German Member of Parliament, Malte Spitz (blog), sued his mobile phone operator T-Mobile to obtain access to the data (Google translation) they had on him. After a lengthy legal process he won and received about half the data they had in their possesion.
Relating to “data” as an abstract can be difficult, because it doesn’t put it in any meaningful context. Spitz, together with the newspaper Zeit Online, decided to make an attempt at providing that context.
The result is an absolutely fantastic page where you can backtrack Spitz’s whereabouts. By combining geospatial data with other publically accessible information, such as Twitter posts, it’s an effective display of the power and insight the Data Retention directive give whoever can access the data. (The page is in German, but the Google translation should be enough. Press the Play-button, and adjust speed using the lever labeled Geschwindigkeit.)
What They Know
The phone companies store what is called Call Data Record, or CDR for short, containing meta data on the service they provide, such as information on the service type, telephone numbers, the length of the call, its duration and what cell towers were involved in relaying the call. The CDRs were originally designed for internal use, primarily for accounting, but are now stored for a minimum of six month to provide records for law enforcements.
Without going into too much detail on the contents of the Data Retention Directive (2006/24/EC) it is worth noting that its scope goes well beyond what Spitz received from T-Mobile. The contents of all text messages are also stored; the URLs of visited webpages and sent emails too.
It would be interesting to replicate Herr Spitz’s move in other countries to see the reactions from authorities and the from the phone companies. The amount of location data you would get on yourself would certainly put the likes of Gowalla or Foursquare out if business in a heartbeat!
Whom Do We Trust
What really worries me is how much we trust our authorities. Even though Europe is quite stable politically, we seem to have forgotten many of the lessons of our past and the importance of not centralizing too much of information about people in the hands of a few. Remember that political stability, historically speaking, is an anomaly. Even in Europe at this time, certain developments should remind us that we should never take a democratic consensus for granted. There’s also the lesson we learn from the rest of the world. Imagine how tools like this could be used in Egypt, Tunisia or Libya.
One could even argue that passing western laws like this enable misuse in other countries simple because we create tools that enables it. Western companies develop most of the software and hardware that power the global communications infrastructure. Everything that gets developed in the western world eventually find its way to rouge states – if not via official exports then though the black market. Creating a data retention solution, like Narus Insight or (the aptly named) HP Dragon, is well beyond the reach of most countries if they had to do it themselves.
From a global perspective, it puts us on a very slippery slope. Maybe west needs to accept responsibility for misuse of the tools we unleash upon the world?