Cell Phone Tracking Reveals Users' Habits

DinkyDogg writes "'New research that makes creative use of sensitive location-tracking data from 100,000 cellphones in Europe suggests that most people can be found in one of just a few locations at any time, and that they do not generally go far from home.' More interesting than their conclusion, however, is how they got their data. 'The researchers said they used the potentially controversial data only after any information that could identify individuals had been scrambled. Even so, they wrote, people's wanderings are so subject to routine that by using the patterns of movement that emerged from the research, "we can obtain the likelihood of finding a user in any location." The researchers were able to obtain the data from a European provider of cellphone service that was obligated to collect the information. By agreement with the company, the researchers did not disclose the country where the provider operates.' Any guesses which European country requires cell phone providers to record where their customers make calls, and then allows them to give that data away without disclosing that they have done so?"

Data has not been anonymized

[hweimer]

Contrary to what the paper suggests, the data has not been anonymized. Proper anonymization means that you cannot derive correlations between the behavior of the individuals, which was the whole point of the paper.

I don't know the exact legal situation in every European country. However, in EU countries this is regulated by the Directive on the protection of personal data, which requires for scientific use that safeguards have to be taken to prevent the identification of individuals. For some countries like Germany this means that the data has to be anonymized, although it is a grey area whether pseudonymization is sufficient.

More details on that matter can be found on my blog.

Pretty sure it must be the Netherlands

[Idaho]

If you think the USA is bad with regards to telephone taps and the like, try the Netherlands.

Last year, in the Netherlands 25,000 phones where tapped (for different periods of time). These are published numbers (I could link to them but the articles are in dutch only so, well..)

In the USA, the official numbers are somewhere around 2200 phone taps (in 2007).

But that's not all; keep in mind that the USA has over 300 million inhabitants. The Netherlands has only 16 million.

So either the USA government is doing a much better job of keeping even the fact that phones are tapped at all hidden from public scrutiny, or it really is much, much worse here (in this regard, at least).

Re:Odd conclusion

[Richard+W.M.+Jones]

Here in Europe, in some countries, cell phone companies offer a service that can reveal a phone's location (with the precision of a fraction of a kilometer/mile) at any given time from any place actually ... Any tracking (except maybe for aid in criminal investigations?) without the owner's consent would be very illegal.

Very definitely this is used in criminal investigations. In the case of the Soham murders back in 2002, one of the victims had a phone which the murderer had turned off. In a public appeal the police said they'd sent a message to the phone, trying to trick the murderer into turning the phone on (which would reveal its location).

In fact this trick didn't work, but mobile phone location data was still crucial. Police plotted all the walking routes around where the phone was last located just before it was switched off, and from this found the suspect (later, murderer's) house and also disproved his alibi.

Rich.

I Disagree

[FurtiveGlancer]

"Anonymized" may be defined as data that cannot be traced to a named individual. Individuals may still be tracked by other means (arbitrarily assigned number, vice real phone number) to determine patterns without violating individual privacy. So long as they don't specify home addresses, cell numbers or other personally identifiable data, this is valid anonymity.

Of course, this is different from claiming that the data would be used for statistical puroposes only. This study used the data for sample correlations beyond bulk statistical analysis.

Re:Well, there goes the myth of the EU saner than

[MrMr]

The (putative) sanity of the EU is not really the issue. It appears that the provider and the researchers have violated the EU legislation, and especially "Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data" ( http://en.wikipedia.org/wiki/Directive_95/46/EC_on_the_protection_of_personal_data ).

For instance with respect to this article:

Personal data are defined as "any information relating to an identified or identifiable natural person..."

I'm not sure 'anonymizing after billing' as the authors did is sufficient to make the data non-personal (the gist of the article is after all that you can be identified by your stereotypical movements...)

Data may be processed only under the following circumstances (art. 7):

        * when the data subject has given his consent
        * when the processing is necessary for the performance of or the entering into a contract
        * when processing is necessary for compliance with a legal obligation
        * when processing is necessary in order to protect the vital interests of the data subject
        * processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed
        * processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject

None of those conditions seem to be met...