Peru's New Data Retention Law Gives Police Warrantless Access To Real-Time And Historical Mobile Phone Geolocation Data
from the every-step-you-take,-I'll-be-watching-you dept
Techdirt has written a number of posts about the introduction of data retention laws around the world, as well as about the successful legal challenges that are being brought against them. Here’s another such law, this time from Peru, which has a particularly nasty twist, as the EFF reports:
The Peruvian President today adopted a legislative decree that will grant the police warrantless access to real time user location data on a 24/7 basis. But that’s not the worst part of the decree: it compels telecom providers to retain, for one year, data on who communicates with whom, for how long, and from where. It also allows the authorities access to the data in real time and online after seven days of the delivery of the court order. Moreover, it compels telecom providers to continue to retain the data for 24 more months in electronic storage. Adding insult to injury, the decree expressly states that location data is excluded from the privacy of communication guaranteed by the Peruvian Constitution.
Of course, as the famous example of Malte Spitz showed in 2011, the stream of geolocation data from a mobile phone provides an incredibly detailed picture of where someone goes, and even what they are doing when cross-referenced with other personal digital information. It’s pretty much equivalent to placing a tracking device on someone.
The EFF post goes on to point out that the move contradicts a variety of human rights obligations that Peru has undertaken to comply with. However, that is unlikely to move the Peruvian authorities much, just as it carries little weight with other countries that have brought in data retention laws. Unfortunately, the underlying problem is deeper than bad laws like Peru’s: it’s that surveillance in general, and blanket data retention in particular, have become normalized around the world. Until that is addressed, it remains a constant battle to challenge the laws that reflect that approach.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: data retention, mobile data, peru, privacy, real-time, warrants
Comments on “Peru's New Data Retention Law Gives Police Warrantless Access To Real-Time And Historical Mobile Phone Geolocation Data”
Business opportunities await
Though it would naturally make them somewhat less useful for receiving calls on the go, a nice signal blocking case would probably sell quite well in Peru after a move like this. If nothing else it would be entertaining watching the Peruvian police and government flip out and treat such cases as though they were horrendously deadly implements, akin to explosives or high powered guns.
Need to make a call, take it out of the case, make your call, put it back in the case. Need to receive a call, set up beforehand specific times at which you’ll take the phone out of the case. Not perfect, but it would at least make the tracking data a lot less useful.
Though I certainly hope such draconian measures are dealt with via court, I imagine it will take having some important person’s phone data hacked and leaked(with the telecoms being forced to gather and keep the data, it’s not ‘if’, but ‘when’) for their to be any real pushback from the government on the issue.
Mass, indiscriminate surveillance is great for would-be-tyrants, and no government is going to willingly hand that over if they have any choice in the matter.
Re: Business opportunities await
Mass, indiscriminate surveillance is great for would-be-tyrants, and no government is going to willingly hand that over if they have any choice in the matter.
That. Even if the current governments are ‘good guys’ (and they aren’t) future Governments could use these systems in a very dangerous way effectively rooting opposition out.
On another note I think we, the society, should start deploying end to end encryption to everything we do that we don’t want others sniffing. Including phone calls. This would help make these systems much less useful. If they are too expensive to their purpose we may see it being scaled down.
Public Access
Perhaps this should apply to all of their elected public officials and be available to the public at all times.
Re: Public Access
US Embassy has total control over them, so it’s useless.
time to open the hacking flood gates on these phones
i think they and we know whom they are need to learn why spying is bad
Somehow I’m not surprised that someone with the title of “presidente” would approve of such laws. /s
Yes I know “presidente” simply means “president” but Peru undoubtedly has the air of a dictatorship and I just couldn’t help it.
Re: Re:
…Peru undoubtedly has the air of a dictatorship…
There’s a few other countries you could make that same statement and be accurate.
Re: Re: Re:
You don’t know how NGO, civilian and corporate groups are linked here. Read some Wikileaks before comment something about peru.
This is why I turn off location data on all my devices; nobody can compel access to data I don’t generate. 🙂
Re: Re:
Congratulations, you have reduced the number of canny valley adverts that you will receive, like one for the shop you are outside of, and done nothing to stop the government tracking your every move. The only way to stop the government tracking you is to leave your cellphone at home, or carry it powered off and in a Faraday cage, and only get it out in an emergency. This applies to dumb phones, feature phones and smart phones, as the tracking is carried out using cell tower information, and does not depend on software on the phone.
Re: Re: Re:
When I said ‘location data’ I meant ‘location data’, not ‘GPS data’. Dumbass.
Re: Re: Re: Re:
It is impossible to use a mobile phone without it giving away its position to a greater or lessor degree of accuracy, depending on cell tower density. There is nothing you can do to prevent the phone companies, and therefore governments tracking the whereabouts of a connected mobile phone.
So if you think switching off location data and services within your phone stops it being tracked when connected to the network you are the dumbass.
Re: Re: Re:2 Re:
There is nothing you can do to prevent the phone companies, and therefore governments tracking the whereabouts of a connected mobile phone.
Exactly. In the UK, the police would have to access my IMEI to start tracking me, and to get it they would have to serve a warrant on my network provider. Then there’s the fact that you can easily purchase unlocked devices here. Simply switch my phone’s SIM into my tablet and I’m good to go. Double dumbass.
Re: Re: Re:3 Re:
Their are various ways that the police can get the identity of devices that they wish to track down, like proximity to several crime scenes, or given that they have stingers, at various demonstrations. Once they identify devices of interest it is a trivial exercise to track down their current location, and identify the person carrying them.
The issue is not just active tracking, but that given what they consider sufficient reason, the police can go back over your devices location history for at least the last year.
Also, having identified someone, it is not that hard to find out where they have been living, and when their address changes, which then gives them all associated mobile phones, from the location data. The suggestion that you might be a terrorist, or terrorist sympathiser opens a lot of doors.
Detailed location data is a very powerful tool for backtracking somebodies life, despite any changing of SIMS and addresses they may have tried to protect themselves.
Re: Re: Re:4 Re:
Detailed location data is a very powerful tool for backtracking somebodies life, despite any changing of SIMS and addresses they may have tried to protect themselves.
I’m confused now. How’s anyone supposed to track me via my phone when its SIM is in a different device?
Re: Re: Re:5 Re:
If they take an interest in you, they may not be able to actually live track you for a few hours when you swap SIMs, but they will fill in your travels as soon as the identify your new SIM, like when you go home for the night. If they take an interest in a person, then who visits them is something they want to watch as well, which means they want to know what devices visit, or stay in you house, and they can backtrack where those devices have come from, and where they go. Oh look he went into the shop with that SIM active, and came out with this one active is easy to spot, if that is what they backtrack from your house, and look at where your old SIM was when it dropped out from the network.
Also if you have a regular working life, it confirms any identified SIM swaps.
If you have reason to avoid the government tracking you, like organising peaceful protests, do not carry a mobile phone, or tablet/laptop that connects via the mobile network.
Re: Re: Re:6 Re:
You’re really not getting it, are you? Swap SIMs, take tablet with phone SIM out with me, leave tracked device at home. You do know that IMEIs are tied to devices, not SIMs, right?
Re: Re: Re:7 Re:
Doesn’t matter, the phone companies use both IMEI, and the SIM with its phone number. Also, guess which is the most reliable identity for tracking someone, it’s the phone number, as it remains consistent as they upgrade and replace devices. People keep the same SIM for long periods of time, as changing their phone number is such a massive pain, just like changing an email address is a massive pain.
Re: Re: Re:8 Re:
Again, warrant required. Hours at minimum.
INB4 some idiot makes a “lol third world country hurr” joke…
Wait, never mind, too late.
2 years for dictators
In Australia 2 years data retention is now the law, to catch all those terrorists that the country is plagued with for years. Grab a microscope & start searching for a very long time before you can find any Terry Wrists.
So Peru has a bit more to go before they catch up with the world leaders in ‘new fascism for new dictators’.
Re: 2 years for dictators
We crossed the line 25 years ago dude. CIA managed a lot of things since that year.
SInce 2013
The cybercrime law (who mantains a lot of flaws thanks to the bank lobby) has part of these measures since 2013.
But the worse side of this isn’t inside govenrment but ISP and Wireless operators.
In 2012 one of them (America Movil aka Claro) was sued to impersonate the phone number from a former user, linking him to drug traffic.
And now they has more power to snoop and clone users. Nobody comment about that.
Junta
What? Is that Junta still in place?
Peruvians will be soo glad when the next Coup d’état comes that they have all this data.
https://en.wikipedia.org/wiki/List_of_Presidents_of_Peru