Mobile phone tracking, girlfriend stalking and the law
All in a day's work
A service has launched in the UK which allows you to track any mobile phone around the globe and follow its movements from your own computer. The Guardian ran a feature on it yesterday called 'How I stalked my girlfriend'. It painted a scary picture.
The service is run by World-Tracker, a company based on the Isle of Man. When a mobile number is entered onto the World-Tracker website, a text message is sent to that phone, to ask if the person carrying the phone wishes to be tracked.
If consent is given by reply, World-Tracker will show the location of the mobile phone on a map or as a map reading, using a Google Maps-based interface. The accuracy is between 50 and 500 metres. When the phone moves, the movement can be monitored online whenever the phone is turned on.
The system can be accessed through either a PC or mobile phone with internet access. It works with mobiles on the Vodafone, O2, T-Mobile and Orange networks.
World-Tracker is targeting parents who want to keep an eye on their children’s movements; businesses wanting to track their workers; lone workers, who feel more secure if someone else knows where they are; and anyone else who has ever lost a mobile phone – giving reassurance that their phone can be located more easily.
But in yesterday's Guardian, freelance writer Dr Ben Goldacre revealed a sinister side to the service. (He didn't name the site in his article; but Dr Goldacre had discussed it previously in a Radio 4 interview in which World-Tracker was also involved).
He signed up – for £5 plus VAT – and he provided his girlfriend's phone number. He lives with her and said he needed her phone for just five minutes to initiate the tracking.
According to his article, the first message read: "Ben Goldacre has requested to add you to their Buddy List! To accept, simply reply to this message with 'LOCATE'" He replied from her phone as instructed and another text arrived: "WARNING: [this service] allows other people to know where you are. For your own safety make sure that you know who is locating you."
He deleted these messages and tracking began.
Dr Goldacre has said that he had his girlfriend's consent for his experiment, conducted in the interests of journalism; but his article portrays a system open to abuse – and according to World-Tracker, Dr Goldacre omitted some vital details about its service.
OUT-LAW spoke to World-Tracker today. It described a quite different service. A spokesman – who did not wish to be named – said the company follows an industry Code of Practice for the use of location data. He pointed out that a breach of the Ofcom-endorsed Code would result in the mobile networks withdrawing their services from World-Tracker.
An important step required by the Code was not mentioned in the Guardian article: it demands that periodic text messages are sent to the phone. According to World-Tracker's spokesman, the company complies with this requirement in the Code.
The Code of Practice states
"Subsequent to activation, the [location service provider] must send periodic SMS alerts to all locatees to remind them that their mobile phone can be located by other parties. These alerts should be sent at random intervals, not in a set pattern. The suggested text and minimum standard frequency for sending the alerts is set out in Annex D."
In fact, Annex D is marked confidential: it is only made known to location service providers like World-Tracker, perhaps to minimise the risk of message interception.
Fiona Caskey, an Associate with Pinsent Masons, the law firm behind OUT-LAW.COM, regularly advises companies on data protection issues, including surveillance of employees.
She said that if the company is following the code, it is probably doing all that is necessary to comply with the country's privacy laws. But unscrupulous boyfriends are taking a risk if they seek to exploit the service.
"If Ben hadn't obtained his girlfriend's consent, he'd be breaking the Regulation of Investigatory Powers Act, better known as RIPA," said Caskey. It is an offence under RIPA to intercept and delete someone else's text message, she explained. "Such behaviour runs a risk of up to two years' imprisonment and a fine."
Perhaps surprisingly, the boyfriend is unlikely to breach the Data Protection Act by his acts. "He could argue that he was doing this for 'domestic purposes' – and he's off the hook," said Caskey.
Ben Goldacre replies...
* Update, 03/02/2006 18:15: Dr Goldacre contacted OUT-LAW with the following comments: "You quote an accusation by World Tracker that I 'omitted some vital details about its service'. You go on to say that 'An important step required by the Code was not mentioned in the Guardian article: it demands that periodic text messages are sent to the phone.'"
Dr Goldacre says he told a World-Tracker representative on last Friday's Radio 4 interview that he had tracked phones through World-Tracker's service for several days, and then deleted them from the World Tracker website – "and they have never received these follow-up warning messages. It is as simple as that. The Radio 4 reporter's phone that we also tracked specifically never received any follow up text messages."
When confronted for a response on this matter, Dr Goldacre says the World-Tracker representative replied that he would "look at our system" and "make sure that a text goes out in a sooner period."
Dr Goldacre continues: "I explained my concern that once somebody was deleted off the system they would never get a follow-up text, and never know that they were being tracked, and he agreed: 'As things stand at the moment no, but this is something that we should seriously look at.'"
He concludes: "The security provisions that World Tracker currently have in place present no barrier whatsoever to somebody tracking a phone undetected, exactly as I described in my piece, and there was no wilful omission of information from my article."
OUT-LAW did not listen to the Radio 4 interview and we did not speak with Dr Goldacre before reporting the comments made by World-Tracker. We apologise for any offence caused to Dr Goldacre as a result of these omissions.
We have notified World-Tracker that this story has been amended and suggested that they communicate directly on this matter.
Copyright © 2006, OUT-LAW.com
OUT-LAW.COM is part of international law firm Pinsent Masons.
Sponsored: Network DDoS protection