Skip to content Skip to main navigation

News

Skilled legal advice with
accessible & personal attention

Big Brother is Watching. Government Invades Resident Privacy

By trixyf - 27 March 2013 58

the one eye sees all

ACT Territory and Municipal Services (TAMS) has admitted to surreptitiously tracking and recording the movements of residents in Canberra’s South through the interception of the private Bluetooth emissions of their mobile phones and car hands-free systems.

TAMS has collected these data as part of its evidence base in support of the highly controversial plan to implement more than 82 traffic calming devices across the southern suburbs of Chisholm, Gilmore, Richardson, Macarthur, Fadden and Gowrie.

The data were reportedly used to map traffic flows and to measure ‘rat-running’ of traffic through the aforementioned suburbs. Collection apparatuses were placed by the side of the road at all entrance and exit points to each suburb. Under the project, if the same signal was received at two collection points, it was inferred that the vehicle had ‘rat-runned’ through the suburb.

All traffic with Bluetooth devices entering or leaving each suburb was tracked as part of the study, conducted jointly by Purdons Consulting and TAMS, in December 2012. This capability would normally require obtaining a warrant under the Telecommunications Interception and Access Act 1979, which was intended to restrict the activities of domestic law enforcement agencies. Further, there is a reasonable expectation of privacy whilst utilising Bluetooth, as well as the possibility of the information being personally identifying. As such the collection of these data is likely to be in contravention of the Privacy Act 1988.

Residents were not advised about their intentions to conduct this activity, nor has TAMS offered residents the opportunity to review their private data collected under the study. When questioned about the legality of the program by concerned residents at a recent public consultation on 13 March, Mr Rifaat Shoukrallah, Roads ACT Senior Manager of Traffic Management and Safety, stated that he considered the actions of the department to be “completely legal”. The event was also attended by ACT Greens Minister Shane Rattenbury.

The activities of TAMS are eerily similar to the blunder of Google’s Street View project, where the company recorded Wi-Fi access point location data of millions of users worldwide. This lead to the company being fined for breaching user privacy. However, unlike Wi-Fi, where broadcasts are expected to be received by surrounding users attempting to locate and connect to home networks, Bluetooth beacons are private signals intended only for the target user. This makes the suspected breach all the more serious.

Similar activities have been conducted in Queensland, where investigations concluded that information collected was not personally identifying, and as such, not a breach of the Privacy Act. However, most readers will be aware that by default, Bluetooth devices often use the owner’s name as the identifier. The trend towards law enforcement abroad and domestically increasingly using similar methods as a mechanism for tracking the location of criminals (under warrant) also suggests that the legality of this technology needs to be reviewed before use in the ACT.


ED – We were rather surprised by this story so asked TAMS for comment. They had this reply:

Bluetooth data collection is used for traffic studies across Australia and worldwide. Please be assured that this technology is not able to collect any personal data and there is no way to identify individuals through Bluetooth devices. If the technology could in any way contravene the Privacy Act or other legislation, TAMS would not use it.

The Bluetooth technology allows for information to be collected about the movement of cars through a suburb. Data receivers collect an electronic signature at the entry and exit points to suburbs and by looking at the time it takes vehicles to travel that distance it can be determined whether they are ‘rat running’ or whether they were instead going to the local shops or dropping their kids off at school. If data is captured only at the entry point then it can be determined that the owner of the vehicle must live in the suburb.

TAMS has received many safety and complaints relating to rat running in Chisholm, Gilmore, Richardson, Macarthur, Fadden and Gowrie and is responding with detailed traffic studies. Bluetooth technology is being used instead of manual counting as it much more accurately records traffic flows. It also offers a greater degree of privacy than that which can be provided with toll tag tracking or license plate surveys due to the fact that there are no databases of Bluetooth addresses that can be used to associate addresses with individual owners or their vehicles.

The Minister has asked TAMS to include information on Bluetooth data collection on its website, as we understand people may have concerns or questions about how it works.


UPDATE 29/03/13 10:31: Good grief we’ve made The Register who seem to have blurred the line on user generated content into an editorial line.

What’s Your opinion?


Please login to post your comments, or connect with
58 Responses to
Big Brother is Watching. Government Invades Resident Privacy
Filter
Showing only Website comments
Order
Newest to Oldest
Oldest to Newst
davo101 9:02 am 28 Mar 13

osfmar said :

over that telecommunications system without the knowledge of the person making the communication.

You need to go and read up how “telecommunications system” is defined in the Act.

osfmar said :

Unique Bluetooth data such as device ID or MAC address is to be considered personal information:

A quick search for these systems shows that they only collect part of the MAC address and I don’t see any suggestion that there was any other data collection taking place that would allow individuals to be identified.

housebound 6:08 am 28 Mar 13

Any amount of data collection could be fine, but it assumes the public servants, or the contractors, who have access to the system are all honourable.

Maybe not: Data tampering, Debbie Scattergood, credit cards, child services, and that’s just a few that come straight to mind.

bigred 10:20 pm 27 Mar 13

Yawn. No breach here. And not sure I would trust the results because if I rarely have Bluetooth on, I am sure lots of others do.

Comic_and_Gamer_Nerd 9:31 pm 27 Mar 13

RedDogInCan said :

obamabinladen said :

We are entering an era where our privacy is under threat.

The era started way back in the early 2000’s, please try to keep up.

Watson said :

I often think that people like to shout about their privacy being invaded because they like to pretend they are interesting enough to be spied on. But really, who cares about someone collecting these sorts of extremely limited data?

We should care. Whilst it may seem like extremely limited data today but it will be used as justification for tracking more detailed data in the future using the argument that ‘nobody complained when we tracked them before so it will be ok to use this slightly better system to track them in a bit more detail’. And nobody will complain then because ‘it’s only a little bit of data’ and the ‘ privacy needs of citizens are no more important than the safety concerns of those residents’. When do we call enough? Much easier to stop it now than when the government is mandating tracking devices for all cars.

In any case, the real story here is that TAMS is ignoring the actual problem of peak hour capacity on arterial roads and is instead seeking to justify a solution to a follow on problem that will inconvenience residents far more than rat runners. Fix the main roads and this problem will fix itself.

But in the end game what is the problem? If you are doing nothing bad then who cares. The government can war h me 24/7 if they wish. Probably be more embarrassing for them than me.

Jeep on tin foiling people.

Chello 8:58 pm 27 Mar 13

Wrong wrong wrong. Get out there yourselves and have a look, ffs TAMS!

gooterz 8:32 pm 27 Mar 13

zippyzippy said :

osfmar said :

To me the issue here is whether or not they broke the law, regardless of how small the issue may be. I’m still left very concerned after the response from TAMS… My interpretation is below.

1) HAS TAMS BREACHED THE TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) ACT 1979?
TAMS is taken to have intercepted residents’ communications:
S6 …interception of a communication passing over a telecommunications system consists of listening to or recording, by any means, such communication in its passage over that telecommunications system without the knowledge of the person making the communication.

TAMS is therefore taken to have breached the Act:
S7 A person shall not: a) intercept… a communication passing over a telecommunications system

2) HAS TAMS BREACHED RESIDENTS’ PRIVACY?
Unique Bluetooth data such as device ID or MAC address is to be considered personal information:
“Personal information” means information… about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Ordinarily, data such as IP and MAC addresses are not considered identifiable information. However, the Australian Privacy Commissioner and the Australian Law Reform Commission has given further advice on the matter, stating that these data may become identifying if they are tied to data concerning other aspects of someone’s identity. This includes an individual’s position at a specified time, along with their actions and behaviours, as TAMS has clearly done to identify cars at the entry and exit points in their study.

TAMS is taken to have breached an Information Privacy Principle:
S14 Personal information shall not be collected by a collector for inclusion in a record or in a generally available publication unless:
a) the information is collected for a purpose that is a lawful purpose directly related to a function or activity of the collector; and
b) the collection of the information is necessary for or directly related to that purpose.
Personal information shall not be collected by a collector by unlawful or unfair means.

TAMS is taken to have interfered with resident privacy:
S13 An act or practice is an interference with the privacy of an individual if the act or practice: a) in the case of an act or practice engaged in by an agency … breaches an Information Privacy Principle in relation to personal information that relates to the individual

I don’t think so.

1. Bluetooth signal wouldn’t be a ‘communication’ under this act.
2. The key is whether this meaningless data is somehow combined with other info which together could make it ‘private’ or identifying. The blurb above says there’s ‘no database’. If you believe them, there’s no problem.
3. Ditto for the remainder. It’s not ‘personal information’, nor is it being used in a record or published.

Look, this stuff is happening all the time in all kinds if ways. Don’t be concerned that a non-identifying signal is being accessed; just be concerned if it’s being kept, aggragated and misused. Which, it looks like it’s not. I think the traffic people are probably busy building speed humps rather than some special database they can use to combine people’s random data.

How is the data collected though? Do all Bluetooth signals get recorded? In which case someone might be sending a private image or video, if then its recorded by TAMS how is that then protected?

Truthiness 8:13 pm 27 Mar 13

It is telling that the very concept of personal privacy is an anathema to so many. We are being acclimatised to the surveillance state.

We are told that only criminals have something to hide. Why does that apply to us, but not apply to government and corporations? If we are truly entering an age without privacy, how come they are keeping more secrets than ever?

zippyzippy 7:14 pm 27 Mar 13

osfmar said :

To me the issue here is whether or not they broke the law, regardless of how small the issue may be. I’m still left very concerned after the response from TAMS… My interpretation is below.

1) HAS TAMS BREACHED THE TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) ACT 1979?
TAMS is taken to have intercepted residents’ communications:
S6 …interception of a communication passing over a telecommunications system consists of listening to or recording, by any means, such communication in its passage over that telecommunications system without the knowledge of the person making the communication.

TAMS is therefore taken to have breached the Act:
S7 A person shall not: a) intercept… a communication passing over a telecommunications system

2) HAS TAMS BREACHED RESIDENTS’ PRIVACY?
Unique Bluetooth data such as device ID or MAC address is to be considered personal information:
“Personal information” means information… about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Ordinarily, data such as IP and MAC addresses are not considered identifiable information. However, the Australian Privacy Commissioner and the Australian Law Reform Commission has given further advice on the matter, stating that these data may become identifying if they are tied to data concerning other aspects of someone’s identity. This includes an individual’s position at a specified time, along with their actions and behaviours, as TAMS has clearly done to identify cars at the entry and exit points in their study.

TAMS is taken to have breached an Information Privacy Principle:
S14 Personal information shall not be collected by a collector for inclusion in a record or in a generally available publication unless:
a) the information is collected for a purpose that is a lawful purpose directly related to a function or activity of the collector; and
b) the collection of the information is necessary for or directly related to that purpose.
Personal information shall not be collected by a collector by unlawful or unfair means.

TAMS is taken to have interfered with resident privacy:
S13 An act or practice is an interference with the privacy of an individual if the act or practice: a) in the case of an act or practice engaged in by an agency … breaches an Information Privacy Principle in relation to personal information that relates to the individual

I don’t think so.

1. Bluetooth signal wouldn’t be a ‘communication’ under this act.
2. The key is whether this meaningless data is somehow combined with other info which together could make it ‘private’ or identifying. The blurb above says there’s ‘no database’. If you believe them, there’s no problem.
3. Ditto for the remainder. It’s not ‘personal information’, nor is it being used in a record or published.

Look, this stuff is happening all the time in all kinds if ways. Don’t be concerned that a non-identifying signal is being accessed; just be concerned if it’s being kept, aggragated and misused. Which, it looks like it’s not. I think the traffic people are probably busy building speed humps rather than some special database they can use to combine people’s random data.

Pork Hunt 5:59 pm 27 Mar 13

johnboy said :

The interactions we choose to have with a private company are rather different to data gathering by our government in near secrecy Al.

Correct

FioBla 5:43 pm 27 Mar 13

gooterz said :

Bit of irony that its illegal to use mobile phones while driving but its ok for the government to use your phone while your driving.

It is of course *not* illegal to use mobile phones while driving (as long as mounted properly yada yada rule 300 of road rules).

Gungahlin Al 5:36 pm 27 Mar 13

I think anyone concerned about their privacy being breached by this heinous practice should make sure that they explain their concerns to all their Facebook friends.

    johnboy 5:40 pm 27 Mar 13

    The interactions we choose to have with a private company are rather different to data gathering by our government in near secrecy Al.

thebrownstreak69 5:03 pm 27 Mar 13

p1 said :

thebrownstreak69 said :

p1 said :

thebrownstreak69 said :

People put all sorts of private information onto Facebook, Twitter, LinkedIn, etc, and then whinge about this? The biggest threat to our privacy is our own stupid behaviour.

When you put information onto FB, for example, FB own that information, and it gets sent anywhere they like.

I think most people – even those who put their entire lives on facebook for all to see – would say the difference is the ability to opt out should you wish.

You can’t remove what’s already out there, though.

Hence people being a little worried that the government might be collecting and putting “out there” a whole heap of data about them, when we don’t even know exactly what it is.

The government already has a crapload of data about you, and shares it amongst departments and other parties as well.

osfmar 4:50 pm 27 Mar 13

To me the issue here is whether or not they broke the law, regardless of how small the issue may be. I’m still left very concerned after the response from TAMS… My interpretation is below.

1) HAS TAMS BREACHED THE TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) ACT 1979?
TAMS is taken to have intercepted residents’ communications:
S6 …interception of a communication passing over a telecommunications system consists of listening to or recording, by any means, such communication in its passage over that telecommunications system without the knowledge of the person making the communication.

TAMS is therefore taken to have breached the Act:
S7 A person shall not: a) intercept… a communication passing over a telecommunications system

2) HAS TAMS BREACHED RESIDENTS’ PRIVACY?
Unique Bluetooth data such as device ID or MAC address is to be considered personal information:
“Personal information” means information… about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Ordinarily, data such as IP and MAC addresses are not considered identifiable information. However, the Australian Privacy Commissioner and the Australian Law Reform Commission has given further advice on the matter, stating that these data may become identifying if they are tied to data concerning other aspects of someone’s identity. This includes an individual’s position at a specified time, along with their actions and behaviours, as TAMS has clearly done to identify cars at the entry and exit points in their study.

TAMS is taken to have breached an Information Privacy Principle:
S14 Personal information shall not be collected by a collector for inclusion in a record or in a generally available publication unless:
a) the information is collected for a purpose that is a lawful purpose directly related to a function or activity of the collector; and
b) the collection of the information is necessary for or directly related to that purpose.
Personal information shall not be collected by a collector by unlawful or unfair means.

TAMS is taken to have interfered with resident privacy:
S13 An act or practice is an interference with the privacy of an individual if the act or practice: a) in the case of an act or practice engaged in by an agency … breaches an Information Privacy Principle in relation to personal information that relates to the individual

p1 4:27 pm 27 Mar 13

thebrownstreak69 said :

p1 said :

thebrownstreak69 said :

People put all sorts of private information onto Facebook, Twitter, LinkedIn, etc, and then whinge about this? The biggest threat to our privacy is our own stupid behaviour.

When you put information onto FB, for example, FB own that information, and it gets sent anywhere they like.

I think most people – even those who put their entire lives on facebook for all to see – would say the difference is the ability to opt out should you wish.

You can’t remove what’s already out there, though.

Hence people being a little worried that the government might be collecting and putting “out there” a whole heap of data about them, when we don’t even know exactly what it is.

thebrownstreak69 4:16 pm 27 Mar 13

p1 said :

thebrownstreak69 said :

People put all sorts of private information onto Facebook, Twitter, LinkedIn, etc, and then whinge about this? The biggest threat to our privacy is our own stupid behaviour.

When you put information onto FB, for example, FB own that information, and it gets sent anywhere they like.

I think most people – even those who put their entire lives on facebook for all to see – would say the difference is the ability to opt out should you wish.

You can’t remove what’s already out there, though.

Skidbladnir 3:46 pm 27 Mar 13

If you’re good at data relationships, you’d be amazed at just what can be achieved.

And for those who assert the old chestnut that The good have nothing to fear, the good have everything to fear, the most to lose, and due to a lack of risk familiarity/recognition, are the most exposed.

Bad police, crazy lovers, stalker exes, and people with axes to grind all exist, everybody has something they consider worth hiding, privacy breaches can destroy lives and families, and the impact doesn’t simply end with those who are breached or at the time of the breach.
If there was no reasonable expectation of privacy there would be fewer sales of curtains.

p1 3:43 pm 27 Mar 13

thebrownstreak69 said :

People put all sorts of private information onto Facebook, Twitter, LinkedIn, etc, and then whinge about this? The biggest threat to our privacy is our own stupid behaviour.

When you put information onto FB, for example, FB own that information, and it gets sent anywhere they like.

I think most people – even those who put their entire lives on facebook for all to see – would say the difference is the ability to opt out should you wish.

gooterz 3:41 pm 27 Mar 13

thebrownstreak69 said :

People put all sorts of private information onto Facebook, Twitter, LinkedIn, etc, and then whinge about this? The biggest threat to our privacy is our own stupid behaviour.

When you put information onto FB, for example, FB own that information, and it gets sent anywhere they like.

Who says everyone uses FB?

Bit of irony that its illegal to use mobile phones while driving but its ok for the government to use your phone while your driving.

Also if a car had 5 people/phones in it then would that count as 5 cars or 1?

The other option would be to use road counters that judge speed and record time. Setup one at each end of the road, and exclude the cars that don’t have a matching entry exit time. Much more accurate than Bluetooth.

Knowing IT projects how much did these Bluetooth devices cost? We’ll probably spend more on the studies over the years than the price of fixing the road

p1 3:37 pm 27 Mar 13

What interests me is what data exactly TAMS intend to keep in the long term. Will they completely de-identify the results and destroy all the rest? Or will they keep everything they recorded for ever?

Because while it might not be possible to just look in their database and recognise my details, should someone actively wish to investigate me¹, it wouldn’t take much to loiter near enough to get my bluetooth ID, look back at the database and see there and when I passed a device in the past.

Plus, all the people who think only a small percentage of people leave bluetooth on might be forgetting that many cars these days have bluetooth built in. Many cars have after market GPS systems which have bluetooth capability. All of these devices could be tracked (which raises an interesting point for their data collection – can it tell if three separate devices were in the same vehicle, or is the data meaningless?).

1 - While it is unlikely that anyone will be stalking me - and if the cops are investigating me I probably did something dodgy - there are plenty of cases out there of people (sometimes famous, sometimes just unlucky) being stalked followed, hacked etc. Governments shouldn't be going to building databases of information without very tight controls placed on them. Now I shall go back to polishing my tin-foil hat.

thebrownstreak69 3:33 pm 27 Mar 13

People put all sorts of private information onto Facebook, Twitter, LinkedIn, etc, and then whinge about this? The biggest threat to our privacy is our own stupid behaviour.

When you put information onto FB, for example, FB own that information, and it gets sent anywhere they like.

Related Articles

CBR Tweets

Sign up to our newsletter

Top
Copyright © 2018 Riot ACT Holdings Pty Ltd. All rights reserved.
www.the-riotact.com | www.b2bmagazine.com.au | www.thisiscanberra.com

Search across the site