Thursday, June 09, 2011

Follow-up on The Privacy Issues Involved in the Release of the Cell Phone Data to Locate the E.Coli / EHEC Outbreak ( a month later)

In the comment section of the previous entry, anonymous makes the following good point:
Hi Igor,
the situation is even more restricted than Peter wrote: The data you mentioned do not exist! According to the decision of the federal constitutional court (the highest German court) cell phone operators are just just allowed to collect data for charging issues and have to delete everything else as soon as possible.

To what I replied
Hello Anonymous,

If this is the case, how come Mr. Sptiz was able to get that data ?

what are the cases defined by the Supreme Court for the retaining of that information ? ( I am a little bit surprised that this information does not exist any more if the SC allowed for it to be used in cases of rape/murder, i.e. not immediately recognizable offences sometimes).

If the data has to be collected for charging purposes and somehow there is a litigation between a customer and the telco, what type of record can the telco show if everything has been erased ? Most billing are monthly or bi-monthly, so given what I just said, my take is that this data still exists as we speak.

Anonymous then kindly provided more context :

Hello Igor,
the court decided March 2010, before the cell phone operators had to save data for six month. The data of Mr. Spitz had been recorded before this decision. I don't know about exceptions for severe crimes or other cases where usage of the (few) existing data is permitted.

Up to my knowledge the triangulated position of the phone is not saved for charging issues. Elsewise, the data exist just if there was a phone call at this time. Nevertheless, in Germany there are a lot of mobile phones that are billed by flatrate or prepaid. In those cases there are most probably no data at all.

Ok, that was great information. Let me add something to this.. I initially pointed out that using the cell phone data of non-residents can also be more fruitful (because they are on average less in the region of interest). In the U.S., the law of the land (with clear upholding from the U.S. Supreme Court) has made it clear that there can be a legal difference between citizens and non-residents. In effect, the laws of privacy for a number of reasons may be different for the locals and for the non-residents. I am not saying it is a good thing, I am just saying that most democracies seem to make that legal distinction. The German SC may have been too focused on its citizens in its March 2010 ruling.

In the meantime, Thomas added:
Hi Igor,
As a follow up to my comment a couple of days ago, the Ingeniøren newspaper's website ran a short story today that mentions the mobile data approach:
See if Google Translate can make any sense of it. Otherwise, let me know and I'll give you a summary. I'd be happy to discuss it.

Thanks  Thomas. The translation is here. I am getting out of it that they mostly talk about locating people through their credit cards purchases to find out the sources. But this approach hides one or two assumptions that are not factual in this specific case. Let me point out what those are in bracket in the translated text: below:
Problematic to use mobile data
Another possibility in the hunt for sources of infection, as one of 's readers have pointed out could be to exploit the data being recorded by people's cell phones. Data as police also make use of in exploration contexts.

By cross-reference cellular data from affected persons could be a part of their whereabouts so mapped, so the example might be identified whether subjects had been attached to the same mobile phone mast within a certain period.

Consultant at SSI Steffen Glismann is not dismissive of that method could prove useful.

"We do not do it today, but it was one of the electronic footprints, one could consider using," says Steffen Glismann.

He does have his reservations about basing disease hunt for the cell tower people have been affiliated.

"This method says not so much about what people have done in an area. And there will be a lot of noise in the data. For example, many would come by the same mobile phone mast on the way down through Germany without it necessarily says anything about where they were infected, "says Steffen Glismann. [ Steffen makes the mistakes of assuming that all foreigners are Danish. They are not, about 11 different nationalities have been affected. In effect, the cross referencing of all the non-residents would clearly delineate the place or places of interest ]

In addition, experience Statens Serum Institut rare that a larger number of people have been infected the same geographic location. And that is precisely the method by looking at purchases with debit cards because it can be used to trace a product back to a single supplier, even if the goods have been sold across the country, explains Steffen Glismann. [Again Steffen makes the same mistake as the KRI folks have, they are solving a traceability issue, when in fact the issue is to reduce the number of sick people (2000 so far). These are different problems, in particular, the credit card problem won't solve people that have been exposed to the bacterium second hand].

And if more people have become infected while they were connected to the same cell tower, then a fully analog method prove to be faster than having to apply for permission to use data on mobile phones and then cross reference them, says Steen Glismann : [ Steen makes the assumption that there is no secondary infection such as hand to hand contacts, soiled surfaces like subway handles, etc.... ]

"It will be easier to ask people where they've been and what they've done." [ Again, the central assumption built in the questionnaire approach relies on the fact the that person is capable: it is not the case here as the bacterium has had a clear neurological impact on the sick,... some cannot count anymore. Eventually the other assumption is that people are sick because they ate something. ]

No comments: