Cell phone tracking services available in UK and elsewhere

coderman coderman at gmail.com
Sun Feb 26 17:52:06 PST 2006 

... and people wonder why i don't have a cell phone (this is one of
many reason, although the largest being annoyance rather than privacy
for me):


---cut---
http://news.bbc.co.uk/2/hi/programmes/click_online/4747142.stm

 Mobile tracking devices on trial

		By Spencer Kelly
Click presenter

Your mobile phone is a beacon - a radio transmitter in a box.
Therefore it is possible to trace the signal and work out where it is.

There are now several web companies which will track your friends' and
family's phones for you, so you always know where they are.

But just how safe is it to make location details available online?

There are several reasons why you may want to track someone. You may
be a company wanting to keep tabs on employees during work hours, or a
parent wanting to check up on a child's whereabouts.

These sorts of tracking services, now available in the UK, get
information from the network about which cell your phone is currently
in, and, for a small fee, display the location on an online map.

As well as checking where a certain phone is right now, you can run
scheduled lookups, or snail trails, to record the phone's movements
throughout the day, and produce a report for you to peruse at your
leisure.

Obviously you cannot just enter any mobile phone number and expect to
track someone.

First of all you need to prove your identity, via a credit card, and
then, crucially, the owner of the phone in question needs to consent
to being tracked.

The owner is sent a text message telling them about the tracking
request, to which they must reply.

Experiment

The question is: is it possible to circumvent this security, and track
someone without their knowledge?

I attempted to find out, using regular contributor Guy Kewney, an
independent technology journalist and, for one day only, human guinea
pig.

I sent him on a tour of London. He could go anywhere he wanted, and I
planned to meet up with him later and tell him, hopefully, where he
had been.

Guy did not know that when I borrowed his phone for a few minutes
earlier in the day, I took the opportunity to register it on one of
the tracking services.

I received the incoming text message warning him about the tracking,
responded to it and then deleted it from his inbox.

When I gave him his phone back, Guy had no idea he was now in
possession of a consenting tracking device.

Hence, a little while later, I could watch him emerge from the tube at
the start of his tour.

But just borrowing someone's phone for a few minutes is too obvious a
loophole. It is one which has already been closed by an industry body
which oversees new technologies such as mobile tracking services.

Voluntary rules

The Mobile Broadband Group has drawn up a voluntary code of conduct
which the networks in the UK ask location providers to stick to.

One of the conditions of the code is that after a phone is registered
as a tracking device, reminder texts should be sent to the phone at
random intervals.

This way, it should be impossible for a malicious tracker to intercept
every reminder.

The problem is, those random reminders are not required to be sent
very frequently.

We tracked several phones over several days, and often had to wait for
a day or two before receiving a reminder message.

Hamish Macleod from the Mobile Broadband Group, who came up with the
code of conduct, argues this is enough.

He said: "We assessed this risk during the development of the code and
consulted obviously with all the experts that we did, and the schedule
of random alerts that we came up with we thought was adequate to
protect against the risks.

"This is a situation to be kept under review as the service is developed."

Child-safe?

With more and more children owning mobile phones, special attention
needs to be given to who can track them.

If you are not a genuine parent or guardian, the code requires
location services to check that both the tracker and the person being
tracked can prove they are consenting adults.

Mr Macleod says: "The person that is to be located has to demonstrate
to the service provider they are at least 16 years old.

"They can do this through various channels, for example they can get a
credit card number which is used as a proxy for age verification, or
something like that."

At least, that is what is supposed to happen. But neither of the
services we tested asked the person being tracked to prove they were
an adult.

Although they did ask us for the age of the person we wanted to track,
they did not check we were telling the truth.

The companies were not following the letter of the code and, what is
more, no-one was holding them to account.

	
HAVE YOUR SAY
What do you make of the new mobile tracking services online? Is it
ever possible for regulation to keep up with technology?

Neither service would comment on this oversight.

Although the code of conduct was well intentioned, the Mobile
Broadband Group admits it will need refining as loopholes become
apparent.

It also highlights the limits of such voluntary codes, and the
problems with policing them.

Jago Russell from the human rights group Liberty says: "We have
concerns in general about industry codes of practice. They aren't
legal regulation; they don't give the consumer an effective legal
remedy if the code of practice isn't complied with.

"So in many ways they're not really worth the paper they're written on."

Changes

As a result of our investigation, The Mobile Broadband Group is making
some changes to the code of conduct.

The frequency of the random reminders is going to be increased, and
the code will make clearer the appropriate way to check the age of the
participants.

Guy Kewney says: "It's a shame but then if you start regulating new
technology you usually fall down because people don't expect the
unexpected.

"The real problem is that you can't actually perceive the unintended
consequences of your technology change, so a hard and fast rule that
says 'don't do this' won't stop you doing that, in which case you've
wasted your time passing it."

Should we really be worried about being tracked by mobile phones?

Guy Kewney says: "You can worry about anything in this society. If I
wanted to track you, the easy way to do it is - well you've found one
way, but if they've closed that loophole or if it becomes tricky -
then I just hire a private detective.
---end cut---

does anyone have a list / site for good research on anonymous wireless
communications?  there seem to be few papers or projects dealing with
this particular transport method.

http://citeseer.ist.psu.edu/diks95anonymous.html
"We introduce anonymous wireless rings: a new computational model for
ring networks. In the well-known hardware ring each processor has two
buffers, one corresponding to each of its neighbors. In the wireless
ring each processor has a single buffer and cannot distinguish which
neighbor the arriving bit comes from. This feature substantially
increases anonymity of the ring. A priori it is not clear whether any
non-trivial computation can be performed on wireless rings. "

are wireless rings the most effective without excessive resources /
inefficiency?

More information about the cypherpunks-legacy mailing list