Accessing One's Own Metadata 94
skegg writes: Frustrated journalist Ben Grubb has documented his attempts at gaining access to his own metadata from his carrier. "After more than a year of phone calls and emails and a private mediation session, it still hasn't released the information or answered my one key question satisfactorily: the government can access my Telstra metadata, so why can't I?" Later, he says, "Telstra's one and only valid argument to date has been that identifying who calls me would be in breach of that person's privacy if they called from an unlisted number. I've agreed and said that in providing me with my metadata they should remove unlisted numbers. They argue this would be too difficult to do, which I think is baloney."
Baloney? (Score:4, Funny)
Re:Baloney? (Score:4, Insightful)
If it can't be retrieved and reworked easily, then it was badly stored and organised in the first place...
Re: (Score:2)
I just love it when normal people think data like this can be magically retrieved.
I was replying to that part. I think the point is clear.
Re: (Score:2)
Kerosene? No on the instances I manage. It's all coal and steam powered.
Re: (Score:2)
Re: (Score:2)
But hang on, I thought people in the US paid to receive calls on cells? Does that mean you pay, but can't get a detailed billing of what you're paying for?
Re:Baloney? (Score:5, Insightful)
If it can't be retrieved and reworked easily, then it was badly stored and organised in the first place...
That's not the problem. They DON'T WANT to give people this data. Because once they do, everyone will demand it, and wives will be filing for divorces over it, spawning lawsuits... etc.
Let's put this in perspective: for decades, Ma Bell here in the U.S. denied, even to government, that they had complete records of who called whom, and when for every telephone in the country. In fact this led to the whole thing in TV and movie dramas of "keep them on the line long enough to trace the call". Calls actually haven't needed to be "traced" since the 1960s, but nobody told the government. This led to some huge lawsuits, when an electronics technician accidentally stumbled onto a manual for the machines that were used to compile the phone records.
How many murders, kidnaps, etc. were never solved because the government did not know this information existed?
When asked why they never told anybody, phone company representatives said they didn't want customers to know they had the information to give them itemized bills.
Never underestimate the nefariousness of large corporate execs.
Re: (Score:2)
The fact that this information exists is not, of course, license for the government to be snarfing it up willy-nilly. They should have to get a warrant.
Re: (Score:2)
And I know you said they should have to get a warrant, but in practice, if the information exists, they're going to suck it all up.
Just no. That is actually a very recent phenomenon, due to new laws and government irresponsibility since 9/11.
Prior to that, the government was much better kept in check. There might have been transgressions here and there, but they were very clearly illegal and people got prosecuted for them.
Re: (Score:2)
However your logic is spot on. Telstra can retrieve the information easily (and do on a regular basis for police work). However the law does not compel them to give it to customers and they don't want to set a precedent by doing so. The only way you will get it is to wave a court order at them. Good luck, their lawyers are very likely better qualified and more numerous than yours.
Calls actually haven't needed to be "traced" since the 1960s, but nobody told the government.
I think you meant to s
Bull (Score:4, Insightful)
But their is no way they "can't figure it out"
Re:Bull (Score:4, Insightful)
Why should they "figure it out"? They don't owe him this information, it wasn't in any contract he signed to provide it to him, so why should they have to?
Re:Bull (Score:5, Insightful)
Because if they do not offer this metadata as a product at minimum accessible to the people involved, there is a strong case that it is private and the feds or any government organization accessing would absolutely require a warrant according to the constitution.
This is actually about more that trying to see what the government is accessing.
Re: (Score:2)
It doesn't matter if it's private. The company owns it. They can give it who they want to. And besides, the constitution is a ceremonial document, a showpiece, a facade. The Queen still rules all of Oceania.
Re: (Score:2)
You do appear confused. Perhaps you were writing a fictional book or something and forgot which plot line goes with reality?
Re: (Score:1)
What have I ever said that contradicts the reality of might makes right? What fictional world are you in?
Re: (Score:2)
That is what contradicts reality.
And as to
Not if the reason they have it is because the law requires them to have it. laws about billing records and such do require them to have it.
Re: (Score:1)
That is what contradicts reality.
I guess you can pick the reality that suits you. The guy with the gun always the last word, with or without your little constitution.
Re: (Score:2)
Sigh.. I have the gun too. Lots of them actually and in several different geographical locations.
This is getting too silly.
Re: (Score:1)
Well, then it should be obvious, the guy with the biggest gun and the fastest draw wins, unless/until an agreement can be made, and kept. Once it's broken, all bets are off, and the cycle repeats. This is the history of man. If you want all the superficial little details, read a history book. And don't forget to vote on reelection day...
Re:Bull (Score:5, Informative)
According to the article, he claims that the law requires them to provide him with the information.
So I asked Telstra to provide me with all of the metadata it had stored about my mobile phone account, informing them that they had a duty to do this under the Privacy Act's National Privacy Principles, which gives Australian citizens a right of access to their "personal information" from a company, and the right to have that information corrected if it is inaccurate, incomplete or out-of-date.
After about a month of back and forth phone calls chasing up a response, Telstra refused me access, saying I needed a subpoena to access the data. A subpoena is a writ usually issued by a court with authority to compel production of evidence under a penalty for failure.
As I didn't have the cash to sue Telstra and get a court to issue a writ, I complained to the federal privacy commissioner, claiming Telstra was in breach of the Privacy Act.
Now it's up to the privacy commissioner to decide who's correct: Telstra or Mr. Grubb.
Re:Bull (Score:5, Informative)
Why should they figure it out? Because he referenced Australia's Law that said they had to.
Specifically, the Privacy Act's National Privacy Principles law:
http://www.oaic.gov.au/privacy/privacy-act/national-privacy-principles
NPP section 6 says: "Gives individuals a general right of access to their personal information, and the right to have that information corrected if it is inaccurate, incomplete or out-of-date."
Re: (Score:2)
NPP section 6 says: "Gives individuals a general right of access to their personal information, and the right to have that information corrected if it is inaccurate, incomplete or out-of-date."
Is call usage data "personal information" as defined by law? Or is it billing data collected to bill a customer?
As for the "unlisted" claim, that's not the correct criterion. The correct criterion should be "called ID blocked". That seems obvious to me. The person asking for the data will have the caller ID data already (if they have that service) and they'll know who they called, or they could if they logged their own data.
What they will not have is the name and address of the caller which wouldn't be
Re:Bull (Score:5, Informative)
I'm not an Australian, so I may be misunderstanding some of the terminology involved, but it's my understanding that they actually do owe him that information, based on National Privacy Principle 6 (NPP 6) from Australia's Privacy Act of 1988 [lawhandbook.org.au].
Here's a quick summary over the relevant NPP:
Access and correction
NPP 6 requires an organisation to give a person access to personal information that it holds about them, if requested. If a person establishes that the information is not accurate, complete or up-to-date, the organisation must take reasonable steps to correct the information. If the person and the organisation disagree about accuracy, and the person requests it, the organisation is required to include a statement that the individual claims that the information is not accurate, complete or up-to-date.
Organisations may deny an individual’s request for access to information about themselves in a limited range of circumstances. These include if:
An organisation must provide reasons for denial of access or for a refusal to correct personal information. If an organisation charges for providing personal information, those charges must not be excessive and must not apply to lodging a request for access.
Which is to say, unlike in the US, the data actually may be owed to the customer in this case if the customer makes a request for it. The organization may not provide the information, but they have an obligation to have a very good reason for having done so, else they should have provided the data.
Again, I may be misunderstanding things or unaware of later changes to the law, but I'll share what little I know in the hope that someone more knowledgeable can correct me if I'm off-base.
Re: (Score:1)
Re: (Score:2)
Organisations may deny an individual’s request for access to information about themselves in a limited range of circumstances. These include if:
...
I could drive a truck through that one. Why does he want the data? Just because? Sounds frivolous.
It seems they wrote the law to say that you can have the data as long as you have a good reason to want it, but it won't affect any negotiation or lawsuit. So basically, you can have the data if you need it, as long as you don't need it very badly.
It may be a bunch of horseshit, but that doesn't mean the company is legally wrong. It might just mean the law was written by the affected companies, and not by consu
Re: (Score:2)
It's the law. It's illegal for them not to provide that information to him. Sure, they don't owe him anything :)
Request the government to provide it (Score:5, Interesting)
Re:Request the government to provide it (Score:4, Informative)
(US) Interestingly, i was late paying a speeding ticket and failed to appear in court. I was out of town and it completely slipped my mind until i returned home. So i promptly paid the citation and called the police department to see if a warrant for arrest had been issued. The thought was to inform them of the payment so i didn't get stopped and arrested later.
I had to argue with this clerk until she finally had her supervisor step in. She kept saying she couldn't tell me because i might hide. Of course the supervisor started with the premis that i couldn't be beligerant and disrespectful to the clerk. After i told him all i wanted was to know if a warrant had been issued for me. He answered that one was and i would need to carry the reciept with me in case i was stopped before it was revoked.
So sometimes, the people working in government might not even know what the law requires of them. Don't give up on the first try.
Re: (Score:2)
(US) So sometimes, the people working in government might not even know what the law requires of them.
Understatement of the year prize candidate here!
Re: (Score:1)
Just make sure that receipt is already on the dash when you get stopped. Reaching to take it out of the glove compartment or your pocket could get you shot. Things get very touchy when enforcing a warrant.
Re: (Score:1)
Re: (Score:3)
Re: (Score:1)
That's why I make so many death threats, If i ever lose my password, i can just call the NSA and get it back!
Re: (Score:2)
"The number of law enforcement investigations in which I am one of the parties being investigated" seems like a piece of information about you that the government has a legitimate reason to refuse to provide you. If the government says that there are some such investigations (or delays answering until they have enough information to arrest you) then you're likely to try to reach a country with no extradition agreement with your government before they move. So they're always going to say that there are none
Re: (Score:2)
Based on the exceptions in the relevant Australian law, it seems that if you even ask about law enforcement they can refuse your request, because they don't give out information that will "prejudice an investigation of possible unlawful activity; or
prejudice law enforcement activities."
Even if it will "prejudice" a negotiation with the company. So if the company has information about you that would make the services they're offering worth less than they otherwise claim, they don't have to tell you... until
Re: (Score:2)
HIPAA requires them to provide it to you, and sets limits on the fees for doing so. The fees are limited to cover copying the records.
http://www.gpo.gov/fdsys/pkg/C... [gpo.gov]
Re: (Score:2)
2) This is Australia, not the US.
But there is an Australian law that requires they provide the information requested. It is in fact referenced in the original article.
Re: (Score:2)
gurps_npc: The post I replied to was talking about medical information in the US.
Re: (Score:2)
Yeah, in Australia we have a new centralised medical records system that patients absolutely CAN access. Heck, all my doctors have my folder open as they chat with me most times. I have even asked to see things and have never been refused.
Unlisted? (Score:3)
Re: (Score:3)
At the very least, they could call every number on the list and ask the recipient if their number was unlisted. If the number's owner said no, then they could provide it. If the recipient said yes, they could reasonably withhold that number..
Unlisted? (Score:1)
The unlisted aspect only comes through the SS7(PTSN) or SIP(VOIP/IMS) protocol headers with a flag indicating whether the account is private, in addition to phone number paying for call, phone number to display, phone number originating, etc... -- AND -- this meta-data can change during a call if it was rerouted mid stream, delayed headers, etc. This gets even more complicated for reverse billed numbers (800) where the originating number is XXX, the billing number is YYY, the display number is ZZZ, and s
Decoding their excuse (Score:3)
They argue this would be too difficult to do, which I think is baloney.
I think what they probably mean is, it'd be difficult for them to be able to provide this kind of metadata without risking legal/PR trouble. To make sure that they could provide your metadata without revealing information that could possibly open themselves to criminal prosecution or civil suits would require that they pay lawyers to review the whole process. And then they'd need to spend a lot of time internally figuring out whether they want to spin the whole thing for PR purposes, or if seeing your metadata is too scary the be released at all without a PR nightmare.
And that's a bunch of work to satisfy one reporter. Doing that opens to floodgates for them to have everyone request it. So now, they have to review their entire data collection policy and create policies for who can get access to what. That's a lot of work.
I'm not saying they're right to provide access to customer data to the government while denying customers access to their own data. I'm just suggesting that they're probably not lying when they say it's difficult. You just have to know what they mean by "difficult".
Re: (Score:2)
Well, the thing is, the reporter is more than happy to pay the same fee as other companies (or the government) would pay to access it. The real kicker is, a similar request was made for a major public official and it was denied because it was 'personal information' which, if that is the case, then they MUST make this data available to the owner of it.
The trick is, of course, for them to have to make requests of every other telco in the country to check if numbers on the list are private. Although the though
The reason (Score:3)
The reason, and I think they should just flat out say it because I think it's valid:
If they allow this guy to get it, then hundreds of thousands of other people will request it as well. They will need to build departments, processes, training, security procedures and create for themselves and very expensive endless quagmire of bureaucracy. Even if he offers to pay for it, someone will eventually sue, somewhere in the world and get it legally defined as a "Right" so then no-one will have to pay. It's Pandoras box, they know it, he knows it, and they are certainly not going to hand him the key.
Corporations are their own worst enemies at times. Just explain this and explain "We don't want to give it to the government either!! But they're making us!" If they're ordered by a court to release the information, they the court has to deal with most of the legal pitfalls. If the wrong information gets into the wrong hands, that's the courts fault. There's no way they are going to volunteer this.
Re: (Score:2)
The problem with your argument isPeople already have a legal right to that information.. If you read the article, you would see that he specfically referenced an Australian law that says they HAVE to give out the information.
So I congratulate you on your logic, but am sorely disappointed in both your knowledge of Australian law and in failing to read the article.
Re: (Score:2)
The problem with your argument isPeople already have a legal right to that information.
And they already have access to that information, they just didn't gather it while it was happening. You know who you call, and your caller-id box shows who called you and when. Oh, you didn't write down every call, and you cleared the caller ID box every so often? You threw the information away and then expect the phone company to give you a copy of their records?
If you read the article, you would see that he specfically referenced an Australian law that says they HAVE to give out the information.
The law refers to "personal information". What is the legal definition of personal information as it applies to that law? Is a phone company's
Re: (Score:2)
1) I agree that is what they are thinking.
2) But it is NOT valid.
The problem with your argument isPeople already have a legal right to that information.. If you read the article, you would see that he specfically referenced an Australian law that says they HAVE to give out the information.
So I congratulate you on your logic, but am sorely disappointed in both your knowledge of Australian law and in failing to read the article.
The doesn't say they have to give him the information. The law says they have to either give him the information, or make an excuse from a long list of acceptable excuses.
Re: (Score:1)
Sorry, your argument in defense of the carrier is spurious. The government makes dozens of these requests a month, if not more. The process is already there and if they can't automate the obfuscation of unlisted numbers and other data (all of which is in digital, human readable format already) then they are completely incompetent. A simple shell/Python/php script can be made to parse out things that are verboten. The lawyers and internal folks would have to review the process a few times (maybe take a few h
easy solution (Score:2)
There is an easy solution for this problem. Corporations could not store metadata for individuals. Then they wouldn't have to produce anything. They wouldn't need " to build departments, processes, training, security procedures and create for themselves and very expensive endless quagmire of bureaucracy."
If they want to keep that data, then they need to share it with the people creating such data. The other option would be to share it with everyone. Nobody would like that though. Or, when you login online t
This is Australia (Score:4, Funny)
Are unlisted numbers protected by law? (Score:3)
"Telstra's one and only valid argument to date has been that identifying who calls me would be in breach of that person's privacy if they called from an unlisted number.
Are anonymous phones calls really protected by law?
I mean is there a law that specifically protects the anonymity of people calling from unlisted numbers?
After all, the person holding the unlisted number placed the call.
Do people coming into your house from the street have a legal expectation of anonymity? Does someone getting into your car have a legal expectation of anonymity?
Why would someone calling your phone have a legal expectation of anonymity?
I suspect it has more to do with corporations that robo-call wanting to hide. It's profitable for the phone companies.
When you become a senior citizen, you will begin to receive endless solicitations for medical alert bracelets, "free product" scams, health insurance and so on. I suppose everyone gets some version of this crap. None of these are allowed under the "Do Not Call" act, but the callers always have unlisted numbers and do not reveal their companies' actual names in the calls.
Re: (Score:2)
Technically, these days you don't need a phone number to initiate a phone call. You can get outbound-only VOIP service where there literally isn't a number where someone could call you back. So sometimes it's accurate to say that the robocallers have no callback number - it literally doesn't exist. This is very different from unlisted phone numbers, of course, since those by definition exist but merely are not listed.
Re: (Score:1)
Re: (Score:2)
I have no idea so let's get that out of the way and move on to the philosophical / logical arguments rather then the legal ones.
In a case like the OP's the only thing that matters is the legal issue.
Good points you made philosophically, however ...
If you're arguing that people shouldn't expect anonymity from a product designed to provide anonymity, maybe you should think it through again.
I simply Do Not Care what their expectations are from whatever product they bought. A company's promise about a product does not carry the weight of the law, and it certainly does not compel me to support their promises. For one thing, I am not the one who bought the product. I get no benefit.
I can tell you this about the law: I am on the USA's Do Not Call list. I get several calls most da
I wanted my "EU Data Retention Directive" data too (Score:2)
I wanted my data ever since I've heard the first time about the Data Retention Directive (now longer in force since earlier this year, GOOD).
Mind you, they don't keep only the metadata for you calls but also a lot of "control plane"/out of band communication mobile-network. Apart from this being extremely interesting for law enforcement it's interesting for me too! That is the location part of the data.
Yes, I know I could keep a diary or keep a GPS logger with me but that needs a lot of extra effort - even
Re: (Score:2)
And just exactly how do you propose to _fix_ invalid data if you can't access it??
You first need _access_ to it.
Second, he already has that right.
But I guess it is easy to just knee-jerk react focusing on the symptom instead of actually thinking about the problem.
Unlisted number baloney :( (Score:2)
Oh, the person with the unlisted number has called me. If they did it purposefully, I see no reason they have any standing to hide behind an unlisted number. My privacy is as valuable as theirs. If they've pocket-dialed, tough luck. I'm still at the receiving end of the call.
Moreover, unlisted numbers aren't 128 bit hashes that noone has time to enumerate. It's not as if I can't call an unlisted number. Heck, it's easy to corral the unlisted numbers, since they are disjoint from the listed numbers. Start wi
Re: (Score:2)
OK Telstra has to record the source and destination numbers of all the calls - right? Here's a sample record (not that drawing a table is easy so work with CSV here):
FromID, ToID, TimeStart, TimeEnd
0299999999, 0288888888, 20090617135834, 20090617140711
How would you like to determine whether the number 0299999999, which is not owned or operated by Telstra today, and which was not owned or operated by Telstra in 2009 either, was or was not an unlisted number at the time of the call? Because its state right n
T-Mobile (Score:2)
On T-Mobile, it is as simple as logging into your account on the web site, and looking at the reports. For a family plan, it lists the sender and receiver phone number of EVERY call AND text messages for everyone on the plan. These are accompanied with their time stamps, too, of course. There is also an option to download a PDF file with the "detailed" report on your bill, which contains all this information.
No idea why other carriers are claiming it is hard to deal with this sort of data.
Re: (Score:2)
However, last I checked, physical geographical location history information isn't available. This would be nice to add to these reports.
No question about it! (Score:2)
We need to evolve to adapt to this new threat to the species, and instead of seriously *resisting* its effects on our being, we - the true power - direct the feature to our favour. If, out of the NSA catastrophe, we gain a "New Internet" wherein *everything, everywhere* for 15 years, was available to everyone, then we'd have indeed a new era in the human species. A truly evolutionary step, made by mistake - perhaps.
Calling line ID (Score:2)
CLI is what you want and you'll see the ID of every incoming call. That's your metadata. There you go, collect your own metadata you lazy bastard.
In germany we have laws for that (Score:2)
Which results in very big collections of facebook data sent to you.
Good thing? (Score:1)
Maybe it's a good thing. It raises at least the -possibilty- that it might be hard for other people to get his data, as well.