According to Saturday's report in The Guardian newspaper, there is now a Code of Practice regarding GSM Mobile Phone Location Based Services.
"The code of practice has been drawn up by the five British mobile networks in conjunction with the Home Office, police and children's charities. It also allows firms to sell services based on data that locates the position of a mobile user"
We have been worried about these, especially the ones aimed specifically at tracking Childrean or vulnerable adults e.g. old people with Alzheimer's disease etc. for over a year now.
Our worry, and that of children's charities is that these Mobile Phone tracking services are not very secure, and could be exploited by stalkers, kidnappers etc. c.f. our "Security and Child Safety concerns over the ChildLocate Mobile Phone Tracking Service"
Our fears remain, given a number of breaches of security that we are aware of at the companies qwhich run these services, and the inherent technical insecurity of Mobile Phone Short Message Service, which is not secure enough for minor financial transactions using a credit card, let alone secure enough to protect a vulnerable child or adult from evil people.
We are also sceptical about just how accurate these GSM Location Based Services are away from the major cities, where the density of Mobile Phone Cell transmitters can mean that, as was shown in the notorious Soham murders case, the Location revealed by a mobile phone can easily be misleadingly inaccurate by several kilometres, 8 kilometres (5 miles) in the Soham case, and potentialy up to 35 kilometres - a disaster for anybody conducting a search for a missing child.
We look forward to reading the Code of Practice, which does not yet seem to be available online, as we have several questions, e.g.
- Does the COP also apply to 3GPP phones as well as GSM ones ?
- What is the minimum frequency of SMS messages revealing that a particular phone is being tracked ?
- Are these reminder messages sent at fixed times or randomly ?
- Is the use of SSL/TLS session encryption for the web site mapping and SMS message sending side of the operations mandatory ?
- How frequent are Independent Security Audits of these tracking systems ?
- Have all the technical staff who have privilged access to the details and locations of children been checked as if they were employed in a school, via the Criminal Records Bureau ?
- What sanctions are there to enforce this Code of Practice ? Or is this just another toothless "Press Complaints Commission" type sop to the public ?
Email us or leave a comment here if you have access to a copy of the Code of Practice, which does not currently appear on the industry regulatory body Ofcom, or the Home Office or the Mobile Phone Network corporate websites.