Data retention question

Roland Perry lists at internetpolicyagency.com
Tue Jul 29 11:44:37 BST 2014 

In article <53D3AF99.6000804 at pelicancrossing.net>, Wendy M. Grossman 
<wendyg at pelicancrossing.net> writes
>>> "Criminals would like that" is not universal knock-down argument.
>>> Cameras in every
>>> bedroom would reduce domestic violence.
>>
>> Not very much, it generally takes place elsewhere.
>>
>>> You don't have to be a defender of violent abusers to think that it
>>> isn't an appropriate response.
>>
>> But being able to show where emailed death-threats (eg from an estranged
>> ex-partner) were coming from might help.
>
>One of the most concerned people I know about data privacy is Cindy
>Southworth, the executive director of the (US) National Network to End
>Domestic Violence. I doubt you'll find her favoring data retention as a
>solution - the much bigger risk is the abuser being able to track his
>victim.

Cindy has legitimate concerns, which I share, but it's a different kind 
of data she's talking about - at an application layer. These are the 
geo-location facilities in smartphones which facilitate primarily 
cloud-based apps such as 
monitor-my-employee/track-my-child/find-my-phone/map-my-photos.

It's fairly easy for an abuser to gain unauthorised access to such 
information, and victims (or survivors as they are called in DV circles) 
need to be more aware about the potential for their activities to be 
monitored. The abuser already knows where they live, and pretty much 
everything else about their digital accounts and footprint. The data is 
almost certainly being held by a US-based organisation and isn't in a 
class that Eu data retention or disclosure rules have much traction on.

Once someone has fled to a shelter (in the UK we'd call them a refuge) 
everyone agrees it's important to completely cease doing whatever it is 
that's been causing leakage in the past, to forestall further tracking; 
although throwing the phone away and/or cancelling all the online 
accounts is unpopular advice in many quarters. But just 'turning off 
gps' is not enough.

The data which current proposals talk about "retaining", and I say would 
be useful to track abusers, is at the access level (Comms Data including 
subscriber details, and not content, to use RIPA terms).

And is useful to catalogue the abuser's activity and for example whether 
they are breaking any restraining orders. Classic domestic violence is 
not the only form of abuse either, and in the early days one of the 
biggest fears arising from victims is not knowing who their abuser is. 
If access data can be used to establish a simple fact like that, it can 
be very helpful.

-- 
Roland Perry

More information about the ukcrypto mailing list