Data retention question
Peter Fairbrother
zenadsl6186 at zen.co.uk
Tue Jul 15 23:33:00 BST 2014
On 15/07/14 21:28, Graham Cobb wrote:
> On 15/07/14 21:03, Peter Fairbrother wrote:
>> A better answer - the sort of data
[mobile device location data when email polling]
>> you mention are not regularly
>> collected in bulk in the UK. The types of data which are regularly
>> collected in bulk are fairly limited [1], and relate mostly to calls and
>> texts.
>
> But for mobile phone calls, location (Cell ID) is on that list...
>> [1] SCHEDULE
> ...
>> Data necessary to identify the location of mobile communication equipment
>>
>> 10. (1) The cell ID at the start of the communication.
The part you quote comes under the heading "MOBILE TELEPHONY" - so I
think for location data to be retained under DRIP it has to be mobile
telephony of some kind, ie calls.
For internet access, internet email, or internet telephony, the data to
be retained are different, and do not include location data.
There terms are not defined in strange ways, so they take on their
everyday meanings. To most people, mobile internet is not mobile
telephony - telephony means sound, and the telephone system.
What I meant was, in practice, I don't think cellphone companies
actually do retain location data for email polling events under the
Directive (or DRIP). Probably.
The email server should retain log-ins and log-outs - but those records
would not include location data.
The cell service provider, in its role as internet service provider,
should record log-ins and log-outs to the internet service as well;
which might or might not include occasions when an email server was
polled. But again, I don't think the data to be retained would include
location data.
>
> So, can we be sure that because location is NOT on that list for other
> types of communication, it is not collected or available for them?
Even if we are not targeted, we cannot ever be *sure* that the data is
not retained - it may be retained for other reasons, eg for purposes of
the service provider, or under ATCSA (which is remarkably flexible as to
what data may be retained), and probably under some other laws too.
> So, if you are not being individually targeted, you can avoid having
> your location recorded by avoiding using voice calls (use texts and/or
> VoIP instead?
Ah, possibly, though "mobile telephony" may just about include texts.
Everyday meaning, remember?
However if you are using VoIP in the form of "internet telephony", then
different rules apply; and perhaps location might not be recorded by the
cell service provider when this is done using a mobile device.
If you use a vpn or even SSL, the cell service provider may not even
know when you are using VoIP - or who you are calling - anyway ... but
I wouldn't risk much on that.
An "internet telephony" service provider should of course record call data.
But then, VoIP need not go through such a provider ..
-- Peter Fairbrother
More information about the ukcrypto
mailing list