Regular reminder: The telecom network is a giant tracking system and the number of people who can gain access to subscriber data is practically unlimited.
Source: this used to literally be my job.
Source: this used to literally be my job.
I've been reminded of a few concepts recently and it's becoming very clear that I've forgotten more about the inner workings & implementation details of telecom protocol stacks than most people will ever know.
The vast majority of reporting on privacy issues in telecom systems painfully mischaracterize the technology & conflate different issues, despite that they generally understate the privacy problems.
I read a comment today from someone who asked "Has anyone requested the data that their phone provider stores about them"
And my initial response to that is: your phone provider is just one of a number of parties who store data about your interactions with the telecom network.
And my initial response to that is: your phone provider is just one of a number of parties who store data about your interactions with the telecom network.
Hell depending on where you are, the nature of cell networks in your country, your phone provider and if you are roaming there could -easily- be 5-10 organizations with a legitimate need to access (or with just direct access) to various information.
Things can get amazingly complicated when you have 2 people who call each other while they are roaming & traveling in different countries. You've got at least 4 networks involved there before you even start to think about outsourced infrastructure & international routing.
In many ways the international telecom network is an amazing feat of engineering - I can be on a contract in Canada, and someone in Japan can call that number while I am in the middle of a random European village and we can chat.
Now imagine how that *must* work.
Now imagine how that *must* work.
Heavily simplified: The caller in Japan sends messages to their network, who sends messages to my Canadian network, who sends messages to the European roaming network, who provide a temporary number that my Canadian network uses to finalize the call from Japan to me.
In reality, the above scenario involves dozens of protocol stacks, a likely satellite hop (maybe two), maybe some proprietary compression boxes, if anyone manages to encrypt any signaling it will be very quickly decrypted because there are just too many integration points.
Who has access to what information in that flow? Honestly, I couldn't tell you. The answer depends on the networks involved, their contractual relationships, the AAA setups, what stacks (2G, UMTS, LTE...) are available, whether infrastructure has been upgraded....
And that's just people who we could all generally agree have a legitimate technical necessity to access that information i.e. that doesn't include data being sold to 3rd parties, insider threats, hackers, spooks, fake networks, MVNOs...
One day I might find the right combination of time/motivation/audience to sit down and detail all the terrible ways in which telecom infrastructure is privacy-incompatible.
There is simply no way to enable meaningful consent over any data that traverses that system.
There is simply no way to enable meaningful consent over any data that traverses that system.
Apps that provide end to end encrypted texting and calling are an amazing improvement, but if the data you are using to power them is being provided by your phone provider then the metadata available is huge, as is the number of parties that can access it (even "legitimately").
A cynical take on modern technology would state that it is essentially layers upon layers of corporations you have never heard of transmitting your data to each other so that corporations you have heard of can sell your data to other corporations you have never heard of.
Like, we skipped the entire idea of "outsourced infrastructure" which is an entire area of fun by itself and very likely the only reason your phone works in many, many places that it reasonably shouldn't.
Side note: I see many articles on telecom security that assume cell towers/cell locations are static. They are not, cells change and even move around often.
There are plenty of companies who will rent you a mobile cell tower for an emergency, large sporting event, or conference
There are plenty of companies who will rent you a mobile cell tower for an emergency, large sporting event, or conference
Pop quiz: If you rent a cell tower for a large event from a private company, how many different organizations have access to data from that cell tower?
I'm sorry I have no practical advice that you can follow that will result in your cell phone location data not being available to basically anyone with minimal effort. Telecom systems just don't work that way.
Someone might try to tell you that you can disassociate yourself from your subscriber info e.g. pay with cash.
The problem is the data at risk is mostly location-tagged metadata which is uniquely identifying by definition
See also my many rants on that:
The problem is the data at risk is mostly location-tagged metadata which is uniquely identifying by definition
See also my many rants on that:
Basically what I am saying is:
"I am carrying my cell phone"
and
"My real time location information is available to at least one corporation I have never heard of"
Are semantically equivalent and nothing you can do short of not carrying a phone will change that.
"I am carrying my cell phone"
and
"My real time location information is available to at least one corporation I have never heard of"
Are semantically equivalent and nothing you can do short of not carrying a phone will change that.
Also, I want to restate that I have dramatically simplified everything. The reality is much more complex even before we factor in things like your phone hardware, IMEI tracking, cell site simulators, lawful interception capabilities and a bazillion other details.
(By bazillion other details I mean, your phone operating system(s), the apps installed, the general mess of surveillance capitalism involved there etc. etc.)
If you are feeling demotivated by reality then let me share with you a quote by renowned optimist Friedrich Nietzsche
"The crowd thinks everything is profound where it cannot see the bottom "
"The crowd thinks everything is profound where it cannot see the bottom "
