Vodafone publish privacy statement on femtocells

Vodafone published a privacy statement on its website confirming that it would not use such presence information or release it to third parties. This is hinted at in their page about 3G microsites (their working title for femtocells) and in their privacy statement

Today's reality is that there is already a tremendous amount of information about your movements recorded and made available to others:

• Video/camera recordings as you walk or drive, including number plate recognition systems that identify the owner of each car
• Bank and credit card records showing all your purchases and cash withdrawals
• Telephone records of every call made and received, now extended to include websites and email
•  Google's record of every search you have performed (you can login to Google and view this with their history function)
•  Information you choose to publish, such as your Facebook, LinkedIn or other social network
• TripIt allows you to register your business trips - this information is then shared with your friends/business partners through LinkedIn in a weekly update.
•  Your MSN and Skype presence which can show if you are online for calls or chat

Some of this information is very much within your control regarding who sees it, or whether its available at all.

Some is retained by individual companies and should not be shared, such as your bank and telephone data.

But some is completely outside your control, such as video recordings etc.

Privacy issues have hit the headlines recently

There have been a few recent headlines related to personal information security:

• The Mayor of London, who also chairs the Metropolitan (London) Police Authority, said he'd reluctantly agreed that Skype phone calls should be able to be monitored by the police.
• Facebook recently held a vote with their members about who owns their personal data - and agreed that the members do.
• GoogleMap's Streetview has had to anonymise its pictures to prevent some embarrassing situations being shown.It was cleared of breaching the UK Data Protection Act by the Information Commissioner
• After some bad publicity, BT broadband (a UK Internet Service Provider) launched Phorm , which analyses the websites its customers visit and using this for marketing purposes (e.g. targeting ads). The European Commission has started legal proceedings against the UK for permitting such activity.

I've also become much more aware when shopping around town - many stores already know you/have you on their database. This can be active (by asking you at the till) or passive (collecting points on your loyalty card). These techniques feed through to the junk mail you receive as followup.

Is privacy an issue for Femtocells?

By monitoring when mobile phones enter and leave the building, a femtocell could be used to provide presence information as well as enable or enhance a range of useful applications. I have been asked whether this could be used to track unknown visitors (say in a shop) - I don't believe this would work because:

• Femtocells are restricted to work with only one wireless network. They just don't see the mobile phones from other network providers
• Some customers may have their mobile phones switched off, so again wouldn't be seen.
• Mobile phones would have to actively register on the femtocell. This would require the femtocell to be open to all users, which might conflict with wanting to provide service to only limited people.
• Mobile phones register using their SIM card number (IMSI), not their phone number. The operators central database is used to map between the two. Therefore any monitoring of mobile phones wouldn't pickup the phone numbers themselves.

Summary of femtocell privacy concerns about presence information

I'm not saying that femtocells couldn't be adapted or specially modified for this type of purpose by government departments if there was the will to do so (and it was legal). We may never know.

Nor can illegal use of equipment and systems be ruled out in the future, although I think there are easier ways of determining whether you are home or not.

But I think it is a positive statement that Vodafone have responsibly made, where they will not share the knowledge of when you are (and are not) at home with the outside world. Hopefully other operators will also adopt this policy.

Comments (2)

Jeremy Green said:

Not much evidence of the Vodafone undertaking not to release presence information... The article says "Vodafone published a privacy statement on its website confirming that it would not use such presence information or release it to third parties." I followed the links, and the documents they linked to, and so on. I can see that Vodafone takes privacy seriously; I can't see any confirmation of the undertaking described in the article. I agree it would be in keeping with the tone of Vodafone's mood music about privacy, but I can't see anything so specific.

report abuse vote down vote up

April 29, 2009
Votes: +0

ThinkFemtocell said:

Perhaqps I read it differently Jeremy - Thanks for taking the time to check the links and give your opinion. The text on Vodafone's website about 3G microcells/femtocells states "They [femtocells] also present new privacy issues as they potentially allow the operator to know when a person is in a building. See more about Vodafone's position on privacy." and regards "passive location tracking" the website states "Our policy on location-based services aims to minimise the risk of unauthorised location surveillance, ensuring customers cannot be tracked by another person or application without their prior consent. It includes guidelines on how consent should be obtained, used and managed to ensure clarity, transparency and fairness to the person being located" They also explained how Vodafone Malta successfully challenged in court a police request for all mobiles visiting a location regarding an arson attack. I interpreted this quite positively.

report abuse vote down vote up

April 29, 2009 | url
Votes: +0