Saturday, June 15, 2013

Betrayed by our own data

Mobile phones are tracking devices that reveal much about our lives. One look at our interactive map of data provided by the Green party politician Malte Spitz shows why.
A visualization of data collected by Malte Spitz's mobile phone

A visualization of data collected by Malte Spitz's mobile phone

The seminal electronic band Kraftwerk was well ahead of the curve musically, but even the lyrics to their 1981 song "Computerwelt" can seem uncannily prescient. "Interpol and Deutsche Bank, FBI and Scotland Yard, Flensburg and the BKA, they’ve got all our data squirreled away." What was unimaginable 30 years ago later sounded rather threatening. But today, the words are downright silly.
While government authorities like the BKA, Germany’s Federal Office of Criminal Investigation, (and the country’s database of traffic violations in Flensburg) do indeed have a trove of information about us, the greatest source of data about our lives is much more banal. The real snitch is in our pocket – our own mobile phone betrays us. That’s why the Chaos Computer Club has rechristened the powerful mini-computers we carry around with us as "tracking devices" revealing where we’ve been and what we’ve been doing.
In a report prepared for Germany’s Constitutional Court in July 2009 , the hacker group described what kind of information could in theory be collected according to the country’s data retention (Vorratsdatenspeicherung) rules and what could be gleaned from it. The court later stopped data retention as it was practiced at the time, but law enforcement officials and the government have by no means abandoned the concept. The possibilities offered by such seemingly harmless data are just too seductive. In the next few weeks, the German government is set to decide on new data retention rules.
Most people’s understanding of what can actually be done with the data provided by our mobile phones is theoretical; there were few real-world examples. That is why Malte Spitz from the German Green party decided to publish his own data collected from August 2009 to February 2010. However, to even access the information, he had to file a suit against telecommunications giant Deutsche Telekom.
Click on the graphic to access the interactive map
Click on the graphic to access the interactive map
The data, which ZEIT ONLINE has made available for download and acts as the basis for our accompanying interactive map , were contained in a massive Excel document. Each of the 35.831 rows of the spreadsheet represents an instance when Spitz’s mobile phone transferred information over a half-year period. Seen individually, the pieces of data are mostly inconsequential and harmless. But taken together, they provide what investigators call a profile – a clear picture of a person’s habits and preferences, and indeed, of his or her life.
This profile reveals when Spitz walked down the street, when he took a train, when he was in an airplane. It shows where he was in the cities he visited. It shows when he worked and when he slept, when he could be reached by phone and when was unavailable. It shows when he preferred to talk on his phone and when he preferred to send a text message. It shows which beer gardens he liked to visit in his free time. All in all, it reveals an entire life.
  • With whom, when, how long and where
  • No longer innocent until proven guilty
The law that the German Constitutional Court ruled unconstitutional on March 2, 2010, has been in place since 2008. It requires all telecommunications providers with more than 10.000 customers to save records of all calls and connections for six months.
That means the entire communications record and all attempted efforts at communication via telephone, SMS, e-mail or internet are logged and preserved for half a year. Not the actual content, but all kinds of metadata that can reveal something about the type and nature of a contact.
To illustrate just how much detail from someone’s life can be mined from this stored data, ZEIT ONLINE has "augmented" Spitz’s information with records that anyone can access: the politician’s tweets and blog entries were added to the information on his movements. It is the kind of process that any good investigator would likely use to profile a person under observation.
To prove how exact the data provided by his mobile phone is, his appointments are also shown as they were publicized on the Greens’ website. The locations revealed by mobile towers are mirrored there.

Deutsche Telekom’s dataset already kept one part of Spitz’s data record private, namely, whom he called and who called him. That kind of information could not only infringe on the privacy of many other people in his life, it would also, even if the numbers were encrypted, reveal much too much about Spitz (but government agents in the real world would have access to this information).
While data retention allows for the creation of a profile of an individual’s movements, it also paints a picture of a person’s relationships. The data reveal who is a friend and who is family. The information shines light on clandestine connections as well as illicit love affairs.
Spitz is a politician, and as a member of the Greens’ leadership council he’s on the road a lot. While this means he is not an average citizen in some ways, his frequent use of his mobile phone – making calls, texting and surfing the internet – is decidedly mainstream for many these days.
Every ten minutes, Spitz’s phone checked in with his provider to see if there were new e-mails, a function that many smart-phone owners have activated. Since his phone was rarely turned off, Spitz’s movements were tracked 78 percent of the time.
Six months – that’s how long many German politicians want data on calls and e-mail exchanges to be retained and it’s the same amount of time Spitz made himself available. Such a period would clearly suffice for investigators to be sure a person had no more secrets. Indeed, as long as a mobile telephone is turned on, the activities of its owner are being broadcast. And even if a phone isn’t on all the time, there can still be enough information available to create an accurate profile.
Thirty years ago, Kraftwerk’s line "Flensburg and the BKA" described a world where personal data had slipped out of our control and into the hands of big government agencies. Today, that lyric would have to be changed to: Telekom and the BKA, they’ve got all our data squirreled away.

No comments: