29 March 2013

Big Brother is Watching. Government Invades Resident Privacy

| trixyf
Join the conversation
58
the one eye sees all

ACT Territory and Municipal Services (TAMS) has admitted to surreptitiously tracking and recording the movements of residents in Canberra’s South through the interception of the private Bluetooth emissions of their mobile phones and car hands-free systems.

TAMS has collected these data as part of its evidence base in support of the highly controversial plan to implement more than 82 traffic calming devices across the southern suburbs of Chisholm, Gilmore, Richardson, Macarthur, Fadden and Gowrie.

The data were reportedly used to map traffic flows and to measure ‘rat-running’ of traffic through the aforementioned suburbs. Collection apparatuses were placed by the side of the road at all entrance and exit points to each suburb. Under the project, if the same signal was received at two collection points, it was inferred that the vehicle had ‘rat-runned’ through the suburb.

All traffic with Bluetooth devices entering or leaving each suburb was tracked as part of the study, conducted jointly by Purdons Consulting and TAMS, in December 2012. This capability would normally require obtaining a warrant under the Telecommunications Interception and Access Act 1979, which was intended to restrict the activities of domestic law enforcement agencies. Further, there is a reasonable expectation of privacy whilst utilising Bluetooth, as well as the possibility of the information being personally identifying. As such the collection of these data is likely to be in contravention of the Privacy Act 1988.

Residents were not advised about their intentions to conduct this activity, nor has TAMS offered residents the opportunity to review their private data collected under the study. When questioned about the legality of the program by concerned residents at a recent public consultation on 13 March, Mr Rifaat Shoukrallah, Roads ACT Senior Manager of Traffic Management and Safety, stated that he considered the actions of the department to be “completely legal”. The event was also attended by ACT Greens Minister Shane Rattenbury.

The activities of TAMS are eerily similar to the blunder of Google’s Street View project, where the company recorded Wi-Fi access point location data of millions of users worldwide. This lead to the company being fined for breaching user privacy. However, unlike Wi-Fi, where broadcasts are expected to be received by surrounding users attempting to locate and connect to home networks, Bluetooth beacons are private signals intended only for the target user. This makes the suspected breach all the more serious.

Similar activities have been conducted in Queensland, where investigations concluded that information collected was not personally identifying, and as such, not a breach of the Privacy Act. However, most readers will be aware that by default, Bluetooth devices often use the owner’s name as the identifier. The trend towards law enforcement abroad and domestically increasingly using similar methods as a mechanism for tracking the location of criminals (under warrant) also suggests that the legality of this technology needs to be reviewed before use in the ACT.


ED – We were rather surprised by this story so asked TAMS for comment. They had this reply:

Bluetooth data collection is used for traffic studies across Australia and worldwide. Please be assured that this technology is not able to collect any personal data and there is no way to identify individuals through Bluetooth devices. If the technology could in any way contravene the Privacy Act or other legislation, TAMS would not use it.

The Bluetooth technology allows for information to be collected about the movement of cars through a suburb. Data receivers collect an electronic signature at the entry and exit points to suburbs and by looking at the time it takes vehicles to travel that distance it can be determined whether they are ‘rat running’ or whether they were instead going to the local shops or dropping their kids off at school. If data is captured only at the entry point then it can be determined that the owner of the vehicle must live in the suburb.

TAMS has received many safety and complaints relating to rat running in Chisholm, Gilmore, Richardson, Macarthur, Fadden and Gowrie and is responding with detailed traffic studies. Bluetooth technology is being used instead of manual counting as it much more accurately records traffic flows. It also offers a greater degree of privacy than that which can be provided with toll tag tracking or license plate surveys due to the fact that there are no databases of Bluetooth addresses that can be used to associate addresses with individual owners or their vehicles.

The Minister has asked TAMS to include information on Bluetooth data collection on its website, as we understand people may have concerns or questions about how it works.


UPDATE 29/03/13 10:31: Good grief we’ve made The Register who seem to have blurred the line on user generated content into an editorial line.

Join the conversation

58
All Comments
  • All Comments
  • Website Comments
LatestOldest
CraigThomler8:28 am 01 Apr 13

Guys, read this article from the SMH about how researchers were able to identify people with 95% accuracy using four ‘anonymous’ GPS location coordinates from their mobile phones & reconsider whether the use of car locational data is actually anonymous & thus legal.

I think it would fail the test!

http://m.smh.com.au/digital-life/consumer-security/anonymous-mobile-phone-location-data-leaves-fingerprints-that-could-identify-you-20130329-2gy1p.html

Is it a coincidence that Libs. Zed Seselja, Brendan Smyth and Andrew Wall all live in the “target” area.
Labor checking their movements to make sure their timesheets are correct perhaps?

Interestingly enough this article has just recently come out in the Nature journal Scientific Reports:
de Montjoye Y, Hidalgo C, Verleysen M, Blondel VD. Unique in the crowd: the privacy bounds of human mobility. Scientific Reports 2013 Mar;3:1376.

“Four randomly chosen [mobile phone data] points are enough to uniquely characterize 95% of the users (? > .95), whereas two randomly chosen points still uniquely characterize more than 50% of the users (? > .5). This shows that mobility traces are highly unique, and can therefore be re-identified using little outside information.”

See also: http://www.zeit.de/datenschutz/malte-spitz-data-retention

So much for this data being de-identified…

goggles13 said :

RadioVK said :

Edwardo said :

@RadioVK (whose name suggests he/she has an amateur radio licence): No, you are not entitled to intercept any signal out of the aether.

The Telecomm’s Interception and Access Act does apply, as any device which is connected to a telecommunications network becomes PART OF that network. Thus, mobile telephones and their bluetooth accessories are transmitting over a telecommunications network. This is why you may be prosecuted under the Act for hacking into another’s computer, which is plugged connected to the internet (a telecommunications network).

As I said in my last post, the devices collecting data aren’t collecting anything you are not making freely available by leaving your Bluetooth on. The complete stranger standing next to you at the bus stop could get exactly the same information, without breaking any laws, by searching for Bluetooth devices with his smartphone, if you walk around with your Bluetooth on. If this bothers anyone, I can only say, once again, turn off your Bluetooth.

My phone has Bluetooth switched on all the time, but not visible to unpaired devices. does that mean that the Bluetooth monitoring will not occur on my phone?

I am not prepared to turn Bluetooth off when I am driving because it allows me to use my phone handsfree which is safety than holding it up to my ear.

Yes, I think it does. If it’s set to only be visible to paired devices, I think it will only respond to requests from those devices that it has previously paired with, which would mean that it would also ignore requests from the traffic monitoring system. I’m not 100% sure of that though. There may be some sort of back door, and I’m not exactly an expert on Bluetooth. As I said in my previous post, when I did my apprenticeship mobiles were still the size of housebricks.

RadioVK said :

Edwardo said :

@RadioVK (whose name suggests he/she has an amateur radio licence): No, you are not entitled to intercept any signal out of the aether.

The Telecomm’s Interception and Access Act does apply, as any device which is connected to a telecommunications network becomes PART OF that network. Thus, mobile telephones and their bluetooth accessories are transmitting over a telecommunications network. This is why you may be prosecuted under the Act for hacking into another’s computer, which is plugged connected to the internet (a telecommunications network).

As I said in my last post, the devices collecting data aren’t collecting anything you are not making freely available by leaving your Bluetooth on. The complete stranger standing next to you at the bus stop could get exactly the same information, without breaking any laws, by searching for Bluetooth devices with his smartphone, if you walk around with your Bluetooth on. If this bothers anyone, I can only say, once again, turn off your Bluetooth.

My phone has Bluetooth switched on all the time, but not visible to unpaired devices. does that mean that the Bluetooth monitoring will not occur on my phone?

I am not prepared to turn Bluetooth off when I am driving because it allows me to use my phone handsfree which is safety than holding it up to my ear.

Edwardo said :

@RadioVK (whose name suggests he/she has an amateur radio licence): No, you are not entitled to intercept any signal out of the aether.

The Telecomm’s Interception and Access Act does apply, as any device which is connected to a telecommunications network becomes PART OF that network. Thus, mobile telephones and their bluetooth accessories are transmitting over a telecommunications network. This is why you may be prosecuted under the Act for hacking into another’s computer, which is plugged connected to the internet (a telecommunications network).

Yep, you found me out. I am a licensed amateur. I’m guessing you probably are too, so it’s nice to be discussing this with someone who has a grasp on the technology.

If what you say were true, every smart phone that can search for open wireless networks would be illegal, as they are intercepting transmissions from a telecommunication network. As all mobile phones must be Austel approved to be used on our telecommunications network, you could infer from that fact that all the functions that an Austel approved mobile phone is capable of are also considered to be legal, otherwise they would not have received Austel approval.

As I said, you can receive any signal you like. It’s what you do with that transmission next that determines whether or not it constitutes an interception. A good example of this is Police band scanners. It’s not illegal to listen in to the Police on a scanner, but it is illegal to act on, or pass on, any information received. If it were Illegal just to receive signals on these frequencies, ACMA would not allow receivers that cover those frequencies to be freely available to the public. Of course, now that the emergency services are switching over to digital systems it’s less relevant, as everything is now encoded.

You’re probably right about the bluetooth device being part of the network though. When I did my apprenticeship, mobile phones were still the approximate size and weight of a house brick. A lot has changed since the good old days of analogue.

As I said in my last post, the devices collecting data aren’t collecting anything you are not making freely available by leaving your Bluetooth on. The complete stranger standing next to you at the bus stop could get exactly the same information, without breaking any laws, by searching for Bluetooth devices with his smartphone, if you walk around with your Bluetooth on. If this bothers anyone, I can only say, once again, turn off your Bluetooth.

Here_and_Now10:56 pm 29 Mar 13

Truthiness said :

It is telling that the very concept of personal privacy is an anathema to so many. We are being acclimatised to the surveillance state.

It’s not just that, it’s the era overall. People have become more concerned about privacy because now their information can get all over the world. On the flip side, people send their information all over the world and want it to remain private.

(There are Facebook users who represent this phenomena. The same people who object to Facebook potentially spreading their information are the same people sending all their information to Facebook.)

To want to have some say in what others know about you is no bad aim, but it’s not always practical. Then on the other hand, from other angles we tend to get suspicious or inquisitive (or are even encouraged to do so) when others won’t tell people their business.

RadioVK said :

A couple of points.

1. The Bluetooth in your phone is not technically part of the telecommunications network. The network boundary is at the phone itself. Therefore intercepting Bluetooth signals is not technically intercepting a telecommunications signal. I think the same is true for cordless telephones as well.

2. IIRC, an RF (radio) signal is considered to be in the public domain once it has been transmitted. Intercepting such transmissions is not illegal, but attempting to decode, redistribute, or gain advantage from intercepted transmissions is. For instance, it is not illegal to listen in to the Police or other emergency services, but it is illegal to attempt to gain an advantage from the information in those transmissions.

3. To gain access to the contents of the phone using this system would require someone at the collection point to access the phone and attempt to extract information from it there and then. It’s not like the system can download the entire contents of your phone as you drive past.

In the end, they’re only collecting any information that you, the owner of the phone, are making generally available by leaving your Bluetooth on. If you have a problem with that, turn your Bluetooth off.

Best post in the thread. Spot on.

@RadioVK (whose name suggests he/she has an amateur radio licence): No, you are not entitled to intercept any signal out of the aether.

The Telecomm’s Interception and Access Act does apply, as any device which is connected to a telecommunications network becomes PART OF that network. Thus, mobile telephones and their bluetooth accessories are transmitting over a telecommunications network. This is why you may be prosecuted under the Act for hacking into another’s computer, which is plugged connected to the internet (a telecommunications network).

The government admits that they “collect an electronic signature”. Thus, they admit that the information is unique and potentially identifying. Also, it is blatantly untrue that “there is no way to identify individuals through Bluetooth devices”.

Further, the way Bluetooth works is that it cannot simply be passive reception. It would require them to ACTIVELY transmit an Inquiry Access Code frame, prompting your mobile phone to send back its ‘signature’ (MAC address) as response.

This information could be very valuable to marketing companies as well as government. I could go into business, start building up databases of Bluetooth devices in suburbs and sell the data to marketing companies if these actions were truly legal. I could place Bluetooth receivers in prominent areas and track consumer behaviour. To be clear, TAMS is not doing this. Though they are acting illegally as there is the POTENTIAL to relatively easily invade privacy with this data.

Perhaps someone should lodge a Freedom of Information request with the ACT Government for access to obtain listings of device ‘signature’, time and location of capture. If they are certain that there is no way to identify individuals using the information, it should not be a problem to publish this information.

johnboy said :

Gosh and now picked up by The Register who we’ll need to get a clarification from.

Well the power of RA knows no bounds. Quote from the register ‘The isue arose as the result of grassroots activism from Canberra-centric news service The-RiotACT, which has its take on events here’

Who says grassroots activism doesn’t have much clout!

sorry but monitoring of Bluetooth signals for any reason is not acceptable if we are not told it is happening, why it is happening, nor what it means.

if the Govt agrees that road users should be warned that their speed has been monitored by a fixed or mobile camera, then it needs to tell us that it is doing other forms of monitoring.

Gosh and now picked up by The Register who we’ll need to get a clarification from.

Gungahlin Al2:52 pm 28 Mar 13

Pork Hunt said :

johnboy said :

The interactions we choose to have with a private company are rather different to data gathering by our government in near secrecy Al.

Correct

It was a joke, referring to the irony of people who complain about… oh never mind.

Personally, my bluetooth is on all the time because I use BT headphones. What they are recording (temporarily) is the identifier that is broadcast by your device. It isn’t as if they are recording your transmissions. As per RadioVK:

RadioVK said :

A couple of points.

1. The Bluetooth in your phone is not technically part of the telecommunications network. The network boundary is at the phone itself. Therefore intercepting Bluetooth signals is not technically intercepting a telecommunications signal. I think the same is true for cordless telephones as well.

2. IIRC, an RF (radio) signal is considered to be in the public domain once it has been transmitted. Intercepting such transmissions is not illegal, but attempting to decode, redistribute, or gain advantage from intercepted transmissions is. For instance, it is not illegal to listen in to the Police or other emergency services, but it is illegal to attempt to gain an advantage from the information in those transmissions.

3. To gain access to the contents of the phone using this system would require someone at the collection point to access the phone and attempt to extract information from it there and then. It’s not like the system can download the entire contents of your phone as you drive past.

In the end, they’re only collecting any information that you, the owner of the phone, are making generally available by leaving your Bluetooth on. If you have a problem with that, turn your Bluetooth off.

Yes. This.

I heartily recommend a careful listen to Pat Drummond’s song, Flicker of an Eye:

http://www.youtube.com/watch?v=-scs1I1sePo

Truthiness said :

We are told that only criminals have something to hide. Why does that apply to us, but not apply to government and corporations? If we are truly entering an age without privacy, how come they are keeping more secrets than ever?

Oh puh-leese. It’s easier now than it’s ever been to get detailed information on just about anything you can think of, corporations and governments included.

eyeLikeCarrots9:29 am 28 Mar 13

Has anyone pointed out to this tinfoil hat wearing con-theorist that Bluetooth is ‘broadcast’ too ?

A couple of points.

1. The Bluetooth in your phone is not technically part of the telecommunications network. The network boundary is at the phone itself. Therefore intercepting Bluetooth signals is not technically intercepting a telecommunications signal. I think the same is true for cordless telephones as well.

2. IIRC, an RF (radio) signal is considered to be in the public domain once it has been transmitted. Intercepting such transmissions is not illegal, but attempting to decode, redistribute, or gain advantage from intercepted transmissions is. For instance, it is not illegal to listen in to the Police or other emergency services, but it is illegal to attempt to gain an advantage from the information in those transmissions.

3. To gain access to the contents of the phone using this system would require someone at the collection point to access the phone and attempt to extract information from it there and then. It’s not like the system can download the entire contents of your phone as you drive past.

In the end, they’re only collecting any information that you, the owner of the phone, are making generally available by leaving your Bluetooth on. If you have a problem with that, turn your Bluetooth off.

osfmar said :

over that telecommunications system without the knowledge of the person making the communication.

You need to go and read up how “telecommunications system” is defined in the Act.

osfmar said :

Unique Bluetooth data such as device ID or MAC address is to be considered personal information:

A quick search for these systems shows that they only collect part of the MAC address and I don’t see any suggestion that there was any other data collection taking place that would allow individuals to be identified.

Any amount of data collection could be fine, but it assumes the public servants, or the contractors, who have access to the system are all honourable.

Maybe not: Data tampering, Debbie Scattergood, credit cards, child services, and that’s just a few that come straight to mind.

Yawn. No breach here. And not sure I would trust the results because if I rarely have Bluetooth on, I am sure lots of others do.

Comic_and_Gamer_Nerd9:31 pm 27 Mar 13

RedDogInCan said :

obamabinladen said :

We are entering an era where our privacy is under threat.

The era started way back in the early 2000’s, please try to keep up.

Watson said :

I often think that people like to shout about their privacy being invaded because they like to pretend they are interesting enough to be spied on. But really, who cares about someone collecting these sorts of extremely limited data?

We should care. Whilst it may seem like extremely limited data today but it will be used as justification for tracking more detailed data in the future using the argument that ‘nobody complained when we tracked them before so it will be ok to use this slightly better system to track them in a bit more detail’. And nobody will complain then because ‘it’s only a little bit of data’ and the ‘ privacy needs of citizens are no more important than the safety concerns of those residents’. When do we call enough? Much easier to stop it now than when the government is mandating tracking devices for all cars.

In any case, the real story here is that TAMS is ignoring the actual problem of peak hour capacity on arterial roads and is instead seeking to justify a solution to a follow on problem that will inconvenience residents far more than rat runners. Fix the main roads and this problem will fix itself.

But in the end game what is the problem? If you are doing nothing bad then who cares. The government can war h me 24/7 if they wish. Probably be more embarrassing for them than me.

Jeep on tin foiling people.

Wrong wrong wrong. Get out there yourselves and have a look, ffs TAMS!

zippyzippy said :

osfmar said :

To me the issue here is whether or not they broke the law, regardless of how small the issue may be. I’m still left very concerned after the response from TAMS… My interpretation is below.

1) HAS TAMS BREACHED THE TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) ACT 1979?
TAMS is taken to have intercepted residents’ communications:
S6 …interception of a communication passing over a telecommunications system consists of listening to or recording, by any means, such communication in its passage over that telecommunications system without the knowledge of the person making the communication.

TAMS is therefore taken to have breached the Act:
S7 A person shall not: a) intercept… a communication passing over a telecommunications system

2) HAS TAMS BREACHED RESIDENTS’ PRIVACY?
Unique Bluetooth data such as device ID or MAC address is to be considered personal information:
“Personal information” means information… about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Ordinarily, data such as IP and MAC addresses are not considered identifiable information. However, the Australian Privacy Commissioner and the Australian Law Reform Commission has given further advice on the matter, stating that these data may become identifying if they are tied to data concerning other aspects of someone’s identity. This includes an individual’s position at a specified time, along with their actions and behaviours, as TAMS has clearly done to identify cars at the entry and exit points in their study.

TAMS is taken to have breached an Information Privacy Principle:
S14 Personal information shall not be collected by a collector for inclusion in a record or in a generally available publication unless:
a) the information is collected for a purpose that is a lawful purpose directly related to a function or activity of the collector; and
b) the collection of the information is necessary for or directly related to that purpose.
Personal information shall not be collected by a collector by unlawful or unfair means.

TAMS is taken to have interfered with resident privacy:
S13 An act or practice is an interference with the privacy of an individual if the act or practice: a) in the case of an act or practice engaged in by an agency … breaches an Information Privacy Principle in relation to personal information that relates to the individual

I don’t think so.

1. Bluetooth signal wouldn’t be a ‘communication’ under this act.
2. The key is whether this meaningless data is somehow combined with other info which together could make it ‘private’ or identifying. The blurb above says there’s ‘no database’. If you believe them, there’s no problem.
3. Ditto for the remainder. It’s not ‘personal information’, nor is it being used in a record or published.

Look, this stuff is happening all the time in all kinds if ways. Don’t be concerned that a non-identifying signal is being accessed; just be concerned if it’s being kept, aggragated and misused. Which, it looks like it’s not. I think the traffic people are probably busy building speed humps rather than some special database they can use to combine people’s random data.

How is the data collected though? Do all Bluetooth signals get recorded? In which case someone might be sending a private image or video, if then its recorded by TAMS how is that then protected?

It is telling that the very concept of personal privacy is an anathema to so many. We are being acclimatised to the surveillance state.

We are told that only criminals have something to hide. Why does that apply to us, but not apply to government and corporations? If we are truly entering an age without privacy, how come they are keeping more secrets than ever?

osfmar said :

To me the issue here is whether or not they broke the law, regardless of how small the issue may be. I’m still left very concerned after the response from TAMS… My interpretation is below.

1) HAS TAMS BREACHED THE TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) ACT 1979?
TAMS is taken to have intercepted residents’ communications:
S6 …interception of a communication passing over a telecommunications system consists of listening to or recording, by any means, such communication in its passage over that telecommunications system without the knowledge of the person making the communication.

TAMS is therefore taken to have breached the Act:
S7 A person shall not: a) intercept… a communication passing over a telecommunications system

2) HAS TAMS BREACHED RESIDENTS’ PRIVACY?
Unique Bluetooth data such as device ID or MAC address is to be considered personal information:
“Personal information” means information… about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Ordinarily, data such as IP and MAC addresses are not considered identifiable information. However, the Australian Privacy Commissioner and the Australian Law Reform Commission has given further advice on the matter, stating that these data may become identifying if they are tied to data concerning other aspects of someone’s identity. This includes an individual’s position at a specified time, along with their actions and behaviours, as TAMS has clearly done to identify cars at the entry and exit points in their study.

TAMS is taken to have breached an Information Privacy Principle:
S14 Personal information shall not be collected by a collector for inclusion in a record or in a generally available publication unless:
a) the information is collected for a purpose that is a lawful purpose directly related to a function or activity of the collector; and
b) the collection of the information is necessary for or directly related to that purpose.
Personal information shall not be collected by a collector by unlawful or unfair means.

TAMS is taken to have interfered with resident privacy:
S13 An act or practice is an interference with the privacy of an individual if the act or practice: a) in the case of an act or practice engaged in by an agency … breaches an Information Privacy Principle in relation to personal information that relates to the individual

I don’t think so.

1. Bluetooth signal wouldn’t be a ‘communication’ under this act.
2. The key is whether this meaningless data is somehow combined with other info which together could make it ‘private’ or identifying. The blurb above says there’s ‘no database’. If you believe them, there’s no problem.
3. Ditto for the remainder. It’s not ‘personal information’, nor is it being used in a record or published.

Look, this stuff is happening all the time in all kinds if ways. Don’t be concerned that a non-identifying signal is being accessed; just be concerned if it’s being kept, aggragated and misused. Which, it looks like it’s not. I think the traffic people are probably busy building speed humps rather than some special database they can use to combine people’s random data.

johnboy said :

The interactions we choose to have with a private company are rather different to data gathering by our government in near secrecy Al.

Correct

gooterz said :

Bit of irony that its illegal to use mobile phones while driving but its ok for the government to use your phone while your driving.

It is of course *not* illegal to use mobile phones while driving (as long as mounted properly yada yada rule 300 of road rules).

Gungahlin Al5:36 pm 27 Mar 13

I think anyone concerned about their privacy being breached by this heinous practice should make sure that they explain their concerns to all their Facebook friends.

The interactions we choose to have with a private company are rather different to data gathering by our government in near secrecy Al.

thebrownstreak695:03 pm 27 Mar 13

p1 said :

thebrownstreak69 said :

p1 said :

thebrownstreak69 said :

People put all sorts of private information onto Facebook, Twitter, LinkedIn, etc, and then whinge about this? The biggest threat to our privacy is our own stupid behaviour.

When you put information onto FB, for example, FB own that information, and it gets sent anywhere they like.

I think most people – even those who put their entire lives on facebook for all to see – would say the difference is the ability to opt out should you wish.

You can’t remove what’s already out there, though.

Hence people being a little worried that the government might be collecting and putting “out there” a whole heap of data about them, when we don’t even know exactly what it is.

The government already has a crapload of data about you, and shares it amongst departments and other parties as well.

To me the issue here is whether or not they broke the law, regardless of how small the issue may be. I’m still left very concerned after the response from TAMS… My interpretation is below.

1) HAS TAMS BREACHED THE TELECOMMUNICATIONS (INTERCEPTION AND ACCESS) ACT 1979?
TAMS is taken to have intercepted residents’ communications:
S6 …interception of a communication passing over a telecommunications system consists of listening to or recording, by any means, such communication in its passage over that telecommunications system without the knowledge of the person making the communication.

TAMS is therefore taken to have breached the Act:
S7 A person shall not: a) intercept… a communication passing over a telecommunications system

2) HAS TAMS BREACHED RESIDENTS’ PRIVACY?
Unique Bluetooth data such as device ID or MAC address is to be considered personal information:
“Personal information” means information… about an individual whose identity is apparent, or can reasonably be ascertained, from the information or opinion.

Ordinarily, data such as IP and MAC addresses are not considered identifiable information. However, the Australian Privacy Commissioner and the Australian Law Reform Commission has given further advice on the matter, stating that these data may become identifying if they are tied to data concerning other aspects of someone’s identity. This includes an individual’s position at a specified time, along with their actions and behaviours, as TAMS has clearly done to identify cars at the entry and exit points in their study.

TAMS is taken to have breached an Information Privacy Principle:
S14 Personal information shall not be collected by a collector for inclusion in a record or in a generally available publication unless:
a) the information is collected for a purpose that is a lawful purpose directly related to a function or activity of the collector; and
b) the collection of the information is necessary for or directly related to that purpose.
Personal information shall not be collected by a collector by unlawful or unfair means.

TAMS is taken to have interfered with resident privacy:
S13 An act or practice is an interference with the privacy of an individual if the act or practice: a) in the case of an act or practice engaged in by an agency … breaches an Information Privacy Principle in relation to personal information that relates to the individual

thebrownstreak69 said :

p1 said :

thebrownstreak69 said :

People put all sorts of private information onto Facebook, Twitter, LinkedIn, etc, and then whinge about this? The biggest threat to our privacy is our own stupid behaviour.

When you put information onto FB, for example, FB own that information, and it gets sent anywhere they like.

I think most people – even those who put their entire lives on facebook for all to see – would say the difference is the ability to opt out should you wish.

You can’t remove what’s already out there, though.

Hence people being a little worried that the government might be collecting and putting “out there” a whole heap of data about them, when we don’t even know exactly what it is.

thebrownstreak694:16 pm 27 Mar 13

p1 said :

thebrownstreak69 said :

People put all sorts of private information onto Facebook, Twitter, LinkedIn, etc, and then whinge about this? The biggest threat to our privacy is our own stupid behaviour.

When you put information onto FB, for example, FB own that information, and it gets sent anywhere they like.

I think most people – even those who put their entire lives on facebook for all to see – would say the difference is the ability to opt out should you wish.

You can’t remove what’s already out there, though.

If you’re good at data relationships, you’d be amazed at just what can be achieved.

And for those who assert the old chestnut that The good have nothing to fear, the good have everything to fear, the most to lose, and due to a lack of risk familiarity/recognition, are the most exposed.

Bad police, crazy lovers, stalker exes, and people with axes to grind all exist, everybody has something they consider worth hiding, privacy breaches can destroy lives and families, and the impact doesn’t simply end with those who are breached or at the time of the breach.
If there was no reasonable expectation of privacy there would be fewer sales of curtains.

thebrownstreak69 said :

People put all sorts of private information onto Facebook, Twitter, LinkedIn, etc, and then whinge about this? The biggest threat to our privacy is our own stupid behaviour.

When you put information onto FB, for example, FB own that information, and it gets sent anywhere they like.

I think most people – even those who put their entire lives on facebook for all to see – would say the difference is the ability to opt out should you wish.

thebrownstreak69 said :

People put all sorts of private information onto Facebook, Twitter, LinkedIn, etc, and then whinge about this? The biggest threat to our privacy is our own stupid behaviour.

When you put information onto FB, for example, FB own that information, and it gets sent anywhere they like.

Who says everyone uses FB?

Bit of irony that its illegal to use mobile phones while driving but its ok for the government to use your phone while your driving.

Also if a car had 5 people/phones in it then would that count as 5 cars or 1?

The other option would be to use road counters that judge speed and record time. Setup one at each end of the road, and exclude the cars that don’t have a matching entry exit time. Much more accurate than Bluetooth.

Knowing IT projects how much did these Bluetooth devices cost? We’ll probably spend more on the studies over the years than the price of fixing the road

What interests me is what data exactly TAMS intend to keep in the long term. Will they completely de-identify the results and destroy all the rest? Or will they keep everything they recorded for ever?

Because while it might not be possible to just look in their database and recognise my details, should someone actively wish to investigate me¹, it wouldn’t take much to loiter near enough to get my bluetooth ID, look back at the database and see there and when I passed a device in the past.

Plus, all the people who think only a small percentage of people leave bluetooth on might be forgetting that many cars these days have bluetooth built in. Many cars have after market GPS systems which have bluetooth capability. All of these devices could be tracked (which raises an interesting point for their data collection – can it tell if three separate devices were in the same vehicle, or is the data meaningless?).

1 - While it is unlikely that anyone will be stalking me - and if the cops are investigating me I probably did something dodgy - there are plenty of cases out there of people (sometimes famous, sometimes just unlucky) being stalked followed, hacked etc. Governments shouldn't be going to building databases of information without very tight controls placed on them. Now I shall go back to polishing my tin-foil hat.

thebrownstreak693:33 pm 27 Mar 13

People put all sorts of private information onto Facebook, Twitter, LinkedIn, etc, and then whinge about this? The biggest threat to our privacy is our own stupid behaviour.

When you put information onto FB, for example, FB own that information, and it gets sent anywhere they like.

obamabinladen said :

We are entering an era where our privacy is under threat.

The era started way back in the early 2000’s, please try to keep up.

Watson said :

I often think that people like to shout about their privacy being invaded because they like to pretend they are interesting enough to be spied on. But really, who cares about someone collecting these sorts of extremely limited data?

We should care. Whilst it may seem like extremely limited data today but it will be used as justification for tracking more detailed data in the future using the argument that ‘nobody complained when we tracked them before so it will be ok to use this slightly better system to track them in a bit more detail’. And nobody will complain then because ‘it’s only a little bit of data’ and the ‘ privacy needs of citizens are no more important than the safety concerns of those residents’. When do we call enough? Much easier to stop it now than when the government is mandating tracking devices for all cars.

In any case, the real story here is that TAMS is ignoring the actual problem of peak hour capacity on arterial roads and is instead seeking to justify a solution to a follow on problem that will inconvenience residents far more than rat runners. Fix the main roads and this problem will fix itself.

dunno what toothpaste you all use, but my teeth is white 🙂

kos said :

The reply from TAMS is pretty rubbish, you can quite easily get into a device over bluetooth and pull data from it (including private data). All it would take is for one TAMS employee who wants to do the wrong thing.

How and how different is this from someone doing the same thing using their mobile?

davo101 said :

Quick break out the tin-foil hat. Talk about an overreaction.

First off does the Telecommunications Interception and Access Act apply here? The Act states that it does not apply to a system for carrying communications solely by means of radiocommunication. Secondly does the Privacy Act apply? If they are collecting Bluetooth MACs then I don’t see how this can be considered personal information. How would you go about working out who 01-07-6B-88-EA-01 is? Thirdly, given the number of security breaks over the years, why would you have a reasonable expectation of privacy whilst utilising Bluetooth?

Lastly, and most importantly, if you choose to drive around Canberra broadcasting a tracking signal don’t be too surprised if some is listening in.

The TIA doesn’t apply here, Bluetooth is indeed a radio transmission and not covered by the TIA. The Privacy ACT also wouldnt apply, as you must have bluetooth enabled on your device in order to connect to these points.

The reply from TAMS is pretty rubbish, you can quite easily get into a device over bluetooth and pull data from it (including private data). All it would take is for one TAMS employee who wants to do the wrong thing.

davo101 said :

Quick break out the tin-foil hat. Talk about an overreaction.

First off does the Telecommunications Interception and Access Act apply here? The Act states that it does not apply to a system for carrying communications solely by means of radiocommunication. Secondly does the Privacy Act apply? If they are collecting Bluetooth MACs then I don’t see how this can be considered personal information. How would you go about working out who 01-07-6B-88-EA-01 is? Thirdly, given the number of security breaks over the years, why would you have a reasonable expectation of privacy whilst utilising Bluetooth?

Lastly, and most importantly, if you choose to drive around Canberra broadcasting a tracking signal don’t be too surprised if some is listening in.

+1

I often think that people like to shout about their privacy being invaded because they like to pretend they are interesting enough to be spied on. But really, who cares about someone collecting these sorts of extremely limited data? If it is truly illegal (I’ve no idea) it is not exactly best practice and it should prompt them to tighten their business processes. And then we all move with our lives.

davo101 said :

Quick break out the tin-foil hat. Talk about an overreaction.

First off does the Telecommunications Interception and Access Act apply here? The Act states that it does not apply to a system for carrying communications solely by means of radiocommunication. Secondly does the Privacy Act apply? If they are collecting Bluetooth MACs then I don’t see how this can be considered personal information. How would you go about working out who 01-07-6B-88-EA-01 is? Thirdly, given the number of security breaks over the years, why would you have a reasonable expectation of privacy whilst utilising Bluetooth?

Lastly, and most importantly, if you choose to drive around Canberra broadcasting a tracking signal don’t be too surprised if some is listening in.

^ this. Where can I subscribe to your newsletter?

What a beat up. Seriously. If you’re concerned about privacy and personal information by Government you might want to consider never loding a tax return, accessing welfare and the health system. That information stored would pale in comparison than your driving habits and bluetooth identifier which, frankly, probably bores the pants off some poor TAMS functionary.

And I do register my MYWAY card – because I couldn’t care less if the ACT police called me to ask if I saw a crime, or that I got on at Forde and got off at Civic. I’d volunteer it if I saw a crime or if the police asked me…because you know, I abide by the law.

Do you people put a hood over your face to evade CCTV in Civic or the bank? Or any other store? Your face is recorded… far more invasive than your name and bluetooth id. Or your driving habits.

Quick break out the tin-foil hat. Talk about an overreaction.

First off does the Telecommunications Interception and Access Act apply here? The Act states that it does not apply to a system for carrying communications solely by means of radiocommunication. Secondly does the Privacy Act apply? If they are collecting Bluetooth MACs then I don’t see how this can be considered personal information. How would you go about working out who 01-07-6B-88-EA-01 is? Thirdly, given the number of security breaks over the years, why would you have a reasonable expectation of privacy whilst utilising Bluetooth?

Lastly, and most importantly, if you choose to drive around Canberra broadcasting a tracking signal don’t be too surprised if some is listening in.

Cyclists don’t have Bluetooth?

It’d be skewed anyway, only a select few would leave Bluetooth on.

82 devices because the gov is to tight to fix anything south of parliament house?

Perhaps we could leave a devices outside the assembly so we know our leaders are working?

Good to know that the government was open about this, so the public could be assured of the confidentiality of their data.

Now was the Bluetooth’s Mac id’s recorded or were Bluetooth transmissions completely recorded, in which case the government has illegally intercepted telecommunications breaching the Telco act

Gungahlin Al1:28 pm 27 Mar 13

Won’t anyone think of the uni students?
How do they survive now without income from writing down numberplates??

Felix the Cat1:25 pm 27 Mar 13

themetresgained said :

At least that data is anonymous. The same cannot be said of transit data derived from registered MyWay cards. As a matter of principle, I choose not to register my MyWay card. There’s been incidents where Victorian police have solicited Myki data and gotten it with no trouble – there’s no way to prove the same can’t happen with MyWay.

Why would you be worried about the police accessing data? Ever think they might need it in relation to solving a crime?

Not exactly a Stalinesque attack on our rights is it? Still would have been nice if they’d told us before-hand rather than after the fact.

I wouldn’t have thought that many people leave their bluetooth on? Maybe the ones with hands-free, but surely that isn’t anywhere near close to the majority (or a useable amount even)? You lean something new every day! 🙂

This is old news. The real worry is that “they” can now also track you by collecting the reflected light and brainwave energy that bounces off your tinfoil hat and passes through the chemtrails overhead.

Where was the community awareness and consultation for this project? Did we get told before this began what was going to happen? Did they say “Hey, we’re going to start tracking you through you bluetooth devices”…

My phone can pass information regarding a phone number and contact name stored in the phone to the hands-free kit in the car. For example, if I have a contact named “Jon” saved into my contact list on the phone and he rings me it shows up on my hands-free as “Jon” calling and the phone number.
By collecting the BT Unique Identifier, the Government can begin their own database to track these signals – which I feel invades our right to privacy. Can the Government guarantee me that this data can’t be stored and used later for their own use? Probably not.
Also, what’s stopping a begrudged TAMS IT employee from using this data collected for unsavory use?

I understand your concerns.

Quite frankly, I’m more concerned that my neighbour can have CCTV that can view my property.

Short of breaking the law and taking it down myself when they go away on holidays, there is nothing I can do.

Canberracanuck12:15 pm 27 Mar 13

I think the privacy needs of citizens are no more important than the safety concerns of those residents of the suburbs concerned. What reasonable objection can responsible citizens have to the territory trying to improve quality of life for those residents? Granted, there need to be controls to ensure the information gathered is used only for the stated purpose, but the point about it being the easiest/cheapest way to collect data is a good one…if they had announced what they were doing, then the data collected would have been suspect, as no doubt a portion of the group would have either changed their behaviour or found a way to avoid detection. There is a serious problem to be faced by our society in the addiction to the convenience of the automobile, with no consideration given to the discomfort and danger to which it exposes the rest of the population, let alone the driver/occupant. We should applaud the guy who thought up the idea, as well as the local government for trying to do something measured and constructive, instead of just blindly re-designing the infrastructure (or worse yet, doing nothing). And anyone who is squeamish about this tiny “invasion of privacy” might want to think about selling the computer they use to read this forum!

themetresgained12:09 pm 27 Mar 13

At least that data is anonymous. The same cannot be said of transit data derived from registered MyWay cards. As a matter of principle, I choose not to register my MyWay card. There’s been incidents where Victorian police have solicited Myki data and gotten it with no trouble – there’s no way to prove the same can’t happen with MyWay.

> there is no way to identify individuals through Bluetooth devices

Bullshit. It’s a UID that you take with you either in your car or in your pocket. How is that not personally identifying?

Leave one of those sniffers at (or near enough to) one of the point to point speed cameras and they’ll be able to match hands-free kits to cars.

A bluetooth sniffer near a security camera would very easily build a dataset that could be used to match images of people to bluetooth devices.

A vast majority of people would have bluetooth turned off?

obamabinladen11:36 am 27 Mar 13

We are entering an era where our privacy is under threat. The people need to remember that we are the majority and the government works for us not the other way around.

Daily Digest

Want the best Canberra news delivered daily? Every day we package the most popular Riotact stories and send them straight to your inbox. Sign-up now for trusted local news that will never be behind a paywall.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.