Skip to content Skip to main navigation

News

Get a new bike from $50 per week

Big Brother is Watching. Government Invades Resident Privacy

By trixyf 27 March 2013 58

the one eye sees all

ACT Territory and Municipal Services (TAMS) has admitted to surreptitiously tracking and recording the movements of residents in Canberra’s South through the interception of the private Bluetooth emissions of their mobile phones and car hands-free systems.

TAMS has collected these data as part of its evidence base in support of the highly controversial plan to implement more than 82 traffic calming devices across the southern suburbs of Chisholm, Gilmore, Richardson, Macarthur, Fadden and Gowrie.

The data were reportedly used to map traffic flows and to measure ‘rat-running’ of traffic through the aforementioned suburbs. Collection apparatuses were placed by the side of the road at all entrance and exit points to each suburb. Under the project, if the same signal was received at two collection points, it was inferred that the vehicle had ‘rat-runned’ through the suburb.

All traffic with Bluetooth devices entering or leaving each suburb was tracked as part of the study, conducted jointly by Purdons Consulting and TAMS, in December 2012. This capability would normally require obtaining a warrant under the Telecommunications Interception and Access Act 1979, which was intended to restrict the activities of domestic law enforcement agencies. Further, there is a reasonable expectation of privacy whilst utilising Bluetooth, as well as the possibility of the information being personally identifying. As such the collection of these data is likely to be in contravention of the Privacy Act 1988.

Residents were not advised about their intentions to conduct this activity, nor has TAMS offered residents the opportunity to review their private data collected under the study. When questioned about the legality of the program by concerned residents at a recent public consultation on 13 March, Mr Rifaat Shoukrallah, Roads ACT Senior Manager of Traffic Management and Safety, stated that he considered the actions of the department to be “completely legal”. The event was also attended by ACT Greens Minister Shane Rattenbury.

The activities of TAMS are eerily similar to the blunder of Google’s Street View project, where the company recorded Wi-Fi access point location data of millions of users worldwide. This lead to the company being fined for breaching user privacy. However, unlike Wi-Fi, where broadcasts are expected to be received by surrounding users attempting to locate and connect to home networks, Bluetooth beacons are private signals intended only for the target user. This makes the suspected breach all the more serious.

Similar activities have been conducted in Queensland, where investigations concluded that information collected was not personally identifying, and as such, not a breach of the Privacy Act. However, most readers will be aware that by default, Bluetooth devices often use the owner’s name as the identifier. The trend towards law enforcement abroad and domestically increasingly using similar methods as a mechanism for tracking the location of criminals (under warrant) also suggests that the legality of this technology needs to be reviewed before use in the ACT.


ED – We were rather surprised by this story so asked TAMS for comment. They had this reply:

Bluetooth data collection is used for traffic studies across Australia and worldwide. Please be assured that this technology is not able to collect any personal data and there is no way to identify individuals through Bluetooth devices. If the technology could in any way contravene the Privacy Act or other legislation, TAMS would not use it.

The Bluetooth technology allows for information to be collected about the movement of cars through a suburb. Data receivers collect an electronic signature at the entry and exit points to suburbs and by looking at the time it takes vehicles to travel that distance it can be determined whether they are ‘rat running’ or whether they were instead going to the local shops or dropping their kids off at school. If data is captured only at the entry point then it can be determined that the owner of the vehicle must live in the suburb.

TAMS has received many safety and complaints relating to rat running in Chisholm, Gilmore, Richardson, Macarthur, Fadden and Gowrie and is responding with detailed traffic studies. Bluetooth technology is being used instead of manual counting as it much more accurately records traffic flows. It also offers a greater degree of privacy than that which can be provided with toll tag tracking or license plate surveys due to the fact that there are no databases of Bluetooth addresses that can be used to associate addresses with individual owners or their vehicles.

The Minister has asked TAMS to include information on Bluetooth data collection on its website, as we understand people may have concerns or questions about how it works.


UPDATE 29/03/13 10:31: Good grief we’ve made The Register who seem to have blurred the line on user generated content into an editorial line.

What’s Your opinion?


Please login to post your comments, or connect with
58 Responses to
Big Brother is Watching. Government Invades Resident Privacy
Filter
Showing only Website comments
Order
Newest to Oldest
Oldest to Newst
CraigThomler 8:28 am 01 Apr 13

Guys, read this article from the SMH about how researchers were able to identify people with 95% accuracy using four ‘anonymous’ GPS location coordinates from their mobile phones & reconsider whether the use of car locational data is actually anonymous & thus legal.

I think it would fail the test!

http://m.smh.com.au/digital-life/consumer-security/anonymous-mobile-phone-location-data-leaves-fingerprints-that-could-identify-you-20130329-2gy1p.html

dungfungus 9:10 pm 31 Mar 13

Is it a coincidence that Libs. Zed Seselja, Brendan Smyth and Andrew Wall all live in the “target” area.
Labor checking their movements to make sure their timesheets are correct perhaps?

osfmar 4:26 pm 31 Mar 13

Interestingly enough this article has just recently come out in the Nature journal Scientific Reports:
de Montjoye Y, Hidalgo C, Verleysen M, Blondel VD. Unique in the crowd: the privacy bounds of human mobility. Scientific Reports 2013 Mar;3:1376.

“Four randomly chosen [mobile phone data] points are enough to uniquely characterize 95% of the users (? > .95), whereas two randomly chosen points still uniquely characterize more than 50% of the users (? > .5). This shows that mobility traces are highly unique, and can therefore be re-identified using little outside information.”

See also: http://www.zeit.de/datenschutz/malte-spitz-data-retention

So much for this data being de-identified…

RadioVK 7:14 pm 30 Mar 13

goggles13 said :

RadioVK said :

Edwardo said :

@RadioVK (whose name suggests he/she has an amateur radio licence): No, you are not entitled to intercept any signal out of the aether.

The Telecomm’s Interception and Access Act does apply, as any device which is connected to a telecommunications network becomes PART OF that network. Thus, mobile telephones and their bluetooth accessories are transmitting over a telecommunications network. This is why you may be prosecuted under the Act for hacking into another’s computer, which is plugged connected to the internet (a telecommunications network).

As I said in my last post, the devices collecting data aren’t collecting anything you are not making freely available by leaving your Bluetooth on. The complete stranger standing next to you at the bus stop could get exactly the same information, without breaking any laws, by searching for Bluetooth devices with his smartphone, if you walk around with your Bluetooth on. If this bothers anyone, I can only say, once again, turn off your Bluetooth.

My phone has Bluetooth switched on all the time, but not visible to unpaired devices. does that mean that the Bluetooth monitoring will not occur on my phone?

I am not prepared to turn Bluetooth off when I am driving because it allows me to use my phone handsfree which is safety than holding it up to my ear.

Yes, I think it does. If it’s set to only be visible to paired devices, I think it will only respond to requests from those devices that it has previously paired with, which would mean that it would also ignore requests from the traffic monitoring system. I’m not 100% sure of that though. There may be some sort of back door, and I’m not exactly an expert on Bluetooth. As I said in my previous post, when I did my apprenticeship mobiles were still the size of housebricks.

goggles13 2:59 pm 30 Mar 13

RadioVK said :

Edwardo said :

@RadioVK (whose name suggests he/she has an amateur radio licence): No, you are not entitled to intercept any signal out of the aether.

The Telecomm’s Interception and Access Act does apply, as any device which is connected to a telecommunications network becomes PART OF that network. Thus, mobile telephones and their bluetooth accessories are transmitting over a telecommunications network. This is why you may be prosecuted under the Act for hacking into another’s computer, which is plugged connected to the internet (a telecommunications network).

As I said in my last post, the devices collecting data aren’t collecting anything you are not making freely available by leaving your Bluetooth on. The complete stranger standing next to you at the bus stop could get exactly the same information, without breaking any laws, by searching for Bluetooth devices with his smartphone, if you walk around with your Bluetooth on. If this bothers anyone, I can only say, once again, turn off your Bluetooth.

My phone has Bluetooth switched on all the time, but not visible to unpaired devices. does that mean that the Bluetooth monitoring will not occur on my phone?

I am not prepared to turn Bluetooth off when I am driving because it allows me to use my phone handsfree which is safety than holding it up to my ear.

RadioVK 11:04 am 30 Mar 13

Edwardo said :

@RadioVK (whose name suggests he/she has an amateur radio licence): No, you are not entitled to intercept any signal out of the aether.

The Telecomm’s Interception and Access Act does apply, as any device which is connected to a telecommunications network becomes PART OF that network. Thus, mobile telephones and their bluetooth accessories are transmitting over a telecommunications network. This is why you may be prosecuted under the Act for hacking into another’s computer, which is plugged connected to the internet (a telecommunications network).

Yep, you found me out. I am a licensed amateur. I’m guessing you probably are too, so it’s nice to be discussing this with someone who has a grasp on the technology.

If what you say were true, every smart phone that can search for open wireless networks would be illegal, as they are intercepting transmissions from a telecommunication network. As all mobile phones must be Austel approved to be used on our telecommunications network, you could infer from that fact that all the functions that an Austel approved mobile phone is capable of are also considered to be legal, otherwise they would not have received Austel approval.

As I said, you can receive any signal you like. It’s what you do with that transmission next that determines whether or not it constitutes an interception. A good example of this is Police band scanners. It’s not illegal to listen in to the Police on a scanner, but it is illegal to act on, or pass on, any information received. If it were Illegal just to receive signals on these frequencies, ACMA would not allow receivers that cover those frequencies to be freely available to the public. Of course, now that the emergency services are switching over to digital systems it’s less relevant, as everything is now encoded.

You’re probably right about the bluetooth device being part of the network though. When I did my apprenticeship, mobile phones were still the approximate size and weight of a house brick. A lot has changed since the good old days of analogue.

As I said in my last post, the devices collecting data aren’t collecting anything you are not making freely available by leaving your Bluetooth on. The complete stranger standing next to you at the bus stop could get exactly the same information, without breaking any laws, by searching for Bluetooth devices with his smartphone, if you walk around with your Bluetooth on. If this bothers anyone, I can only say, once again, turn off your Bluetooth.

Here_and_Now 10:56 pm 29 Mar 13

Truthiness said :

It is telling that the very concept of personal privacy is an anathema to so many. We are being acclimatised to the surveillance state.

It’s not just that, it’s the era overall. People have become more concerned about privacy because now their information can get all over the world. On the flip side, people send their information all over the world and want it to remain private.

(There are Facebook users who represent this phenomena. The same people who object to Facebook potentially spreading their information are the same people sending all their information to Facebook.)

To want to have some say in what others know about you is no bad aim, but it’s not always practical. Then on the other hand, from other angles we tend to get suspicious or inquisitive (or are even encouraged to do so) when others won’t tell people their business.

youami 1:53 pm 29 Mar 13

RadioVK said :

A couple of points.

1. The Bluetooth in your phone is not technically part of the telecommunications network. The network boundary is at the phone itself. Therefore intercepting Bluetooth signals is not technically intercepting a telecommunications signal. I think the same is true for cordless telephones as well.

2. IIRC, an RF (radio) signal is considered to be in the public domain once it has been transmitted. Intercepting such transmissions is not illegal, but attempting to decode, redistribute, or gain advantage from intercepted transmissions is. For instance, it is not illegal to listen in to the Police or other emergency services, but it is illegal to attempt to gain an advantage from the information in those transmissions.

3. To gain access to the contents of the phone using this system would require someone at the collection point to access the phone and attempt to extract information from it there and then. It’s not like the system can download the entire contents of your phone as you drive past.

In the end, they’re only collecting any information that you, the owner of the phone, are making generally available by leaving your Bluetooth on. If you have a problem with that, turn your Bluetooth off.

Best post in the thread. Spot on.

Edwardo 12:57 pm 29 Mar 13

@RadioVK (whose name suggests he/she has an amateur radio licence): No, you are not entitled to intercept any signal out of the aether.

The Telecomm’s Interception and Access Act does apply, as any device which is connected to a telecommunications network becomes PART OF that network. Thus, mobile telephones and their bluetooth accessories are transmitting over a telecommunications network. This is why you may be prosecuted under the Act for hacking into another’s computer, which is plugged connected to the internet (a telecommunications network).

The government admits that they “collect an electronic signature”. Thus, they admit that the information is unique and potentially identifying. Also, it is blatantly untrue that “there is no way to identify individuals through Bluetooth devices”.

Further, the way Bluetooth works is that it cannot simply be passive reception. It would require them to ACTIVELY transmit an Inquiry Access Code frame, prompting your mobile phone to send back its ‘signature’ (MAC address) as response.

This information could be very valuable to marketing companies as well as government. I could go into business, start building up databases of Bluetooth devices in suburbs and sell the data to marketing companies if these actions were truly legal. I could place Bluetooth receivers in prominent areas and track consumer behaviour. To be clear, TAMS is not doing this. Though they are acting illegally as there is the POTENTIAL to relatively easily invade privacy with this data.

Perhaps someone should lodge a Freedom of Information request with the ACT Government for access to obtain listings of device ‘signature’, time and location of capture. If they are certain that there is no way to identify individuals using the information, it should not be a problem to publish this information.

bundah 10:47 am 29 Mar 13

johnboy said :

Gosh and now picked up by The Register who we’ll need to get a clarification from.

Well the power of RA knows no bounds. Quote from the register ‘The isue arose as the result of grassroots activism from Canberra-centric news service The-RiotACT, which has its take on events here’

Who says grassroots activism doesn’t have much clout!

goggles13 8:52 am 29 Mar 13

sorry but monitoring of Bluetooth signals for any reason is not acceptable if we are not told it is happening, why it is happening, nor what it means.

if the Govt agrees that road users should be warned that their speed has been monitored by a fixed or mobile camera, then it needs to tell us that it is doing other forms of monitoring.

    johnboy 10:35 am 29 Mar 13

    Gosh and now picked up by The Register who we’ll need to get a clarification from.

Gungahlin Al 2:52 pm 28 Mar 13

Pork Hunt said :

johnboy said :

The interactions we choose to have with a private company are rather different to data gathering by our government in near secrecy Al.

Correct

It was a joke, referring to the irony of people who complain about… oh never mind.

Personally, my bluetooth is on all the time because I use BT headphones. What they are recording (temporarily) is the identifier that is broadcast by your device. It isn’t as if they are recording your transmissions. As per RadioVK:

RadioVK said :

A couple of points.

1. The Bluetooth in your phone is not technically part of the telecommunications network. The network boundary is at the phone itself. Therefore intercepting Bluetooth signals is not technically intercepting a telecommunications signal. I think the same is true for cordless telephones as well.

2. IIRC, an RF (radio) signal is considered to be in the public domain once it has been transmitted. Intercepting such transmissions is not illegal, but attempting to decode, redistribute, or gain advantage from intercepted transmissions is. For instance, it is not illegal to listen in to the Police or other emergency services, but it is illegal to attempt to gain an advantage from the information in those transmissions.

3. To gain access to the contents of the phone using this system would require someone at the collection point to access the phone and attempt to extract information from it there and then. It’s not like the system can download the entire contents of your phone as you drive past.

In the end, they’re only collecting any information that you, the owner of the phone, are making generally available by leaving your Bluetooth on. If you have a problem with that, turn your Bluetooth off.

Yes. This.

Deref 1:14 pm 28 Mar 13

I heartily recommend a careful listen to Pat Drummond’s song, Flicker of an Eye:

http://www.youtube.com/watch?v=-scs1I1sePo

Erg0 10:25 am 28 Mar 13

Truthiness said :

We are told that only criminals have something to hide. Why does that apply to us, but not apply to government and corporations? If we are truly entering an age without privacy, how come they are keeping more secrets than ever?

Oh puh-leese. It’s easier now than it’s ever been to get detailed information on just about anything you can think of, corporations and governments included.

eyeLikeCarrots 9:29 am 28 Mar 13

Has anyone pointed out to this tinfoil hat wearing con-theorist that Bluetooth is ‘broadcast’ too ?

RadioVK 9:15 am 28 Mar 13

A couple of points.

1. The Bluetooth in your phone is not technically part of the telecommunications network. The network boundary is at the phone itself. Therefore intercepting Bluetooth signals is not technically intercepting a telecommunications signal. I think the same is true for cordless telephones as well.

2. IIRC, an RF (radio) signal is considered to be in the public domain once it has been transmitted. Intercepting such transmissions is not illegal, but attempting to decode, redistribute, or gain advantage from intercepted transmissions is. For instance, it is not illegal to listen in to the Police or other emergency services, but it is illegal to attempt to gain an advantage from the information in those transmissions.

3. To gain access to the contents of the phone using this system would require someone at the collection point to access the phone and attempt to extract information from it there and then. It’s not like the system can download the entire contents of your phone as you drive past.

In the end, they’re only collecting any information that you, the owner of the phone, are making generally available by leaving your Bluetooth on. If you have a problem with that, turn your Bluetooth off.

Related Articles

CBR Tweets

Sign up to our newsletter

Top
Copyright © 2018 Region Group Pty Ltd. All rights reserved.
the-riotact.com | aboutregional.com.au | b2bmagazine.com.au | thisiscanberra.com

Search across the site