Professional Documents
Culture Documents
most appreciated.
The
sis
title
Chapter 2
: An
anal Lite
ysis
of rat
the
rela ure
tion
revi
ship
bet ew:
wee
n Pri
indi
vidu vac
als
y,
perc
epti Mo
ons
of bile
priv
acy ph
and
one
mob
ile tec
pho
ne hn
loca
tion olo
data
gy
-a
grou and
nde
d Leg
theo
ry al
stud
fra
y.
me
Andrea
Gorra, wor
Leeds
Metrop k
olitan
Univers
ity, UK When examining the
Comme
subject area of
nts
sent to communications data
a.gorra
retention broadly
@leeds
met.ac three areas need to
.uk
be taken into
would
be account: a)
technol the role of
ogical geographical location
matter within mobile phone
s, b) technology, the
social second part
values discusses the
such relevant privacy
as related literature, and
privacy the final part of this
and chapter examines
civil the legal framework
libertie relevant to mobile
s, and phone location data.
c) law Grounded theory
enforc methodology has
ement been used to guide
issues collection and
(Whitle analysis of empirical
y and data for this study
Hosein (for more detail see
, 2005; Chapter 3 -
Raab Research
and Methodology). GT
Bennet methodology is an
t, inductive method,
2006). which means that
Accord typically only a very
ingly broad review of
this literature takes place
chapte before collecting the
r has data. However in
been addition to this initial
divided review, the literature
into is visited again after
Andrea
Gorra Page
14
Chapter 2 - Literature Review
understanding of the
role of location data.
2.1 P A brief history of
a
mobile phone
r
t telephony is provided
1 and followed by an
:
Mexplanation of the
o relevance of the
b cellular network
il
e architecture to mobile
p phone location data.
h
o Following this a
n technical overview of
e mobile
l
o communications
c network architecture
a
is provided and finally
ti
o location-based
n services and
d
a techniques of locating
t a mobile phone are
a
discussed.
This
2.1.1 Background
section to mobile
present phone
location data
s
essenti The mobile phone is
al a key technology in
technic an increasingly
al mobile and
backgr connected world.
ound to Growing
mobile technological
cellular convergence and
networ ubiquitous
ks in networking leave
order behind a continuous
to and lasting trail
provide revealing information
an about those involved
in the ation supplied by a
comm mobile phone can be
unicati very specific,
on. depending in cell
Pickin size and cell shape,
g up which will be
on this explained later in
electro this section.
nic Location-based
trail services (LBS) for
makes mobile phones (see
it section 2.1.3) are
possib predicted to grow in
le to the near future (see
identif Lyon, 2005). A
y the market research firm
locatio predicts that LBS
n of revenues will reach
comm 622m by 2010
unicati (Moore, 2006).
on
The mobile phone
device
s and as a location
individ technology brings
uals together the
are following three key
indirec features:
tly
1) identification
locata of the
approximate
ble by
location of
carryin the handset
g their 2) on a
mobile continuous
basis
phone
3) in real-time
. In
some The combination of
cases, these features
the means that mobile
Philips, equipment. 3G
2004) technologies were
first introduced in
Third Japan in 2001 and
genera spread to Europe
tion
networ and the USA in
ks - 2002. UMTS
3G
(Universal Mobile
Third
Telecommunications
gener
System) is the third
ation
generation mobile
mobile
phone technology
teleph
mainly used in
ony
Europe and also in
(3G)
Japan. It uses the
GSM Elliott and Philips
infrast (2004) describe as
ructur aims of all 3G
e and networks the
UMTS following:
/GSM
dual- 1) world-wide
mode connectivit
y and
phone
roaming
s sold throughout
in Europe,
Europ Japan and
North
e are
America
able 2) high data
to transmissio
make n rates and
broad
and
bandwidth,
receiv suitable for
e calls multimedia
on content
3) efficient
both
spectrum
netwo utilisation
rks. (Philips and Elliot,
2004)
Gorra Page
Andrea 18
Chapter 2 - Literature Review
red by Bell Labs, the
research subsidiary
2.1.1.2 of the US telephone
The
cellula company AT&T that
r laid the foundations
conce
pt for today's second
and third generation
In
mobile phone
terms
systems (US Patent
of
full-text and image
locatio
database, 1972). The
n data
essence of this
the
patent was to reduce
most
the area covered by
crucial
an antenna. In the
concep
1G system, only one
t was
antenna served a
the
very large area,
introdu
whereas in the 2G
ction of
this area was broken
the
down into several
cellular
cells.
networ
k
Each area or cell is
archite
served by a single
cture
base station and is in
with
the approximate
the
centre of each cell.
change
Due to the increased
from
number of cells in the
the 1G
2G system compared
to the
to 1G, many more
2G
masts were needed
system
and this enormously
. In
increased the costs
1972,
of infrastructure. Now
a
it was possible to
patent
reuse the same
was
frequency over
registe
relatively small
distanc distance
es, transmissions
enablin between mast and
g handset were not
covera necessary anymore,
ge for awhich resulted in
greater decreasing sizes of
numbermobile phone
of handsets and
subscri improved handset
bers. operating times.
This Adjacent cells cannot
resulte use the same
d on frequency, as this
the one could result in
hand in interference. Hence,
the it is necessary to only
reduce re-use frequencies in
d size cells that are
of sufficiently distant to
antenn each other. The
as, and transmission power
on the of a base station has
other to be limited to
hand in prevent interference
reduce with frequencies from
d other cells and to
distanc reduce health
es concerns (Stallings,
betwee 2005).
n
antenn This concept of
as. using an increased
Anothe number of smaller
r effect cells required a
of this mechanism to switch
new a user's connection
system from cell to cell.
was Hence, cells were
that the arranged in a
long- hexagonal pattern to
enable phone user moves
all within a cell towards
anten its boundary. This
nas to makes it easier to
be the determine when to
same switch a user to an
distan adjacent antenna
ce and which antenna
apart, to chose. In
which comparison a square
is pattern, would only
benefi provide an equal
cial distance to the
when centre of four cells
a (see Figure 2.1).
mobile
Andrea
Gorra Page
19
Chapter 2 - Literature Review
In practice, cells have
irregular shapes and
a precise hexagonal
pattern is often not
used due to
topographical
limitations,
restrictions on
positioning antennas
and different amounts
of traffic volumes as
some cells have
Andrea
Gorra Page
20
Chapter 2 - Literature Review
from 27 percent
to 78 percent in
2.1.1.3 2005 (National
Increa
sing Statistics (2005).
the The increasing
capaci
ty of a number of mobile
mobile
users has caused
phone
networ the necessity to
k
enhance the
The network capacity.
re According to the
wa Mobile Operators
sa Association
con (2006), base
sid stations can only
era carry a maximum
ble of around 120
incr calls at the same
eas time.
e in
the A mobile phone
pro network can be
port made suitable for
ion an increased
of number of phone
seh ways:
s
e
c
t
o
r
s
p
e
r
c
e
l
l
)
o each
sector has
its own
subset of
channels
15 the
base
station
has to
use
directi
onal
antenn
as
2- Cell splitting
15 genera
lly
cells
are 6.5
to
13km
in size
o power
level of
antenna is
reduced to
keep
signal
within cell
15 since
the
cells
are
small
rom
one
Base
trans
ceive
r to
anot
her)
have
to
take
place
2- Micro cells
15 Anten
nas
move
lower
down,
e.g.
from
top of
buildin
gs to
smalle
r
buildin
gs or
lamp
posts
o Cell
size is
decreased
and a
reduction
of power
takes
place
o
Micr
o
cells
are
usua
lly in
plac
e on
the
high
stree
t
wher
e
great
traffi
c
gs, 2005)
To summarise, due
to an increasing
number of mobile
phone users, more
mobile masts have
been put up. This
has resulted in
smaller cells that can
cope with the higher
traffic volumes. In
some cases, citizens
have raised protests
against new masts
being put up in
residential areas
mainly due to
concerns about
health risks
originating from the
obase stations (Mast
10
Sanity, 2006). The
-
use of smaller cells
400
met
leads to a higher
res
accuracy for mobile
radi
us
phone location
circ
le
identification based
(Stallinon Cell-ID.
Gorra Page
21
Andrea
Chapter 2 - Literature Review
Health concerns are
based on the
Even
radiation emitted by
though
mobile phone
this is
handsets and base
not the
stations. The latter
most
emits radiation
accurat
continuously and
e
much more
method
powerfully. An
, the
independent expert
cell-id
group on mobile
or mast phones (IEGMP),
in use also known as the
is a Stuart Group, was
pre- established by the
requisit Minister for Public
e for Health Tessa Jowell
more in 1999 to consider
accurat concerns about
e ways possible health
of effects from the use
determi of mobile phones
ning a and bases stations
handse (Independent Expert
t's Group on Mobile
Andrea
Gorra Page
22
Chapter 2 - Literature Review
Public switched
MSC telephone
BSC network
Andrea
Gorra Page
25
Chapter 2 - Literature Review
architecture
works,
2.1.2.2
described
Steps
in below is what
makin
ga happens
mobile when a call
phone
call takes place
T between two
o mobile users
within an area
d controlled by
e the same
m mobile
o switching
n centre (MSC)
s (after
t Stallings,
r 2005; Walters
a and
t Kritzinger,
e 2000).
Step 1: A mobile
unit is turned on -
h
initialisation
o
The mobile phone
w
scans and selects the
strongest setup
t control channel. The
h mobile phone selects
e the base station
antenna of the cell
c within which it will
e operate, which must
l not always be the
l geographically
u closest base station
l due to interference
a patterns or other
r electromagnetic
phenomena. A so-
called scanning procedure
handsh is repeated frequently
ake and if the phone
takes enters a new cell, a
place new base station is
betwee selected.
n
Step 2: Call
mobile origination - request
phone for connection
handse A mobile phone
t and initiates a phone call
the by sending the
mobile number of the called
switchi mobile phone on the
ng pre-selected setup
centre control channel. The
throughmobile phones
the receiver first checks
base that the setup
station, channel is idle by
which scanning the base
is used stations forward
to control channel,
identify also known as
the reverse control
mobile channel. When an
phone idle is detected, the
user mobile is able to
and to transmit on the
register corresponding
its reverse control
locatio channel to the base
n. As station, which then
long as in turn sends the
the request to the MSC.
mobile
Step 3: Paging
phone
The MSC completes
is
the connection to the
switche
called mobile phone
d on,
by sending a paging
this
messa position of the mobile
ge to phone. The mobile
particul phone network is
ar aware of the current
base position of a phone
station because it is stored
s in the VLR. Hence,
depen only the relevant
ding on base station and
the those base stations
called in surrounding cells
mobile are addressed. Each
numbe BS transmits the
r. paging signal on its
Which own assigned setup
base channel.
station
Step 4: Call
s are accepted
paged The called mobile
depen phone recognises
ds on its number on the
the setup control
mobile channel it
phone monitors
networ frequently (see
k step 1). The
provide mobile phone then
r but is
responds to the
also
relevant base
depen
station, which in
dant
turn sends the
on the
response to the
physic
MSC. The MSC
al
sets up a
Andrea Gorra Page
26
Chapter 2 - Literature Review
in turn notifies its
mobile phones. The
conn
two mobile phones
ection
tune to the
betwe
channels assigned
en
by the base station.
the
callin
2.1.3 Mobile
g and
location-
called based
services
mobil (LBS)
e
Location-based
phon
services are
e. At
information services
the
accessible with
same
mobile devices
time,
through the mobile
the
network and utilizing
MSC
the ability to make
select
use of the location of
s an
the mobile device
availa (Virrantaus et al.
ble 2001 in Steiniger et
traffic al., 2006). Location
chan services are available
nel to operators of all
within commonly used
each mobile phone
base networks in Europe:
statio GSM (2G), GPRS
n's (2.5) and UMTS
cell (3G).
statio acknowledged by
Andrea
Gorra Page
28
Chapter 2 - Literature Review
technologies,
emergency response
2.1.3.1
Locati times and thus
on- consequences of
enhan
ced injuries can be
emerg reduced. Around 180
ency
call million emergency
servic calls are made in the
es
European Union
In
every year of which
many
60 to 70 percent
emerge
originate from mobile
ncies
phones. Possibilities
people
for emergency call
do not
management are
know
being investigated by
their
European initiatives
exact
(European
locatio
Commission, 2003).
ns,
In the US, business
which
drivers for location-
is
based services
particul
include government
arly
mandates such as
importa
Enhanced 911 (E911)
nt
that require the
when
incorporation of
making
location-
the
determination
emerge
capabilities in mobile
ncy call
phones. The USs
from a
Federal
mobile
Communication
phone.
Commission (FCC)
By
required US mobile
using
phone service
locatio
providers to provide
n-
public safety
identifyi
agencies with
ng
location information
in the ', Europe's
event universal
of an emergency
emergenumber, will be
ncy. able to inform the
Particul emergency
ar services about the
perfor callers location
mance based on Cell-ID.
charact Mobile phone
eristics service providers
for will share location
determi emergency
nation service. In
were Europe, opposed
ble, commercial
for all capabilities of
calls location-based
to the services, however,
singl has made it
e mandatory for mobile
Euro phone operators to
pean pass on the location
emer of callers as it is
genc technically possible
for them (Gow, 2004).
Gorra Page
Andrea 29
Chapter 2 - Literature Review
fying the location of
a device can be
2.1.4 Ddivided into network
i
fcentric, handset
fcentric methods or
e
ra combination of
eboth. Network
n
tcentric techniques
locate a device
m
ebased on
tinformation supplied
h
oby the network or
d
with help of a
s
number of mobile
f
phone base
o
rstations, no handset
enhancements are
l
onecessary. Handset
c
centric methods
a
trequire an upgrade
i
nto the mobile device
gas the location is
acalculated by the
mobile phone itself
m
ofrom signals
breceived from base
i
lstations. Satellite
ebased technologies,
positioning
The (Steiniger, 2006).
vario
us The following
techn location
iques technologies are
for relevant to mobile
identi phone location
dat rent methods.
a
and Table 2.1: Mobile
phone
will
location
be technolog
des ies and
supported
crib mobile
ed communi
cation
tog
standard
eth
er
with
thei
r
part
icul
ar
perf
orm
anc
e
and
impl
em
ent
atio
n
cha
ract
erist
ics.
Tabl
e
2.1,
belo
w,
list
the
diffe
Supported in mobile
Mobile phone location technology
communication standard
Cell of origin (COO) GSM, GPRS, and UMTS
AOA (Angle of Arrival) GSM, GPRS
TDOA (Time Difference of Arrivals) GSM, GPRS
E-OTD (Enhanced Observed Time Difference) GSM and GPRS
OTDOA (Observed Time Difference of Arrival) UMTS
A-GPS (Wireless Assisted GPS) GSM, GPRS and UMTS
Andrea
Gorra Page
30
Chapter 2 - Literature Review
Mobile Phone
Base Station
Andrea
Gorra Page
32
Chapter 2 - Literature Review
ID. The distance
between handset
Enhan and base station is
ced
Obser calculated based on
ved the different times it
Time
Differe takes a signal to
nce arrive at the base
(E-
OTD) stations once it
Enhan leaves the handset.
ced Accuracy can
Obser theoretically reach
ved 30 metres but can lie
Time in reality between 50
Differe and 125 metres
nce (Lyon, 2005).
(E-
OTD),
Base station
uses
triang
ulation
betwe
en at
least
three Serving
differe Base station
base station
nt
Figure 2.5: E-OTD
base (after Lyon, 2005)
station
s to E-OTD only works in
provid GSM and GPRS
e networks, requires an
more upgrade to the mobile
accura network
te infrastructure, and
locatio uploading of software
n to base stations to
identifi ensure compatibility.
cation The base stations
than need to be fitted with
Cell- location
measur greater accuracy than
ement cell-of-origin but at a
units slower speed of
(LMUs) response, typically
and, by around five seconds
measur (Prasad, n.d.).
ing the Differing from TDOA,
signal the calculation of the
from position is done by
the the mobile phone
mobile handset and for this
phone, reason a handset
the update in the form of
LMUs software modification
can is necessary
triangul (Steiniger et al.,
ate the 2006). A similar
users technique known as
positio OTDOA (Observed
n. This Time Difference Of
techniq Arrival) operates only
ue in 3G networks
offers (Deitel et al., 2002).
Andrea
Gorra Page
33
Chapter 2 - Literature Review
calculated by
comparing time
2.1.4.2 signals from several
Satellit
e- satellites, of which
based each has to have a
mobile
phone direct line of sight to
positio the receiver. At least
ning
three satellites are
Global necessary to
Positi
determine the
oning
Syste receiver's two-
m
dimensional location
(GPS)
(i.e. latitude and
The
longitude). To
Global
achieve additional
Positio
and more accurate
ning
information, for
Syste
example altitude, four
m
or more satellite
(GPS)
signals are required.
uses a
The 24 satellites orbit
set of
the earth twice a day,
satellit
transmitting radio
es and
ground signals from
receive approximately
rs to 12,000 miles above
determ the Earth. The
ine the satellite system,
locatio based on spy
n of a satellites utilised
GPS- during the Cold War,
enable was originally
d developed by the
device. USA Department of
A Defence to help
GPS's troops and missiles
receive locate themselves on
r maps. In the 1980s,
locatio the US government
n is made the system
availab handsets are that
le for GPS receivers
civilian consume a
use. considerable amount
Once a of battery power, are
GPS fairly expensive, and
receive location positioning
r has does not tend to
been work from inside
acquir buildings as a direct
ed, the line of sight with
locatio satellites is needed.
n In addition, in urban
identify areas the GPS signal
ing can bounce of
service building walls and
is free distort the result
to use (Monmonier, 2002;
and Lyon, 2005).
accura
te to Assisted GPS
an Assisted GPS (A-
averag GPS) links to the
e of 15 terrestrial-based
metres system of cell sites
. to speed up the
Howev process of
er, the calculating a
drawb handsets position.
acks A-GPS can be
for combined with Cell-
GPS ID, E-OTD or
receive OTDOA. It requires
rs that an update to the
have handset and network
been infrastructure and
integra shares the same
ted
drawbacks as all
into
GPS receivers
mobile
(Lyon, 2005).
phone
s from 2011 and to
Galile offer at least the
o-
Europ same performances
ean as GPS (European
Satellit
e Commission, 2006b).
Naviga Galileos navigation
tion
Syste infrastructure, which
m will consist of 30
Galileo satellites and relevant
is a ground infrastructure,
Europe is funded by the
an European Union and
satellitethe European Space
navigat Agency (European
ion Commission, 2006a).
system Galileo is under civil
currentl control and aims to
y in ensure that European
develo economies are
pment. independent from
It aims other states systems,
to such as GPS. GPS is
provide a
positio
ning Andrea Gorra Page
34
service
Chapter 2 - Literature Review
military
system
by the
United
States
and is
made
availabl
e to
civil
users
Figure 2.6:
without Accuracy of
positioning
any
methods (after
guarant Steiniger et al.,
2006)
ee for
continu As can be seen
ity. from the graphic
above (Figure
Figure
2.6), the most
2.6
below accurate ways of
shows determining a
a mobile phones
compa geographical
rison location involve
of the
the satellite based
accura
system GPS.
cy of
positio Location
ning identification by
metho cell-ID is the least
ds accurate method,
used however this
by
technique makes
mobile
use of the default
phone
properties of
s:
mobile phones. In
other words,
every mobile
pho ted by Cell-ID
ne without any
can modifications of
be either software or
loca hardware.
Andrea
Gorra Page
35
Chapter 2 - Literature Review
signal, irrespective of
mobile phone
2.1.5 S
network generation
u
mand network provider.
m
This first part of the
a
rchapter has
y
explained this
Pprocess by providing
a
ran overview of the
tcellular GSM network
1architecture and
techniques used for
locating a mobile
As can
phone. Location
be
information as part of
seen
other
from
communications data
this
can be stored for
short
future data-mining
discuss
and analysis, as for
ion of
example for
technic
commercial location-
al
based services or for
backgr
law enforcement
ound,
purposes, as
the
discussed in Part 3 of
locatio
this chapter (section
n of
2.3). The automatic
every
generation of
mobile
digitised personal
phone
data about every
can be
mobile user and its
identifi
storage on a long-
ed by
term basis, may also
triangul
bear negative
ating
aspects that can
the
impact in individuals
mobile
privacy, as discussed
phone
in the next section.
Andrea
Gorra Page
36
Chapter 2 - Literature Review
of privacy
definitions.
2.2 P Following this, legal
a
and technological
r
t matters relevant to
2 privacy are
:
P reviewed together
ri with issues of
v surveillance and
a
c social justice. In
y addition, this section
addresses the role
The
of privacy
secon
enhancing and
d part
invading
of this
technologies, and
chapt
finally explores the
er
relationship
focus
between location-
es on
based services and
the
privacy in the
repres
literature.
entati
on of
2.2.1 Setting the
privac scene
y in
The difficulty of
the
defining the concept
literat
of privacy is often
ure
used as an
and
introduction to
starts
reviews of privacy
off by
literature (see for
introd
example Introna,
ucing
1997; Solove, 2002;
and
Bennett, 2004). Alan
classif
Westin, a renowned
ying
US privacy scholar,
the
comments on this
wide
subject matter that
range
"no definition of
privac interest individuals
y is have in leading a life
possib free from
le interference by
becau others. Despite this
se apparent
privac slipperiness of the
y notion of privacy,
issues numerous scholars
are have not ceased to
funda provide their
menta thoughts on this
lly subject over the last
matter several decades:
s of such as regarding
values the impact of
, technologies on
intere privacy (Cavoukian
sts and Tapscott, 1995;
and Agre and
power Rotenberg, 1997;
" Bennett, 2004),
(Westi surveillance and
n, privacy (Clarke,
1995, 1988; Lyon, 1994;
quote Zureik, 2005) or
d in regarding
Gellm communications
an interception in the
1998, information age
p. (Diffie and Landau,
194).). 1998).
He
sugge Fried (1968 in Singh
sts and Hill, 2003)
under observes that privacy
standi is of high value for
ng people because it
privac allows for
y as transactions that
an result in trust, which
otherwi the modern age
se (Privacy International,
without 2003b). Despite the
the apparent difficulties in
reassur finding a suitable
ance of characterisation of
privacy privacy, a right to
would privacy is enshrined
not be in international
possibl treaties, conventions,
e. and agreements. In
Privacy 1948, the UN
is seen declared privacy to
as an be a fundamental
interest human right in Article
of the 12 of the Universal
human Declaration of Human
person Rights (UDHR). The
ality UDHR consists of 30
and by Articles which outline
some the United Nations
believe General Assemblys
d to be view on human rights
the guaranteed to all
most people. Yet, privacy
essenti was declared a
al fundamental right in
human the Universal
right of Declaration of Human
Andrea Gorra Page
37
Chapter 2 - Literature Review
Council of Europe
released the
Rights
European Convention
,
on Human Rights,
differi
which states in its
ng
Article 8.1 that
from "Everyone has the
an right to respect for his
absol private and family life,
ute his home and his
right, correspondence". It
ri autonomy in that
one can control
v
information in a
a
meaningful way.
c
Privacy is again
y
suggested to
a
comprise the two
s
factors control and
li
knowledge by
m
Foxman and
it
Kilcoyne (1993 in
e Singh, 2003), in
d other words to
a have control over
c what information is
c collected and the
e knowledge that a
s data collection
takes place
Andrea Gorra Page
38
Chapter 2 - Literature Review
g two aspects;
protection of personal
and
territory and
includin
protection against
g the
governmental
purpos
intrusion. This relates
e of
to the traditionally
collecti
recognised desire to
on.
balance the power
These
between government
definiti
and private
ons
individuals, as
predom
discussed by
inately
Nissenbaum (1998).
relate
to the
2.2.2 Privacy
categor categories
ies of
The range of
informa
scholarly thoughts
tion
on privacy above
privacy
as indicates that there
discuss seems is no
ed in universally
the accepted definition
r categories, Introna
s of privacy categories,
are information as a
co common
mm characteristic.
y relate to the
ed be discussed in
e chapters:
for 5) privacy as no
access to the
exa person
mpl 6) privacy as
e control over
personal
Nis information
sen 7) privacy as
bau freedom from
judgement by
m, others
199
These seven privacy
8;
categories as listed
Cla
above are
comm combined.
only In the context of
referre mobile phone
d to in location data and
the its long-term
literat storage, the most
ure obvious threat to
and privacy is towards
are the right to respect
detaile for private life as
d in contained in Article
the 8 ECHR (see
followi section 2.2.3.1).
ng; Information relating
the to an individuals
two
geographical
categ
location and
ories
gathered on a
relatin
continuous basis
g to
can be classified as
inform
privacy invasive
ation
according to six out
(a+f)
of the following
have
seven privacy
been
categories:
Gorra Page
Andrea 39
Chapter 2 - Literature Review
regarding modern
information and
a)
Inform communication
ation
technologies (ICTs).
privac
y, f) Mason (1986)
Privac
identifies two forces
y as
contro related to information
l over
that threaten
perso
nal individual privacy. For
inform
one part the growth
ation
of information
The
technology with its
categor
ability to generate,
ies of
store and analyse
'inform
great amounts of
ation
personal information,
privacy'
and for the other part
and
the increased value
'control
of information in
over
decision making to
person
policy makers. The
al
increased
informa
deployment of
tion'
computers in the
are the
1960s and 1970s has
most
enabled businesses
frequen
to store vast amounts
tly
of data at relative low
referre
cost for almost
d to
unlimited periods of
privacy
time and has
categor
facilitated the linkage
ies in
and analysis of data
the
stored in different
literatur
locations. These
e and
technical
are
developments have
particul
resulted in the need
arly
of rules to manage
relevan
the collection and
t
handlin to accumulate
g of detailed collections of
person information about
al data, individuals. Therefore
particul the data protection
arly legislation has been
consu developed, in order to
mer prevent harm to
informa individuals and
tion negative
(Privac consequences on
y society. At first by
Internat some individual
ional, countries and then at
2003b). international level, for
In example through the
additio European Union. The
n, the UKs domestic
increas version of data
ed use protection law was
of enacted in form of the
technol Data Protection Act
ogy 1984. Today, the
had Information
already Commissioner has
in the responsibility for
1970s promoting and
resulte enforcing the Data
d in Protection Act 1998
growin and Freedom of
g Information Act 2000
concer (Information
ns Commissioner,
about 2007).
the
potenti
al of The predominant aim
informa of most data
tion depositories or data
technol warehouses is to
ogies analyse the
accumu s and consumer. A
lated well-known and often
consum cited principle in
er data customer relationship
and marketing proclaims,
detect "it costs six times
pattern more to sell to a new
s in customer than to an
order to existing one"
identify (Kalakota and
consum Robinson, 2001,
er p.170). In addition to
choices these commercial
and uses of personal data
prefere generated by
nces. information and
Profiles communications
of technologies, the data
consum is used for law
ers enforcement by the
groups police and intelligence
are services. For example,
generat the profiling of
ed, suspicious groups of
suppos citizens as part of a
edly pro-active risk
facilitati management by the
ng the government are
establis matters that will be
hment addressed later in this
of long- chapter (see section
term 2.2.5.2). Mobile phone
relation location data is an
ships example of personal
betwee information
n
Andrea Gorra Page
busines 40
Chapter 2 - Literature Review
e phone location
information or who
specif
has access to the
ic to a
data and for what
mobil
purposes, which will
e
discussed in further
phon
detail in subsequent
e
sections.
user
and
b) Privacy of
hence communications
falls The dimension of
into communications
this privacy deals with
infor the claim of not
matio being subjected to
n eavesdropping when
privac communicating with
y others (Clarke,
categ 1999a). This is also
ory. known as
Howe interception privacy.
ver, The European legal
the framework defines
e communication
phon privacy as
Mobile
e) Privacy as no
phone access to the
locatio person
n data The privacy literature
encom frequently refers to
an article by Warren
passe
and Brandeis
s
published in the
inform
Harvard Law Review
ation
from December
about
1890, in which the
the
authors define
physic
personal privacy as
al
the "right to be let
space
alone" and "being
that
free from intrusion"
the
(Warren and
mobile Brandeis, 1890).
phone However, this
user relatively early
access definition of privacy
es, had not only related
which to the shielding of the
is then home from intrusion
retaine but it was also a
d on a response to
contin technology and
uous market
and therefore
A closely related to the
comm legal framework. It
on could even be
misun understood, that the
dersta subject of privacy is
nding only recognised
betwe when an intrusion of
en privacy occurs.
legal
rights, Four major models
on the for privacy protection
one based on various
hand, international
and standards are
moral identified by Privacy
or International (2003b)
natura and Beresford
l (2005). Firstly,
rights, comprehensive laws
that legislation. In the UK,
govern the Office of the
the Information
collecti Commissioner is an
on, use independent public
and body established to
dissemienforce compliance
nation with data protection
of legislation, such as
person the Data Protection
al Act 1998. Bennett
informa (1995) has shown
tion by that countries that
both have established a
the data protection
govern agency provide better
ment privacy protection for
and their citizens.
private Secondly, sectoral
sector. laws regulating
For certain areas of
exampl privacy protection, for
e, example financial or
Europe medical privacy.
has a Thirdly, various forms
compre of self-regulation in
hensiv which industry adopts
e particular codes for
regulat self-control and
ory engages in self-
model policing. However,
with a Beresford (2005)
public remarks that industry-
official wide consensus does
in not necessarily result
charge in satisfactory
for consumer privacy.
enforci The latter two privacy
ng data protection laws can
protecti be for example found
on the in the United
States. these models can be
Fourthl complementary or
y, contradictory. Privacy
technol International (2003b)
ogical believes that the joint
self- use all of the models
help for together provides the
consu most effective privacy
mers protection for
throughcitizens.
method
s such The terms 'human
as right' and 'civil liberty'
encrypt are often used in
ion, conjunction with the
various term privacy. Stone
digital (2004) explains that
payme the phrase human
nt right is commonly
method drawn on in an
s and international context,
anony such as by the
mous
Universal Declaration
remaile
of Human Rights and
rs.
the European
Depen
Convention on
ding on
Human Rights. The
their
term civil liberty tends
applica
to be rather
tion,
Gorra Page
Andrea 43
Chapter 2 - Literature Review
an lawyers Warren
and Brandeis have
used
established the basis
on the
for privacy protection
munici
constituted in
pal legislation (see
level. section 2.2.2). In
Howe Europe, the right to
ver, privacy is a highly
with equivalent of
additio on a postal
commu ered a confidential
nicatio network and hence
n the interception of
(Bailey, communications did
Harris not involve the
and violation of any of the
Ormer applicants rights.
od, Finally in 1985, the
2001). European Court of
Howev Human Rights ruled
er, that police
Malone interception of
s legal individuals'
challen communications was
ge was a violation of Article 8
unsucc of the European
essful Convention on
as Human Rights.
there
was no Subsequently,
enforc Malones case led to
eable the ratification of the
right to Interception of
privacy Communications Act
in 1985 to comply with
English the Strasbourg
law. judgement in Malone
The
v UK (1984) but also
public
with the privatisation
telepho
of the
ne
telecommunications
system
service. The Court
was
not Andrea Gorra Page
consid 45
Chapter 2 - Literature Review
(Whitty, Murphy,
the
The case of Halford
legal
vs United Kingdom
regul
(1997) concerned a
ation
private telephone
of the
conversation using
circu
an internal office
msta
telephone system,
nces between a police
of officer and her lawyer
telep regarding a sexual
hone discrimination
interc complaint against her
eptio police force. The
ns interception of this
was conversation by the
not police had been
expre declared admissible
ssed under English law as
with the Interception of
(Davis, 2003).
The
Compliance with the
FOI Act
Data Protection Act
impose
and Freedom of
sa
Information Act is
duty on
promoted and
public
enforced by the
authorit
Office of the
ies,
Information
such
Commissioner (ICO).
as
govern Andrea Gorra Page
47
Chapter 2 - Literature Review
ner's Office, n.d.).
The
Davies (1997)
ICO is
criticises that data
the
protection acts are
UK's
not concerned with
indep
the full range of
enden
privacy protection
t issues. He warns
public that the narrow
body scope of the acts
set up can lead to serious
to limitations, as these
protec laws are only
t information laws
perso and protect data
nal before the people.
inform In other words, data
ation protection acts are
and merely concerned
ut is still frequently
referred to today,
the
others increasingly
Briti
focus on
sh
technological
influen tion and
ces on communications
the technologies have
concep resulted in faster
t of computer processors,
privacy cheaper storage and
. growing use of
networking
Already
technologies, such as
two
the internet. One
decade
effect of this
s ago,
technological
Mason
'revolution is the
(1986)
increased digitisation
claime
of data. It enables
d that
routine storage and
we live
analysis of personal
in at an
data on great scale,
informa
such as for example
tion
when using credit
age, in
cards, the internet or
an
mobile phones.
informa
Consequently, the
tion
increased power of
society.
computers together
Contin
with the advent of the
uous
internet have
advanc
influenced numerous
ements
aspects of life and
in
hence the concept of
informa
privacy.
Andrea Gorra Page
48
Chapter 2 - Literature Review
communication
technologies (see for
A
example Cavoukian
number
and Tapscott, 1996;
of
Gauntlet, 1999;
predom
Garfinkel, 2001; Cady
inantly
and McGregor,
North
2002). However, their
Americ
treatment of privacy
an
provides a too narrow
publica
view of the subject
tions
matter. This highlights
tend to
the importance of
merely
taking into account
relate
time and context of
privacy
privacy publications,
to
as well as country
electro
and regional specific
nic
regulatory
commu
approaches, in order
nicatio
to provide a sufficient
ns, and
understanding of the
seem
subject of privacy.
to be
primaril
Before electronic
y
means of data
concer
storage were widely
ned
used by businesses,
about
data could often be
the
'Death found scattered over
of different places. The
Andrea
Gorra Page
49
Chapter 2 - Literature Review
collections
a makes it particularly
t important to
i incorporate checks
and safeguards
o
when collecting data
n
to ensure
accountability.
C
Nevert Bennett (2005),
heless challenge the view
, of defining electronic
some data collections as a
author form of surveillance.
s such Bennett stresses
as that a
Andrea Gorra Page
50
Chapter 2 - Literature Review
on a case study in
which he examines
distinct
his own data tracks
ion
generated as an
needs
airline passenger
to be
when travelling
made
within his own
betwe
country Canada and
en
across the border to
captur
the US.
e and
storag
In his view, the
e of
collection and
person
storage of his
al
passenger data by
inform
the airlines and
ation
airports does not
on the
constitute
one
surveillance, as
side,
there is no further
and on
analysis of that data
the
from which decisions
other
are made. He
side,
criticises the use of
data the term surveillance
analysi in this context, as he
s and perceives
manip surveillance as a too
ulation broad definition.
of Bennett suggests
those using another
whose concept or term to
data explain the practice
has of humans to
been monitor data in order
collect to make decisions
ed. He about individuals. He
bases believes that
these identifying these
claims practices as
surveil which Clarke (1988)
lance has introduced
triviali almost two decades
ses ago to describe the
the systematic
real monitoring of
surveil peoples actions or
lance, communications
for through information
which technology.
he Nonetheless,
gives whether the term
as an 'surveillance' is used
examp or not, the extensive
le the collection of
specia individuals data is
l seen with unease by
attenti privacy scholars.
on to
passe 2.2.5.1 Digit
ngers al
with tech
risky nolo
surna gies
mes. chan
ging
In this
the
contex
conc
t, it
ept
could
of
be surv
seen eilla
as nce:
more new
suitabl vers
e to us
use tradi
the tion
al
term
surv
datave
eilla
illance
nce
,
The traditional
definitio agree that the concept
n of of surveillance has
surveill changed over the last
ance as decades and have
close declared the
observaemergence of new
tion of asurveillance. Marx
suspect (2002) identifies 28
individu dimensions in which
al with traditional and new
the surveillance differ. For
naked instance, Marx
eye describes the
does differences between
not new and traditional
necess surveillance as
arily concerning the
apply collection of data. The
any generation of
longer, predominantly digital
due to data in private life and
the commercial settings
capabili leads to fewer costs of
ties of data handling. Data
modern collections tend to
technol occur on a continuous
ogies to and routine basis,
routinel which makes the
y gathering less visible
record and enables real-time
data. availability of
Several information, such as
authors for example CCTV
such as data, use of credit
Lyon cards and mobile
(1994), phones. Inexpensive
Marx storage space enables
(2002) the long-term retention
and of data. In addition,
Clarke faster computer
(2005), processors make it
easier e, store, retrieve and
to analyse data and help
organis to
Andrea 51
Gorra Page
Chapter 2 - Literature Review
as suggested by
Stalder (2002).
make
However, it seems
predi
that Marx solely
ction
bases his
s for
distinction of the
the
differences
future
regarding the two
. This
types of
can
surveillance on the
be
capabilities of
relev
modern ICTs, such
ant
as assistance with
for
the handling of
com
great amounts of
merci
data, or in other
al
words on the
comp
continuing
anies
development of the
for
technological age.
mark
eting
Marx (2002) places
their
the emphasis of new
produ
surveillance on mass
cts,
surveillance of
as
groups consisting of
well
anonymous
as for
individuals, rather
gover
than on the visible
nmen
and noticeable
ts in
monitoring of
order
individuals. In
to
addition, the
incre
increased storage
ase and analysis
accur capabilities enable a
acy closer examination
of of certain subjects of
plann surveillance, in real-
ing time but also in
retros graphic
pectiv discrimination of
e. groups of
Lyon individuals. Davies
(1994) shares Lyon's view
points and offers as an
out example the use of
that it statistics by the
is not British government,
neces instead of suspicion,
sary to to justify the use of a
identif range of new
y powers, such as
individ DNA test and finger
uals in printing (Talk Simon
order Davies at Leeds
to Metropolitan
condu University, 28th
ct October 2005).
profilin
g of Different phases in
behavi the application of
our surveillance
and technologies are
habits distinguished by Kim
in (2004). Firstly,
relatio physical surveillance,
n to as described by
social Bentham (1791) and
demo Foucault (1975), as
graphi for example by their
cs. He ideas about the
fears Panopticon; secondly
that the concept of
this electronic
can surveillance that
lead to places the emphasis
social on the use of
sorting technologies to
and expand the observing
demo electronic gaze from
prison which is described as
or the systematic use of
factory personal data
to the systems in monitoring
wider of the actions or
society communications of
with one or more persons
help of by Clarke (1994b). As
informa last phase of the
tion social effects of
technol surveillance
ogies technology, Kim
as (2004) introduces the
discuss notion of hyper-
ed by surveillance and
Marx refers to the authors
(1985) Bogard (1996) and
or Lyon Haggerty and Ericson
(1994). (2000). However, the
Thirdly, author fails to
data explicate the
surveill difference between
ance, the phases of
also dataveillance and
known hyper-surveillance,
as which seems to be
datave minuscule.
illance
Andrea
Gorra Page
52
Chapter 2 - Literature Review
formed by a
number of
T
different
o
agents. This
d
contradicts
a
visions of
y
surveillance
related to Big
s
Brother, as
described in
i
Orwell's novel
m
'Nineteen
m
eighty-four', or
e
in other words
n
one single data
s
collection
e
agency.
Different data
d
collection
a
agencies can
t
encompass
a
commercial
companies
c
logging
o
consumers
ll
shopping or
e
financial data,
c
governmental
t
agencies that
i
record images
o
of pedestrians
n
crossing the
s
streets, and
interceptions of
a
communication
r
for keywords
e
indicating
terrorist
p
activities by
e
listening
r
s Some perceive a
t change in the
a privacy debate in
t that citizens used
i to be worried
o about either
n commercial
s companies or the
government
s having access to
u their data. Even
c though neither of
h these concerns
have vanished,
a there are now
s relationships
springing up
M between
e commercial
n companies and
w the government
i (13th Annual
t Conference on
h Computers,
Freedom &
H Privacy, Plenary
il Session #9: Data
l Retention in
i Europe and
n America, 2003).
This
Y collaboration
o between public
r and private
k sector actors
s particularly
h applies to the
i
discussion about
r
data retention.
e
The government
.
gains access to
us ernet service
er' providers.
s
m 2.2.5.2 Data
ob shadows of
individuals and
ile implications of
dataveillance for
ph
society
on
The dangers and
e
benefits of
co
surveillance are
m
identified most
m
concisely by
un
Clarke (1998)
ic
and Lyon (2001).
ati
Lyon believes
on
that society
s
profits of
da
surveillance in
ta
terms of
vi
efficiency,
a
mobility, security
pri
and public order.
va
Clarke
tis
predominantly
ed
identifies the
,
advantages of
co
physical security
m
and the data
m
matching
er
practices of
ci
organisations to
al
combat fraud.
m
Both authors
ob
point out as
ile
potential
ph
dangers of
on
dataveillance the
e
unintended
an
consequences
d
and negative
int
di s to individuals
m and to society.
e Clarke (1998)
ns identifies as
io dangers of
ns dataveillance for
of individuals that
su decisions based
rv on incorrect data
eil may lead to
la unfairness. This
nc can particularly
e. become a
problem when an
Th individual is
e unaware of the
thr data collection
ea and hence has no
ts means to rectify
of wrong data.
m Consequently,
as this can result in
s blacklisting a
da person over a
ta matter that is still
ve under dispute or
illa falsely related to
nc that person.
e Metaphors such
ca as 'data shadow',
n 'data trail' or
be digital personae
di are frequently
vi applied in the
de literature to depict
d the effects of
int dataveillance on
o individuals (see
da for example
ng Clarke, 1994b;
er
Ly r 2002; Bennett
on 2005). The 'data
20 shadow' is made
01 up of personal
; data and follows
St or precedes an
al individual. The
de danger here
Andrea 53
Gorra Page
Chapter 2 - Literature Review
Nevertheless, the
awareness of data
is the
collection can create
potenti
a climate of self-
al
consciousness and
judging
suspicion. Clarke
and
(2000) further
discrim
perceives as a
ination
danger of
based
surveillance that it
on
makes it possible for
data
authorities to focus
that
on undesirable
might
classes of people
not be
before they commit
accura
an offence. For
te.
example, the 1984
Nissen
Police and Criminal
baum
Evidence Act gives
(1998)
police the right to
points
stop and search on
out
grounds of suspicion.
that
This situation results
even
in an inversion of
though
burden of proof from
those
the accusing
who
organisation to the
are
individual who now
aware
needs to provide
of
evidence of their
collecti
innocence.
ons of
their
Collections of
data
personal data may
may
not only be
be less
interpreted as a
easily
threat to personal
targete
privacy but more
d or
importantly as a
manip
danger to social
ulated.
justice. data collection, as
Clarke well as decreased
(1998) respect for the law
warns and law enforcers,
that deteriorating of
"datave societys moral fibre
illance and solidarity. The
is by its STOA report
very (European
nature, Commission's
intrusiv Science and
e and Technology Options
threate Assessment office)
ning". cautions of the
Danger surveillance
s of capability of ICTs that
mass may be used to track
datavei the activities of
llance journalists,
to campaigners and
society human rights activists
can (STOA report, 1998).
once These technologies
again can result in a chilling
be effect on those who
describ participate in
ed as democratic protest
to warns Privacy
create International (1999).
a Along the same lines
climate Clarke (2005)
of indicates that privacy
suspici is important from a
on, political viewpoint,
particul enabling freedom of
arly speech to think and
when act. In his view, the
individumonitoring of
als are individuals'
aware communications and
of the actions threatens
democr itself can be a means
acy. of creating divisions.
Lyon Hence, personal data
(2003) and communications
argues data retention cannot
that merely regarded as
concer an individual privacy
ns concern but need to
about be framed as bearing
surveill an effect on society
ance as a whole.
used to
be Already in his 1988
expres paper, Clarke
sed in identifies costs of
terms collecting, storing and
of analysing data as a
privacy natural control' to limit
and dataveillance.
freedo However today almost
m. He 20 years on, this
warns reason does not ring
that the true anymore. As a
digital
result of most data
divide
being generated in
is not
digital format, the
just a
costs of automatic
matter
data collections and
of
their analysis have
access
decreased
to
significantly. Clarke
informa
highlights the moral
tion but
obligations of IT
that
professionals,
informa
tion Andrea Gorra Page
54
Chapter 2 - Literature Review
ndle individuals'
m data in an
ar ethical way.
ke
te 2.2.6 Privacy
enhancing
rs
and invading
an technologies
d The question
go whether technology
ve itself can be seen as
rn 'neutral', 'good' or
m 'bad' is frequently
addressed by
en
scholars (Clarke,
ts
1999b; Cady, 2002).
in
"There is nothing
cr
inherently good or
ea
bad about the
tin increased power of
g technology"
an maintains Marx
d (2006, p. 38), and
Andrea
Gorra Page
57
Chapter 2 - Literature Review
tion and
communication
2.2.8 Stechnologies. This
u
second part has
m
mdiscussed the
a
relationship and
r
yimpacts of these
technologies on
P
aindividuals privacy. In
r
addition to this, a
t
range of privacy
2definitions were
introduced and
As can categorised
be according to several
seen criteria. Current
from legislation relevant to
the first mobile phone
part of communications data
this and privacy were
chapter presented, while the
, the use of location data
continu for law enforcement
ous and commercial use
generatwas differentiated. It
ion and has become clear
long- that privacy is a
term concept that is hard
storage to define and this is
of reflected in the
digitise jurisprudence of the
d European Court in
person Strasbourg, which
al data decides on
is an infringements of
inheren human rights,
t part ofincluding privacy, on
todays a case by case basis.
networ The following
ked section offers an
informa
introd retention and
uction access of
to the communications
legisl data by law
ative enforcement
frame agencies, as
work relevant in the
regar European Union
ding with focus on the
the UK.
Andrea
Gorra Page
58
Chapter 2 - Literature Review
This final section of
the chapter provides
2.3 P an insight into the
a
r legal framework
t relevant to mobile
3 phone
:
L communications
e data. Firstly, the
g
section provides
a
l some definitions for
f mobile phone
r
a communications
mdata, of which
e location data is one
w
o element. The
r subsequent sections
k
review the legislation
r
e and context up to and
l beyond the 9/11
e
v terrorist attacks in the
a US, and as relevant
n
to the retention of
t
t mobile phone
o communications data
m
o in England. The main
b two British legal
il instruments that is
e
p the Regulation of
h Investigatory Powers
o
Act 2000 (RIP Act)
n
e and the Anti-
l Terrorism Crime and
o
c Security Act 2001
a (ATCS Act) are
ti
discussed, as well as
o
n the European Data
d Retention Directive
a
t 2006/24/EC. Finally,
a the predominant
arguments in the
dispute ne
communicati
s and
ons data
debate
s about While Part 1 of this
the chapter (see section
Europe of communications
an data of which mobile
T voluntary
h retention of
e communica
tions data'
' (Home
C Office,
o 2003b,
n section 15)
s explains
u that
l communica
t tions data
a can be
t divided into
i three broad
o categories,
n such as:
15 Traffic data
p identifies
a who the user
contacted, at
p
what time the
e contact was
r made, the
location of
o the person
contacted
n
and the
location of
a the user.
15 Service use
c information
o are for
example
d
itemised
e
telephone
call records,
o i.e. the
f numbers
called from
a mobile
p tifies the
h user of
o the
n service,
e providing
, their
in name,
cl address,
u telephon
di e
number.
n
g Appendix A of
ti
the
m
consultation
e
s paper provides
a further details
n about data
d
types retained
d
u and their
r retention
a periods, that is
ti
for example:
o
n Subscriber
. information relating
15 S to the person
u encompass for
b example, name, date
s of birth, installation
c and billing address
r and payment
i methods.
b Telephony data
e includes amongst
r other data,
1- all
d numbers (or
a other
t identifiers
a e.g.
name@bt)
associated
i
with call
d
(e.g.
e
physical/pre
n
sentational/
n umbers)
e (for details
t about these
w see section
o 2.1.2.1 and
r glossary)
k 2- Date and time
of start of call,
a duration of call/date
and time of end of
s
call
s
3- Location
i data at start and/or
g end of call, in form
n of lat/long
e reference.
d 4- Cell site data
from time cell
ceases to be used.
C
L SMS and MMS data
I include for example
, 1- Calling and
called number, IMEI
I 2- Date and time
M of sending
S 3- Location data
I when messages
sent and received,
,
in form of lat/long
reference.
I
M Subscriber
E information and
I
, telephony data are
stored for
e
12months, whereas
x
c SMS and MMS data
h is only stored for 6
a
months.
n
g
To summarise, the
e
/ British legislation
d defines mobile phone
i location data as an
v
element of traffic
e
r data, which is one of
t the three categories
of communications
n
data. processed in an
The electronic
Europe communications
an network, indicating
Directi the geographic
ve on position of the
Privacy terminal equipment
and of a user of a publicly
Electro available electronic
nic communications
Comm service". This Article
unicati applies to computers,
ons PDAs and mobile as
(Directi well as landline
ve telephones. This
2002/5 Directive was more
8/EC, comprehensive than
Article previous rules as it
2, c) used the term
defines 'electronic
locatio communications',
n data instead of being
as "any restrictive to certain
data technologies.
Andrea Gorra Page
60
Chapter 2 - Literature Review
). The 2002
Directive (section
The
14) further
Dire
specifies that
ctive
"Location data
2002
may refer to the
/58/
latitude, longitude
EC
and altitude of the
was
users terminal
ame
equipment, to the
nded
direction of travel,
by
to the level of
Dire
accuracy of the
ctive
location
2006
information, to the
/24/
identification of the
EC
network cell in
rega
which the terminal
rding
equipment is
the
located at a certain
purp
point in time and to
oses
the time the
for
location
whic
information was
h the
recorded".
data
can Hosein and
be Escudero-Pascual
retai (2002) argue that
ned new legislation
by concerning traffic
the data tends to be
servi technology-neutral
ce which does not take
provi into account the
ders differences in traffic
(see data across different
secti communications
on infrastructures and
2.3.4 protocols. The
author watch, 2001) or
s point "does not refer to"
toward (Council of Europe,
s the 2001) content,
differin however, Hosein and
g Escudero-Pascual
definiti (2002) point out that
ons of there are ambiguities
traffic particularly regarding
data internet data. For
from instance, click
the stream information
Counc of internet access
il of logs closely relates
Europ to the content of
e everything that has
(CoE) been accessed and
and downloaded (Walker
the and Akdeniz, 2003).
Group For example, within
of a communication,
eight data identifying
industr www.homeoffice.gov
ialised .uk would be traffic
countri data, whereas data
es identifying
(G8). www.homeoffice.gov
Both .uk/kbsearch?
definiti qt=ripa+traffic=data
ons would be content
explai (Home Office,
n that 2003a, page 7;
traffic Escudero-Pascual
data and Hosein, 2004).
"does
not As highlighted in the
includ previous section
e" 2.2.7,
(G8, communications data
see is of relevance for
State commercial but also
for law device. On the one
enforce hand, location data is
ment described as being
use. In connected to
this particular individual
context consumers and
, Green hence has economic
and value. It is for
Smith example used for
(2004) mobile location-
point based services (see
out that section 2.1.3),
differen however only with the
t actors explicit consent of the
use mobile phone user
differin (see section 2.2.7).
g On the other hand,
interpreindustry sources and
tations regulatory bodies
of claim that location
mobile data, as part of traffic
phone data is anonymous
locatio and not connected to
n data, a specific individual.
particul Green and Smith
arly base this claim on
regardi one of their own case
ng the studies which
relation highlighted the
ship difference between
betwee billing data and traffic
n data. The former is
mobile personal, as it
device includes information
and the such as the
individusubscriber's name
al and address, and
associatherefore needs to be
ted regulated under the
with Data Protection Act.
this The latter is
anony mised at
Andrea Gorra Page
61
Chapter 2 - Literature Review
n be argued that
even though an
the
end of individual can
the hardly be
2.3.2 Background
to
communicati
ons data
retention
Communications
technologies, such as
the internet and
mobile phones, are
an inherent part of
daily lives for the
majority of European
citizens. Every
communication
facilitated by such
technol t service providers,
ogies which are, in the
genera following, referred to
tes a as communications
host of service providers
data, (CSPs). This data
such about communication
as the is also known as
source, communications or
destina transactional data.
tion, Since in western
mobile European societies
phone citizens but also
locatio criminals increasingly
n and use electronic
partial communications and
web rely on technological
browsi infrastructure, the
ng focus of legislators
logs. has turned to
The communications data
data is in response to the
stored September 11 US
for attacks. Attacks on
billing the communications
and infrastructure are
legal also included in the
purpos definition of
es by 'terrorism' (Terrorism
mobile Act 2000, (2))
phone (Walker and Akdeniz,
and 2003).
interne
Andrea Gorra Page
62
Chapter 2 - Literature Review
data is seen by
security, intelligence
Particul
and law enforcement
arly,
agencies as a useful
the
tool to prevent and
proces
investigate crimes
s of
related to national
adoptin
security. It is
g
important to
Europe
recognise that
an
communications data
Directiv
does not include the
es
content but instead
relating
only refers to
to
information about a
commu
communication. The
nicatio
retained
ns data
communications data
retentio
can be analysed and
n
helps investigators to
(2002/5
identify suspects,
8/EC,
relationships between
2006/2
them and to establish
4/EC)
profiles. The Home
highlig
Office, the ministry
hts the
responsible for justice
political
and internal affairs in
climate
the UK, points out
change
that evidence from
followin
use of
g the
telecommunications
Septe
can be the only
mber
physical evidence
11
available to
attacks
investigators (Home
(see
Office, 2003b, section
section
5). The rapidly
2.3.4).
changing
Comm
technological
unicati
environment and the
ons
require been perceived as
ments more sensitive and
of law personal than data
enforce about
ment communication.
agenci Therefore greater
es to authorisation and
access oversight
the mechanisms are still
data needed to gain
while access to the
ensurin contents of com-
g munication
human (Escudero-Pascual
rights and Hosein, 2004).
of However as Privacy
those International (2003b)
affecte points out, the
d by sensitive nature of
the transactional data of
legislati new technologies
on, makes it similar to
poses content of
challen communication. Data
ges in generated by an
legislati internet users
ng the transactions convey a
area of great deal about this
commu person, because a
nicatio profile of interests,
ns data associates and social
retentio context can be
n. constructed.
Similarly, location
drama UK
tically telecommunications
increa industry. In 1984, the
Teleco et al., 2002). This
mmuni privatisation process
cations has resulted in a
Act situation where law
1984 enforcement
was agencies needed to
passed approach businesses
and BT and not state owned
was companies for
privatis transactional data. In
ed and addition, changes in
thus business models
lost its such as "always on
monop internet access" and
oly in flat rates for internet
runnin and mobile phone
g use, have made
teleco itemised billing
mmuni largely unnecessary.
cations Hence
system communications
s. This service providers
was only store detailed
the first data about mobile
of a phone and internet
series usage for billing
of purposes for a limited
privatis time. These changes,
ations away from state
of owned
state- telecommunications
owned business to private
utilities companies, made it
throug more difficult for
hout governmental
the agencies to access
1980s the communications
and data, hence, the
into the introduction of new
1990s laws became
(Daler necessary (Walker
and British legislation to
Akdeni take into account new
z, technological
2003). developments (see
section 2.3.2).
As new However, often
teleco governments apply
mmuni old legislative
cations instruments to new
technol technologies to
ogies address the
emergeinterception of
, many networked and
countri mobile
es communications
adapt without analysing
their how the technology
existing has changed the
surveill nature and sensitivity
ance of information
laws (Privacy International,
and for 2003b; Who Knows
exampl Where You've been?
e, the Privacy Concerns
case Regarding The Use
law in of Cellular Phones As
Strasb Personal Locators,
ourg 2004). Changes in
has legislation were the
been most obvious and
used to
Andrea Gorra Page
update
64
existing
Chapter 2 - Literature Review
retention and access
of communications
immedi
data (Blakeney,
ate
2007). This may
respon
explain why much
ses in
research regarding
Europe
communications data
to the
retention has
terroris
focused on these
t
legislative changes
threats
(see for example
by the
Walker and Akdeniz,
2001
2003; Escudero-
attacks
Pascual and Hosein,
in the
2004; Whitley and
US.
Hosein, 2005).
Securit
y and
2.3.3 Legislative
law development
enforc s regarding
communicati
ement ons data in
agenci the UK
es In the United
worldw Kingdom, two
ide pieces of legislation
have are particularly
encour relevant regarding
aged communications
their data: the Regulation
govern of Investigatory
ments Powers Act 2000
to (RIP Act), which
adopt regulates the
more access to
compr communications
ehensi data, and the Anti-
ve Terrorism Crime and
approa Security Act 2001
ches to (ATCS Act), which
the lays down rules for
the unications data for
retent all European
ion of member states.
comm
The value of
unicat
interception of
ion
communications for
data.
law enforcement
The
agencies and its role
Europ
to fight terrorism of all
ean
kinds has long been
Directi
recognised by the
ve on
British government.
Data
Already the 1999
Reten
Home Office
tion
Consultation paper
(2006/
Interception of
24/EC
Communications in
) also
the United Kingdom
has
proposed and
an
justifies changes to
influe
the interception
nce
regime by law
on the
enforcement
data
agencies at the time
retenti
(Home Office, 1999).
on
In this consultation
regim
paper the Home
e in
Office admitted that
the
legislation had not
UK,
kept up with changes
as it
in the
lays
telecommunications
down
and postal market.
requir
For example, the
ement
number of
s for telecommunications
the companies offering
retenti fixed line services
on of had grown from 2 to
comm around 150, and
there emerged, which is
was defined as criminal
the acts using technology
beginni or action against
ng of technology. Hence
mass interception was
owners thought to play an
hip of important role in law
mobile enforcement
phones (Akdeniz, Taylor and
, as Walker, 2001).
well as Consequently, these
citizens technological
embrac developments made
ing a more
commu comprehensive
nicatin legislative approach
g via more desirable.
the
internet The Consultation
Andrea
Gorra Page
68
Chapter 2 - Literature Review
The following table (Table 2.2) gives details about reasons for access and
organisations that are entitled to gain access to communications data under the RIP
Act:
1 Any Police Force including PSNI, any Police Force of HM Forces and British
Transport Police
2 National Criminal Intelligence Service (NCIS)
3 National Crime Squad (NCS)
4 HM Customs & Excise
5 The Inland Revenue
6 The Security Service (MI5)
7 The Secret Intelligence Service (MI6)
8 The Government Communications Headquarters (GCHQ)
9 Local Authorities such as FSA, DTI, the Emergency Services; government
departments such as DEFRA, Dept of Health, Home Office Immigration
Service; as well as County and District Councils (see SI 2003 No 3172).
10 Department of Work and Pensions
(The Investigatory Powers Tribunal, 2005)
ns communications
Parliamcommunications
ent has industry (section
passed 102.4). The ATCS Act
in requires
peaceti communications
me in service providers to
over a voluntarily retain
century communications data
. Other"to safeguard national
comme security or to prevent,
ntators detect or prosecute
refer to crimes related to
the national security"
Home (ATCS Act, 2001,
Secret explanatory notes,
ary's Section 29). These
mantr voluntary
a that requirements can be
they made mandatory if
are deemed necessary
merely by the Secretary of
protecti State (ATCS Act,
ng 2001, Section 104).
democr Walker and Akdeniz
acy (2003, p. 14) point
out that n 103.4). The Act
this allowed the
might Secretary of State to
indicat make the Code of
e how Practice compulsory
hesitan (section 104).
t Whitley and Hosein
Parliam(2005) point out that
ent felt the Code did not
about introduce the
the process of data
grant ofretention in the UK. A
these sunset clause was
powers included within ATCS
. Act, which meant
that if the
At first government failed to
a draft introduce a Code of
Code Practice within two
of years, the provision
Practic would not be
e was implemented (Reed
establi and Angel, 2007).
shed, The ATCS Act builds
which on the anti-terrorism
was measures enacted in
consult the Terrorism Act
ed 2000, such as the
upon extension of police
(sectio powers, and the
n implementation of
103.1. criminal co-operation
a and measures under the
b) and Third Pillar of the EU
then
(Shah, 2005). The
brough
September 11
t
attacks have let to
before
the introduction of
Parlia
additional powers
ment
addressed
(sectio
specifically to
interna y and Ewing, 2007).
tional
terroris The ATCS Act sets
m, the maximum
howev retention period for
er data held under the
many provisions to 12
of months, whereby
these longer retention
powers periods may be
contain justified by the
ed in business practices of
the the communication
ATCS service provider
Act (Home Office, 2003c,
were section 16). The Act
to contains regulations
prove dealing with terrorism
even and protecting
more national security,
conten such as terrorist
tious finances (part 1-3),
than racial hatred (part 5),
the bribery and
provisi corruption (part 12).
ons of Part 4 made it
the possible for the
Terrori Home Secretary to
sm Act detain non-British
2000 terrorist suspects
which indefinitely, which
they was deemed to be
comple incompatible with the
ment
Andrea Gorra Page
(Bradle
72
Chapter 2 - Literature Review
retention of
communications
Europ
data is a form of
ean
personal data
Conve
processing, and
ntion
hence it is subject to
on
the Data Protection
Huma
Act 1998. Oversight
n
of the 1998 Act is by
Rights
the Information
and
Commissioner
cease
(Home Office, 2003c,
d to be
Section 29).
in
force.
The provisions made
Releva
in Part 11 amend the
nt for
RIP Act so that
data
communications
retenti
service providers
on is
must retain
Part
communications data
11, as
and disclose it to
it
secret intelligence
deals
and law enforcement
with
agencies far more
the
extensively than the
retenti
RIP Act had initially
on of
envisaged. The
comm
Parliamentary
unicati
committee for human
ons
rights, that is the
data
Joint Committee on
for
Human Rights
nation
expressed concern
al
about the rule-
securit making authority of
y the Secretary of
purpos State by this part of
es. the Act (HL 51, HC
The 420, 2001-02). For
exampl greatly increase the
e, the ability of public
Secret authorities to acquire
ary of information about
State citizens and
may organisations (Davis,
add to 2003). Finally, the
the Secretary of State
organi had been made
sations required to publish
that the code of practice
can in draft, consult with
obtain the Information
comm Commissioner and
unicati not to bring the code
ons into effect until it had
data been approved by
and both Houses of
increas Parliament. The
e the Information
purpos Commissioner also
es for showed concern and
which referred to earlier
the discussions about
data communications data
can be retention:
obtain
The
ed. Commissioner
This is has been aware
for some time of
perceiv
pressure from
ed as the law
contro enforcement
versial community to
require
since communications
this providers to
enable retain details of
communications
s the
data. This, it is
Secret claimed, would
ary of assist the
detection of
State
particular crimes
to and help with
crim iders would retain
inal this for their own
intell business reasons
igen (HL 51 and HC 420,
ce 2001-02)
gath
erin The ATCS Act was
g. perceived as
Alth
controversial for
oug
h mainly two reasons.
such Firstly, some of the
calls
anti-terrorist powers
have
been are seen to be
mad disproportionate to
e it
the actual threat
has
not facing the UK. It does
alwa for example not seem
ys
adequate to include
been
clear Part 11, which deals
to with the retention of
what
communications
exte
nt data, in an
such emergency Bill that
rete
had to be rushed
ntio
n is through Parliament
requ (Shah, 2005).
ired
Secondly, it has been
beyo
nd argued that there is a
the lack of connection to
peri
the September 11
od
for attacks, as the Act
whic contains
h
miscellaneous
the
com provisions that relate
mun to criminal law and
icati
criminal justice
ons
prov matters, as well as it
Andrea Gorra Page
73
Chapter 2 - Literature Review
Davis, 2003). The Act
also included an
increas
extension of already
es the
controversial police
general
powers, as it
powers
amended the Police
of the
and Criminal
police
Evidence Act 1984
and
and the Criminal
other
Justice and public
govern
order Act 1994
mental
(Shah, 2005).
agenci
Lord Waddington, a
es.
former Home
One
Secretary, also
exampl
argued that some of
e of
these the legislative
new measures where not
Dresponse to the
iattacks, the
r
ecooperation on
ccriminal affairs of a
t
iwide range of
vEuropean law
e
enforcement
(agencies on fighting
2
0terrorism had
0increased while
6
/previously the
2jurisdiction over
4
/police matters was
E
mainly national and
C
)so were the rules
for data protection
The (Bignami, 2007).
impor
tance The Data Retention
of the Directive 2006/24/EC
of the European
role
Parliament and of the
that
Council was
com
approv es of personal data
ed on protection (Davies
individuRetention Directive
als and were complex and
the numerous
security
The European Data
. It
gives Protection
rise to Commissioners had
a been aware of the
Directi
A 'Questionnaire on
ve in
traffic data retention'
its
was distributed by
Article
the Danish
6
presidency of the EU
requir
to all Member
es
State's governments
CSPs in August 2002. The
to objective was to
erase collate comments
all regarding the
traffic practice and
data experiences of traffic
that is data retention in
no European member
longer states in order to
neede "facilitate the
d for development of
provid strategies and
ing working agendas"
servic (Questionnaire on
es. traffic data retention,
2002). The
This
responses showed
howe
that 10 out of 15
ver
member states
had
already had a legal
been
obligation to store
chang
traffic data or were
ed in
finalising a new
the
legislation
2006
(Responses to the
Data
data retention
Reten
questionnaire,
tion 2002). A new
Directi questionnaire was
issued an important part, a
two proposal for the
years European-wide
later to retention of
obtain communications data
the was debated at the
practic EU spring summit end
es of of March 2004
the (Blakeney, 2007).
new Following this, in April
Europ 2004, the UK together
ean with France, Ireland
memb and Sweden
er submitted a joint
states proposal to the
(Quest European Union for a
ionnair framework decision on
e on the retention of
traffic communications data
data for between one and
retenti three years or
on possibly longer.
10767/ Interestingly, Spain,
04, the country where the
2004). bombings had taken
place, was not
After involved in this
the proposal. This data
train retention proposal
bombin suggested retaining
gs on communications data
March to "increase
11 prevention,
2004 in investigation,
Madrid, detection and
in prosecution of criminal
which offences, including
teleco terrorist acts" (Alvaro,
mmuni 2005; Statewatch
cations News, 2005a). This
played proposal was widely
criticise and in conflict with the
d. The current data protection
Article legislation. In addition,
29 they raised concerns
Data about the cost of the
Protecti European-wide
on implementation
Workin (Article 29 Data
g Party Protection Working
in its Party, 2004).
opinion
from Finally, in June
Novem 2005, the
ber controversial data
2004 retention proposal
reiterat was partly deemed
ed its illegal by the Legal
previou Services of both the
s view European Council
that the and Commission
mandat (Statewatch News,
ory 2005b; EDRI,
retentio 2005a). This legal
n of opinion was based
commu on the fact that the
nication proposed legislation
s data about data retention
was not was put forward as
compat a framework
ible decision. A
with framework decision
human is a legal instrument
rights under the third pillar
and (criminal
privacy
laws Andrea Gorra Page
77
Chapter 2 - Literature Review
social and
environmental
law,
policies) as it
polici
contained
ng),
obligations
wher
addressed to civil
e the
parties, namely the
Euro
service providers to
pean
retain and collect
Parlia
data. However,
ment
placing the
only
legislation under
has a
the first pillar would
cons
have weakened the
ultati
proposal because
on
Directives cannot
right
create substantive
but
and enforceable
no
rights. A Directive
real
has distinct
influe
objectives but
nce.
leaves the national
Howe
authorities the
ver,
choice of form and
the
method within a set
propo
time frame (Storey
sed
and Turner, 2005;
legisl
informal talk with a
ation
desk officer for this
shoul
dossier of the
d
European Union).
have
been
The Article 29
prese
Working Party
nted
criticised the Data
under
Retention Directive
the
again in their
first
opinion issued in
pillar
October 2005. They
(econ
argued that Traffic
omic,
data Party, 2005). As
retent mentioned above,
ion the Working Party
interf had continuously
eres questioned the
with appropriateness of
the the mandatory data
inviol retention regime
able, and issued 20
funda recommendations
ment which, however,
al were not fully taken
right into account
to (Davies and Trigg,
confi 2006).
denti
al The Data Retention
com Directive 2006/24/EC
muni amended the
ns on Privacy and
and Electronic
that Communications, by
exce "investigation,
detection and
ption
prosecution of
al
serious crime, as
case
defined by each
s
Member State in its
(Articl
national law"
e 29
(Directive
Data
2006/24/EC, Article
Prote
11). The Data
ction
Retention Directive
Worki
aims to harmonise
ng
obligations on
comm (Article 6).
unicati Exceptions are
ons possible, so that data
service can be retained for
provid longer periods
ers of (Article 12). The
the EU Directive requires
memb member states to
er introduce laws
states complying with this
but Directive by 15
does September 2007,
not however all members
aim to states asked to
regulat postpone parts of the
e the application of the
technol Directive until 15
ogies March 2009 (Article
for 15). For example, the
retaini UK has asked to
ng postpone the
data. retention of internet
Comm access, internet
unicati telephony and
ons internet email.
data
shall There is the
be possibility for criminal
retaine law sanctions for
d for a intentional access or
period transfer of data that is
betwee
not permissible under
n six
national law (Article
month
13). Access to data
s and
shall be
two
years Andrea Gorra Page
78
Chapter 2 - Literature Review
states might be
difficult,
provi
considering the
ded
lack of equivalent
to
law enforcement
the
authorities. Each
com
member state
pete
should appoint a
nt
public authority to
natio
be responsible for
nal
monitoring the
auth
security of the
oritie
stored data. This
s
should be the
(Arti
same authorities
cle
as those referred
4).
to in Directive
How
95/46/EC (Article
ever
28), which is in the
as
UK Office of the
Davi
Information
es
Commissioner, an
and
independent
Trigg
government
(200
authority and
6)
reports directly to
point
Parliament. The
s
Directives leave
out,
the issue of who is
a
going to pay for the
har
retention of
moni
communications
satio
data up to the
n of
individual member
appr
states. Critics of
oach
the 2006 Data
es
Retention Directive
betw
point out that the
een
Directive does not
mem
provide a clear
ber
defin privacy in member
ition states with weaker
of data protections.
offen Finally, the Data
ces, Retention Directive
nor 2006/24/EC does
proc not provide a
edur definition of
es "serious crime" and
for this may hence
data lead to different
acce definition in the
ss. It member states, the
does same is true for
not penalties that may
spec be imposed upon
ify failure to comply
secu with the regulations
rity resulting from the
mea Directive (Data
sure Protection Working
s Party, 2004;
requi Vilasau, 2007).
red
to
2.3.5 Discussion
safe about the
rightfulness
guar
of
d the communicati
ons data
data,
retention
whic
h All groups
resul discussion
t in acknowledge that
an the retention of
incre some
ased communications
risk data is a useful
of tool for tackling
brea cyber crime and
ch of terrorism, as it
ser communications
ves data of all citizens
as for 12 months in
evi the UK (up to 24
den months under the
ce European
of legislation) and
mo access to this
bile data by a range of
pho governmental
ne agencies in the
and UK.
inte
rne 2.3.5.1 Argument 1:
Objection on the
t
ground of human
co rights and civil
liberties
mm
uni The violation of
. used argument
Ho against the
we retention of all
the communications
re data for an
arg retention of
um communications
enti European
on Convention on
of Human Rights,
specifically with
Articl Parliament
e8 approved the
'Right Human Rights Act
to to incorporate the
respe European
ct for Convention on
privat Human Rights into
e and UK law, which
family established an
life'. enforceable right of
In privacy in British
1998 law for the first time
the in history.
Andrea 79
Gorra Page
Chapter 2 - Literature Review
ts of national
security, public safety
Article
or the economic well-
8.1
being of the country,
provid
for the prevention of
es that
disorder or crime, for
"every
the protection of
one
health or morals, or
has
for the protection of
the
the rights and
right to
freedoms of others"
respec
(ECHR, Article 8.2).
t for
As the data retention
his
legislation is
private
implemented to
and
assure national
family
security and support
life, his
the fight against
home
terrorism, European
and his
member states can
corres
implement the Data
ponde
Retention Directive in
nce".
accordance with
Howev
Article 8 ECHR.
er, this
is
Since the Human
subject
Rights Act 1998,
to
human rights
restricti
standards have been
ons
routinely
and
incorporated in
there
legislation. Under
can be
section 19(1)a of the
interfer
HRA, Ministers
ence
responsible for
by a
introducing
public
government Bills to
authori
either house need to
ty "in
provide a written
the
statement that in her
interes
or his tibility statement with
view, regard to the ATCS
the Bill Act, however, the
is ATCS Act contains a
compa number of provisions
tible that affect human
with rights, which make
the the Act is not
Conve compatible with
ntion HRA. For example,
rights, the detention without
or trial is incompatible
alterna with the right to
tively liberty of the person
that it under ECHR Article
is not 5(1), and this
compa required a formal
tible derogation from
and Article 5(1) under
that Article 15 of the
the ECHR (Tomkins,
govern 2002, p. 7; HL38, HC
ment 381 (2003-04).
nevert
heless Privacy International
wishes (2003a) argues that
the blanket data
Parlia retention would
ment subject every citizen
to to the certainty of
enact ongoing and
the Bill unremitting
into interference in his or
Home phone
Secret communications data
ary which conveys who
Andrea
Gorra Page
81
Chapter 2 - Literature Review
certainty to a
personal identity,
2.3.5.3 Ar thus blanket data
gu retention is
m
ineffective in fighting
en
crime. Even though
t
communications
3:
data can serve as
N
o evidence for crimes
de planned with help of
fin communications
ite technologies, an
lin undoubted link
k between the device
be
that had been used
tw
for communication
ee
and an individual can
n
not be established
co
m with any certainty
m and further
un investigations,
ic according to Walker
ati and Akdeniz (2003).
on This becomes
s particularly apparent
de
when a web-based
vi
email system such
ce
as Hotmail is used
an
from a PC in an
d
us internet caf, as
er Microsoft's Hotmail
Comm does not verify
unicati details of registered
ons users and internet
data cafs do not require
cannot identification. The
be use of prepaid
linked phones that do not
withou need registration
t any poses a challenge to
law searches of the
enforc retained data, as
ement legislation requires
agenci CSPs to store
es, as communications data
they for longer than
do not needed for billing
require purposes. The
the internet Service
subscr Providers'
iber to Association (Ispa)
be expects costs of 26
identifi million a year to set
ed up sufficient data
(Gow, retention measures
2005). and 9 million in
running costs to
2.3.5.4
Argum respond to law
ent 4: enforcement
High
cost of requests based on
storag estimates from one
e and
retriev large UK-based
al of internet service
data
provider (Leyden,
The
2005).
teleco
mmuni The requirement of
cations communications
and service providers to
interne store the customers'
t data for up to two
industr years and the costs
y have associated with it
highlig could also affect
hted global
the competitiveness of
high the European
costs industry compared to
for other western
storag countries. Particularly
e and
as nications data. At the
countri same time some fear
es that data retention
such may have an effect
as US on consumer
and confidence, as
Canad citizens may avoid
a have using electronic
rejecte commerce in order to
d the not have their legal
blanket transactions logged
retentio (Open Letter from
n of civil society groups,
commu 2005).
Andrea
Gorra Page
82
Chapter 2 - Literature Review
Data Protection Act
1998 data could not
2.3.5.5 be kept for any
Argum
ent 5: longer than
Potent necessary (fifth
ial use
of data principle) and the
for data stored had to be
other
purpo adequate and
ses relevant for purposes
With and not excessive
the (third principle). The
introdu DPA 1998
ction of implements the
the European Union
ATCS Directive 95/46/EC
Act, and governs the
commu collection and
nicatio process of personal
ns data of individuals by
service the government and
provide private sector.
rs are As the current data
now retention legislation
require obliges CSPs to keep
d to various types of
keep customer data for
custom longer than before,
er there are concerns
record that the data may not
s only be stored for the
which access by police and
they other public
previou authorities but also
sly had
for commercial
to
purposes, such for
erase
consumer profiling,
or
marketing purposes
anony
and CRM (customer
mise.
relationship
Under
management). Green
the
(2006) munications data is
points also of interest to
out that the music and
the recording industry
require to investigate music
ments piracy and illegal
of the file sharing in the
state European Union.
for The Creative and
long- Media Business
term Alliance (CMBA),
retentio which represents
n of large companies in
commu the entertainment
nicatio industry such as
ns data Sony BMG, Disney
coincid and EMI, has
e in an suggested to
unprec members of the
edente European
d way Parliament to be
with included in the
the latest European
extensi Directive on data
ve retention (Sherriff,
data- 2005; Thompson,
gatheri 2005).
ng
practic An additional
es of concern regarding
the the use of data for
teleco law enforcement is
mmuni that the European
cations Data Retention
industr Directive
y. (2006/24/EC) does
not define the term
The 'serious crime' used
retain in its Article 1. In the
ed same manner, the
com RIP Act allows
access or protecting public
to health (see section
comm 2.3.3.1). Tony
unicati Bunyan, editor for
ons Statewatch points
data out that the retained
under communications data
a wide maybe also be of
range interest to future
of uses of
purpos governments, as the
es, data could be used
such for social and
as political control
public (Statewatch News,
safety 2005c).
Andrea
Gorra Page
83
Chapter 2 - Literature Review
ement agencies is
seen as beneficial
2.3.6 S
and is supported by
y
nall stakeholders
o
involved. The central
p
selements for debates
i
have been whether
s
the blanket retention
o
fof all citizens' data for
an extended period
d
aof time is justified
tand proportionate for
a
the purpose of
rfighting terrorism. In
e
tthe UK, there are
ediscussions about
n
twhether some
iagencies should only
o
nhave access to
certain types of
d
icommunications
sdata, as traffic data is
c
useen as more
ssensitive than user
s
iand service data. As
oa result of the 2003
n
consultation process,
access by numerous
The
agencies to
retenti
communications data
on of
has been deemed
some
justified by the Home
commu
Secretary.
nicatio
ns data
A strategy of data
to be
preservation is
access
favoured by many
ed by
parties, as it would
law
not infringe on the
enforc
privacy of innocent
commu nt by the Home
nicatio Office, as this would
ns only enable access to
users. data for a limited time
In before it would be
additio deleted by
n, this communications
would service providers.
also The main issue
save seems to be whether
money retention of data is
to the seen as proportionate
CSPs and the responses by
as less stakeholders differ
data widely.
would
have to
2.3.7 Summary
be Part 3
stored
The third and last
and
part of this chapter
access
has introduced the
ed in
legal framework as
respon
relevant to the
se to
retention of mobile
request
phone
s by
communications data
eligible
in the UK. It has
organis
become apparent
ations
that a complex
under
interplay is taking
the RIP
place between the
Act.
national legislation in
Nevert
the United Kingdom
heless,
and the European
preserv
legislation, such as
ation is
the European
not
Convention on
seen
Human Rights. This
as
section has detailed
sufficie the legal instruments
relevan an Directive
t to 2006/EC/24.
commu Legislation on data
nicatio retention has been
ns data widely debated within
retentio the United Kingdom
n: the and the European
Regula Union, from its initial
tion of introduction to the
Investi implementations of
gatory the RIP Act and the
Powers ATCS Act in the UK
Act and the Data
2000, Retention Directive
the 2006/24/EC by the
Anti- European Union. The
Terroris section has painted a
m picture of data
Crime retention in legislative
and terms, while carefully
Securit ensuring to consider
y Act the viewpoints of the
2001 most relevant
and the stakeholders in the
Europe debate the retention.
Andrea Gorra Page
84
Chapter 2 - Literature Review
communications
data retention in
2.4 S general have been
u
addressed with a
m
mthreefold
a approach. This
r
y chapter has firstly
o focused on recent
f technological
c
h developments
a regarding mobile
p
t phone location
e data within the UK,
r followed by a
The discussion of
ry essential
re of legislative
area
Mobile phone
of
location data is an
mobi
inherent part of
le
mobile
phon
communications, and
e
advances in
locat
computer
ion
technologies have
data
facilitated the long-
and
term storage and
the
analysis of this data.
long-
Communications data
term
may be obtained and
rete
used by law
ntion
enforcement for
of
crime ance societies. The
and potential of
terroris inappropriate use of
m the retained
investigcommunications data
ations may result in
but infringements of the
also by mobile phone user's
comme privacy, which makes
rcial checks and
provide safeguards to ensure
rs to accountability
offer necessary. Before the
service September 11 attacks
s there had been
based widespread criticism
on of the long-term
locatio retention of
n. The communications
widesp data. However, the
read attacks have been
use of used in the UK and
informa EU-wide to evoke a
tion paradigm shift in
and storing and accessing
commu this type of data. The
nicatio retention of data was
ns justified under Article
technol 8.2 of the European
ogies Convention on
for Human Rights, but
admini the wide range of
strative purposes for which
and the data can be
control accessed under the
purpos Regulation of
es is Investigatory Powers
seen Act 2001 and the
as a European Data
trait of Retention Directive
surveill 2006/24/EC, have
been ter focuses on
widely the
criticise methodology
d. that has been
used to collect
T
empirical data
h
in order to
e
portray the
views of
n
ordinary
e
citizens in the
x
complex
t
debate about
c
technological
h
influences on
a
individual
p
privacy.
Andrea
Gorra Page
85