Feeds

Mobile phone tracking, girlfriend stalking and the law

All in a day's work

Secure remote control for conventional and virtual desktops

A service has launched in the UK which allows you to track any mobile phone around the globe and follow its movements from your own computer. The Guardian ran a feature on it yesterday called 'How I stalked my girlfriend'. It painted a scary picture.

The service is run by World-Tracker, a company based on the Isle of Man. When a mobile number is entered onto the World-Tracker website, a text message is sent to that phone, to ask if the person carrying the phone wishes to be tracked.

If consent is given by reply, World-Tracker will show the location of the mobile phone on a map or as a map reading, using a Google Maps-based interface. The accuracy is between 50 and 500 metres. When the phone moves, the movement can be monitored online whenever the phone is turned on.

The system can be accessed through either a PC or mobile phone with internet access. It works with mobiles on the Vodafone, O2, T-Mobile and Orange networks.

World-Tracker is targeting parents who want to keep an eye on their children’s movements; businesses wanting to track their workers; lone workers, who feel more secure if someone else knows where they are; and anyone else who has ever lost a mobile phone – giving reassurance that their phone can be located more easily.

But in yesterday's Guardian, freelance writer Dr Ben Goldacre revealed a sinister side to the service. (He didn't name the site in his article; but Dr Goldacre had discussed it previously in a Radio 4 interview in which World-Tracker was also involved).

He signed up – for £5 plus VAT – and he provided his girlfriend's phone number. He lives with her and said he needed her phone for just five minutes to initiate the tracking.

According to his article, the first message read: "Ben Goldacre has requested to add you to their Buddy List! To accept, simply reply to this message with 'LOCATE'" He replied from her phone as instructed and another text arrived: "WARNING: [this service] allows other people to know where you are. For your own safety make sure that you know who is locating you."

He deleted these messages and tracking began.

Dr Goldacre has said that he had his girlfriend's consent for his experiment, conducted in the interests of journalism; but his article portrays a system open to abuse – and according to World-Tracker, Dr Goldacre omitted some vital details about its service.

OUT-LAW spoke to World-Tracker today. It described a quite different service. A spokesman – who did not wish to be named – said the company follows an industry Code of Practice for the use of location data. He pointed out that a breach of the Ofcom-endorsed Code would result in the mobile networks withdrawing their services from World-Tracker.

An important step required by the Code was not mentioned in the Guardian article: it demands that periodic text messages are sent to the phone. According to World-Tracker's spokesman, the company complies with this requirement in the Code.

The Code of Practice states

"Subsequent to activation, the [location service provider] must send periodic SMS alerts to all locatees to remind them that their mobile phone can be located by other parties. These alerts should be sent at random intervals, not in a set pattern. The suggested text and minimum standard frequency for sending the alerts is set out in Annex D."

In fact, Annex D is marked confidential: it is only made known to location service providers like World-Tracker, perhaps to minimise the risk of message interception.

Fiona Caskey, an Associate with Pinsent Masons, the law firm behind OUT-LAW.COM, regularly advises companies on data protection issues, including surveillance of employees.

She said that if the company is following the code, it is probably doing all that is necessary to comply with the country's privacy laws. But unscrupulous boyfriends are taking a risk if they seek to exploit the service.

"If Ben hadn't obtained his girlfriend's consent, he'd be breaking the Regulation of Investigatory Powers Act, better known as RIPA," said Caskey. It is an offence under RIPA to intercept and delete someone else's text message, she explained. "Such behaviour runs a risk of up to two years' imprisonment and a fine."

Perhaps surprisingly, the boyfriend is unlikely to breach the Data Protection Act by his acts. "He could argue that he was doing this for 'domestic purposes' – and he's off the hook," said Caskey.

Ben Goldacre replies...

* Update, 03/02/2006 18:15: Dr Goldacre contacted OUT-LAW with the following comments: "You quote an accusation by World Tracker that I 'omitted some vital details about its service'. You go on to say that 'An important step required by the Code was not mentioned in the Guardian article: it demands that periodic text messages are sent to the phone.'"

Dr Goldacre says he told a World-Tracker representative on last Friday's Radio 4 interview that he had tracked phones through World-Tracker's service for several days, and then deleted them from the World Tracker website – "and they have never received these follow-up warning messages. It is as simple as that. The Radio 4 reporter's phone that we also tracked specifically never received any follow up text messages."

When confronted for a response on this matter, Dr Goldacre says the World-Tracker representative replied that he would "look at our system" and "make sure that a text goes out in a sooner period."

Dr Goldacre continues: "I explained my concern that once somebody was deleted off the system they would never get a follow-up text, and never know that they were being tracked, and he agreed: 'As things stand at the moment no, but this is something that we should seriously look at.'"

He concludes: "The security provisions that World Tracker currently have in place present no barrier whatsoever to somebody tracking a phone undetected, exactly as I described in my piece, and there was no wilful omission of information from my article."

OUT-LAW did not listen to the Radio 4 interview and we did not speak with Dr Goldacre before reporting the comments made by World-Tracker. We apologise for any offence caused to Dr Goldacre as a result of these omissions.

We have notified World-Tracker that this story has been amended and suggested that they communicate directly on this matter.

Copyright © 2006, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

5 things you didn’t know about cloud backup

More from The Register

next story
Canadian ISP Shaw falls over with 'routing' sickness
How sure are you of cloud computing now?
Don't call it throttling: Ericsson 'priority' tech gives users their own slice of spectrum
Actually it's a nifty trick - at least you'll pay for what you get
Three floats Jolla in Hong Kong: Says Sailfish is '3rd option'
Network throws hat into ring with Linux-powered handsets
Fifteen zero days found in hacker router comp romp
Four routers rooted in SOHOpelessly Broken challenge
New Sprint CEO says he will lower axe on staff – but prices come first
'Very disruptive' new rates to be revealed next week
PwC says US biz lagging in Internet of Things
Grass is greener in Asia, say the sensors
Ofcom sees RISE OF THE MACHINE-to-machine cell comms
Study spots 9% growth in IoT m2m mobile data connections
O2 vs Vodafone: Mobe firms grab for GCHQ, gov.uk security badge
No, the spooks love US best, say rival firms
Ancient pager tech SMS: It works, it's fab, but wow, get a load of that incoming SPAM
Networks' main issue: they don't know how it works, says expert
Trans-Pacific: Google spaffs cash on FAST undersea packet-flinging
One of 6 backers for new 60 Tbps cable to hook US to Japan
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.