Data retention question

Peter Fairbrother zenadsl6186 at zen.co.uk
Tue Jul 15 23:33:00 BST 2014 

On 15/07/14 21:28, Graham Cobb wrote:
> On 15/07/14 21:03, Peter Fairbrother wrote:
>> A better answer - the sort of data

[mobile device location data when email polling]

>> you mention are not regularly
>> collected in bulk in the UK. The types of data which are regularly
>> collected in bulk are fairly limited [1], and relate mostly to calls and
>> texts.
>
> But for mobile phone calls, location (Cell ID) is on that list...
>> [1] SCHEDULE
> ...
>> Data necessary to identify the location of mobile communication equipment
>>
>> 10.  (1)  The cell ID at the start of the communication.

The part you quote comes under the heading "MOBILE TELEPHONY" - so I 
think for location data to be retained under DRIP it has to be mobile 
telephony of some kind, ie calls.

For internet access, internet email, or internet telephony, the data to 
be retained are different, and do not include location data.

There terms are not defined in strange ways, so they take on their 
everyday meanings. To most people, mobile internet is not mobile 
telephony - telephony means sound, and the telephone system.




What I meant was, in practice, I don't think cellphone companies 
actually do retain location data for email polling events under the 
Directive (or DRIP). Probably.

The email server should retain log-ins and log-outs - but those records 
would not include location data.

The cell service provider, in its role as internet service provider, 
should record log-ins and log-outs to the internet service as well; 
which might or might not include occasions when an email server was 
polled. But again, I don't think the data to be retained would include 
location data.

>
> So, can we be sure that because location is NOT on that list for other
> types of communication, it is not collected or available for them?

Even if we are not targeted, we cannot ever be *sure* that the data is 
not retained - it may be retained for other reasons, eg for purposes of 
the service provider, or under ATCSA (which is remarkably flexible as to 
what data may be retained), and probably under some other laws too.


> So, if you are not being individually targeted, you can avoid having
> your location recorded by avoiding using voice calls (use texts and/or
> VoIP instead?

Ah, possibly, though "mobile telephony" may just about include texts. 
Everyday meaning, remember?


However if you are using VoIP in the form of "internet telephony", then 
different rules apply; and perhaps location might not be recorded by the 
cell service provider when this is done using a mobile device.

If you use a vpn or even SSL, the cell service provider may not even 
know when you are using VoIP - or who you are calling - anyway ...  but 
I wouldn't risk much on that.

An "internet telephony" service provider should of course record call data.

But then, VoIP need not go through such a provider ..

-- Peter Fairbrother

More information about the ukcrypto mailing list