Feeds

NSA: Yes we 'experimented' with US mobile tracking. But we didn't inhale

Huh - Euro snoop systems are on constantly

Providing a secure and efficient Helpdesk

Analysis The US National Security Agency has recently admitted to experimenting with bulk collection of mobile phone locations, but denied it ever actually used the information.

This is unlike its European contemporaries, which apparently devolved the task of collecting mobile phone data to the network operators years ago.

The NSA project was an unsuccessful pilot, according to the spooks' Director of Intelligence, James R Clapper. He told the Senate Judiciary Committee about the experiment on Wednesday, but denied there was any ongoing analysis of the data the NSA covertly slurped, as the New York Times explains.

But in Europe, network operators are obliged to keep the very same data, just in case law enforcement fancies a look at it.

Back in 2009, a German politician requested access to his location data from T-Mobile. Following various legal challenges the operator eventually complied and the newspaper Die Zeit put it together into an animated map which shows just what the European authorities can do, if they're minded to.

The difference – and it's an important one – is the presence of judicial oversight. An agency wanting access to European phone records, which are kept for at least a year, has to apply through the nominated Single Point of Contact (SPOC) which is actually a significant, if whispered, department within every police force and network operator, ready to supply thousands of requests for data every week.

Requests have to be proportional to the crime being investigated and are generally restricted to "was this phone in this location at this time" but can vary. A suspicious death connected to the owner of a particular phone may warrant the authorities slurping its location data for the last 24 hours, while an abducted child might warrant an urgent check for current information.

One of the key deterrents against agents of the state engaging in fishing expeditions is the price charged by mobile operators for access to the data they hold. Naturally, speedy access to data and access to large swathes of it tends to attract higher fees.

Exactly how much they charge, they won't say. Operators are only supposed to cover their costs. The fact that a budget is needed for every enquiry helps prevent the more obvious checking up on lovers, and the like which the NSA has admitted occurs in its network.

Most of us trust the police, and most Americans (just about) trust their government, but we might not trust the individuals who comprisethese bodies. Perusing the Facebook page of an old partner is almost irresistible. Imagine how much more seductive it would be if one could overhear their phone calls too. Such a system needs robust oversight to prevent humans succumbing to their natural tendencies.

The problem here isn't that the NSA was tracking phones, or that it requested data from internet companies; the problem was that it did so in the shadows.

Here in Europe we're doing much the same thing, on a bigger scale and with more success. It's hard to count foiled terrorist plots, but the same rules solve numerous crimes every day. Most of us don’t want to hide our location from the police or the secret services – but we might want to hide from the humans who make up those forces. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.