Metadata is in the news again with revelations that police in Australia have been getting access to data collected from mobile base stations (cell towers).
In the wiretapping world there is a distinction between call content and call metadata. The call content is the actual recording of the conversation. Metadata is data about the call, such as who has called whom and when.
In the Fairfax report it says the metadata is about the location of mobile phones and hence the location of the mobile phone owner. According to the report law enforcement agencies are accessing data that tells them who was located within particular cells at particular times.
What’s the cell in cellphone?
Mobile telephony is based on the idea of cells. As we move around we are connected to a nearby base station. The coverage of a base station is called a cell.
The size of a cell depends on many factors but its diameter ranges from a kilometre or less in densely populated areas up to about 30 kilometres in rural areas. Consequently, data on which base station we are connected to can provide information as to our location.
Most people do not appreciate just how “chatty” their mobile phone is. When a mobile phone is switched on, there is a constant dialogue between it and the network, even without a call being made.
In particular there is a constant exchange of data as to which cell the device is currently located in and which base station it should be connected to. If a signal becomes too weak because we have moved out of the cell, or if the current base station we are connected to becomes too congested the phone connection may be handed over to another base station.
All this happens without our intervention and without us making a call.
Locating the baddies
The data exchanged as part of this process can be of great use to law enforcement agencies since it can provide information as to the approximate location at certain times of the owner of the mobile phone.
At the very least it can tell an investigator which cell the mobile device (and hence the owner of the device) was located in at a particular time. But if the investigator is prepared to analyse the data, much more accurate location information can be obtained.
To manage handover between cells, the base station monitors the signal strength from the handset. This can give an approximate measure of the distance from the base station.
Also, since most base stations use directional antennae, the base station can give a good estimate as to the location of the mobile device. Multiple base stations may be monitoring the signal strength, making it possible for an investigator to pinpoint the location of the mobile phone to a particular house.
It is worth pointing out this method of estimating location is quite distinct from GPS used for location aware apps in smart phones. Apps in smart phones may include GPS data (such as location services in mapping applications or geotagging in images) but accessing it by law enforcement agencies is not straightforward.
In contrast, determining location using tower data is much simpler since the method relies only on monitoring who is connected to the base station and what their signal strength is.
Should we be worried?
The main concern expressed so far is the indiscriminate nature of data collection. Rather than collecting data for particular individuals, it is claimed that all location data for the base station is collected and the investigators pull information of interest.
If true, there are obvious possibilities for data to be collected and leaked about people who are not suspected of being involved in criminal behaviour.
There is also concern about disposal of collected data.
So unless we are confident that there is some trusted oversight of it, then yes, there is some cause to be worried.
Trusted oversight in the past has been through a magistrate issuing a warrant for an intercept. At the moment police do not need a warrant to access phone tower data. Maybe that should be changed.