Skip to content Skip to main navigation

Features

Sponsored by Crucial - delivering premium web hosting to Australian businesses 24x7x365

Big Brother is Watching. Government Invades Resident Privacy

By trixyf - 27 March 2013 58

the one eye sees all

ACT Territory and Municipal Services (TAMS) has admitted to surreptitiously tracking and recording the movements of residents in Canberra’s South through the interception of the private Bluetooth emissions of their mobile phones and car hands-free systems.

TAMS has collected these data as part of its evidence base in support of the highly controversial plan to implement more than 82 traffic calming devices across the southern suburbs of Chisholm, Gilmore, Richardson, Macarthur, Fadden and Gowrie.

The data were reportedly used to map traffic flows and to measure ‘rat-running’ of traffic through the aforementioned suburbs. Collection apparatuses were placed by the side of the road at all entrance and exit points to each suburb. Under the project, if the same signal was received at two collection points, it was inferred that the vehicle had ‘rat-runned’ through the suburb.

All traffic with Bluetooth devices entering or leaving each suburb was tracked as part of the study, conducted jointly by Purdons Consulting and TAMS, in December 2012. This capability would normally require obtaining a warrant under the Telecommunications Interception and Access Act 1979, which was intended to restrict the activities of domestic law enforcement agencies. Further, there is a reasonable expectation of privacy whilst utilising Bluetooth, as well as the possibility of the information being personally identifying. As such the collection of these data is likely to be in contravention of the Privacy Act 1988.

Residents were not advised about their intentions to conduct this activity, nor has TAMS offered residents the opportunity to review their private data collected under the study. When questioned about the legality of the program by concerned residents at a recent public consultation on 13 March, Mr Rifaat Shoukrallah, Roads ACT Senior Manager of Traffic Management and Safety, stated that he considered the actions of the department to be “completely legal”. The event was also attended by ACT Greens Minister Shane Rattenbury.

The activities of TAMS are eerily similar to the blunder of Google’s Street View project, where the company recorded Wi-Fi access point location data of millions of users worldwide. This lead to the company being fined for breaching user privacy. However, unlike Wi-Fi, where broadcasts are expected to be received by surrounding users attempting to locate and connect to home networks, Bluetooth beacons are private signals intended only for the target user. This makes the suspected breach all the more serious.

Similar activities have been conducted in Queensland, where investigations concluded that information collected was not personally identifying, and as such, not a breach of the Privacy Act. However, most readers will be aware that by default, Bluetooth devices often use the owner’s name as the identifier. The trend towards law enforcement abroad and domestically increasingly using similar methods as a mechanism for tracking the location of criminals (under warrant) also suggests that the legality of this technology needs to be reviewed before use in the ACT.


ED – We were rather surprised by this story so asked TAMS for comment. They had this reply:

Bluetooth data collection is used for traffic studies across Australia and worldwide. Please be assured that this technology is not able to collect any personal data and there is no way to identify individuals through Bluetooth devices. If the technology could in any way contravene the Privacy Act or other legislation, TAMS would not use it.

The Bluetooth technology allows for information to be collected about the movement of cars through a suburb. Data receivers collect an electronic signature at the entry and exit points to suburbs and by looking at the time it takes vehicles to travel that distance it can be determined whether they are ‘rat running’ or whether they were instead going to the local shops or dropping their kids off at school. If data is captured only at the entry point then it can be determined that the owner of the vehicle must live in the suburb.

TAMS has received many safety and complaints relating to rat running in Chisholm, Gilmore, Richardson, Macarthur, Fadden and Gowrie and is responding with detailed traffic studies. Bluetooth technology is being used instead of manual counting as it much more accurately records traffic flows. It also offers a greater degree of privacy than that which can be provided with toll tag tracking or license plate surveys due to the fact that there are no databases of Bluetooth addresses that can be used to associate addresses with individual owners or their vehicles.

The Minister has asked TAMS to include information on Bluetooth data collection on its website, as we understand people may have concerns or questions about how it works.


UPDATE 29/03/13 10:31: Good grief we’ve made The Register who seem to have blurred the line on user generated content into an editorial line.

What’s Your opinion?


Please login to post your comments
58 Responses to
Big Brother is Watching. Government Invades Resident Privacy
16
Watson 2:20 pm
27 Mar 13
#

davo101 said :

Quick break out the tin-foil hat. Talk about an overreaction.

First off does the Telecommunications Interception and Access Act apply here? The Act states that it does not apply to a system for carrying communications solely by means of radiocommunication. Secondly does the Privacy Act apply? If they are collecting Bluetooth MACs then I don’t see how this can be considered personal information. How would you go about working out who 01-07-6B-88-EA-01 is? Thirdly, given the number of security breaks over the years, why would you have a reasonable expectation of privacy whilst utilising Bluetooth?

Lastly, and most importantly, if you choose to drive around Canberra broadcasting a tracking signal don’t be too surprised if some is listening in.

+1

I often think that people like to shout about their privacy being invaded because they like to pretend they are interesting enough to be spied on. But really, who cares about someone collecting these sorts of extremely limited data? If it is truly illegal (I’ve no idea) it is not exactly best practice and it should prompt them to tighten their business processes. And then we all move with our lives.

Report this comment

17
kos 2:26 pm
27 Mar 13
#

davo101 said :

Quick break out the tin-foil hat. Talk about an overreaction.

First off does the Telecommunications Interception and Access Act apply here? The Act states that it does not apply to a system for carrying communications solely by means of radiocommunication. Secondly does the Privacy Act apply? If they are collecting Bluetooth MACs then I don’t see how this can be considered personal information. How would you go about working out who 01-07-6B-88-EA-01 is? Thirdly, given the number of security breaks over the years, why would you have a reasonable expectation of privacy whilst utilising Bluetooth?

Lastly, and most importantly, if you choose to drive around Canberra broadcasting a tracking signal don’t be too surprised if some is listening in.

The TIA doesn’t apply here, Bluetooth is indeed a radio transmission and not covered by the TIA. The Privacy ACT also wouldnt apply, as you must have bluetooth enabled on your device in order to connect to these points.

The reply from TAMS is pretty rubbish, you can quite easily get into a device over bluetooth and pull data from it (including private data). All it would take is for one TAMS employee who wants to do the wrong thing.

Report this comment

18
Watson 2:48 pm
27 Mar 13
#

kos said :

The reply from TAMS is pretty rubbish, you can quite easily get into a device over bluetooth and pull data from it (including private data). All it would take is for one TAMS employee who wants to do the wrong thing.

How and how different is this from someone doing the same thing using their mobile?

Report this comment

19
astrojax 3:10 pm
27 Mar 13
#

dunno what toothpaste you all use, but my teeth is white :)

Report this comment

20
RedDogInCan 3:11 pm
27 Mar 13
#

obamabinladen said :

We are entering an era where our privacy is under threat.

The era started way back in the early 2000’s, please try to keep up.

Watson said :

I often think that people like to shout about their privacy being invaded because they like to pretend they are interesting enough to be spied on. But really, who cares about someone collecting these sorts of extremely limited data?

We should care. Whilst it may seem like extremely limited data today but it will be used as justification for tracking more detailed data in the future using the argument that ‘nobody complained when we tracked them before so it will be ok to use this slightly better system to track them in a bit more detail’. And nobody will complain then because ‘it’s only a little bit of data’ and the ‘ privacy needs of citizens are no more important than the safety concerns of those residents’. When do we call enough? Much easier to stop it now than when the government is mandating tracking devices for all cars.

In any case, the real story here is that TAMS is ignoring the actual problem of peak hour capacity on arterial roads and is instead seeking to justify a solution to a follow on problem that will inconvenience residents far more than rat runners. Fix the main roads and this problem will fix itself.

Report this comment

21
thebrownstreak69 3:33 pm
27 Mar 13
#

People put all sorts of private information onto Facebook, Twitter, LinkedIn, etc, and then whinge about this? The biggest threat to our privacy is our own stupid behaviour.

When you put information onto FB, for example, FB own that information, and it gets sent anywhere they like.

Report this comment

22
p1 3:37 pm
27 Mar 13
#

What interests me is what data exactly TAMS intend to keep in the long term. Will they completely de-identify the results and destroy all the rest? Or will they keep everything they recorded for ever?

Because while it might not be possible to just look in their database and recognise my details, should someone actively wish to investigate me¹, it wouldn’t take much to loiter near enough to get my bluetooth ID, look back at the database and see there and when I passed a device in the past.

Plus, all the people who think only a small percentage of people leave bluetooth on might be forgetting that many cars these days have bluetooth built in. Many cars have after market GPS systems which have bluetooth capability. All of these devices could be tracked (which raises an interesting point for their data collection – can it tell if three separate devices were in the same vehicle, or is the data meaningless?).

1 - While it is unlikely that anyone will be stalking me - and if the cops are investigating me I probably did something dodgy - there are plenty of cases out there of people (sometimes famous, sometimes just unlucky) being stalked followed, hacked etc. Governments shouldn't be going to building databases of information without very tight controls placed on them. Now I shall go back to polishing my tin-foil hat.

Report this comment

23
gooterz 3:41 pm
27 Mar 13
#

thebrownstreak69 said :

People put all sorts of private information onto Facebook, Twitter, LinkedIn, etc, and then whinge about this? The biggest threat to our privacy is our own stupid behaviour.

When you put information onto FB, for example, FB own that information, and it gets sent anywhere they like.

Who says everyone uses FB?

Bit of irony that its illegal to use mobile phones while driving but its ok for the government to use your phone while your driving.

Also if a car had 5 people/phones in it then would that count as 5 cars or 1?

The other option would be to use road counters that judge speed and record time. Setup one at each end of the road, and exclude the cars that don’t have a matching entry exit time. Much more accurate than Bluetooth.

Knowing IT projects how much did these Bluetooth devices cost? We’ll probably spend more on the studies over the years than the price of fixing the road

Report this comment

24
p1 3:43 pm
27 Mar 13
#

thebrownstreak69 said :

People put all sorts of private information onto Facebook, Twitter, LinkedIn, etc, and then whinge about this? The biggest threat to our privacy is our own stupid behaviour.

When you put information onto FB, for example, FB own that information, and it gets sent anywhere they like.

I think most people – even those who put their entire lives on facebook for all to see – would say the difference is the ability to opt out should you wish.

Report this comment

25
Skidbladnir 3:46 pm
27 Mar 13
#

If you’re good at data relationships, you’d be amazed at just what can be achieved.

And for those who assert the old chestnut that The good have nothing to fear, the good have everything to fear, the most to lose, and due to a lack of risk familiarity/recognition, are the most exposed.

Bad police, crazy lovers, stalker exes, and people with axes to grind all exist, everybody has something they consider worth hiding, privacy breaches can destroy lives and families, and the impact doesn’t simply end with those who are breached or at the time of the breach.
If there was no reasonable expectation of privacy there would be fewer sales of curtains.

Report this comment

26
thebrownstreak69 4:16 pm
27 Mar 13
#

p1 said :

thebrownstreak69 said :

People put all sorts of private information onto Facebook, Twitter, LinkedIn, etc, and then whinge about this? The biggest threat to our privacy is our own stupid behaviour.

When you put information onto FB, for example, FB own that information, and it gets sent anywhere they like.

I think most people – even those who put their entire lives on facebook for all to see – would say the difference is the ability to opt out should you wish.

You can’t remove what’s already out there, though.

Report this comment

27
p1 4:27 pm
27 Mar 13
#

thebrownstreak69 said :

p1 said :

thebrownstreak69 said :

People put all sorts of private information onto Facebook, Twitter, LinkedIn, etc, and then whinge about this? The biggest threat to our privacy is our own stupid behaviour.

When you put information onto FB, for example, FB own that information, and it gets sent anywhere they like.

I think most people – even those who put their entire lives on facebook for all to see – would say the difference is the ability to opt out should you wish.

You can’t remove what’s already out there, though.

Hence people being a little worried that the government might be collecting and putting “out there” a whole heap of data about them, when we don’t even know exactly what it is.

Report this comment

28
osfmar 4:50 pm
27 Mar 13
#

To me the issue here is whether or not they broke the law, regardless of how small the issue may be. I’m still left very concerned after the response from TAMS… My interpretation is below.

1) HAS TAMS BREACHED THE TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) ACT 1979?
TAMS is taken to have intercepted residents’ communications:
S6 …interception of a communication passing over a telecommunications system consists of listening to or recording, by any means, such communication in its passage over that telecommunications system without the knowledge of the person making the communication.

TAMS is therefore taken to have breached the Act:
S7 A person shall not: a) intercept… a communication passing over a telecommunications system

2) HAS TAMS BREACHED RESIDENTS’ PRIVACY?
Unique Bluetooth data such as device ID or MAC address is to be considered personal information:
“Personal information” means information… about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Ordinarily, data such as IP and MAC addresses are not considered identifiable information. However, the Australian Privacy Commissioner and the Australian Law Reform Commission has given further advice on the matter, stating that these data may become identifying if they are tied to data concerning other aspects of someone’s identity. This includes an individual’s position at a specified time, along with their actions and behaviours, as TAMS has clearly done to identify cars at the entry and exit points in their study.

TAMS is taken to have breached an Information Privacy Principle:
S14 Personal information shall not be collected by a collector for inclusion in a record or in a generally available publication unless:
a) the information is collected for a purpose that is a lawful purpose directly related to a function or activity of the collector; and
b) the collection of the information is necessary for or directly related to that purpose.
Personal information shall not be collected by a collector by unlawful or unfair means.

TAMS is taken to have interfered with resident privacy:
S13 An act or practice is an interference with the privacy of an individual if the act or practice: a) in the case of an act or practice engaged in by an agency … breaches an Information Privacy Principle in relation to personal information that relates to the individual

Report this comment

29
thebrownstreak69 5:03 pm
27 Mar 13
#

p1 said :

thebrownstreak69 said :

p1 said :

thebrownstreak69 said :

People put all sorts of private information onto Facebook, Twitter, LinkedIn, etc, and then whinge about this? The biggest threat to our privacy is our own stupid behaviour.

When you put information onto FB, for example, FB own that information, and it gets sent anywhere they like.

I think most people – even those who put their entire lives on facebook for all to see – would say the difference is the ability to opt out should you wish.

You can’t remove what’s already out there, though.

Hence people being a little worried that the government might be collecting and putting “out there” a whole heap of data about them, when we don’t even know exactly what it is.

The government already has a crapload of data about you, and shares it amongst departments and other parties as well.

Report this comment

30
Gungahlin Al 5:36 pm
27 Mar 13
#

I think anyone concerned about their privacy being breached by this heinous practice should make sure that they explain their concerns to all their Facebook friends.

Report this comment

Related Articles

CBR Tweets

Sign up to our newsletter

Top
Copyright © 2016 Riot ACT Holdings Pty Ltd. All rights reserved.

Search across the site