Importantly, by having one – open – implementation it can be looked at by data protection bodies such as the UK’s Information Commissioner’s Office, and others.
English-language Wikipedia lists 238 apps having been deployed around the world, all with varying functionalities. However, as explained in our Bluetooth piece two of the major real-world problems encountered by those opting for Bluetooth proximity testing have been uptake and false-positives.
Since the release of iOS 5 (Q4 2011), Windows Phone 8.1 (Q3 2014), BlackBerry 10 (Q1 2013), and Android Jelly Bean (4.3 – Q3 2012), mobile phone operating systems have supported a further subset of Bluetooth protocols known as Bluetooth Low Energy (“Bluetooth LE”). Although Bluetooth and Bluetooth LE are not directly compatible with each other, i.e. they have different rules about how to communicate, most modern Bluetooth chips are designed to talk both “Classic” and “LE” as they share a frequency range, meaning they can also share an antenna.
As the name suggests, the Bluetooth LE protocol is a far lower-power type of Bluetooth connection than Bluetooth Classic, making it ideal for low-power devices, or where only small amounts of data need to be transferred. Unlike Bluetooth Classic, which is designed for sustained data transfer, Bluetooth LE “sleeps” between connections.
The problem with Bluetooth is it’s incredibly noisy; it’s like the person in the room who won’t stop talking. Bluetooth LE devices use broadcast “advertising” to announce their presence to other Bluetooth LE devices — constantly saying “I’m here” to any device that’s close enough to hear it. In addition, as the radio frequency range used by Bluetooth (2.4~2.48GHz) is incredibly congested — by WiFi, embedded devices, garage door openers, baby monitors, unshielded USB 3 cables, and even microwave ovens amongst other things — BLE transmits these advertisements in three different parts of the spectrum (the beginning, end, and middle, avoiding WiFi channels) in order to try and overcome any interference.
How noisy does that make Bluetooth? Open Bluetooth search on your phone and see how many devices you can see.
Over time, false-positives have been reduced by tweaking the algorithm to change the parameters required to prompt a “contact”, however the apps were further hampered in uptake by the perverse incentives of people not wanting to be notified to not be forced into quarantine at a loss of income.
Despite many governments opting for transparency around the operation of their contact-tracing apps, in parallel at least 19 governments either are or have been tracking the movement of mobile phones as a way to monitor the movement of the populace at large. Some countries are re-purposing counterterrorism technology, whilst others are working directly with Telcos to obtain the information.
PI have been warning for over 20 years that the usage of Telecomms data to surveil is already widespread.
Wait, my phone operator is tracking me?
As covered in some depth in our report on metadata in humanitarian contexts, the mobile telephone network is, by design, also a tracking network. We also explore these data in more depth in our long-read piece, here.
In order to try and maintain a signal whilst moving, as well as to connect you to the “best” tower, mobile phones send constant “pings” to towers in their vicinity, meaning their position can be easily triangulated.
So what’s the problem?
A crucial difference between using Telco data and app-based tracking is that by definition Telco data is not opt-in, and cannot be opted out of. Indeed, in several countries around the world, Telcos are legally compelled to store these records. Unlike proximity tracking through Bluetooth where it’s based on physical proximity of users of the app to each other, Telco data are generated as a result of the connections your mobile phone makes to masts.
This sort of tracking, by definition, can never be truly anonymised. It is some of the most intrusive tracking available; as a by-product of the network itself, there is no way to avoid it other than by leaving your phone behind, in a Faraday cage, or (if possible) removing the battery – although in Taiwan this could lead to the police knocking on your door.
In 2012, Malte Spitz, a German politician teamed up with Die Zeit to turn the data held by his domestic mobile service provider into an interactive map.
This profile reveals when Spitz walked down the street, when he took a train, when he was in an airplane. It shows where he was in the cities he visited. It shows when he worked and when he slept, when he could be reached by phone and when was unavailable. It shows when he preferred to talk on his phone and when he preferred to send a text message. It shows which beer gardens he liked to visit in his free time. All in all, it reveals an entire life.
But don’t just take our word for it. Watch the following promotional video from a company providing direct access to these data
Not all governments were as open about their use of telco data, with news coming as recently as January 2022 that the Public Health Agency of Canada tracked 33 million mobile phones — representing roughly 78% of Canada’s population. Given ongoing location data health analysis is currently up for tender, it seems Canada, at least, plans to add this highly invasive methodology to its long-term government arsenal.
The next technology we covered in our tech primers was GPS tracking.
Thankfully we haven’t seen much uptake in this form of tracking, with Governments opting for geo-fencing using mobile phone sensors rather than GPS reports.
The reasons for this are varied, but include inaccuracy, susceptibility to interference, and just not working indoors, particularly in built-up areas.