The government has its sights set on records of your daily travel in its wishlist of stored data. But do you want to reveal such private information?
By Alison Potter
If privacy laws and the metadata furor seem a little esoteric, you may change your mind after trying this creepy or cool function from Google.
Login to Gmail at the Location History webpage and Google will regurgitate a plotted timeline and map: a detailed history of your every movement for the past 30 days.
It’s a minute by minute record of where you’ve been with your phone or tablet. This data infers where someone lives, their habitual movements, where they work, where and with whom they eat, drink and socialise, what medical assistance they sought, businesses visited, and any political or religious gatherings they attend.
Take a look at ‘Sean’s’ (not his real name) location history map and timeline below. You can see where he was at any given time of the day.
In the wrong hands, this could be a liability. And the Government wants it stored and available for investigation.
There has been much confusion around metadata retention and what the Government wants to access, but the issue of personal location data has been largely overlooked by the media.
In August Fairfax media released a confidential leaked “preliminary”industry consultation paper detailing the Government’s wishlist of telecommunications data they want access to. The last requirement on the list is: “to capture the physical and logical location of the device or equipment used to send or receive a communication.”
It’s just one part of its data retention regime devised to give law enforcement and spy agencies access to customer identifiable information, possibly without a warrant.
If you have Locations Services activated on your iPhone, iPad or android (which is pretty likely if you use apps such as Google Maps or Facebook), and it is logged into a Google account, your device is constantly tracking and recording your location.
And the Find My Phone app is also plotting your phone’s GPS coordinates.
Think it’s none of Google’s business?
Many inferences can be drawn from this stark record of where we go and who we meet, and these are a valuable commodity for Google and its advertisers. Let’s face it, Google’s business is based on knowing our business.
But this data also provides us with useful services that we are increasingly dependent upon, such as searching maps and localised weather and traffic updates.
Location services is an opt-in feature, and on the website Google gives us the choice to delete certain locations that we’ve visited (could be useful), or to delete the whole history. And you can choose have your location services on your device deactivated.
Freedom Press details how to do this on both Android and Apple devices.
How long is it stored for?
Even if we can delete our record of location history, how long is that information kept by Google?
Forbes magazine asked Google how long they stored the information for but the response was unspecific. Google said there was a grace period for users who accidentally deleted their data or if it had been hacked, so they could access it again. But time frames were not supplied.
The Government wants it stored for two years.
Is it secure?
The recent release of nude celebrity photos that were stored in iCloud back-up accounts is a timely example of how accessible our private data, photos, emails and messages are.
Security researcher Nik Cubrilovic says it’s likely that passwords and usernames were hacked to access information that had automatically been backed up into the cloud from phones.
Cubrilovic, who has researched hacking operations, says realtime location data in the form of GPS coordinates would have been available to the hackers through the Find My iPhone app. He wrote in the Guardian about how the hacking networks can operate.
“There are people out there who are turning over data on friends in their social networks in exchange for getting a dump of their private data.”
The frequent source of new leads for targets seems to be newcomers who know somebody they want to hack and have stumbled onto one of the networks offering their services. The new contributor will offer up a Facebook profile link, plus as much information as is required by the hacker to break the account, plus possible assistance in getting a remote access tool installed if required.
In exchange, the hacker will supply the person providing the lead with a copy of the extracted data, which they will also keep for themselves. This was one of the most unsettling aspects of these networks to me: knowing there are people out there who are turning over data on friends in their social networks in exchange for getting a dump of their private data.
Many of us just don’t realise that all this personal, sensitive data is being collected.
Because the data is linked to an account, not a device, this means that anyone with access to your phone or tablet can add another account, turn off syncing and other indicators of the account, and quietly track your device from any computer with internet access.
How big is Big Brother?
Since the September 11 terrorist attacks there has been a massive expansion in the coercive powers of a long list of federal and state government agencies. They can compel individuals and companies like Yahoo, iinet, Google, Telstra, Instagram and Facebook to provide evidence or information – including telecommunications data such as location history.
Just some of these bodies are ASIO, corporate regulators ASIC and APRA, the Office of Taxation, the Australian Crime Commission, the Department of Immigration, Department of Human Services, Customs and Border Protection, Centrelink and Medicare, even the RSPCA, Australian Post and local Councils.
These agencies’ powers are often greater than those of the police, with fewer legal checks and balances needed to enact them. Authorisation comes from a bureaucrat within the agency or senior police.
According to figures from the Attorney-General’s department, federal and state government agencies accessed private telecommunications and internet data, without a judicial warrant, 319,874 times during criminal and financial investigations in 2012-13. This is an 11 per cent rise in a year, and a 31 per cent jump over two years.
Google is now releasing reports detailing the number of government requests for user data it handles, and how many are fulfilled. It turns out the Australian Government is in the top ten, globally, when it comes to requesting user information about Google customers.
According to analysis by security industry website CSO, user data requests by the Australian Government increased by 29% from 2012 to 2013. Australian agencies made 780 user data requests of Google in the six months of the second half of 2013.
Telecommunications data is a vital investigative tool for Australian law enforcement and national security agencies. It is often requested in the early stages of an investigation.
But these intrusions can also gravely undermine the privacy of Australians. Civil liberties and legal groups say coercive powers are becoming a regular tool. They say this is eroding the common law right to remain silent, and allowing investigators to go on fishing expeditions for intelligence and evidence.
When bureaucrats talk of ‘metadata’ its easy to imagine endless reams of code and numbers stored in warm, humming warehouses of servers with lots of flashing lights. Your inconspicuous data comingled with that of millions of others.
The view changes when you can see a 24-hour depiction of your movements onscreen. Suddenly, metadata looks much more like a diary.
Would you give your diary to the State Library in the hope it just sat on the shelf and nobody wanted to read it?