
ation
personal information,
privacy'
and for the other part
and
the increased value
'control
of information in
over
decision making to
person
policy makers. The
al
increased
informa
deployment of
tion'
computers in the
are the
1960s and 1970s has
most
enabled businesses
frequen
to store vast amounts
tly
of data at relative low
referre
cost for almost
d to
unlimited periods of
privacy
time and has
categor
facilitated the linkage
ies in
and analysis of data
the
stored in different
literatur
locations. These
e and
technical
are
developments have
particul
resulted in the need
arly
of rules to manage
relevan
the collection and
t
handlin to accumulate
g of detailed collections of
person information about
al data, individuals. Therefore
particul the data protection
arly legislation has been
consu developed, in order to
mer prevent harm to
informa individuals and
tion negative
(Privac consequences on
y society. At first by
Internat some individual
ional, countries and then at
2003b). international level, for
In example through the
additio European Union. The
n, the UKs domestic
increas version of data
ed use protection law was
of enacted in form of the
technol Data Protection Act
ogy 1984. Today, the
had Information
already Commissioner has
in the responsibility for
1970s promoting and
resulte enforcing the Data
d in Protection Act 1998
growin and Freedom of
g Information Act 2000
concer (Information
ns Commissioner,
about 2007).
the
potenti
al of The predominant aim
informa of most data
tion depositories or data
technol warehouses is to
ogies analyse the
accumu s and consumer. A
lated well-known and often
consum cited principle in
er data customer relationship
and marketing proclaims,
detect "it costs six times
pattern more to sell to a new
s in customer than to an
order to existing one"
identify (Kalakota and
consum Robinson, 2001,
er p.170). In addition to
choices these commercial
and uses of personal data
prefere generated by
nces. information and
Profiles communications
of technologies, the data
consum is used for law
ers enforcement by the
groups police and intelligence
are services. For example,
generat the profiling of
ed, suspicious groups of
suppos citizens as part of a
edly pro-active risk
facilitati management by the
ng the government are
establis matters that will be
hment addressed later in this
of long- chapter (see section
term 2.2.5.2). Mobile phone
relation location data is an
ships example of personal
betwee information
n
Andrea Gorra Page
busines 40
e phone location
information or who
specif
has access to the
ic to a
data and for what
mobil
purposes, which will
e
discussed in further
phon
detail in subsequent
e
sections.
user
and
b) Privacy of
hence communications
falls The dimension of
into communications
this privacy deals with
infor the claim of not
matio being subjected to
n eavesdropping when
privac communicating with
y others (Clarke,
categ 1999a). This is also
ory. known as
Howe interception privacy.
ver, The European legal
the framework defines
mobil the right to
e communication
phon privacy as
e fundamental and not
user as an absolute right,

since court orders
does
can be used to allow
not
wiretapping
have
(Gauntlett, 1999).
contr
However, it is widely
ol
agreed that
over
wiretapping and
the
electronic
gener
surveillance are
ation
highly intrusive forms
of
of investigation that
mobil
should who has contacted
be whom, when, for
limited how long and how
to often (see section
except 2.3.2).
ional
circum c) Bodily privacy
stance The area of bodily
s privacy, also known
(Privac as privacy of the
y person, is assigned
Interna to the matters of
tional, shielding one's
2003b) physical self against
. Even procedures such as
though invasive body
comm searches, genetic
unicati and drug testing.
ons Person-identifying
data techniques based on
does physical and other
not characteristics, such
encom as biometrics also fall
pass into this category.
the However, mobile
conten phone location data
t of cannot be seen to be
comm related to bodily
unicati privacy, as it contains
on, it information about a
nevert person's location and
heless movements (see next
contai privacy category).
ns
very d) Territorial
privacy
person
This type of privacy
al
deals with physical
inform
space and the
ation
protection of one's
such
home or territory
as
from can also be
direct categorised as media
intrusio privacy, as it can also
n. relate to behaviour in
Territor private and public
ial places and visual
privacy surveillance, such as
also CCTV cameras. The
extend standard of privacy
s to protection regarding
the territorial and
use of communication
reason privacy was
able approved on
force international level in
to the UN Universal
defend Declaration of
one's Human Rights in
home 1948 (for more detail
against see section 2.2.3).
intrude The use of CCTV
rs was regulated for the
(Gaunt first time by the Data
lett, Protection Act 1998
1999). to put the collection
The and storage of
dimens citizens' information
ion of to closer legal control
territori (Moran, 2005).
al
Andrea Gorra Page
privacy 41
2.3.3.2).
Mobile
e) Privacy as no
phone access to the
locatio person
n data The privacy literature
encom frequently refers to
an article by Warren
passe
and Brandeis
s
published in the
inform
Harvard Law Review
ation
from December
about
1890, in which the
the
authors define
physic
personal privacy as
al
the "right to be let
space
alone" and "being
that
free from intrusion"
the
(Warren and
mobile Brandeis, 1890).
phone However, this
user relatively early
access definition of privacy
es, had not only related
which to the shielding of the
is then home from intrusion
retaine but it was also a
d on a response to
contin technology and
uous market
and developments, i.e.
long- the development of
term the camera and the

emerging tabloid
basis
media. Warren and
under
Brandeis' legal
recent
opinion tends to be
legislat
presented as the
ion
initial one on privacy
(sectio
and still greatly
n
influences today's
privacy describes privacy as
advoca a concept that varies
tes. from context to
Mobile context and points
phone out that it is quite
locatio possible that no
n data single example can
gives be found of
access something which is
to a considered private in
person every culture.
's Privacy is here seen
locatio in the sense of a
n and private space of
comm immunity from the
unicati judgement of others,
ons based on
habits preconceived ideas
and and norms. In the
hence case of mobile phone
falls location data this
into may result in an
this individual being
catego judged by others
ry of depending on where
privacy she or he has been.
. From historical
information it may be
g) deduced how this
Privac
y as phone user may
freedo behave in the future.
m
from
judge To conclude, mobile
ment
by phone location data
others can be seen as related
Johnso to the majority of - six
n out of seven -
(1989 commonly referred to
in privacy definitions. As
Introna will be discussed in
, 1997)
further communications data,
detail in can be interpreted as
subseq a form of surveillance.
uent Hence, in order for
section citizens to accept and
s to consent to this form
(2.2.5), of surveillance, it is
the necessary to ensure
long- that governments are
term accountable for its
retentio actions (Taylor, 2002).
n of The following sections
mobile will focus on the
phone legislative framework
location for privacy and
data, surveillance in relation
togethe to communications
r with technologies.
other
Andrea
Gorra Page
42
on the other hand, is
highlighted by
2.2.3 L
Clarke (1999a) and
e
gLangford (2000).
a
lPrivacy is seen as
equivalent to liberty
d
iand this definition
mconfuses the legal
e
nright of privacy with
sthe condition of
i
oprivacy. The notions
nof legal matters and
s
privacy are not
oeasily separable
f
perhaps because
pthe concept of
r
iprivacy is often
vmerely considered in
a
cthe context of
yprotection of privacy
and therefore
A closely related to the
comm legal framework. It
on could even be
misun understood, that the
dersta subject of privacy is
nding only recognised
betwe when an intrusion of
en privacy occurs.
legal
rights, Four major models
on the for privacy protection
one based on various
hand, international
and standards are
moral identified by Privacy
or International (2003b)
natura and Beresford
l (2005). Firstly,
rights, comprehensive laws
that legislation. In the UK,
govern the Office of the
the Information
collecti Commissioner is an
on, use independent public
and body established to
dissemienforce compliance
nation with data protection
of legislation, such as
person the Data Protection
al Act 1998. Bennett
informa (1995) has shown
tion by that countries that
both have established a
the data protection
govern agency provide better
ment privacy protection for
and their citizens.
private Secondly, sectoral
sector. laws regulating
For certain areas of
exampl privacy protection, for
e, example financial or
Europe medical privacy.
has a Thirdly, various forms
compre of self-regulation in
hensiv which industry adopts
e particular codes for
regulat self-control and
ory engages in self-
model policing. However,
with a Beresford (2005)
public remarks that industry-
official wide consensus does
in not necessarily result
charge in satisfactory
for consumer privacy.
enforci The latter two privacy
ng data protection laws can
protecti be for example found
on the in the United
States. these models can be
Fourthl complementary or
y, contradictory. Privacy
technol International (2003b)
ogical believes that the joint
self- use all of the models
help for together provides the
consu most effective privacy
mers protection for
throughcitizens.
method
s such The terms 'human
as right' and 'civil liberty'
encrypt are often used in
ion, conjunction with the
various term privacy. Stone
digital (2004) explains that
payme the phrase human
nt right is commonly
method drawn on in an
s and international context,
anony such as by the
mous
Universal Declaration
remaile
of Human Rights and
rs.
the European
Depen
Convention on
ding on
Human Rights. The
their
term civil liberty tends
applica
to be rather
tion,
Gorra Page
Andrea 43
an lawyers Warren
and Brandeis have
used
established the basis
on the
for privacy protection
munici
constituted in
pal legislation (see
level. section 2.2.2). In
Howe Europe, the right to
ver, privacy is a highly
Stone developed area of

law, and after the
also
Second World War
ackno
Human Rights have
wledg
been laid out in
es legislation, also in an
that attempt of the
the democratic states to
distinc distinguish
tion themselves from the
Eastern Bloc regimes
betwe
(Bowden, 2003). All
en
Member States of the
both
Council of Europe
terms have ratified the
can European
be Convention for the
blurre Protection of Human
d. Rights and
Fundamental
Freedom, also known
2.2.3.1
Protec as the European
ting
Convention on
Huma
n Human Rights
Rights (ECHR), which was
At the adopted in 1950. All
end of Member States of the
the European Union
th
19 (currently 27
century members) are
, the members of the
Americ Council of Europe (a
larger on Human Rights. An
body of important element of
45+ this Convention
memb system is that an
er individual, company
states), or other organisation
and can bring a case
are against their own
thus government claiming
bound a violation against
by the the Convention. The
ECHR.
UK had been a
signatory of the
The
ECHR since 1950
Counci
and thus has bound
l of
itself to observe the
Europe
judgement of the
establi
ECtHR. Therefore,
shed
when the European
the
Court in Strasbourg
Europe
decides that the UK
an
has violated a right
Court
under the ECHR, the
of
UK needs to amend
Human
its law, policy or
Rights
practice so as to give
(ECtH
effect to the
R),
judgment, while it has
based
some discretion in
in
doing so. Hence, the
Strasb
British courts are not
ourg,
bound to follow the
to
Strasbourg view,
ensure
which makes it
observ
possible for a
ance of
distinct British
the
approach to human
Europe
rights to develop
an
(Davis, 2003).
Conve
ntion
The jurisprudence of
the looks at underlying
Europe values instead of
an artificially
Court distinguishing private
of and public
Human categories. The Court
Rights has adopted a
on definition of private
privacy life that is more
is more general than merely
comple considering a
x than person's intimate
that on sphere of personal
other autonomy. For
Conve example, the ECtHR
ntion has considered
rights, worthy of respect a
argue person's sense of self
Whitty, and well-being but
Murphy also relationships
and within the wider
Livingstsociety. Relevant
one cases that have been
(2001). decided by the Court
The in Strasbourg involve
ECtHR personal
Andrea Gorra Page
44
d v UK (1997) 24
EHRR 523),
inform
telephone
ation
conversations
on a
(Malone v UK (1984)
card
7 EHRR 14) and
index
letter and telephone
(Aman
communications
nv
(Hewitt and Harman
Switzer
v UK (1992) 14
land
EHRR 657) (Whitty,
(2000)
Murphy and
30
Livingstone, 2001).
EHRR
843),
In the United
private
Kingdom, the Human
zones
Rights Act made the
(in
European Convention
Niemie
on Human Rights
tz v
part of British law and
Germa
with it the right to
ny
privacy for the first
(1992)
time in British history.
16
The HRA was
EHRR
introduced in 2000
97),
and is only applicable
respect
to public authorities
for
and private
'corres
organisations acting
ponde
as public authority.
nce'
Despite these
which
limitations, the HRA
can
also affects the
involve
British law for all
an
organisations and
internal
citizens as it contains
telepho
a set of principles
ne
that need to be
system
brought into court in
(Halfor
order to be
interpren, changes to the
ted. British law became
Howev necessary due to
er, adverse rulings from
even the court in
prior to Strasbourg, for
the example, relating to
Human telephone tapping
Rights and surveillance in
Act the well-documented
1998 cases of Malone v
coming United Kingdom
into (1984) and Halford v
effect, United Kingdom
the (1997), as mentioned
ECHR above. In the former
had case, Malone
already claimed that he had
had an experienced an
impact infringement by a
on the public authority to his
law of right to privacy. He
the UK alleged that he had
when been under police
British surveillance, his

judges telephone had been
sought tapped and phone
compat calls metered.
ibility 'Metering' is the
with equivalent of
the retaining traffic data
Conve from landline

ntion in telephones and
their postal
judgem communication and

ent includes data, such
(Davis, as the numbers

dialled, time and
2003).
duration of calls, as
In well as the address
additio on a postal
commu ered a confidential
nicatio network and hence
n the interception of
(Bailey, communications did
Harris not involve the
and violation of any of the
Ormer applicants rights.
od, Finally in 1985, the
2001). European Court of
Howev Human Rights ruled
er, that police
Malone interception of
s legal individuals'
challen communications was
ge was a violation of Article 8
unsucc of the European
essful Convention on
as Human Rights.
there
was no Subsequently,
enforc Malones case led to
eable the ratification of the
right to Interception of
privacy Communications Act
in 1985 to comply with
English the Strasbourg
law. judgement in Malone
The
v UK (1984) but also
public
with the privatisation
telepho
of the
ne
telecommunications
system
service. The Court
was
not Andrea Gorra Page
consid 45
(Whitty, Murphy,
ruled and Livingstone,
that 2001; Taylor, 2002).
the
The case of Halford
legal
vs United Kingdom
regul
(1997) concerned a
ation
private telephone
of the
conversation using
circu
an internal office
msta
telephone system,
nces between a police
of officer and her lawyer
telep regarding a sexual
hone discrimination
interc complaint against her
eptio police force. The
ns interception of this
was conversation by the
not police had been
expre declared admissible
ssed under English law as
with the Interception of
suffic Communications Act
ient 1985 (IOCA 1985) did
clarit not apply to private

telephone systems,
y in
and there was no
the
other UK law that
UK
regulated these types
as
of systems. However,
requi
Halford took her case
red
to the European
unde
Court of Human
r
Rights, which ruled
Articl
that an intrusion on
e 8.2
such internal
of the
telephone systems
ECH did not comply with
R the requirements
under supersedes the
Article IOCA 1985 and
8.2. extends the definition
of interception to
The include most forms of
Regula electronic
tion of communications
Investi including email
gatory (Taylor, 2002) (see
Power also section 2.3.3).
s Act
2000
2.2.3.2 European
was data protection law
introdu European laws aim
ced to set a common
partly standard across all
to member countries
comply and have to take
with into account
Halford different cultures
v UK and laws regarding
(1997) privacy protection.
concer Nevertheless it
ning needs to be pointed
private out that the impact
teleco of EU Directives is
mmuni different in each
cations country, and
system depends on the
s and different mentalities
other of the different
new nations (Hosein,
comm 2003).
unicati
on In 1997, the
technol Telecommunications
ogies. Privacy Directive
Part 1 (97/66/EC) was
of introduced by the
RIPA European Union to
specific ng
ally telecommunications
regulat traffic of individuals.
e Opposing to current
teleco practices, access to
mmuni billing data for
cations marketing purposes
system was restricted, and
s, such data related to phone
as calls had to be
mobile deleted after the
networ phone call terminated
ks, (section 2.3.4). Two
telepho years earlier, in 1995,
ne and the Data Protection
digital Directive (95/46/EU)
televisi was introduced by
on. The the European Union
Directiv to protect personal
e information to ensure
guarant the free flow of
eed 'a personal data within
right to the EU and to
privacy' harmonise privacy
regardi laws amongst its
Andrea Gorra Page
46
limited period of
time. Individuals
memb
should have the right
er
to access data
countri
collected about them
es.
and to delete or
This
change incorrect
Directi
data. Some data is
ve
categorised as
establi
sensitive data, such
shed
as data relating to
that
political opinions,
person
religious or
al data
philosophical beliefs,
can
trade union
only
membership, and
be
therefore cannot be
collect
processed without
ed
the individual's
with
explicit consent. In
conse
spite of this, an
nt of
individual's
the
agreement is not
individ
required in
ual.
exceptional cases of
The
public interest, such
data
as medical or
should
scientific research,
be
for which alternative
proces
protection
sed
mechanisms have
fairly
been established
and
(Bainbridge, 2004;
lawfull
Moran, 2005).
y for
limited
The Data Protection
purpos
Directive is, amongst
es and
other Directives,
only
implemented in all
retaine
European Union
d for a
memb l influence. In July
er 1998, the British
states Parliament approved
along the Data Protection
with Act (DPA) to
local implement the
laws. European Union
To Data Protection
enforc Directive in March
e 2000. The British
compli handling of data
ance collection and
with dissemination is
the EU regulated by the
Directi Data Protection Act
ve, a (DPA, 1998) and the
Data Freedom of
Protec Information Act (FOI
tion Act, 2000). Both the
Author DPA 1998 and the
ity has FOI Act 2000 reflect
been the development to
establi put the collection
shed and storage of
in citizens' information
each to closer legal
countr control (Moran,
y, to 2005). For example,
ensure for the first time the
indepe DPA 1998 regulated
ndenc the use of CCTV, a
e of technology that was
the increasingly being
execut used for
ive surveillance. The
govern DPA contains eight
mental Principles that
branch ensure adequate
to handling of personal
avoid data, which is data
politica related to specific
living ment departments
individ and councils, either
uals. to publish or disclose
Howev on demand
er, information and
inform documents in their
ation possession.
that is However, many
neces categories of
sary information and
for documents are
safegu exempted from this
arding duty, for example if
nation the information could
al be accessed by other
securit means or other
y is legislation. The FOI
fully Act is evidence of a
exemp move towards greater
t from openness and
the accountability, which
Data serves the idea of
Protec citizenship, makes
tion abuse of power
Princip clearer to citizens
les and aims to enable
(Davis, voters to make
2003). informed choices
(Davis, 2003).
The
Compliance with the
FOI Act
Data Protection Act
impose
and Freedom of
sa
Information Act is
duty on
promoted and
public
enforced by the
authorit
Office of the
ies,
Information
such
Commissioner (ICO).
as
govern Andrea Gorra Page
47
ner's Office, n.d.).
The
Davies (1997)
ICO is
criticises that data
the
protection acts are
UK's
not concerned with
indep
the full range of
enden
privacy protection
t issues. He warns
public that the narrow
body scope of the acts
set up can lead to serious
to limitations, as these
protec laws are only
t information laws
perso and protect data
nal before the people.
inform In other words, data
ation protection acts are
and merely concerned
promo with the way

personal data is
te
collected, stored
public
and accessed but
acces
do not question the
s to
action of collecting
official
data in the first
inform
place. British data
ation
protection laws
an
react to complaints
indep of non-compliance
enden rather than to
t proactively examine
agenc whether
y organisations
(Infor comply with the law.
matio For these reasons,
n the awareness of
Com individuals
missio regarding privacy
invasi legislation
ons is relevant to mobile
seen phone location
as data are
crucia
discussed later in
l, as
this chapter in
claim
sections 2.3.2 and
ed by
2.3.3.2).
the
Parlia
2.2.4 Impact of
menta technologies
ry on the
concept of
Office privacy
of
Scien Particularly
considerations about
ce
the influence of
and
technology on
Techn
privacy are of
ology
relevance to this
(2002
study. When Warren
),
and Brandeis'
Cady
published their
and
definition of privacy
McGr
at the end of the 19th
egor
century, protection of
(2002
privacy might have
) and
sufficiently consisted
Accen
in shielding one's
ture
home from intrusion
(2003
and not being
b).
watched or
Furt
overheard by others.
her Even though their
deta definition of privacy
ils as related to the "the
abo right to be left alone"
ut is still frequently
referred to today,
the
others increasingly
Briti
focus on
sh
technological
influen tion and
ces on communications
the technologies have
concep resulted in faster
t of computer processors,
privacy cheaper storage and
. growing use of
networking
Already
technologies, such as
two
the internet. One
decade
effect of this
s ago,
technological
Mason
'revolution is the
(1986)
increased digitisation
claime
of data. It enables
d that
routine storage and
we live
analysis of personal
in at an
data on great scale,
informa
such as for example
tion
when using credit
age, in
cards, the internet or
an
mobile phones.
informa
Consequently, the
tion
increased power of
society.
computers together
Contin
with the advent of the
uous
internet have
advanc
influenced numerous
ements
aspects of life and
in
hence the concept of
informa
privacy.
Andrea Gorra Page
48
communication
technologies (see for
A
example Cavoukian
number
and Tapscott, 1996;
of
Gauntlet, 1999;
predom
Garfinkel, 2001; Cady
inantly
and McGregor,
North
2002). However, their
Americ
treatment of privacy
an
provides a too narrow
publica
view of the subject
tions
matter. This highlights
tend to
the importance of
merely
taking into account
relate
time and context of
privacy
privacy publications,
to
as well as country
electro
and regional specific
nic
regulatory
commu
approaches, in order
nicatio
to provide a sufficient
ns, and
understanding of the
seem
subject of privacy.
to be
primaril
Before electronic
y
means of data
concer
storage were widely
ned
used by businesses,
about
data could often be
the
'Death found scattered over
of different places. The
privacy cumbersome and

in the sometimes
impossible retrieval
21st
of this data could act
century
as a kind of privacy
'
protection. When
caused
merging data from
by
different sources
informa
tion over time privacy
and related issues arise

especi is another area
ally frequently mentioned
when in the literature
data feared to invade
that individual's privacy
has (Cady, 2002; Graeff
been and Harmon, 2002).
perceiv Consumer profiling
ed as evokes associations
non- with racial or criminal
sensiti profiling; taking into
ve at account that not only
time of past actions can be
disclos analysed but also
ure is future consumer
combin behaviour, which is
ed with often tried to be
other predicted and
data possibly influenced.
(Nisse This entails the
nbaum danger shared with
, all types of profiling
1998). in that assumptions
The are made about a
analysi person which are not
s of necessarily accurate
consu or complete. Bowden
mers' (2003) warns that
purcha collections of
sing consumer data often
habits take place without
is often the unambiguous
accom consent of
panied consumers, who may
by the give their agreement
creatio at the very beginning
n of of a business relation
consu but then over time
mer forget about it. This
profiles also raises issues
, which regarding the
owners al data, particularly in
hip of sensitive areas such
person as health.
Andrea
Gorra Page
49
collections
2.2.5 SThe dictionary

udefines surveillance
r
as close
v
eobservation,
i
lespecially of a
lsuspected spy or
a
ncriminal (The
cconcise Oxford
e
English dictionary,
s2001). The French
o
cword surveillance
imeans literally to
e
twatch over, from
ysur- over + veiller
-watch from Latin

vigilare keep watch,
T
hOrigin: early 19th
rcentury. However,
e
a'to watch over' can
tbe interpreted in two
s
ways, which
trepresent the two
o
faces of
psurveillance: on the
r
ione hand, protection
v
or care and on the
a
cother hand, control.
y
Lyon (2001) argues
bthat the worrisome
y
and unsocial
daspects of
i
gsurveillance pay for
imobility,
t
aconvenience, speed,
lsecurity and safety
din modern life.

a
t
Several authors claim
a
that Orwellian Big
today's Brother figure but
Wester rather as relating to
n the continuous
society gathering of
has information facilitated
turned networked computer
into a systems: "Everyday
surveill life is subject to
ance monitoring, checking
society and scrutinising"
(see (Lyon, 2001, p. 1). In
Lyon, Lyons view, all
2001, societies that depend
Marx, on information and
2002 communications
and technologies for
Stalder administrative and
, control processes
2002). can be described as
Howev surveillance
er, societies. Indeed, the
these UK is the country
author with the most CCTV
s do cameras in the
not Western world,
perceiv according to the
e Human Rights
surveill organisation Liberty
ance in (n.d.). There are 4.2
the million cameras in
context the UK, which means
of that there is one
totalitar camera for every 14
ian British citizens,
regime according to McCahill
s or and Norris (2003 in
regardi Norris et al., 2004).
ng a
centrali In its recent
sed report
c ommissioner
o , the
m Surveillance
m Studies
i Networks
s shares this
s broad
i definition of
o surveillance:
n Where we find
e purposeful,
routine,
d
systematic and
focused
attention paid to
f
personal details,
o for the sake of
r control,
entitlement,
management,
t influence or
protection, we
h
are looking at
e surveillance.
(Surveillance Studies
Network, 2006)
U
The report warns
K
that the routine
tracking and
I information
n gathering
f mechanisms of the
o surveillance society
r are often not obvious
m to citizens. This
a makes it particularly
t important to
i incorporate checks
and safeguards
o
when collecting data
n
to ensure
accountability.
C
Nevert Bennett (2005),
heless challenge the view
, of defining electronic
some data collections as a
author form of surveillance.
s such Bennett stresses
as that a
Andrea Gorra Page
50
on a case study in
which he examines
distinct
his own data tracks
ion
generated as an
needs
airline passenger
to be
when travelling
made
within his own
betwe
country Canada and
en
across the border to
captur
the US.
e and
storag
In his view, the
e of
collection and
person
storage of his
al
passenger data by
inform
the airlines and
ation
airports does not
on the
constitute
one
surveillance, as
side,
there is no further
and on
analysis of that data
the
from which decisions
other
are made. He
side,
criticises the use of
data the term surveillance
analysi in this context, as he
s and perceives
manip surveillance as a too
ulation broad definition.
of Bennett suggests
those using another
whose concept or term to
data explain the practice
has of humans to
been monitor data in order
collect to make decisions
ed. He about individuals. He
bases believes that
these identifying these
claims practices as
surveil which Clarke (1988)
lance has introduced
triviali almost two decades
ses ago to describe the
the systematic
real monitoring of
surveil peoples actions or
lance, communications
for through information
which technology.
he Nonetheless,
gives whether the term
as an 'surveillance' is used
examp or not, the extensive
le the collection of
specia individuals data is
l seen with unease by
attenti privacy scholars.
on to
passe 2.2.5.1 Digit
ngers al
with tech
risky nolo
surna gies
mes. chan
ging
In this
the
contex
conc
t, it
ept
could
of
be surv
seen eilla
as nce:
more new
suitabl vers
e to us
use tradi
the tion
al
term
surv
datave
eilla
illance
nce
,
The traditional
definitio agree that the concept
n of of surveillance has
surveill changed over the last
ance as decades and have
close declared the
observaemergence of new
tion of asurveillance. Marx
suspect (2002) identifies 28
individu dimensions in which
al with traditional and new
the surveillance differ. For
naked instance, Marx
eye describes the
does differences between
not new and traditional
necess surveillance as
arily concerning the
apply collection of data. The
any generation of
longer, predominantly digital
due to data in private life and
the commercial settings
capabili leads to fewer costs of
ties of data handling. Data
modern collections tend to
technol occur on a continuous
ogies to and routine basis,
routinel which makes the
y gathering less visible
record and enables real-time
data. availability of
Several information, such as
authors for example CCTV
such as data, use of credit
Lyon cards and mobile
(1994), phones. Inexpensive
Marx storage space enables
(2002) the long-term retention
and of data. In addition,
Clarke faster computer
(2005), processors make it
easier e, store, retrieve and
to analyse data and help
organis to
Andrea 51
Gorra Page
as suggested by
Stalder (2002).
make
However, it seems
predi
that Marx solely
ction
bases his
s for
distinction of the
the
differences
future
regarding the two
. This
types of
can
surveillance on the
be
capabilities of
relev
modern ICTs, such
ant
as assistance with
for
the handling of
com
great amounts of
merci
data, or in other
al
words on the
comp
continuing
anies
development of the
for
technological age.
mark
eting
Marx (2002) places
their
the emphasis of new
produ
surveillance on mass
cts,
surveillance of
as
groups consisting of
well
anonymous
as for
individuals, rather
gover
than on the visible
nmen
and noticeable
ts in
monitoring of
order
individuals. In
to
addition, the
incre
increased storage
ase and analysis
accur capabilities enable a
acy closer examination
of of certain subjects of
plann surveillance, in real-
ing time but also in
retros graphic
pectiv discrimination of
e. groups of
Lyon individuals. Davies
(1994) shares Lyon's view
points and offers as an
out example the use of
that it statistics by the
is not British government,
neces instead of suspicion,
sary to to justify the use of a
identif range of new
y powers, such as
individ DNA test and finger
uals in printing (Talk Simon
order Davies at Leeds
to Metropolitan
condu University, 28th
ct October 2005).
profilin
g of Different phases in
behavi the application of
our surveillance
and technologies are
habits distinguished by Kim
in (2004). Firstly,
relatio physical surveillance,
n to as described by
social Bentham (1791) and
demo Foucault (1975), as
graphi for example by their
cs. He ideas about the
fears Panopticon; secondly
that the concept of
this electronic
can surveillance that
lead to places the emphasis
social on the use of
sorting technologies to
and expand the observing
demo electronic gaze from
prison which is described as
or the systematic use of
factory personal data
to the systems in monitoring
wider of the actions or
society communications of
with one or more persons
help of by Clarke (1994b). As
informa last phase of the
tion social effects of
technol surveillance
ogies technology, Kim
as (2004) introduces the
discuss notion of hyper-
ed by surveillance and
Marx refers to the authors
(1985) Bogard (1996) and
or Lyon Haggerty and Ericson
(1994). (2000). However, the
Thirdly, author fails to
data explicate the
surveill difference between
ance, the phases of
also dataveillance and
known hyper-surveillance,
as which seems to be
datave minuscule.
illance
Andrea
Gorra Page
52
formed by a
number of
T
different
o
agents. This
d
contradicts
a
visions of
y
surveillance
related to Big
s
Brother, as
described in
i
Orwell's novel
m
'Nineteen
m
eighty-four', or
e
in other words
n
one single data
s
collection
e
agency.
Different data
d
collection
a
agencies can
t
encompass
a
commercial
companies
c
logging
o
consumers
ll
shopping or
e
financial data,
c
governmental
t
agencies that
i
record images
o
of pedestrians
n
crossing the
s
streets, and
interceptions of
a
communication
r
for keywords
e
indicating
terrorist
p
activities by
e
listening
r
s Some perceive a
t change in the
a privacy debate in
t that citizens used
i to be worried
o about either
n commercial
s companies or the
government
s having access to
u their data. Even
c though neither of
h these concerns
have vanished,
a there are now
s relationships
springing up
M between
e commercial
n companies and
w the government
i (13th Annual
t Conference on
h Computers,
Freedom &
H Privacy, Plenary
il Session #9: Data
l Retention in
i Europe and
n America, 2003).
This
Y collaboration
o between public
r and private
k sector actors
s particularly
h applies to the
i
discussion about
r
data retention.
e
The government
.
gains access to
us ernet service
er' providers.
s
m 2.2.5.2 Data
ob shadows of
individuals and
ile implications of
dataveillance for
ph
society
on
The dangers and
e
benefits of
co
surveillance are
m
identified most
m
concisely by
un
Clarke (1998)
ic
and Lyon (2001).
ati
Lyon believes
on
that society
s
profits of
da
surveillance in
ta
terms of
vi
efficiency,
a
mobility, security
pri
and public order.
va
Clarke
tis
predominantly
ed
identifies the
,
advantages of
co
physical security
m
and the data
m
matching
er
practices of
ci
organisations to
al
combat fraud.
m
Both authors
ob
point out as
ile
potential
ph
dangers of
on
dataveillance the
e
unintended
an
consequences
d
and negative
int
di s to individuals
m and to society.
e Clarke (1998)
ns identifies as
io dangers of
ns dataveillance for
of individuals that
su decisions based
rv on incorrect data
eil may lead to
la unfairness. This
nc can particularly
e. become a
problem when an
Th individual is
e unaware of the
thr data collection
ea and hence has no
ts means to rectify
of wrong data.
m Consequently,
as this can result in
s blacklisting a
da person over a
ta matter that is still
ve under dispute or
illa falsely related to
nc that person.
e Metaphors such
ca as 'data shadow',
n 'data trail' or
be digital personae
di are frequently
vi applied in the
de literature to depict
d the effects of
int dataveillance on
o individuals (see
da for example
ng Clarke, 1994b;
er
Ly r 2002; Bennett
on 2005). The 'data
20 shadow' is made
01 up of personal
; data and follows
St or precedes an
al individual. The
de danger here
Andrea 53
Gorra Page
Nevertheless, the
awareness of data
is the
collection can create
potenti
a climate of self-
al
consciousness and
judging
suspicion. Clarke
and
(2000) further
discrim
perceives as a
ination
danger of
based
surveillance that it
on
makes it possible for
data
authorities to focus
that
on undesirable
might
classes of people
not be
before they commit
accura
an offence. For
te.
example, the 1984
Nissen
Police and Criminal
baum
Evidence Act gives
(1998)
police the right to
points
stop and search on
out
grounds of suspicion.
that
This situation results
even
in an inversion of
though
burden of proof from
those
the accusing
who
organisation to the
are
individual who now
aware
needs to provide
of
evidence of their
collecti
innocence.
ons of
their
Collections of
data
personal data may
may
not only be
be less
interpreted as a
easily
threat to personal
targete
privacy but more
d or
importantly as a
manip
danger to social
ulated.
justice. data collection, as
Clarke well as decreased
(1998) respect for the law
warns and law enforcers,
that deteriorating of
"datave societys moral fibre
illance and solidarity. The
is by its STOA report
very (European
nature, Commission's
intrusiv Science and
e and Technology Options
threate Assessment office)
ning". cautions of the
Danger surveillance
s of capability of ICTs that
mass may be used to track
datavei the activities of
llance journalists,
to campaigners and
society human rights activists
can (STOA report, 1998).
once These technologies
again can result in a chilling
be effect on those who
describ participate in
ed as democratic protest
to warns Privacy
create International (1999).
a Along the same lines
climate Clarke (2005)
of indicates that privacy
suspici is important from a
on, political viewpoint,
particul enabling freedom of
arly speech to think and
when act. In his view, the
individumonitoring of
als are individuals'
aware communications and
of the actions threatens
democr itself can be a means
acy. of creating divisions.
Lyon Hence, personal data
(2003) and communications
argues data retention cannot
that merely regarded as
concer an individual privacy
ns concern but need to
about be framed as bearing
surveill an effect on society
ance as a whole.
used to
be Already in his 1988
expres paper, Clarke
sed in identifies costs of
terms collecting, storing and
of analysing data as a
privacy natural control' to limit
and dataveillance.
freedo However today almost
m. He 20 years on, this
warns reason does not ring
that the true anymore. As a
digital
result of most data
divide
being generated in
is not
digital format, the
just a
costs of automatic
matter
data collections and
of
their analysis have
access
decreased
to
significantly. Clarke
informa
highlights the moral
tion but
obligations of IT
that
professionals,
informa
tion Andrea Gorra Page
54
ndle individuals'
m data in an
ar ethical way.
ke
te 2.2.6 Privacy
enhancing
rs
and invading
an technologies
d The question
go whether technology
ve itself can be seen as
rn 'neutral', 'good' or
m 'bad' is frequently
addressed by
en
scholars (Clarke,
ts
1999b; Cady, 2002).
in
"There is nothing
cr
inherently good or
ea
bad about the
tin increased power of
g technology"
an maintains Marx
d (2006, p. 38), and
us suggests that new

technologies with
in
privacy invasive
g
potential must be
co
subjected to
m
empirical and ethical
pu
questions and not
te simply accepted as
r good because they
sy are novel. In the
st same manner, Lyon
e (2002) argues that

new information and
m
communications
s
technologies do not
to
by themselves create
ha
surveillance but
rather though the author
the admits that
applica technology has
tion of social, political and
technol economic effects and
ogy transforms some
and activities within
the society, he also
policie argues that this does
s not alter societys
accom substance. In
panyin addition, he
g its challenges the widely
usage. accepted view that
May the arrival of the
(2002) information society
asserts has fundamentally
that transformed society.
ICTs
do not Some place
funda technologies into
mentall categories according
y to their ability to
change invade or protect
society individual privacy
and do (Clarke, 1999;
not Bowden, 2003). Data
constit warehousing and
ute an data mining, as
inform introduced in
ation previous sections,
'revolut are often perceived
ion' as predominantly
that privacy invasive
require technologies (PITs).
s To this category are
entirely also often counted
new authentication
thinkin technologies such as
g. biometrics and
Even technologies, as they
do not provide anonymity in
allow transactions or
the provide a
anony pseudonym.
misatio Examples of PETs
n of are anonymous web
data. browsers, remailers
Techno and encryption (Agre,
logies 1997; Clarke, 1999,
that 2001). These PETs
can be are an important part
used to of the privacy model
protect of technological self-
the help as introduced in
privacy section 2.2.3. Kim
of (2004) claims that
users PETs may help
are transparency as well
known as reconstruct
as interpersonal trust in
privacy the networked
enhanc environment and can
ing help the promotion
technol and protection of
ogies privacy rights.
(PETs). However, the author
They also admits that PETs
protect fail to acknowledge
the the drive (or
privacy motivation) for
of exploitation or
individudominance.
als and
Gorra Page
55
Andrea
for privacy policy
and law. As
2.2.7 M
oexplained above,
b
location data has the
i
lpotential to be used
e
to create profiles,
psocial sorting,
h
discrimination and
o
ndifferential
e
treatment, which
loften remain
o
cinvisible to most
amembers of the
t
ipublic (see Clarke,
o2000; Lyon 2005;
n
Surveillance Studies
dNetwork, 2006).
a
tDespite these
aclaims, it needs to
abe clarified that a

nmobile phones
d
location may or may
pnot correspond to
r
ithe whereabouts of
van individual
a
cpresumed to be the
yuser.
It can Mobile phones have

be always been
argue 'location-aware',
d that because location
locatio awareness is an
n inherent feature of
techno mobile telephony as
logies discussed in the
pose previous part of this
new chapter (see for
challe example section
nges 2.1.2). However, in
recent periods of time. As
years discussed in previous
the sections, British
accura citizens are ensured
cy with a right to privacy
which under the European
mobile Convention on
phones Human Rights, which
can be as been brought into
located the domestic context
has by the Human Rights
improv Act 1998. However,
ed, as this right to privacy
well as can be interfered with
the under a range of
ability exclusive purposes
to store listed in Article 8.2
and ECHR (see previous
proces section 2.2.1) and in
s large accordance to the
amount ECtHRs
s of jurisprudence . Some
data. It have argued that the
is now blanket retention of
possibl all citizens'
e to communications data
preserv violates those rights
e and to privacy and details
access will be provided in the
present subsequent section
and 2.3.3.2. Regarding
past the privacy
movem categories commonly
ents of identified in the
all literature, it can be
mobile argued that location
phone data falls into six out
users of the seven
over categories (see
prolong section 2.2.2). Only
ed the category of bodily
privacy,a distinction needs to
which be made between the
relates use of data for law
to a enforcement and for
person commercial
s purposes. The use of
physica communications data
l self, for the former falls
cannot under state
be surveillance
seen techniques and is
as regulated by
directly legislation such as
affecte the Regulation of
d by Investigatory Powers
locatio Act 2000 (section
n data. 2.3.3.2).
Particul
arly in The use of
the communications
area of data for commercial
informa services is for
tion example regulated
privacy,by the European
which
Union Privacy
is
Directive (Directive
concer
2002/58/EC) and
ned
Vodafone's Code of
with
Practice that
individu
regulate the access
als'
to location data
person
al data, (Vodafone's Code of
Andrea Gorra Page
56
n data may only be
processed when
Practic
made anonymous or
e,
with the consent of
2005).
the user. Vodafone's
The
Code of Practice
Directiv
(2005) distinguishes
e
two types of location
explicitl
services, active and
y
passive (see section
covers
2.1.3), and stresses
unsolici
that particularly the
ted
latter require the
messa
informed consent of
ges for
the mobile phone
marketi
user. Gow (2004)
ng
stresses the role of
purpos
consent as
es and
establishing the legal
stresse
grounds regarding
s the
location data and its
need
importance for
for
understanding
prior
location privacy
consen
issues in the
t
commercial context.
(Article
He distinguishes
13).
between three
Article
moments of consent:
9 of the
collection, use and
Directiv
disclosure of
e deals
personal data. In the
with
same manner, White
the use
(2003) refers to three
of
processes to identify
locatio
privacy issues
n data
particular relevant to
and
location techniques;
require
firstly location
s that
identification,
locatio
second is a more personal
ly data device than for
proces example a desktop
sing PC.
and
thirdly To summarise, the
value- authors highlight
added that the informed
use. consent of mobile
Spiekerphone users is
mann required to use
(2004) mobile phone
predomlocation data for
inantly commercial
perceiv purposes. However,
es for the use of
unsolici location data by
ted governmental
messa agencies, such as
ges for crime and
('mobil terrorism, the
e consent of mobile
spam') phone users is not
as explicitly obtained
privacy but acquired by the
intrusio signature in the
ns and mobile phone
points contract. Further
out that discussion of this
the matter will be
mobile provided in the next
phone section.
Andrea
Gorra Page
57
tion and
communication
2.2.8 Stechnologies. This
u
second part has
m
mdiscussed the
a
relationship and
r
yimpacts of these
technologies on
P
aindividuals privacy. In
r
addition to this, a
t
range of privacy
2definitions were
introduced and
As can categorised
be according to several
seen criteria. Current
from legislation relevant to
the first mobile phone
part of communications data
this and privacy were
chapter presented, while the
, the use of location data
continu for law enforcement
ous and commercial use
generatwas differentiated. It
ion and has become clear
long- that privacy is a
term concept that is hard
storage to define and this is
of reflected in the
digitise jurisprudence of the
d European Court in
person Strasbourg, which
al data decides on
is an infringements of
inheren human rights,
t part ofincluding privacy, on
todays a case by case basis.
networ The following
ked section offers an
informa
introd retention and
uction access of
to the communications
legisl data by law
ative enforcement
frame agencies, as
work relevant in the
regar European Union
ding with focus on the
the UK.
Andrea
Gorra Page
58
This final section of
the chapter provides
2.3 P an insight into the
a
r legal framework
t relevant to mobile
3 phone
:
L communications
e data. Firstly, the
g
section provides
a
l some definitions for
f mobile phone
r
a communications
mdata, of which
e location data is one
w
o element. The
r subsequent sections
k
review the legislation
r
e and context up to and
l beyond the 9/11
e
v terrorist attacks in the
a US, and as relevant
n
to the retention of
t
t mobile phone
o communications data
m
o in England. The main
b two British legal
il instruments that is
e
p the Regulation of
h Investigatory Powers
o
Act 2000 (RIP Act)
n
e and the Anti-
l Terrorism Crime and
o
c Security Act 2001
a (ATCS Act) are
ti
discussed, as well as
o
n the European Data
d Retention Directive
a
t 2006/24/EC. Finally,
a the predominant
arguments in the
dispute ne
communicati
s and
ons data
debate
s about While Part 1 of this
the chapter (see section
compul 2.1) has already

sory provided some
storag technical background

e of all to mobile phone
British location data, this
and section focuses on
also the legal definitions
Europe of communications
an data of which mobile
mobile phone location data

phone is one element. The
users ATCS Act refers to
commu the RIP Act for
nicatio definitions of
ns data communications data
are to be retained by
presen mobile phone and

ted. internet service
providers.
Communications
2.3.1 D
edata is defined under
f
ithe RIP Act (section
n21, 4 a, b, c) as
i
tfollows:
i
o Table 2.2: Definition
n of communications
s data (RIP Act, sect.
21, 4 a b c)
o
f
(4) "Communicati
ons data"
m means any of
o the following-
b (1) an
i
y
l
e traffic
data
p compri
h sed in
o
or being
atta or may
che be
d to transm
a itted;
co (2) any
mm informati
uni on
cati which
on includes
(wh none of
eth
the
er
contents
by
of a
the
commun
sen
ication
der
(apart
or
from
oth
any
erw
informati
ise)
on
for
falling
the
within
pur
pos paragra
es ph (a))
of and is
any about
pos the use
tal made by
ser any
vic person-
e (1)
or of
tele a
n
co y
mm
uni p
cati o
s
on t
sys a
tem l
by s
e
me
r
ans v
of i
whi c
e
ch
it is o
falling
within
paragr
aph (a)
or (b)
(2) that is
in held or
connection obtaine
with the d, in
provision relation
to or use to
by any person
person of s to
any whom
telecommu he
nications provide
service, of s the
any part of service
a , by a
telecommu person
nication providi
system; ng a
postal
(3)
service
any
or
info
teleco
rm
mmuni
atio
cations
n
service
not
.
Andrea Gorra Page
59
practice for
T voluntary
h retention of
e communica
tions data'
' (Home
C Office,
o 2003b,
n section 15)
s explains
u that
l communica
t tions data
a can be
t divided into
i three broad
o categories,
n such as:
15 Traffic data
p identifies
a who the user
contacted, at
p
what time the
e contact was
r made, the
location of
o the person
contacted
n
and the
location of
a the user.
15 Service use
c information
o are for
example
d
itemised
e
telephone
call records,
o i.e. the
f numbers
called from
a mobile
p tifies the
h user of
o the
n service,
e providing
, their
in name,
cl address,
u telephon
di e
number.
n
g Appendix A of
ti
the
m
consultation
e
s paper provides
a further details
n about data
d
types retained
d
u and their
r retention
a periods, that is
ti
for example:
o
n Subscriber
. information relating
15 S to the person
u encompass for
b example, name, date
s of birth, installation
c and billing address
r and payment
i methods.
b Telephony data
e includes amongst
r other data,
1- all
d numbers (or
a other
t identifiers
a e.g.
name@bt)
associated
i
with call
d
(e.g.
e
physical/pre
n
sentational/
n umbers)
e (for details
t about these
w see section
o 2.1.2.1 and
r glossary)
k 2- Date and time
of start of call,
a duration of call/date
and time of end of
s
call
s
3- Location
i data at start and/or
g end of call, in form
n of lat/long
e reference.
d 4- Cell site data
from time cell
ceases to be used.
C
L SMS and MMS data
I include for example
, 1- Calling and
called number, IMEI
I 2- Date and time
M of sending
S 3- Location data
I when messages
sent and received,
,
in form of lat/long
reference.
I
M Subscriber
E information and
I
, telephony data are
stored for
e
12months, whereas
x
c SMS and MMS data
h is only stored for 6
a
months.
n
g
To summarise, the
e
/ British legislation
d defines mobile phone
i location data as an
v
element of traffic
e
r data, which is one of
t the three categories
of communications
n
data. processed in an
The electronic
Europe communications
an network, indicating
Directi the geographic
ve on position of the
Privacy terminal equipment
and of a user of a publicly
Electro available electronic
nic communications
Comm service". This Article
unicati applies to computers,
ons PDAs and mobile as
(Directi well as landline
ve telephones. This
2002/5 Directive was more
8/EC, comprehensive than
Article previous rules as it
2, c) used the term
defines 'electronic
locatio communications',
n data instead of being
as "any restrictive to certain
data technologies.
Andrea Gorra Page
60
). The 2002
Directive (section
The
14) further
Dire
specifies that
ctive
"Location data
2002
may refer to the
/58/
latitude, longitude
EC
and altitude of the
was
users terminal
ame
equipment, to the
nded
direction of travel,
by
to the level of
Dire
accuracy of the
ctive
location
2006
information, to the
/24/
identification of the
EC
network cell in
rega
which the terminal
rding
equipment is
the
located at a certain
purp
point in time and to
oses
the time the
for
location
whic
information was
h the
recorded".
data
can Hosein and
be Escudero-Pascual
retai (2002) argue that
ned new legislation
by concerning traffic
the data tends to be
servi technology-neutral
ce which does not take
provi into account the
ders differences in traffic
(see data across different
secti communications
on infrastructures and
2.3.4 protocols. The
author watch, 2001) or
s point "does not refer to"
toward (Council of Europe,
s the 2001) content,
differin however, Hosein and
g Escudero-Pascual
definiti (2002) point out that
ons of there are ambiguities
traffic particularly regarding
data internet data. For
from instance, click
the stream information
Counc of internet access
il of logs closely relates
Europ to the content of
e everything that has
(CoE) been accessed and
and downloaded (Walker
the and Akdeniz, 2003).
Group For example, within
of a communication,
eight data identifying
industr www.homeoffice.gov
ialised .uk would be traffic
countri data, whereas data
es identifying
(G8). www.homeoffice.gov
Both .uk/kbsearch?
definiti qt=ripa+traffic=data
ons would be content
explai (Home Office,
n that 2003a, page 7;
traffic Escudero-Pascual
data and Hosein, 2004).
"does
not As highlighted in the
includ previous section
e" 2.2.7,
(G8, communications data
see is of relevance for
State commercial but also
for law device. On the one
enforce hand, location data is
ment described as being
use. In connected to
this particular individual
context consumers and
, Green hence has economic
and value. It is for
Smith example used for
(2004) mobile location-
point based services (see
out that section 2.1.3),
differen however only with the
t actors explicit consent of the
use mobile phone user
differin (see section 2.2.7).
g On the other hand,
interpreindustry sources and
tations regulatory bodies
of claim that location
mobile data, as part of traffic
phone data is anonymous
locatio and not connected to
n data, a specific individual.
particul Green and Smith
arly base this claim on
regardi one of their own case
ng the studies which
relation highlighted the
ship difference between
betwee billing data and traffic
n data. The former is
mobile personal, as it
device includes information
and the such as the
individusubscriber's name
al and address, and
associatherefore needs to be
ted regulated under the
with Data Protection Act.
this The latter is
anony mised at
Andrea Gorra Page
61
n be argued that
even though an
the
end of individual can
the hardly be
phone identified solely

call by the mobile
but phone location

archiv data of his or her
ed by phone, the
the combination of
uniqu location data with
e other data may
phone constitute an
numb infringement on a
er and mobile phone
theref user's privacy.
ore
still of Mobile phone
comm location data
ercial discloses location
value at the beginning
to the and end of the call
teleco
and hence records
mmun
changes in
icatio
location. The
ns
following shows
comp
an example of
anies,
outgoing mobile
accor
phone call
ding
records:
to
Green
(2006
).
No
net
hel
ess
, it
ca Figure 2.7:
e
s
i
d
e
n
c
y
o
f
E
u
r
o
p
e
a
n
U
n
i
o
n
,
2
0
0
5
,
p
.
8
)
2.3.2 Background
to
communicati
ons data
retention
Communications
technologies, such as
the internet and
mobile phones, are
an inherent part of
daily lives for the
majority of European
citizens. Every
communication
facilitated by such
technol t service providers,
ogies which are, in the
genera following, referred to
tes a as communications
host of service providers
data, (CSPs). This data
such about communication
as the is also known as
source, communications or
destina transactional data.
tion, Since in western
mobile European societies
phone citizens but also
locatio criminals increasingly
n and use electronic
partial communications and
web rely on technological
browsi infrastructure, the
ng focus of legislators
logs. has turned to
The communications data
data is in response to the
stored September 11 US
for attacks. Attacks on
billing the communications
and infrastructure are
legal also included in the
purpos definition of
es by 'terrorism' (Terrorism
mobile Act 2000, (2))
phone (Walker and Akdeniz,
and 2003).
interne
Andrea Gorra Page
62
data is seen by
security, intelligence
Particul
and law enforcement
arly,
agencies as a useful
the
tool to prevent and
proces
investigate crimes
s of
related to national
adoptin
security. It is
g
important to
Europe
recognise that
an
communications data
Directiv
does not include the
es
content but instead
relating
only refers to
to
information about a
commu
communication. The
nicatio
retained
ns data
communications data
retentio
can be analysed and
n
helps investigators to
(2002/5
identify suspects,
8/EC,
relationships between
2006/2
them and to establish
4/EC)
profiles. The Home
highlig
Office, the ministry
hts the
responsible for justice
political
and internal affairs in
climate
the UK, points out
change
that evidence from
followin
use of
g the
telecommunications
Septe
can be the only
mber
physical evidence
11
available to
attacks
investigators (Home
(see
Office, 2003b, section
section
5). The rapidly
2.3.4).
changing
Comm
technological
unicati
environment and the
ons
require been perceived as
ments more sensitive and
of law personal than data
enforce about
ment communication.
agenci Therefore greater
es to authorisation and
access oversight
the mechanisms are still
data needed to gain
while access to the
ensurin contents of com-
g munication
human (Escudero-Pascual
rights and Hosein, 2004).
of However as Privacy
those International (2003b)
affecte points out, the
d by sensitive nature of
the transactional data of
legislati new technologies
on, makes it similar to
poses content of
challen communication. Data
ges in generated by an
legislati internet users
ng the transactions convey a
area of great deal about this
commu person, because a
nicatio profile of interests,
ns data associates and social
retentio context can be
n. constructed.
Similarly, location
Historic information included

ally, the in mobile phone
content communication data
of is more sensitive than
commu the location

nicatio information of
n has traditional fixed
telepho human rights,
ny including the right of
commu freedom of speech
nicatio and assembly, as
n. well as the right to
Hence, privacy. Considering
the the jurisprudence of
long- the European Court
term of Human Rights in
retentio Strasbourg, the long-
n of term retention of
mobile mobile phone
phone communications data
commu may be seen as a
nicatio disproportionate
ns data interference in the
can be private lives of
seen to citizens, and in turn
affect a the interference is not
wide necessary in a
variety democratic society
of (see section 2.2.3.1).
Andrea
Gorra Page
63
sed. The change
from analogous to
Digitis
ation digital
and
communications
privati
sation infrastructures
With makes it easier to
the store, gain access to
inventi and search
on of transactional data.
the Difficulties of
micro retrieving analogous
proce transactional data
ssor in had acted as a
the natural protection
1970s against unsolicited
and and excessive
with it access and misuse
the of data. In addition,
wides transactional data
pread from analogous
use of systems does not
perso carry as much
nal information as digital
comp data carries today.
uters,
the In 1981, the British
proce Telecommunications
ssing Act transferred the
power responsibility for
and telecommunications
storag away from the Post
e Office, creating a
capaci separate
ty of organisation, British
comp Telecom (BT). At this

uters time competition was
has introduced into the
drama UK
tically telecommunications
increa industry. In 1984, the
Teleco et al., 2002). This
mmuni privatisation process
cations has resulted in a
Act situation where law
1984 enforcement
was agencies needed to
passed approach businesses
and BT and not state owned
was companies for
privatis transactional data. In
ed and addition, changes in
thus business models
lost its such as "always on
monop internet access" and
oly in flat rates for internet
runnin and mobile phone
g use, have made
teleco itemised billing
mmuni largely unnecessary.
cations Hence
system communications
s. This service providers
was only store detailed
the first data about mobile
of a phone and internet
series usage for billing
of purposes for a limited
privatis time. These changes,
ations away from state
of owned
state- telecommunications
owned business to private
utilities companies, made it
throug more difficult for
hout governmental
the agencies to access
1980s the communications
and data, hence, the
into the introduction of new
1990s laws became
(Daler necessary (Walker
and British legislation to
Akdeni take into account new
z, technological
2003). developments (see
section 2.3.2).
As new However, often
teleco governments apply
mmuni old legislative
cations instruments to new
technol technologies to
ogies address the
emergeinterception of
, many networked and
countri mobile
es communications
adapt without analysing
their how the technology
existing has changed the
surveill nature and sensitivity
ance of information
laws (Privacy International,
and for 2003b; Who Knows
exampl Where You've been?
e, the Privacy Concerns
case Regarding The Use
law in of Cellular Phones As
Strasb Personal Locators,
ourg 2004). Changes in
has legislation were the
been most obvious and
used to
Andrea Gorra Page
update
64
existing
retention and access
of communications
immedi
data (Blakeney,
ate
2007). This may
respon
explain why much
ses in
research regarding
Europe
communications data
to the
retention has
terroris
focused on these
t
legislative changes
threats
(see for example
by the
Walker and Akdeniz,
2001
2003; Escudero-
attacks
Pascual and Hosein,
in the
2004; Whitley and
US.
Hosein, 2005).
Securit
y and
2.3.3 Legislative
law development
enforc s regarding
communicati
ement ons data in
agenci the UK
es In the United
worldw Kingdom, two
ide pieces of legislation
have are particularly
encour relevant regarding
aged communications
their data: the Regulation
govern of Investigatory
ments Powers Act 2000
to (RIP Act), which
adopt regulates the
more access to
compr communications
ehensi data, and the Anti-
ve Terrorism Crime and
approa Security Act 2001
ches to (ATCS Act), which
the lays down rules for
the unications data for
retent all European
ion of member states.
comm
The value of
unicat
interception of
ion
communications for
data.
law enforcement
The
agencies and its role
Europ
to fight terrorism of all
ean
kinds has long been
Directi
recognised by the
ve on
British government.
Data
Already the 1999
Reten
Home Office
tion
Consultation paper
(2006/
Interception of
24/EC
Communications in
) also
the United Kingdom
has
proposed and
an
justifies changes to
influe
the interception
nce
regime by law
on the
enforcement
data
agencies at the time
retenti
(Home Office, 1999).
on
In this consultation
regim
paper the Home
e in
Office admitted that
the
legislation had not
UK,
kept up with changes
as it
in the
lays
telecommunications
down
and postal market.
requir
For example, the
ement
number of
s for telecommunications
the companies offering
retenti fixed line services
on of had grown from 2 to
comm around 150, and
there emerged, which is
was defined as criminal
the acts using technology
beginni or action against
ng of technology. Hence
mass interception was
owners thought to play an
hip of important role in law
mobile enforcement
phones (Akdeniz, Taylor and
, as Walker, 2001).
well as Consequently, these
citizens technological
embrac developments made
ing a more
commu comprehensive
nicatin legislative approach
g via more desirable.
the
internet The Consultation
. paper 1999 proposed
Togeth to establish a clear,

er with statutory framework
this for access to
increas communications data
e in and this has resulted
electro in the introduction of
nic the RIP Act. Part 1 of
commu
RIPA addresses
nicatio
those proposed
n, the
amendments
threat
regarding
of
interception
cyber
crime Andrea Gorra Page
65
unications Act 1985
did not extend to
of
non-public telephone
commu
networks and hence
nicatio
this form of
ns,
interception could not
also in
be carried out in
respon
accordance with the
se to
law.
rulings
from
ECtHR 2.3.3.1 Regulation
of Investigatory
in Powers Act 2000
(RIP Act)
Strasb
ourg The RIP Act 2000 is
where the latest step
the towards the
development of an
case of
inclusive code of
Halford
policing and
v UK
surveillance,
has
including the
been
surveillance of
particul
internet data. As
arly
described in the
relevan
previous section, the
t (see
increased use of
section
mobile phones and
2.2.1).
internet by citizens,
In this
as well as rulings
case,
from the European
the UK
Court of Human
legislat
Rights in Strasbourg
ion at
made a more
the
comprehensive
time in
approach necessary
form of
(Akdeniz, Taylor and
the
Walker, 2001; Bailey,
Interce Harris and Ormerod,
ption of 2001). The RIP Act
Comm also sought to
regulat ng the Interception of
e Communications Act
surveill 1985, which it
ance of repealed. The
the Interception of
types Communications Act
of 1985 permitted law
commu enforcement
nicatio agencies to have
n not access to
dealt communications,
with in which later had to be
the limited under the
Police Human Rights Act
Act 1998 (Hosein and
1997, Whitley, 2002). Prior
as for to the 1985 Act, the
exampl interception of
e communications was
pagers, not regulated by
mobile statute but by Home
phones Office administrative
or practice that was
emails. given implicit
The Actrecognition by the
extend Post Office Act 1969,
s the s. 80. (Bailey, Harris
legislati and Ormerod, 2001).
ve
powers The Regulation of
in Investigatory Powers
Bill was introduced
relation
to the House of
to post
Commons on
and
February 9th 2000
teleco
and was given the
mmuni
Royal Assent, which
cations
means that it
surveill
became law, on July
ance
28th 2000. The RIP
by
Act aimed to ensure
replaci compliance with the
ECHR s is an important
and Bill, and
represents a
the
significant step
Huma forward for the
n protection of
Rights human rights in
Act this country.
Human rights
1998,
considerations
as
have dominated
Secret its drafting. None
ary of of the law
State enforcement
for the activities specified

in the Bill is new.
Home
What is new is
Depart that, for the first
ment, time, the use of
Mr. these
Jack techniques will
be properly
Straw,
regulated by
highlig law and
hts in externally
the supervised. That
RIP will serve to
ensure that law
Bills
enforcement and
Secon
other operations
d are consistent
Readi with the duties
ng in imposed on public
authorities by the
the
European
House
Convention on
of Human Rights and
Comm by the Human
ons: Rights Act 1998.
Thi (HC Debate, 2000,
Column 767)
Gorra Page
Andrea 66
xt of encrypted
material or in certain
The
circumstances
RIP Act
decryption keys
enable
themselves. Part I of
s
Chapter II of the Act
secret
deals with acquisition
service
and disclosure of
s to
communications
monito
data. The provisions
r all
of Chapter II came
online
th
activity into force on 5
in the January 2004 (Home
fight Office, 2000).
against
cyber The RIP Act was
crime. highly contested
It when it was
allows introduced into

senior Parliament, as the
memb viewpoints of
ers of government,
the industry and
civilian privacy advocates
and differed widely.
military Issues of discussion
police, were the
custom development of
s and legislative
memb instruments in the
ers of face of continuously
the changing
judiciar technological
y to developments,
deman meeting
d that requirements of law
users enforcement
hand agencies to access
over the data while at the
the same time
plainte maintaining the
human public authorities to
rights access
of communications data
those without a warrant.
affecte In June 2002, David
d by Blunkett, the home
the secretary at the time,
legislat suggested expanding
ion the RIP Act greatly by
(Hosei extending the number
n and of public bodies to
Whitley 1039 public
, authorities to monitor
2002). citizens'
After a communications
public data. The draft
consult secondary legislation
ation in under section 25 RIP
August Act proposed
2001, allowing access to
controv communications data
ersies without a warrant to
arose Government
regardi departments, such as
ng the Department for
surveill Environment, Food
ance and Rural Affairs, and
concer the Department of
ns, as Health, as well as
the Local authorities and
RIP Act other bodies, such
allowe the Environment
d the Agency and the
Home Scottish Drug
Secret Enforcement Agency
ary to (The Regulation of
design Investigatory Powers,
ate a Communications
large Data: Additional
numbe
Public Authorities
r of
Order, 2002 ).
This his annual report
result that he could not
ed in ensure meaningful
a oversight of so
contr many bodies
overs without assistance.
y Following protests
about of civil liberties
the groups, the media
expa and opposition in
nsion Parliament and
of from the
powe Information
r and Commissioner, the
those Statutory Order
plans was withdrawn on
beca 18 June 2002
me (Statewatch News,
know 2003; Reporters
n as without borders,
"Sno 2004).
opers
' In 2003, the Home
chart Office initiated a
er" second public
(BBC consultation in form
News of two consultation
, papers, one on
2002) access to
. The communications
Surv data (Home Office,
eillan 2003a) and one on
ce the retention of
Com communications
missi
data (Home Office,
oner
2003b). These
admit
ted in Andrea Gorra Page
67
Communications
Data - Respecting
provid
Privacy and
ed
Protecting the Public
some
from Crime' (Home
backgr
Office, 2003a) seeks
ound
consultation
and
regarding permitting
further
access to only parts
justific
of communications
ations
data, that is service
for the
use information and
need
subscriber data, to
for a
certain public
range
authorities.
of
public
After this consultation
authori
period, Parliament
ties to
approved the
access
implementation of
comm
Chapter II. In summer
unicati
2006 the Home
ons
Office published a
data
further consultation
as a
paper relating to
neces
Chapter II, Part I of
sary
the RIP Act to invite
and
comments regarding
propor
the revised draft code
tionate
of practice (Home
require
Office, 2006). In
ment.
September 2003, the
For
Home Secretary
examp
proposed a new
le, the
amendment to the
consul
RIP Act. As before,
tation
this amendment gave
paper many bodies
'Acces including local
s to authorities, the power
to (Reporters without
access borders, 2004). Sir
commu Swinton Thomas was
nicatio appointed as the
ns data Interception of
of Communications
citizens Commissioner from
. The 11 April 2003 to 10
govern April 2006 under
ment Section 57(1) of the
appoint Regulation of
ed an Investigatory Powers
Interce Act 2000. His role
ption of requires him to
Comm publish annual
unicati reports which review
ons the interception
Commi processes (see for
ssioner example Swinton,
to 2007). Hosein argues
protect that instead of
citizens making the retention
from of communications
abuses data mandatory in
of the UK, the government
RIP Act took the issue to
and Europe (Grossman,
ATCS 2006).
Act
Andrea
Gorra Page
68
The following table (Table 2.2) gives details about reasons for access and
organisations that are entitled to gain access to communications data under the RIP
Act:
Table 2.3: Access to communications data: reasons and organisations
Communications data can be obtained for the following reasons:
1 in the interests of national security;

2 for the purpose of preventing or detecting crime or of preventing disorder;
3 in the interests of the economic well-being of the United Kingdom;
4 in the interests of public safety;
5 for the purpose of protecting public health;
6 for the purpose of assessing or collecting any tax, duty, levy or other
imposition, contribution or charge payable to a government department;
7 for the purpose, in an emergency, of preventing death or injury or any
damage to a person's physical or mental health, or of mitigating any injury or
damage to a person's physical or mental health; or
8 for any purpose (not falling within paragraphs (a) to (g)) which is specified for
the purposes of this subsection by an order made by the Secretary of State.
(Home Office, 2000, Chapter II, section 22)
The following organisations hold the powers to obtain communications data:
1 Any Police Force including PSNI, any Police Force of HM Forces and British
Transport Police
2 National Criminal Intelligence Service (NCIS)
3 National Crime Squad (NCS)
4 HM Customs & Excise
5 The Inland Revenue
6 The Security Service (MI5)
7 The Secret Intelligence Service (MI6)
8 The Government Communications Headquarters (GCHQ)
9 Local Authorities such as FSA, DTI, the Emergency Services; government
departments such as DEFRA, Dept of Health, Home Office Immigration
Service; as well as County and District Councils (see SI 2003 No 3172).
10 Department of Work and Pensions
(The Investigatory Powers Tribunal, 2005)
Andrea Gorra Page 69

order to authorise it.
There is a much
Comm
wider range of
unicati
purposes, such as
ons
public safety,
data
preventing serious
can be
harm or collection of
obtaine
tax (see Table 2.2,
d by
above), than those
the
for which a warranted
authori
interception of a
sation
communication can
of a
be made in order to
relevan
obtain the content of
t and
the communication
named
(Davis, 2003). As
senior
explained in the
official
previous section
of an
2.3.2, the content of
organis
communication is
ation
considered as more
listed
intrusive than
in
information about the
Table
communication.
2.2,
There is a
who
requirement for
must
organisations to liaise
consid
with Communications
er the
Service Providers
reques
through a Single
t for
commu Point of Contact
nicatio (SPoC) to ensure the
ns data smooth provision of
to be service by CSPs. A
necess SPoC is "an
ary individual or group of
and individuals within a
proport public authority who

ionate has been trained and
in accredited to facilitate
lawful authority. The
access Interception of
to Communications
commu Commissioner
nicatio oversees
ns authorisations of
data" access to
(Home communications
Office, data. CSPs may be
2003a, compensated for the
section costs involved in
9). retaining and giving
SPoCs access to data, with
assess money that may be
whethe provided by
r Parliament (RIP Act,
access section 24). The
in a Office of Surveillance
particul Commissioners
ar case (2003) provides an
is oversight of the
reason conduct of covert
ably surveillance by public
practic authorities according
al for to Parts II and III of
the the RIP Act.
CSP
2.3.3.2 Anti-
and Terrorism Crime
also and Security Act
2001 (ATCS Act)
consid
The Regulation of
er
Investigatory
costs
Powers Act 2000
and
did not require
resourc
communications
e
implicatservice providers to
ions for retain data, and
the instead only
CSP regulated access to
and the the data that may

public reside in CSPs
netw permitted by the
orks. Data Protection Act
Howe 1998 (section
ver 2.2.3.2). The Anti-
some Terrorism Crime
mobil and Security Act
e 2001 provided a
phon legal basis for the
e retention of data
servi and specified
ce periods of time
provi during which
ders communications
had providers would be
admit required to retain
ted to communications
store data.
com
muni In August 2000, a
catio proposal to store
ns communications
data traffic data for up to

for 7 years was
mont submitted to the
hs Home Office by the
and National Criminal
years Intelligence Service
(Milla (NCIS) on behalf of
r and a number of UK law
Kelso enforcement
, agencies, such as
2001) MI5, MI6, the
, Association of Chief
which Police Officers, and
woul GCHQ (Ahmed,
d not
2000). The reasons
have
been Andrea Gorra Page
70
Deputy Director-
general of the NCIS,
given
which oversees
for
criminal intelligence
these
in the UK. The
propos
document proposed
ed
giving access to the
change
retained
s were
communications data
the
under the provisions
growin
of the RIP Act.
g need
Communications data
to fight
was suggested to be
cyber
retained for real-time
crime,
access by
internat
communications
ional
service providers for
drug
12 months. Once the
trafficki
data was 12 months
ng and
old, it should be
the use
retained for a further
of
six year period and
comput
deleted afterwards.
ers by
Mobile phone
paedop
location data was
hiles
described as
(Privac
beneficial to
y
investigations, as it
Internat
could be used to
ional,
locate the proximity
2002;
of a mobile phone
Whitley
user to a crime
and
scene, to trace
Hosein,
associates of
2005).
suspects and to
The
locate places of
author
significance.
of this
Oversight was
report
proposed to be given
was
by the designated
the
chief seen, at the time, as
officer a reasonable and
(Gaspa proportionate
r, response to the
2000). growing use of new
technologies by
This criminals. Britain's
propos Deputy Data
al was Protection
never Commissioner
formall pointed out that the
y retention of traffic
adopte data would constitute
d as a conflict with the
govern right to privacy as
ment laid down by Article 8
policy, of the Convention on
even Human Rights (Ward,
though 2001).
the
govern This situation
ments changed with the
policy introduction of
did ACTSA. The Anti-
change Terrorism Crime and
in the Security Bill was
months introduced to
and Parliament two
years months after the
after. September 11, 2001
In attacks and received
additio the Royal Assent
n, already on December
capturi 14, 2001. The bill

ng passed through the
traffic House of Commons

data of with the government
all allowing it only 16
citizen hours of debate,

s was which was seen as
not an inappropriate
length opposition to the Bill.
of time, A number of Lords
consid who are also lawyers
ering warned that the
the Human Rights Act
comple could not provide a
xity of sufficient safeguard
the Bill against the illiberal
and measures (Fenwick,
the 2002). The swift
extensi schedule of
ve introducing and
numbe debating the Act has
r of led a Parliamentary
129 Committee to
section question whether the
s. Act had been
While discussed and
the examined in sufficient
House detail, as its
of provisions result in
Comm major implications for
ons did civil liberties (Select
not Committee on Home
impose Affairs, 2001). Others
a consider that the
single September 11
amend attacks served as a
ment blanket reason for
on the establishing
Govern measures that had
ment, been previously in
the preparation by
House government
of departments (Whitley
Lords and Hosein, 2005).
voiced
Andrea Gorra Page
more 71
(Fenwick, 2002, p.
724), and warn that
Tomkin
draconian anti-
s
terrorist laws have a
(2002)
far greater impact on
criticise
human rights then
s the
they ever will on
Act as
crime (Wadham,
the
1999).
surely
Indeed, supporting
the
this view is the fact
most
that a voluntary code
draconi
an had been agreed
legislati between government

on and the
Parliamcommunications
ent has industry (section
passed 102.4). The ATCS Act
in requires
peaceti communications
me in service providers to
over a voluntarily retain
century communications data
. Other"to safeguard national
comme security or to prevent,
ntators detect or prosecute
refer to crimes related to
the national security"
Home (ATCS Act, 2001,
Secret explanatory notes,
ary's Section 29). These
mantr voluntary
a that requirements can be
they made mandatory if
are deemed necessary
merely by the Secretary of
protecti State (ATCS Act,
ng 2001, Section 104).
democr Walker and Akdeniz
acy (2003, p. 14) point
out that n 103.4). The Act
this allowed the
might Secretary of State to
indicat make the Code of
e how Practice compulsory
hesitan (section 104).
t Whitley and Hosein
Parliam(2005) point out that
ent felt the Code did not
about introduce the
the process of data
grant ofretention in the UK. A
these sunset clause was
powers included within ATCS
. Act, which meant
that if the
At first government failed to
a draft introduce a Code of
Code Practice within two
of years, the provision
Practic would not be
e was implemented (Reed
establi and Angel, 2007).
shed, The ATCS Act builds
which on the anti-terrorism
was measures enacted in
consult the Terrorism Act
ed 2000, such as the
upon extension of police
(sectio powers, and the
n implementation of
103.1. criminal co-operation
a and measures under the
b) and Third Pillar of the EU
then
(Shah, 2005). The
brough
September 11
t
attacks have let to
before
the introduction of
Parlia
additional powers
ment
addressed
(sectio
specifically to
interna y and Ewing, 2007).
tional
terroris The ATCS Act sets
m, the maximum
howev retention period for
er data held under the
many provisions to 12
of months, whereby
these longer retention
powers periods may be
contain justified by the
ed in business practices of
the the communication
ATCS service provider
Act (Home Office, 2003c,
were section 16). The Act
to contains regulations
prove dealing with terrorism
even and protecting
more national security,
conten such as terrorist
tious finances (part 1-3),
than racial hatred (part 5),
the bribery and
provisi corruption (part 12).
ons of Part 4 made it
the possible for the
Terrori Home Secretary to
sm Act detain non-British
2000 terrorist suspects
which indefinitely, which
they was deemed to be
comple incompatible with the
ment
Andrea Gorra Page
(Bradle
72
retention of
communications
Europ
data is a form of
ean
personal data
Conve
processing, and
ntion
hence it is subject to
on
the Data Protection
Huma
Act 1998. Oversight
n
of the 1998 Act is by
Rights
the Information
and
Commissioner
cease
(Home Office, 2003c,
d to be
Section 29).
in
force.
The provisions made
Releva
in Part 11 amend the
nt for
RIP Act so that
data
communications
retenti
service providers
on is
must retain
Part
communications data
11, as
and disclose it to
it
secret intelligence
deals
and law enforcement
with
agencies far more
the
extensively than the
retenti
RIP Act had initially
on of
envisaged. The
comm
Parliamentary
unicati
committee for human
ons
rights, that is the
data
Joint Committee on
for
Human Rights
nation
expressed concern
al
about the rule-
securit making authority of
y the Secretary of
purpos State by this part of
es. the Act (HL 51, HC
The 420, 2001-02). For
exampl greatly increase the
e, the ability of public
Secret authorities to acquire
ary of information about
State citizens and
may organisations (Davis,
add to 2003). Finally, the
the Secretary of State
organi had been made
sations required to publish
that the code of practice
can in draft, consult with
obtain the Information
comm Commissioner and
unicati not to bring the code
ons into effect until it had
data been approved by
and both Houses of
increas Parliament. The
e the Information
purpos Commissioner also
es for showed concern and
which referred to earlier
the discussions about
data communications data
can be retention:
obtain
The
ed. Commissioner
This is has been aware
for some time of
perceiv
pressure from
ed as the law
contro enforcement
versial community to
require
since communications
this providers to
enable retain details of
communications
s the
data. This, it is
Secret claimed, would
ary of assist the
detection of
State
particular crimes
to and help with
crim iders would retain
inal this for their own
intell business reasons
igen (HL 51 and HC 420,
ce 2001-02)
gath
erin The ATCS Act was
g. perceived as
Alth
controversial for
oug
h mainly two reasons.
such Firstly, some of the
calls
anti-terrorist powers
have
been are seen to be
mad disproportionate to
e it
the actual threat
has
not facing the UK. It does
alwa for example not seem
ys
adequate to include
been
clear Part 11, which deals
to with the retention of
what
communications
exte
nt data, in an
such emergency Bill that
rete
had to be rushed
ntio
n is through Parliament
requ (Shah, 2005).
ired
Secondly, it has been
beyo
nd argued that there is a
the lack of connection to
peri
the September 11
od
for attacks, as the Act
whic contains
h
miscellaneous
the
com provisions that relate
mun to criminal law and
icati
criminal justice
ons
prov matters, as well as it
Andrea Gorra Page
73
Davis, 2003). The Act
also included an
increas
extension of already
es the
controversial police
general
powers, as it
powers
amended the Police
of the
and Criminal
police
Evidence Act 1984
and
and the Criminal
other
Justice and public
govern
order Act 1994
mental
(Shah, 2005).
agenci
Lord Waddington, a
es.
former Home
One
Secretary, also
exampl
argued that some of
e of
these the legislative
new measures where not
powers related to the

is September 11
ACTSA attacks, as for

Part example
11, The proposal

to make
which
incitement to
is religious hatred
about a criminal
offence has
the
been hanging
new around in the
Code Home Office for
a long time, at
of
least since
Practic 1985 when it
e on featured in a
Law
retentio
Commission
n of report. So it
commu has precious
little to do with
nicatio
the events of
ns data September
(Fenwi 11th (..).
(HL Debate, 2001)
ck,
2002; In its jurisprudence,
the legal case of Rotaru v
Europe Romania (2000, App.
an no. 28341/95), the
Court ECtHR found a
of violation with Article 8
Human took place, when the
Rights Romanian security
found services had stored
that information on Mr
retentio Rotarus past
n of activities as a
data by university student.
govern Privacy International
ments (2003a) has argued
constit that the data
utes an retention as put in
interfer place by ATCS Act is
ence more invasive than
with a this case, even
citizen though it is only the
s right traffic data that is
to stored and not the
respect content.
for
private Davis (2003) claims
life that proportionality
(Article as a human rights
8.1), concept has the
whethe most considerable
r or not impact on the law of
the the United Kingdom.
govern The doctrine of
ments proportionality
use the provides that any
data interference with a
against Convention right
the must be
individuproportionate to the
al. For legitimate aim
exampl pursued by that
e in the interference (Whitty,
Murph s threat should be
y, evident, secondly
Livings measures that are
tone, designed to meet the
2001). legislative objective
Three must be connected
criteria to it, and thirdly the
need measures should not
to be go further than
met to needed to combat
satisfy the threat. Fenwick
the (2002) argues that
propor the ATCS Act fails to
tionalit meet the first and
y test; last of these tests,
firstly and as discussed
an above, some claim
immed that some of ATCS
iate Acts provisions are
and not connected to the
very September 11
seriou attacks.
Andrea
Gorra Page
74
munications data
can play in crime
2.3.4 E
uand terrorism
r
investigations had
o
pbeen recognised by
e
European
a
nenforcement
agencies. However,
D
athe long-term
t
aretention of every
citizen's
R
ecommunications
tdata had been
e
ntreated with
thesitation before
i
othe September 11
nattacks in the US. In
Dresponse to the
iattacks, the
r
ecooperation on
ccriminal affairs of a
t
iwide range of
vEuropean law
e
enforcement
(agencies on fighting
2
0terrorism had
0increased while
6
/previously the
2jurisdiction over
4
/police matters was
E
mainly national and
C
)so were the rules
for data protection
The (Bignami, 2007).
impor
tance The Data Retention
of the Directive 2006/24/EC
of the European
role
Parliament and of the
that
Council was
com
approv es of personal data
ed on protection (Davies
15th and Trigg, 2006).
March According to Stefano

2006 Rodota (2006), then-
after chairman of the EUs
lengthy Article 29 Data

negotia Protection Working
tions. Party highlights, any
The changes affecting
Directiv data protection have

e was an effect on the
seen to degree of democracy
affect of European citizens,
the since the protection
balanc of personal data is an

e of important element of
power freedom in society.

betwee The dynamics in the
n the run up the final
privacy approval of the

of contested Data
individuRetention Directive
als and were complex and
the numerous
right of stakeholders (such

the as the European
state to Union institutions,

protect civil liberties groups)
nationa were involved in the
l negotiations.
security
The European Data
. It
gives Protection
rise to Commissioners had
a been aware of the
signific law enforcement

ant agencies desire to
change for the long-term
in the retention of
basic communications
principl data (Statewatch
News, largely dismissed as
2001b) "improper invasion of
. the fundamental
Before rights guaranteed to
the 11 individuals by Article
Septe 8 of the ECHR", as
mber for example by the
attack Data Protection
s in Commissioners in
the the EU at their spring
US, conference in April
the 2000 (Munir, 2005).
tone in In July 2001 the
the European
Europ Parliament's Civil
ean Liberties Committee
Parlia approved the draft
ment Directive on Privacy
had and Electronic
been Communications
largely without data
critical retention. A report by
of data the radical MEP
retenti Marco Cappato
on argued that EU
propos should restrict the
als. powers of law
The enforcement
long- agencies regarding
term the retention and
retenti access of
on of communications
comm data, and also
unicati rejected proposals to
ons retain traffic data for
data up to seven years
had (McAuliffe, 2001).
been
Andrea Gorra Page
75
European
Commission
Howe
President Romano
ver,
Prodi, which made a
shortly
suggestion to retain
after
data that would
the
otherwise be
Septe
destroyed under the
mber
European Data
11
Protection Directives
terrori
to counter terrorism:
st
Revise draft privacy
attack
Directives that call
s, in
for mandatory
Octob
destruction to permit
er
the retention of
2001,
critical data for a
extern
reasonable period
al
(Statewatch News,
pressu
2001). Despite these
res
propositions to the
from
European Union, the
the
US does not require
US
communications
were
service providers to
applie
retain
d to
communications
Europ
data of all of its
ean
customers but
Union
instead uses data
repres
preservation, which
entativ
means that only data
es.
about certain
Presid
suspect users is
ent
held. Nevertheless,
Georg
in the US
e W.
communications
Bush
service providers
sent a
may store traffic data
letter
for marketing
to the
purpo y of the Members of
ses, Parliament opposed
where any form of data
as in retention. However,
Europ after pressure by the
e, the European Council and
CSPs European Union
used governments,
to be parliamentarians
requir voted in favour of the
ed to Council's position on
erase data retention (EPIC,
this 2007). The EU
type of Directive 2002/58/EC
data on Privacy and
as Electronic
soon communications was
as it is adopted on 25 June
no 2002, and states that
longer member states may
neede now pass laws
d for permitting the
billing retention of internet
purpo and mobile phone
ses communications data.
(Bigna It leaves each EU
mi, member State free to
2007). adopt laws authorising
data retention and it

Until a
could be argued that
few
the Directive
weeks
encourages the
before
retention of data,
the
which can be seen as
final
the first step towards
vote on
the development of a
30th
more detailed data
May
retention Directive.
2002,
The Directive
the
2002/58/EC reverses
majorit
the position of the
1997 r States may
Teleco adopt legislative
measures []
mmuni
when such
cations restriction
Privacy constitutes a
necessary,
Directiv
appropriate and
e by proportionate
explicitl measure within a
democratic society
y
to safeguard
allowin national security
g EU (i.e. State
security),
countri
defence, public
es to security, and the
require prevention,
investigation,
commu
detection and
nication prosecution of
s criminal offences
or of unauthorised
service
use of the
provide electronic
rs to communication
system []
store
Member States
the may, inter alia,
commu adopt legislative
measures
nication
providing for the
s data retention of
of their data for a limited
custom period justified on
the grounds laid
ers: down in this
paragraph.
Me (Directive
mbe 2002/58/EC, Article
15)
Gorra Page
Andrea 76
ve, which allowed
The exceptions in its
2002 Article 15.1.
Directi
A 'Questionnaire on
ve in
traffic data retention'
its
was distributed by
Article
the Danish
6
presidency of the EU
requir
to all Member
es
State's governments
CSPs in August 2002. The
to objective was to
erase collate comments
all regarding the
traffic practice and
data experiences of traffic
that is data retention in
no European member
longer states in order to
neede "facilitate the
d for development of
provid strategies and
ing working agendas"
servic (Questionnaire on
es. traffic data retention,
2002). The
This
responses showed
howe
that 10 out of 15
ver
member states
had
already had a legal
been
obligation to store
chang
traffic data or were
ed in
finalising a new
the
legislation
2006
(Responses to the
Data
data retention
Reten
questionnaire,
tion 2002). A new
Directi questionnaire was
issued an important part, a
two proposal for the
years European-wide
later to retention of
obtain communications data
the was debated at the
practic EU spring summit end
es of of March 2004
the (Blakeney, 2007).
new Following this, in April
Europ 2004, the UK together
ean with France, Ireland
memb and Sweden
er submitted a joint
states proposal to the
(Quest European Union for a
ionnair framework decision on
e on the retention of
traffic communications data
data for between one and
retenti three years or
on possibly longer.
10767/ Interestingly, Spain,
04, the country where the
2004). bombings had taken
place, was not
After involved in this
the proposal. This data
train retention proposal
bombin suggested retaining
gs on communications data
March to "increase
11 prevention,
2004 in investigation,
Madrid, detection and
in prosecution of criminal
which offences, including
teleco terrorist acts" (Alvaro,
mmuni 2005; Statewatch
cations News, 2005a). This
played proposal was widely
criticise and in conflict with the
d. The current data protection
Article legislation. In addition,
29 they raised concerns
Data about the cost of the
Protecti European-wide
on implementation
Workin (Article 29 Data
g Party Protection Working
in its Party, 2004).
opinion
from Finally, in June
Novem 2005, the
ber controversial data
2004 retention proposal
reiterat was partly deemed
ed its illegal by the Legal
previou Services of both the
s view European Council
that the and Commission
mandat (Statewatch News,
ory 2005b; EDRI,
retentio 2005a). This legal
n of opinion was based
commu on the fact that the
nication proposed legislation
s data about data retention
was not was put forward as
compat a framework
ible decision. A
with framework decision
human is a legal instrument
rights under the third pillar
and (criminal
privacy
laws Andrea Gorra Page
77
social and
environmental
law,
policies) as it
polici
contained
ng),
obligations
wher
addressed to civil
e the
parties, namely the
Euro
service providers to
pean
retain and collect
Parlia
data. However,
ment
placing the
only
legislation under
has a
the first pillar would
cons
have weakened the
ultati
proposal because
on
Directives cannot
right
create substantive
but
and enforceable
no
rights. A Directive
real
has distinct
influe
objectives but
nce.
leaves the national
Howe
authorities the
ver,
choice of form and
the
method within a set
propo
time frame (Storey
sed
and Turner, 2005;
legisl
informal talk with a
ation
desk officer for this
shoul
dossier of the
d
European Union).
have
been
The Article 29
prese
Working Party
nted
criticised the Data
under
Retention Directive
the
again in their
first
opinion issued in
pillar
October 2005. They
(econ
argued that Traffic
omic,
data Party, 2005). As
retent mentioned above,
ion the Working Party
interf had continuously
eres questioned the
with appropriateness of
the the mandatory data
inviol retention regime
able, and issued 20
funda recommendations
ment which, however,
al were not fully taken
right into account
to (Davies and Trigg,
confi 2006).
denti
al The Data Retention
com Directive 2006/24/EC
muni amended the
catio Directive 2002/58/EC
ns on Privacy and
and Electronic
that Communications, by
this adding a paragraph
shoul allowing data to be
d be retained for purposes
limite stated in the 2006
d to Directive, which are
exce "investigation,
detection and
ption
prosecution of
al
serious crime, as
case
defined by each
s
Member State in its
(Articl
national law"
e 29
(Directive
Data
2006/24/EC, Article
Prote
11). The Data
ction
Retention Directive
Worki
aims to harmonise
ng
obligations on
comm (Article 6).
unicati Exceptions are
ons possible, so that data
service can be retained for
provid longer periods
ers of (Article 12). The
the EU Directive requires
memb member states to
er introduce laws
states complying with this
but Directive by 15
does September 2007,
not however all members
aim to states asked to
regulat postpone parts of the
e the application of the
technol Directive until 15
ogies March 2009 (Article
for 15). For example, the
retaini UK has asked to
ng postpone the
data. retention of internet
Comm access, internet
unicati telephony and
ons internet email.
data
shall There is the
be possibility for criminal
retaine law sanctions for
d for a intentional access or
period transfer of data that is
betwee
not permissible under
n six
national law (Article
month
13). Access to data
s and
shall be
two
years Andrea Gorra Page
78
states might be
difficult,
provi
considering the
ded
lack of equivalent
to
law enforcement
the
authorities. Each
com
member state
pete
should appoint a
nt
public authority to
natio
be responsible for
nal
monitoring the
auth
security of the
oritie
stored data. This
s
should be the
(Arti
same authorities
cle
as those referred
4).
to in Directive
How
95/46/EC (Article
ever
28), which is in the
as
UK Office of the
Davi
Information
es
Commissioner, an
and
independent
Trigg
government
(200
authority and
6)
reports directly to
point
Parliament. The
s
Directives leave
out,
the issue of who is
a
going to pay for the
har
retention of
moni
communications
satio
data up to the
n of
individual member
appr
states. Critics of
oach
the 2006 Data
es
Retention Directive
betw
point out that the
een
Directive does not
mem
provide a clear
ber
defin privacy in member
ition states with weaker
of data protections.
offen Finally, the Data
ces, Retention Directive
nor 2006/24/EC does
proc not provide a
edur definition of
es "serious crime" and
for this may hence
data lead to different
acce definition in the
ss. It member states, the
does same is true for
not penalties that may
spec be imposed upon
ify failure to comply
secu with the regulations
rity resulting from the
mea Directive (Data
sure Protection Working
s Party, 2004;
requi Vilasau, 2007).
red
to
2.3.5 Discussion
safe about the
rightfulness
guar
of
d the communicati
ons data
data,
retention
whic
h All groups
may involved in the
resul discussion
t in acknowledge that
an the retention of
incre some
ased communications
risk data is a useful
of tool for tackling
brea cyber crime and
ch of terrorism, as it
ser communications
ves data of all citizens
as for 12 months in
evi the UK (up to 24
den months under the
ce European
of legislation) and
mo access to this
bile data by a range of
pho governmental
ne agencies in the
and UK.
inte
rne 2.3.5.1 Argument 1:
Objection on the
t
ground of human
co rights and civil
liberties
mm
uni The violation of
cati human rights is the
ons most frequently
. used argument
Ho against the
we retention of all
ver, European citizens
the communications
re data for an
are extended period of
vari time (see also
ous 2.3.3.2). The
arg retention of
um communications
ent data by service
s providers for longer
aga periods than for
inst business purposes
the can be seen as
ret conflicting with the
enti European
on Convention on
of Human Rights,
specifically with
Articl Parliament
e8 approved the
'Right Human Rights Act
to to incorporate the
respe European
ct for Convention on
privat Human Rights into
e and UK law, which
family established an
life'. enforceable right of
In privacy in British
1998 law for the first time
the in history.
Andrea 79
Gorra Page
ts of national
security, public safety
Article
or the economic well-
8.1
being of the country,
provid
for the prevention of
es that
disorder or crime, for
"every
the protection of
one
health or morals, or
has
for the protection of
the
the rights and
right to
freedoms of others"
respec
(ECHR, Article 8.2).
t for
As the data retention
his
legislation is
private
implemented to
and
assure national
family
security and support
life, his
the fight against
home
terrorism, European
and his
member states can
corres
implement the Data
ponde
Retention Directive in
nce".
accordance with
Howev
Article 8 ECHR.
er, this
is
Since the Human
subject
Rights Act 1998,
to
human rights
restricti
standards have been
ons
routinely
and
incorporated in
there
legislation. Under
can be
section 19(1)a of the
interfer
HRA, Ministers
ence
responsible for
by a
introducing
public
government Bills to
authori
either house need to
ty "in
provide a written
the
statement that in her
interes
or his tibility statement with
view, regard to the ATCS
the Bill Act, however, the
is ATCS Act contains a
compa number of provisions
tible that affect human
with rights, which make
the the Act is not
Conve compatible with
ntion HRA. For example,
rights, the detention without
or trial is incompatible
alterna with the right to
tively liberty of the person
that it under ECHR Article
is not 5(1), and this
compa required a formal
tible derogation from
and Article 5(1) under
that Article 15 of the
the ECHR (Tomkins,
govern 2002, p. 7; HL38, HC
ment 381 (2003-04).
nevert
heless Privacy International
wishes (2003a) argues that
the blanket data
Parlia retention would
ment subject every citizen
to to the certainty of
enact ongoing and
the Bill unremitting
into interference in his or
law. her private life. The
The richness of mobile
Home phone
Secret communications data
ary which conveys who
made has been contacted

this when and from
compa where for how long,

makes more sensitive than
it those associated with
possibl traditional fixed
e to telephony, as it
compil conveys the location
ea at the beginning and
detaile end of call, as well as
d details about text
profile messages
of a exchanged with other
person' parties. Converging
s platforms and
interest infrastructures, such
s, as internet and
includi mobile phones
ng increase the
commu sensitivity of traffic
nicatio data, for example
ns when mobile phone
pattern handsets are used to
s, access the internet
networ (Escudero-Pascual
k of and Hosein, 2004).
acquai Communication
ntance technologies, such
s and as mobile phones
social and email, serve as
context everyday means of
. Data communication in
relating private and business
to life in Britain and the
mobile rest of Europe. They
commu are a vital element of
nicatio
Andrea Gorra Page
ns is 80
taking part in
essential interactions
moder
with friends, family,
n life
businesses and
and
employers when
the
trying to avoid the
blanke
use of modern
t
means of
storag
communications.
e of all
comm
2.3.5.2 Argument 2:
unicati Data preservation
instead of retention
on
transa The question whether
ctions the retention of all
does citizens'
communications data
not
is proportionate is
give
also at the heart of
citizen
data retention
sa
debates (see for
choice
example Whitley and
to
Hosein, 2005). Data
circum
preservation instead
vent
of data retention is
this
seen as a more
type of
proportionate
mass
measure in
surveill
responding to
ance.
terrorism than a
It
blanket data retention
could
regime requiring the
be
storage of all citizens'
argued
data (European Data
that
Protection
individ
Commissioners in
uals Home Office, 2003b).
can be Data preservation is
discri more targeted than
minate data retention, as
d from CSPs are requested
only to as the so-called
retain quick freeze-
data on procedure. Instead
a case- of a general storage
by- of all data, this
case system would have
basis, allowed law
which enforcement
means authorities to request
data the service providers
about a to store particular
particul data and to obtain a
ar user court order to access
for a this data (Article 29
specifieData Protection
d Working Party, 2005).
period
of time. However, this
For approach has been
exampl rejected by the
e, the Home Office as data
Data preservation "will
Protectinever aid in the
on investigation of a
Workin person who is not
g Party currently suspected
had in of involvement with a
their terrorist
Opinio organisation" (Home
n Office, 2003b, p15).
05/200 It is also debated
4 whether
sugges surveillance of
ted the communications
use of data can help to
less prevent terrorist
invasiv attacks at all. Tony
e Blair is quoted to
mecha have said that "all
nisms, the surveillance in
such the world could not
have mus University
preve claims that data
nted retention is
the unnecessary based
Lond on a review of 65
on police
bombi investigations. 'In
ngs"
virtually all cases'
(Davi
the police could get
es,
access to all traffic
2005)
data required based
.
on existing account
A
and billing
Dutch
information retained
study
on average for three
by the
months (EDRI,
Eras
2005b).
Andrea
Gorra Page
81
certainty to a
personal identity,
2.3.5.3 Ar thus blanket data
gu retention is
m
ineffective in fighting
en
crime. Even though
t
communications
3:
data can serve as
N
o evidence for crimes
de planned with help of
fin communications
ite technologies, an
lin undoubted link
k between the device
be
that had been used
tw
for communication
ee
and an individual can
n
not be established
co
m with any certainty
m and further
un investigations,
ic according to Walker
ati and Akdeniz (2003).
on This becomes
s particularly apparent
de
when a web-based
vi
email system such
ce
as Hotmail is used
an
from a PC in an
d
us internet caf, as
er Microsoft's Hotmail
Comm does not verify
unicati details of registered
ons users and internet
data cafs do not require
cannot identification. The
be use of prepaid
linked phones that do not
withou need registration
t any poses a challenge to
law searches of the
enforc retained data, as
ement legislation requires
agenci CSPs to store
es, as communications data
they for longer than
do not needed for billing
require purposes. The
the internet Service
subscr Providers'
iber to Association (Ispa)
be expects costs of 26
identifi million a year to set
ed up sufficient data
(Gow, retention measures
2005). and 9 million in
running costs to
2.3.5.4
Argum respond to law
ent 4: enforcement
High
cost of requests based on
storag estimates from one
e and
retriev large UK-based
al of internet service
data
provider (Leyden,
The
2005).
teleco
mmuni The requirement of
cations communications
and service providers to
interne store the customers'
t data for up to two
industr years and the costs
y have associated with it
highlig could also affect
hted global
the competitiveness of
high the European
costs industry compared to
for other western
storag countries. Particularly
e and
as nications data. At the
countri same time some fear
es that data retention
such may have an effect
as US on consumer
and confidence, as
Canad citizens may avoid
a have using electronic
rejecte commerce in order to
d the not have their legal
blanket transactions logged
retentio (Open Letter from
n of civil society groups,
commu 2005).
Andrea
Gorra Page
82
Data Protection Act
1998 data could not
2.3.5.5 be kept for any
Argum
ent 5: longer than
Potent necessary (fifth
ial use
of data principle) and the
for data stored had to be
other
purpo adequate and
ses relevant for purposes
With and not excessive
the (third principle). The
introdu DPA 1998
ction of implements the
the European Union
ATCS Directive 95/46/EC
Act, and governs the
commu collection and
nicatio process of personal
ns data of individuals by
service the government and
provide private sector.
rs are As the current data
now retention legislation
require obliges CSPs to keep
d to various types of
keep customer data for
custom longer than before,
er there are concerns
record that the data may not
s only be stored for the
which access by police and
they other public
previou authorities but also
sly had
for commercial
to
purposes, such for
erase
consumer profiling,
or
marketing purposes
anony
and CRM (customer
mise.
relationship
Under
management). Green
the
(2006) munications data is
points also of interest to
out that the music and
the recording industry
require to investigate music
ments piracy and illegal
of the file sharing in the
state European Union.
for The Creative and
long- Media Business
term Alliance (CMBA),
retentio which represents
n of large companies in
commu the entertainment
nicatio industry such as
ns data Sony BMG, Disney
coincid and EMI, has
e in an suggested to
unprec members of the
edente European
d way Parliament to be
with included in the
the latest European
extensi Directive on data
ve retention (Sherriff,
data- 2005; Thompson,
gatheri 2005).
ng
practic An additional
es of concern regarding
the the use of data for
teleco law enforcement is
mmuni that the European
cations Data Retention
industr Directive
y. (2006/24/EC) does
not define the term
The 'serious crime' used
retain in its Article 1. In the
ed same manner, the
com RIP Act allows
access or protecting public
to health (see section
comm 2.3.3.1). Tony
unicati Bunyan, editor for
ons Statewatch points
data out that the retained
under communications data
a wide maybe also be of
range interest to future
of uses of
purpos governments, as the
es, data could be used
such for social and
as political control
public (Statewatch News,
safety 2005c).
Andrea
Gorra Page
83
ement agencies is
seen as beneficial
2.3.6 S
and is supported by
y
nall stakeholders
o
involved. The central
p
selements for debates
i
have been whether
s
the blanket retention
o
fof all citizens' data for
an extended period
d
aof time is justified
tand proportionate for
a
the purpose of
rfighting terrorism. In
e
tthe UK, there are
ediscussions about
n
twhether some
iagencies should only
o
nhave access to
certain types of
d
icommunications
sdata, as traffic data is
c
useen as more
ssensitive than user
s
iand service data. As
oa result of the 2003
n
consultation process,
access by numerous
The
agencies to
retenti
communications data
on of
has been deemed
some
justified by the Home
commu
Secretary.
nicatio
ns data
A strategy of data
to be
preservation is
access
favoured by many
ed by
parties, as it would
law
not infringe on the
enforc
privacy of innocent
commu nt by the Home
nicatio Office, as this would
ns only enable access to
users. data for a limited time
In before it would be
additio deleted by
n, this communications
would service providers.
also The main issue
save seems to be whether
money retention of data is
to the seen as proportionate
CSPs and the responses by
as less stakeholders differ
data widely.
would
have to
2.3.7 Summary
be Part 3
stored
The third and last
and
part of this chapter
access
has introduced the
ed in
legal framework as
respon
relevant to the
se to
retention of mobile
request
phone
s by
communications data
eligible
in the UK. It has
organis
become apparent
ations
that a complex
under
interplay is taking
the RIP
place between the
Act.
national legislation in
Nevert
the United Kingdom
heless,
and the European
preserv
legislation, such as
ation is
the European
not
Convention on
seen
Human Rights. This
as
section has detailed
sufficie the legal instruments
relevan an Directive
t to 2006/EC/24.
commu Legislation on data
nicatio retention has been
ns data widely debated within
retentio the United Kingdom
n: the and the European
Regula Union, from its initial
tion of introduction to the
Investi implementations of
gatory the RIP Act and the
Powers ATCS Act in the UK
Act and the Data
2000, Retention Directive
the 2006/24/EC by the
Anti- European Union. The
Terroris section has painted a
m picture of data
Crime retention in legislative
and terms, while carefully
Securit ensuring to consider
y Act the viewpoints of the
2001 most relevant
and the stakeholders in the
Europe debate the retention.
Andrea Gorra Page
84
communications
data retention in
2.4 S general have been
u
addressed with a
m
mthreefold
a approach. This
r
y chapter has firstly
o focused on recent
f technological
c
h developments
a regarding mobile
p
t phone location
e data within the UK,
r followed by a
The discussion of
multi privacy in the
disci literature. The last
plina part has provided
ry essential
natu background to the
re of legislative
the landscape of the
subj UK and the
ect European Union.
area
Mobile phone
of
location data is an
mobi
inherent part of
le
mobile
phon
communications, and
e
advances in
locat
computer
ion
technologies have
data
facilitated the long-
and
term storage and
the
analysis of this data.
long-
Communications data
term
may be obtained and
rete
used by law
ntion
enforcement for
of
crime ance societies. The
and potential of
terroris inappropriate use of
m the retained
investigcommunications data
ations may result in
but infringements of the
also by mobile phone user's
comme privacy, which makes
rcial checks and
provide safeguards to ensure
rs to accountability
offer necessary. Before the
service September 11 attacks
s there had been
based widespread criticism
on of the long-term
locatio retention of
n. The communications
widesp data. However, the
read attacks have been
use of used in the UK and
informa EU-wide to evoke a
tion paradigm shift in
and storing and accessing
commu this type of data. The
nicatio retention of data was
ns justified under Article
technol 8.2 of the European
ogies Convention on
for Human Rights, but
admini the wide range of
strative purposes for which
and the data can be
control accessed under the
purpos Regulation of
es is Investigatory Powers
seen Act 2001 and the
as a European Data
trait of Retention Directive
surveill 2006/24/EC, have
been ter focuses on
widely the
criticise methodology
d. that has been
used to collect
T
empirical data
h
in order to
e
portray the
views of
n
ordinary
e
citizens in the
x
complex
t
debate about
c
technological
h
influences on
a
individual
p
privacy.
Andrea
Gorra Page
85

Melvins Research 1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Melvins Research 1

Uploaded by

Copyright:

Available Formats

Chapter 2 - Literature Review

three the data collection

parts; has been

first study has followed

part this approach with

focuse the benefit that a

locatio phone users can

inform their geographical

(GSM (Elliot and Philips,

limited transmissions rates

mobile enables the support

conten Support can be

Fig more mobile phone

hou users in several

old 1- Add new

locatio Phones, 2000). The

2.1.2 Technical overview of mobile communications support

An essential part of a mobile phone network's tasks is to monitor the location of

2.1.2.1 Overview of the cellular network architecture

Mobile Station Base Station Subsystem Network Subsystem

BSC VLR HLR

SIM EIR AuC

Figure 2.2: GSM network architecture (after Andrea Gorra Page 23

and The value of

notifie knowing the

each mobile phone

base handset has been

n, private and public

which sector services.

the implementation and

mobile cost requirements.

for include consistency,

exampl start time and

when a requirements for

neares metres range.

locatio information with

specifieto the USA, no

2006). and Users Rights

emer the US and Canada,

genci consumer consent for

es, to use of location data

exten services is implied.

techn has left it to voluntary

psuch as GPS (see

2.1.4.1 Network-based mobile phone positioning

Cell of origin (COO)

Figure 2.3: Cell-of-Origin tracking Figure 2.4: Sectorisation of a cell

Andrea Gorra Page 31

which has been established

1999). Article 8.2 ECHR

next of privacy. For

section these reasons, it

Theore useful approach to

approa the concept of

betwee the various authors

sph (1997) suggests the

ere following three

priv which share the

acy element of personal

onl These particularly

ide empirical findings of

ntifi this study, which will

(se detail in subsequent

mobil the right to