Do You Think Operators Really Care About Your Privacy? at MobHappy


Do You Think Operators Really Care About Your Privacy?by Carlo Longino on January 23rd, 2006 in Community Power

There’s been a bit of an uproar in the US the last couple of weeks over the online sale of people’s mobile phone records. The basic idea is that you go to one of these Web sites, pay $100 or $150, give them a phone number, and within a few hours, they send you the last month’s worth of call records for that line. This has been possible for quite some time, but has come into public focus lately, spurred on in part by some bloggers buying a former presidential candidate’s records, and now politicians are getting in on the act, trying to make it look like they care and score some political points by saying they’ll introduce laws to make the sales illegal.
Carriers, meanwhile, “applaud” the bills and “supports the efforts” acting tough on this issue — Verizon in particular has a history of suing these people and describes that as “aggressively protecting customer privacy”. But, they’re masking the real issue, and the media is letting them get away with it.
The real issue is why operators are letting them get this information. There’s no doubt that selling this information should be illegal. But so should letting it out in the first place. It’s unclear exactly how these companies get the records, but it’s probably through some form of social engineering. The ease and speed with which they get the records is particularly troubling, and indicates either the system is easily gamed, or they have contacts working inside the operators. In either case, there needs to be some serious motivation for carriers to lock things down. If the information wasn’t so readily available to begin with, people wouldn’t be selling it.
So the brokers aren’t the only accountable ones here, the operators are responsible for leaking the information too. And without significant motivation to patch the leaks, they won’t do so. They’ll just keep on suing people after the fact for selling information they shouldn’t have let out in the first place. After all, what sounds better? “Verizon Wireless Carelessly Shares Users’ Call Records”, or “Verizon Wireless Takes Aggressive Legal Action To Stop Attempted Theft Of Customer Information By Florida Firm”? To be fair, some government-types have mentioned raising operators’ responsibilities, but I’ve got little hope they’ll do anything meaningful. Until the penalties actually mean something, it’s hard to see carriers really caring.
Don’t think this is an issue limited to the US, either. A story out of the UK’s been making the rounds about a site that says it can track the location of any UK mobile phone to within 50-500 meters. Users enter the number of the phone they want to track and an SMS gets sent to that number asking if the user consents. What’s unclear is if the company behind the site can access the location information even if the user doesn’t consent, and the consent simply dictates whether or not that information can be shared with a third party.
Surely some will defend this as opt-in, as no different than a user choosing to use a service that locates themselves, say to find the nearest ATM or gas station. But there really is a significant difference between someone pushing their information to a service and being asked for it. Presumably, the company could either game the system so they could track whoever they like, or, as I said, the consent really doesn’t matter. In any case, let’s hope they simply just can’t access the information without someone’s okay. Presumably the carrier bills for these lookups on a per-use charge — so why should privacy get in the way of a few pence?