Government in Austria gets Cell Phone Movement Data without asking

[Alexander1970]

Another great Step on the Data Protection Law.Congratulations.

https://orf.at/stories/3158211/

The government currently receives - anonymously - the movement data of its customers from the domestic mobile operator A1. This is intended to enable the crisis team to see whether the measures to restrict social contacts are effective. The procedure also raises fundamental data protection issues. Not only data protectors, the SPÖ also criticized the procedure sharply.
Fewer contacts

First, according to an A1 spokeswoman, this data shows that A1 customers already severely restricted their range of motion at the end of the previous week, an A1 spokeswoman confirmed a corresponding report by the "Kronen Zeitung". This was also confirmed in the Federal Chancellery.

There, too, it was assured that no individual movement profiles had been transmitted. Rather, it was a comparison of the total movements between the previous Saturday and the Saturday before. "It's about the currents and the question of how that changed within a week," emphasized the spokesman.
Legally compliant for Chancellery

This is in compliance with the law and regulated in the General Data Protection Regulation. A1 also offered the data on its own initiative. A1's approach is also GDPR-compliant.

A1 also emphasized that the data could not be used to draw any conclusions about the individual cell phone user. Each cell phone is assigned a number that is automatically generated randomly for tracking. All these numbers are freshly assigned every 24 hours (so anonymized again). It is not even possible to understand where the anonymized users are going over long periods of time.
Live tracking would also be possible

In this way, however, the anonymized users could also be tracked “live”. But that does not happen, it said at A1. The government also has no direct access to the data. There is no interface.

This technology is "offered by a large number of companies throughout Europe and has been tried and tested for years. A1 makes these analyzes available to relevant government agencies in times of crisis for the benefit of the general public, ”said the telecommunications company. In fact, data of this kind is offered by telecom operators to companies for money.
Not justified for SPÖ

Such a procedure is not acceptable for the SPÖ vice club boss Jörg Leichtfried "even in such an unusual situation." He showed understanding that extraordinary situations may require extraordinary measures, "but these measures may only be taken in a form that is in accordance with the rule of law".
NGO wants to examine closely

The civil rights organization epicenter.works now wants to take a closer look at which data was passed on and how it was anonymized. Because the aggregation of individual data does not always offer reliable anonymization, says Managing Director Thomas Lohninger about the APA. One also wants to check whether there is a legal basis for the data transfer.
Expert points to the rule of law

The data protection expert Christof Tschohl from the Research Institute - Digital Human Rights Center emphasized against the "standard" that the procedure is understandable "from a human perspective". And adds: "But: The rule of law otherwise requires precision for good reasons, the Constitutional Court shows that this is strictly observed."

 

[notimp]

Huge abuse potential.

Context:

Anonymously is key, but isnt worth much. Its key because its harder to pinpoint certain datapoints (de-anynymize them). So abuse is limted to special interests. Meaning, at least people that are willing to put in the hours.

But reidentifying certain ids is inherently possible, because - heck, follow one of those datapoints for a while, and permitting that their ID doesnt change, you know his/her movement patterns for life. 100% success rate. Start with people that go in and out of governmental buildings first, then do it with journalists - then show a little ingenuity and you are set for life, heck, you can sell your services and find many buyers.

On facebook our 'social graphs' are far, far less clear, and mostly 'wish driven' (hey that person is cool, friend request), than the ones derived from actual location information metadata.

Why do they get this idea? Institutional and market interests align here. (And China would argue, even the publics...) You have basically this, not with cell provides, but with ad agencies (running the ad networks that "ad financed" runs on), as a fixed business model in different regions around the world, with all kinds of companies buying into it already. (No cellphone providers needed.)

Google f.e. is supposed to keep your location id 'session based' only - so not make it easily linkable to f.e. your ad-id. But there are a bunch of ad networks that do exactly that - today.

Companies lie and say its for 'law enforcement purposes' only - it isnt. Currently it (the practice in the private sector) isnt (will post articles later).

Its a pure power play (if you know peoples movements, you know everything that is essential for gaining, sustaining, and maintaining, power structures - in an entirely non open society way).

Good intent.

Everything about this can be perfectly reasoned in a situation like this.

ISSUE.

You cant take it away, once they have it. The essential mental model for this is "They like their new toys - they like to play with them".

So you find new good reasons, for why you having those 'new found powers' as a state is essential.

Watch very closely when those 'special powers' are resigned. Chances are 'never', and civil society ought to prevent that - but the general public is so oblivious to the issue, and partly so susceptible to authoritarian gaze (romanicism of that image of a good and able leader), that you could as well deploy the chinese model of leadership right in the middle of central europe tomorrow, and they - arguably - would hardly notice.

So 'masses' (the public) will not save you here. Here you actually need intellectuals.
--

There is a second metastory progressing currently, and that is politics (the political sphere) once, they get reminded, of what immense power they hold over the financial sphere, via reshaping human behavior, they will show more climate change action. And this crisis is as good a training ground for them to get a taste for that 'power' as any.

Please - understand, that there is no cause and effect to this story. So no who done it, and why. As in any good conspiracy story. This is conceptual. (Just a story about human behavior, with no actors).

I've heard it several times used as 'wishfullfillment' on part of the climate movement in the recent past. I don't like it.
-

I might be ok with using this data in the current form, for the current purpose. But I'm screaming slippery slope out of the top of my lungs.

Because there are many actors building their future utopias, on exactly this. Abuse potential, see China, and see private sector in the US is insane.
--

One way to conceptually limit that is to argue for 'well everyone gets their own mass data, and then NGOs will be able to compete on the same grounds', short answer - no. Absolutely not. (Privacy and encryption are needed as concepts.)


edit: Clearview did this in the recent past with facial recognition data (freely sourced from public facebook profiles) - and EVERYONE of self deemed importance was their customer or "interested and in talks" regardless of legality:
https://www.vox.com/recode/2020/2/26/21154606/clearview-ai-data-breach

Also this concept: https://www.nytimes.com/2019/07/23/health/data-privacy-protection.html very much is real.

 

[notimp]

A spokesperson of the telecommuications company said, that they only shared 'aggregated data' and not individual movement profiles, which should be fine.

Depends on how aggregated.

 

[Alexander1970]

A spokesperson of the telecommuications company said, that they only shared 'aggregated data' and not individual movement profiles, which should be fine.

Depends on how aggregated.

Yes,this is always the Way it starts.....

 

[notimp]

Yes,this is always the Way it starts.....

Its important though to see if this is it, going forward.

Extraordinary means, is an argument that would cover some version of this.

My problem is, that I have absolutely no believe - at all - in NGOs in that sector being able to stop this, once it gets closer to 'slippery slope' territory. ('Its always - just a bit'.)

So harsh words and all the outrage in public opinion are needed now. To make sure everyone understands, that this is exactly how far you can take it. (You, arguably, can - btw.)

Without having the discussion, if democracy should be a thing of the past.

 

[Alexander1970]

Its important though to see if this is it, going forward.

Extraordinary means, is an argument that would cover some version of this.

My problem is, that I have absolutely no believe - at all - in NGOs in that sector being able to stop this, once it gets closer to 'slippery slope' territory. ('Its always - just a bit'.)

So harsh words and all the outrage in public opinion are needed now. To make sure everyone understands, that this is exactly how far you can take it. (You, arguably, can - btw.)

Without having the discussion, if democracy should be a thing of the past.

The main Thing is - nobody recognized it...the Message was "reported" between the lines and really short.....actual.



This is/was pure Intention in my Opinion.....
Maybe in the next Days this will disappear.....

 

[notimp]

The main Thing is - nobody recognized it...the Message was "reported" between the lines and really short.....actual.

View attachment 199844

This is/was pure Intention in my Opinion.....
Maybe in the next Days this will disappear.....

Dont obsess over such details. (It is posted two centimeters below, or above... something or rather.)

NGOs will realize it and amplify it a little.

Parties (opposition) has also realized it already, it seems (by what you were writing).

I cant argue both 'the public will not react to it, because it has no concept of how problematic it is' and 'someone is 'hiding it' from the public' at the same time.

Democracies work on principles of shared responsibility. So many actors (civil society) pay attention on people crossing over lines. And then they at least compete over public attention (mass media attention, largely, in the past).

So stuff like this, no matter how small the article, does not, not get recognized by civil society. It always will.

Therefore it also makes no sense to 'hide' it, past the point where information reached the public sphere (is in one media article or another). People will act from there.

This article was not meant to rally public opposition. Most people wouldnt even understand what it means, it can be tiny. If someone would think, campaigns would be needed, language (first on part of NGOs in that field, that would produce press releases), would be far different.

(Then you can play the 'is it suppressed or not' game if you like.. Protip: Dont. We are still living in democracies. So my language would be scathing and earthshattering (activism) at that point, but currently I'm not overly worried. Yet. (There should still be a few intelligent people left, in politics even, that understand base principles of democracy. ))

Watch a few NGOs reactions in the field.

For austria this would f.e be:
https://epicenter.works/

--------------------- MERGED ---------------------------

edit: A few edits made in the response above.

 

[chrisrlink]

you know the saying that polititions use "as long as you do nothing illegal there is nothing to worry about" that mindset is very dangerous especially if Austria becomes the next China or north Korea

 

[notimp]

Basically, if the NGOs in the field (or some college kids, or legal scollars, .. or some other civil institutions you trust) get worried, then get worried. (Produces activism.) Or get worried on your own, based on some criteria you like. But dont necessarily get worried about this article not being headline news yet. This stuff - if need arises, goes through stages.

And it made it to the news, which is a good thing. (Separation of power works.)

 

[notimp]

Yeah, this is problematic as f*ck.

A1 [the cellphone provider] commented that based on the data there would be no tracking possible in regards to individual smartphone users. Each smartphone would get an individual randomized ID assigned for the purpose. Every one of those would be reassigned another randomized ID within 24 hours. With that it would not even be possible to trace the anonymous users over longer periods of time. "It is absolutely impossible to look up where an Individual user resides" a spokesperson of the company assured the public.

src: https://www.derstandard.at/story/20...wegungsstroeme-von-handynutzern-der-regierung

So we are now at turnkey despotism stages. With everything in place thats needed to circumvent all safeguards of democracy, its just that 24 hours needs to be extended by about 1.2x and the government can track finally track journalists, when meeting their sources.

Just look for that dot thats sleeping at the journalists home, and walks into their office the following day, and then reassign them 'journalist real name' dynamically. Just ignore the random ID.

All of the data was handed over without ANY legal basis. In fact, the government tried to ram this through legislation, which was foiled - and then just asked their buddies at A1.

Yeah - f*ck this.

This is alarmbells ringing at maximum intensity.

The fun thing is, the public will be totally oblivious and fine with it, because they are stupid as always.

From this point forward - we track positioning of articles in papers.

diepresse had it on their frontpage for a short while - but it already vanished.
derstandard has it below the fold, somewhere in the tech section.

F*ck them as well.

 

[Alexander1970]

Yeah, this is problematic as f*ck.


src: https://www.derstandard.at/story/20...wegungsstroeme-von-handynutzern-der-regierung

So we are now at turnkey despotism stages. With everything in place thats needed to circumvent all safeguards of democracy, its just that 24 hours needs to be extended about 2x and the government can track finally track journalists, when meeting their sources.

Just look for that dot thats sleeping at the journalists home, and walks into their office the following day, and then reassign them 'journalist real name' dynamically. Just ignore the random ID.

All of the data was handed over without ANY legal basis. In fact, the government tried to ram this through legislation, which was foiled - and then just asked their buddies at A1.

Yeah - f*ck this.

This is alarmbells ringing at max intensity.

The fun thing is, the public will be totally oblivious and fine with it, because they are stupid as always.

From this point forward - we track positioning of articles in papers.

diepresse had it on their frontpage for a short while - but it already vanished.
derstandard has it below the fold, somewhere in the tech section

F*ck them as well.

You see,as always....
and nearly nobody cares about ....as usual - it is fine and ok......

Lemmings....

 

[notimp]

More problematic. derstandard has an option to preselect "useful" comment posts and pin them to the top of the comments section, to drive narratives.

They are telling people, that this is totally ok. In this situation, via - opinion of one journalist from the tech section. Or editorial staffs consensus.

What assholes.

 

[notimp]

You know what, track journalists simply from the beginning of every morning, driving away from [known home address]. And correlate with the datapoint thats entering their office. Then assign known journalists name with a likelyhood of > 95%.

Who cares, where they slept last night anyhow. Sleeping is non-productive.

Hey Tim? Could you cobble us together a visualization of every journalist in the country? Here are their home addresses. We got from location IDs of some of the images they posted publicly. Or the phonebook. Thanks!

Oh, and as currently there is a de facto curfew, and people are more likely to hang out in private gatherings because of it, earlier in the day -- please track where those journalists hang out after work (within 24h - yay!) as well, then aggregate significant clusters of 'same place - that isnt home' over several days, and you have their affairs as well.

Great.

Thanks A1!

Oh btw, Tim, I have this political rival I dont like, in the office next to mine, make sure you also build in a mask where I can enter any home address I want... Should be fun.

You know, its because of the crisis.

Sh*t Tim, could you get on that today?

 

[Alexander1970]

Deutsche Telekom has started to provide location and movement data from smartphone users for pandemic containment. The information is made available to the Robert Koch Institute (RKI).
As reported by the Tagesspiegel, the information is to be passed on anonymously. The epidemiologists at the RKI then want to use the data to gain insights into the movement patterns in the population. On this basis, we hope to find more effective measures to contain the corona epidemic. The first data packet with a volume of around 5 gigabytes should be handed over to the RKI yesterday, with more to follow in the coming days.

According to Telekom, this is so-called signaling data, which includes the registration of smartphones in radio cells and the establishment of active voice and data connections. "This can be used to model flows of motion - broken down nationwide, at the state level and down to the district-community level," a Telekom spokeswoman for the newspaper explained.

Others also have access
The transfer of relevant data is not entirely uncontroversial. On the one hand, everyone agrees that the information can be useful. However, there are also fundamental questions of data protection and personal rights that cannot be arbitrarily overturned even in a crisis. The end does not just justify every means.

However, the data that has now been passed on is not as tightly sealed as one might think. In certain cases, Telekom also offers commercial access to them. For example, they serve as the basis for the calculation of traffic concepts. "The signaling data is anonymized in real time, aggregated, converted into mass statistics and is only available for evaluation after these work steps have been processed," explained the Group spokeswoman. The data protection authorities were involved in the development of the process. The RKI only has free access.

and OF COURSE:

https://twitter.com/deutschetelekom...0?ref_src=twsrc^google|twcamp^serp|twgr^tweet

Important note: #Telekom does not pass on any individual #handy data!

 

[notimp]

Just read it via fefe.
https://www.tagesspiegel.de/wissen/...andydaten-von-deutscher-telekom/25655144.html (german)

At least they are handing the data over to people with a little more sensitivity to the 'abuse of power' issue here.

So call to all state hackers - you want to trigger your backdoors at the ROBERT KOCH INSTITUTE. Probably less protected than the main cell carriers of germany.



(Hope they are keeping airgaps.)

 

[notimp]

Their always writes the editorial line of the paper and never anything else journalist canary at "Der Standard" has suddenly seen "the danger of it all!" in a commentary article.

What is he now, 80? Who are you kidding.

https://www.derstandard.at/story/2000115862901/disziplin-aber-keine-untertanenmentalitaet (german)

Official messaging is - 'its needed - we are nowhere near what China did yet'. Aha.

An understanding of the problem has finally reached journalism. Just so you know.

 

[Alexander1970]

Their always writes the editorial line of the paper and never anything else journalist canary at "Der Standard" has suddenly seen "the danger of it all!" in a commentary article.

What is he now, 80? Who are you kidding.

https://www.derstandard.at/story/2000115862901/disziplin-aber-keine-untertanenmentalitaet (german)

Official messaging is - 'its needed - we are nowhere near what China did yet'. Aha.

An understanding of the problem has finally reached journalism. Just so you know.

Health is currently a priority, but vigilance regarding the gradual erosion of fundamental rights is still necessary. We now need solidarity, also discipline in following sensible measures, but no subject mentality.

oh yes.....

 

[notimp]

Just for clarification, the likelyhood that the 80 year old (?) commentator at the standard, that always posts alongside editorial line in that paper on every topic, suddenly woke up to today, understood the integracies of data de-anonymisation, and decided to push this topic on his own, in my estimation of their journalistic process is exactly zero.

So they talked about it in a editorial staff conference, and then - not to sidetrack their official line of "oh no, the data is anonymized, no problem", had someone write a more differentiated commentary on it as well.

 

[Alexander1970]

Maybe,the Thing is,apparently "someone" is awake..



...and as expected, the Message is gone after less than 24 Hours ...



https://orf.at/

And no Sign about Germany or other Countries with actual the same "Cell Phone Data Protection" Behavior....

 

[notimp]

Austria small country, A1 very stupid (lied about de-anonymization potential, didnt give data to an intermediary, now media has to cover, so the public doesnt freak. Someone in government hopefully told them that measures will be retracted after corona is over - and they believed it. Didnt think about how this would play publicly, then had to somewhat alter their position compared to the first article. Its Austria, of course thats how it goes. (Presumably )). If this would have happened while the FPÖ was still in government, the response of Der Standard would have been very different, I have to imagine.

Oh yeah, message gone. Its called the news cycle.. (Nobody in the general public cares, ..)