Tracking - Detecter

Document Sample
Tracking - Detecter Powered By Docstoc

                Detection Technologies, Terrorism, Ethics and Human Rights
                                    Collaborative Project

   Characteristics and uses of selected detection technologies, including their potential
                                     human rights risks
                                      Deliverable 17.3

                            Due date of deliverable: 30/11/2011
                            Actual submission date: 30/11/2011
       Start date of project: 1.12.2008                           Duration: 36 months

WP09 Professor Geir Ulfstein
Author(s): Rozemarijn van der Hilst, LL.M

      Project co-funded by the European Commission within the Seventh Framework
                                     Dissemination Level
                                   Programme (2002-2006)
 PU                                       Public                               X
 PP            Restricted to other programme participants (including the
 RE         Restricted to a group specified by the consortium (including the
 CO        Confidential, only forCommission Services)
                                  members of the consortium (including the
                                 Commission Services)
                                 Commission Services)

Executive Summary

    Location tracking for counter-terrorism purposes has become easier by the use of
      technologies not originally intended for this purpose (speed cameras, electronic toll
      passage systems and Location Based Services in Smart phones).

    Aggregated location data can reveal information about a person’s habits, (future)
      whereabouts, religion, and can even reveal sexual preference or political views.
      Location data could therefore be considered sensitive personal data.

    General concerns related to counter terrorism technologies also apply to location
      tracking devices. Storing the location data for a period of up to two years can have a
      significant ‘chilling effect’ on society.
    The collection of location data is necessary for a number of legitimate reasons. Focus
      should therefore be on safeguards that restrict access to stored data, which include
      measures to prevent data leaks.
    Strict regulation of access by means of judicial authorization and an ‘electronic trail’
      of those accessing location data might mitigate concerns about the risk of abuse of
      power and may strengthen the ‘proportionality’ of the use of location tracking

1      Introduction ..................................................................................................................................... 4

 1.1  Background and context.......................................................................................................... 5
 1.2  Research aims and questions .................................................................................................. 5
 1.3  Terminology............................................................................................................................. 6
 1.4  Scope and limitations .............................................................................................................. 6
 1.5  Structure .................................................................................................................................. 7
2 Research method ............................................................................................................................ 8

 2.1  Selection of Technologies ........................................................................................................ 8
 2.2  Sources .................................................................................................................................... 8
3 Location Tracking........................................................................................................................... 10

 3.1    Description of Technology ..................................................................................................... 10
   3.1.1    How tracking works: the general principles .................................................................. 10
   3.1.2    Real time trackers .......................................................................................................... 11
   3.1.3    GPS Loggers ................................................................................................................... 12
   3.1.4    Mobile phone as location tracker.................................................................................. 12
   3.1.5    ANPR .............................................................................................................................. 17
 3.2    Uses of location tracking ....................................................................................................... 19
   3.2.1    GPS trackers................................................................................................................... 19
   3.2.2    Location data gathered through mobile phones........................................................... 20
4 Potential human rights risks .......................................................................................................... 25

 4.1    Potential risks of location tracking ........................................................................................ 25
 4.2    Location tracking and the right to privacy............................................................................. 27
   4.2.1    Principles relevant in assessing the interference of location tracking technology. ...... 29
   4.2.2    Applying the principles to the described technologies ................................................. 31
5 Conclusion ..................................................................................................................................... 38

6      Bibliography................................................................................................................................... 40

1    Introduction

Films such as ‘Enemy of the State’ or series like ‘24’, paint a picture of the state’s seemingly
unlimited technological capabilities to surveil people. And although these stories are set in
the US, in Europe people may also be influenced by these images. Following media reports
on the different FP7 projects that develop new technologies1, one might be forgiven for
believing that European governments use highly sophisticated technical devices to track and
monitor large groups of people to prevent terrorism. This might be true, but as ‘outsiders’
not cleared for access to documents containing information essential to national security,
we can only speculate about the extent to which these new technologies are in fact being
used today.

There is no shortage of websites and blogs against intrusive technologies. Equally, there is
no scarcity of websites selling the intrusive technologies. However, there is a lack of reliable
sources providing detailed information about what type of technology is actually used by
different European governments. For obvious reasons, such information is usually kept out
of the public domain. After all, what is the point of covert surveillance if the exact method of
surveillance is well known to the subject? Yet, in order to assess the use of detection
technologies and their potential intrusiveness, it is important to improve our understanding
of the type of technologies currently used and the purposes to which they are put.
Deliverable 17.2 aimed to get a better understanding of, amongst others things, which
technologies are being used and for what purpose. The results of that study were based on
interviews with counter-terrorist professionals who spoke anonymously and gave a clear
indication of what type of technologies are used in the fight against terrorism.
The present study follows up on some of the technologies mentioned in D17.2. This study
will discuss the technologies in more detail and comment on the potential threat they pose
to human rights, in particular the right to privacy.

  EU funding Orwellian artificial intelligence plan to monitor public for abnormal behaviour. The Telegraph, 19
September 2009

1.1     Background and context
In the DETECTER project, many different types of technology have been discussed. Work
Package 2 has surveyed a broad spectrum of technologies in the Quarterly Technology
Updates. WP 5, 6 and 7 studied pre-entry screening technologies, data mining and profiling
and surveillance of the Internet, respectively. In the DETECTER technology project meetings
where academics, end-users, and technology developers interacted, the project has learnt a
great deal about the technical possibilities available to counter-terrorism professionals. We
also learnt that the feasibility of using these advanced technologies is limited by financial
and legislative barriers. So even though sophisticated technologies do exist, this does not
mean they are in fact used by counter-terrorism professionals.

1.2     Research aims and questions
The aim of this deliverable is to describe the characteristics and applications of some
selected detection technologies used in counter-terrorism; it will also study the potential
human rights risks of these technologies. For this purpose the following research question
was formulated.
       What type of technology is being used by law enforcement in efforts to prevent
         terrorist attacks?
       What are the technical characteristics of these technologies? In other words, how do
         they work?
       Based on European human rights legislation, what can be the potential danger to
         human rights in using these technologies?

The research objectives of this study are:
      1. To identify technologies commonly used in counter terrorism.
      2. To describe the technical characteristics of these technologies based on information
         provided in the Quarterly Technology Updates and online research.
      3. To identify potential human rights threats posed by the use of these technologies,
         based on European Human Rights law.

1.3   Terminology
Throughout this Deliverable I will use the term counter-terrorism professional to denote
persons who work on behalf of the state to counter terrorism. This is to encompass a wide
range of persons and institutions involved in counter terrorism, varying from secret police,
to national or local police. The reason why I choose the broad term of counter-terrorism
professional is because the institutions or agencies responsible for counter-terrorism
activities differ between countries. To use terms such as agent, officer or simply police,
might seem to exclude persons who in other countries have a different title but fulfil similar
tasks. This study is mainly preoccupied with law enforcement agencies rather than
Intelligence gathering agencies.

1.4   Scope and limitations
The scope of this Deliverable is technologies used in preventive counter terrorism. This
means the phase in which there is no concrete suspicion on any specific person, nor is there
any evidence of an imminent planned attack. The attention of the counter terrorism
professional is at this stage is spread wide, to include persons or groups that may be or
become a terrorist threat. In most cases, law enforcement will act upon snippets of
information given to them by intelligence agencies or tips received from the public which
will make a person a ‘person of interest’ , this could of course also be a group of interest.
This means they are in no way deemed a ‘suspect’, nor is there any credible evidence against
them. It is also noteworthy that becoming a ‘person of interest’ does not necessarily require
illegal conduct. Law enforcement will often act upon intelligence products provided to them
by intelligence services. The origin or source of that intelligence product will not always be
known to the law enforcement counter-terrorism professional.

As to the technical description of the technologies, it should be noted that this study merely
describes the technologies that are generally in use. Though there are many new
technologies in development, the risks they pose to human rights will mainly depend on how
they are used in practice. It would be speculative simply to assume that a technology might

in the future be used in a way incompatible with human rights, therefore, this Deliverable
focuses on technologies of which the use is ‘known’.2

The technical specifications vary from brand to brand and from country to country. It is by
no means certain that the types described here are completely similar to the ones actually in
use. However, the accuracy of the type of technology was ascertained as much as possible
by requesting confirmation from producers as to which states use their products and by
publicly available policy document detailing technical specifications. Still there may be
discrepancies in the type of technology described in this study and the ones used by
counter-terrorism professionals in Europe.

1.5      Structure
This Deliverable will briefly focus on the methodology used for this study and will explain
how the selection of technologies came about and which sources were used. Part 3
describes the detection technologies, their technological characteristics, and their abilities in
data gathering and how they are being used. Part 4 focuses on the potential human rights
risks posed by the use of these technologies.

    For ‘future’ scenarios, see for example PRISE Deliverable D 4.1.

2     Research method

2.1    Selection of Technologies
The selection of technologies studied in this Deliverable was informed by the interviews
conducted for Deliverable 17.2 in which counter-terrorism professionals were asked about
which type of technologies are used most frequently and for what purpose.3 The results of
the interviews were later triangulated by means of a focus group consisting of 13 counter-
terrorism professionals. From the interviews and the preliminary results from the focus
groups, two main categories of technology came to the fore: interception of communication
and location tracking. Participants reported the use of: listening devices (audio bugging)
placed in locations the subject may frequent, such as a house, car, and office; the
interception of communications, both recorded and real-time monitoring of conversations;
and the traffic data of phones (who called whom at what time from which location).
Participants also frequently mentioned location monitoring by means of (SMART) GPS
trackers, and Automatic Number Plate Recognition. Also mentioned was technology used to
track movement and identify persons in a certain area. 4

This study focuses on location tracking technologies as it is the technology that was
mentioned by participants from several different countries.

2.2    Sources
The sources used for this study vary widely. For the choice of which technologies to include
and for information on how they are used in practice, it draws on the data gathered through
the interviews and focus group.
  DETECTER Deliverable 17.2. Interviews with Government Officials on Detection Technologies, R. van der Hilst
and H. Draper. P.19
  On the limited reliability of the interviews: “From the interviews it appears that the PST in Norway and the
police in the UK do make use of detection technologies, but how advanced these technologies are is open to
question. Whilst all participants felt comfortable enough to mention some kinds of technology they had
experience with, all those mentioned seemed quite commonplace and conventional. This does not, however,
mean that other, more advanced technologies are not being used. We can only conclude that our participants
did not talk about such technologies in their interviews. They may not be being used but equally our
participants might not have felt free, for reasons of national security, to discuss them.”

Information about the more technical aspects of the technology was collected by using the
Technology Quarterly Updates as a starting point, and by additional web searches. By using
search terms such as location tracking, ANPR, GPS, IMIE, IMSI, and Location Based Services
(LBS) a wide array of information became available. Initially the search focused on
government-run websites that described the use of technology. Commercial websites were
used to gather more information about technical specifications. Initially, I planned to review
security trade journals, but it proved difficult to get access to these journals without paying
extraordinarily high fees.

Academic articles and case law from the European Court of Human Rights (ECtHR) were used
to shed light on potential human rights threats. Academic articles were found by using
Google Scholar and relevant case law was found by using the ECtHR’s database HUDOC.
For practical reasons, the selection of sources was limited to sources in English, Dutch and

3       Location Tracking

3.1      Description of Technology
Preventive counter-terrorism investigations tend to gather data that may lead to
information about a person’s or about a group’s, habits, whereabouts, contacts, and
motivations. According to the participants in the interviews for D17.2, getting to know the
person or group in this kind of data is most useful in assessing what kind of danger the
subject might pose.5

One of the methods used in the preliminary phase of the investigation is to track the
movements of the person or members of the group that have been deemed persons or
groups of interest. In order to get a good overview of a person’s whereabouts and routines,
and to recognize whether places visited are part of a pattern or are incidental movements, it
can be essential to track movements for a longer period of time. Because it may take weeks
or sometimes even months to establish a pattern, tracking a person is considered to be quite
a labour-intensive task which requires many man-hours to do properly. Technology has
proven to be a welcome aid in undertaking this task. By placing ‘trackers’ on a person’s
belongings or transportation device, law enforcement does not need to follow the subject in
person, but can simply read the data send by the tracking device.6

Tracking means the following of movements, i.e. the locations visited by a person or object,
the date and time the location was visited and the duration of the stay at each location.

3.1.1 How tracking works: the general principles

Location tracking systems are used for a wide array of purposes such as the tracking of
livestock or to streamline supply chains. This type of tracking falls outside the scope of this

    DETECTER Deliverable 17.2, p. 19
    Ibid p.20

Deliverable. This Deliverable is concerned only with tracking devices used to track persons in
preventive counter terrorism.

Tracking devices make use of a range of technologies that are combined to make tracking

A tracking system will rely on Geographic Information Systems (GIS), Global Positioning
System (GPS), Radio Frequency Identification (RFID), and Wireless Local Area Network
(WLAN). In general, any tracking device will make use of one or a combination of these

In location tracking a tracking device sends out location coordinates which can be marked on
a map and recorded with a street address. The recorded location with associated data such
as data, time, speed and direction is called a ‘locate’. The general rule is that the more
‘locates’ are known the more closely you can follow the target’s activities.
The means by which ‘locates’ are generated depend on the device used.7

There are several products available that can be placed on a person’s car, bag or even
clothes that can track the location of its carrier. In the Quarterly Update on Technology
(Deliverable 12.2) some trackers are mentioned. It is important to note that the products
mentioned here are examples rather than an exhaustive list of all the tracking devices
available. Understandably, the participants in the interviews and subsequent focus group
were reluctant to name the exact brand and type of location tracker they use, but they have
discussed how they are used.

3.1.2 Real time trackers
There are devices that sense motion or vibrations and send out ‘locates’ at a predefined
interval while the motion is on-going. These devices shut down when motion stops. Other

devices constantly send out locates, and while potentially accurate, their relatively short
battery life can be a disadvantage. Other devices can send out a ‘locate’ on request, which
requires the tracker to send a signal to the device. Although the device sends fewer locates,
it still requires constant power in order to receive the requests. Modern devices typically
combine these different types of locate generation.8

3.1.3 GPS Loggers
Of the GPS trackers, the cheaper option are GPS loggers. These devices are placed in or
attached to a person’s car or effects and will record locates on a memory card in the device.
In order to read the data, the device first needs to be removed from target and then
connected to a PC to download all the locates.

The advantage of a GPS logger is that it is cheap to install and maintain and will generate a
very detailed report of the locates. An obvious disadvantage is that the information only
becomes available once the device has been removed from the target. This might be suitable
for the first stage of a long -erm observation of a target, to create a general overview of a
person’s whereabouts. But the device becomes less useful when the investigation is at a
stage where instant information is necessary to determine whether someone is a threat. In
that case real-time location trackers might be more useful.

Of the GPS trackers available online the price seems to be approximately €200 per device. 9

More advanced trackers can also store information about changes in the weight of the
vehicle to which they are attached, which may indicate passengers or load being picked up
or dropped off.

3.1.4 Mobile phone as location tracker
Mobile phones have become important tools in location tracking. In the following
paragraphs only the location tracking ability of the mobile phone will be discussed; other

  For example the device called ‘Livewire Fast Trac’ featured on
gpstrackingsystem.html . Or the Global Tracker pro featured on
9 (for commercial use)
surveillance applications such as interception of communication and traffic data fall outside
the scope of this Deliverable.

A mobile phone can reveal its location in several ways. It is inherent in the functioning of the
mobile phone that its location is made known to the service provider every time a phone call
is made or a text message is sent or received. The location is logged as it forms an integral
part of the calculation of the costs of a particular service. When a mobile phone is turned on,
the phone identifies itself through its phone number to the nearest tower. The tower checks
in in the Home Location register (a database that stores subscriber information) to see what
kind of service the tower can provide to the mobile phone. When a phone is turned on, and
perhaps every 30 minutes after that, a signalling message is sent from the phone to the HLR
in order to let the database know where the phone is located. In triangulating the data
received from different towers and the distance of a mobile phone to each and every one of
them, mobile phone service providers can determine the location of a specific mobile phone
with an accuracy of approximately 50 meters in densely populated areas. This can be up to
several kilometres in rural areas.10

The inclusion of GPS technology in modern mobile phones has improved the accuracy with
which location can be determined. By interpreting the data of three or more satellites, GPS
determines the real time location of any mobile phone within a range of approximately 10

There are many different devices available that claim to locate a mobile phone in real time.
One such example is the NICE 3D Mobile Location Tracking Solution, (which can also track
mobile phones without GPS). Besides the geographical location, it also is able to pinpoint at

   Article 29 Data Protection Working Party. Opinion 13/2011 on Geolocation services on smart mobile devices,
adopted 16 May 2011. P. 4
11 this is for mobile phones in Europe. In the US the fault margin is 25
meters, in other parts of the world it is 50 meters.
which height the phone is located, making it easier to locate a mobile phone inside a
building for example.12

There are many companies like NICE that sell technology to track mobile phones. With the
introduction of GPS on smart phones, cheaper options have become available. An example
can be found on the website of Cell Phone Tracking, where it is claimed that their product
can, amongst other things, track the location of any mobile phone for a mere $9913. Similar
services are on offer by Spybubble14, Flexispy15, and Mobile Spy16. 17 It is not DETECTER’s aim
to check the veracity of these types of claims. But other academic research has considered
the accuracy of such location tracking and found that “localization solution based on cellular
phone technology, especially GSM phones, is a sufficient and attractive option in terms of
coverage and accuracy for a wide range of indoor, outdoor, and place based location-aware

The aforementioned technologies are aimed at locating one specific phone, the phone of a
person of interest. However, new technologies and new regulations now ensure that the
location data of practically all mobile phone users is stored. Location data were already
being collected and stored by communication service providers for billing purposes. With the
implementation of the Data Retention Directive, communication service providers are now
obliged to store the location data19 for a period of 6 months to 2 years20, and make it

     . According to its website “NICE provides accurate 3D mobile location tracking capabilities. By being able to
detect location with high accuracy levels and even identify the altitude of a device in dense urban
environments, such as skyscrapers, government can ensure security.” his device was features in Deliverable
12.2, more information on
   Interestingly enough all of these products are being advertised as being able to spy on mobile phones
without being detected. In the FAQ’s on these website the question on the legality if these methods the
answers vary from: “Yes, Absolutely.” “Now, here’s the tricky part. For this, you’ll have to review your county’s
laws or talk to your attorney to be sure. As early as now, it should be clear that Flexispy should only be used for
legal purposes.”
   Alex Varshavsky, "Are GSM Phones THE Solution for Localization?," wmcsa, pp.34-42, Seventh IEEE
Workshop on Mobile Computing Systems & Applications (WMCSA'06), 2006 available at
   Directive 2006/24/EC article 5 para 1, sub f.
   Directive 2006/24/EC article 6
available to competent national authorities.21 The location data collected by service
providers can be requested by law enforcement. In most European countries, access to such
data is subject to authorization by a judge.22 Although implementation is at this point in time
on-going, it does seem that countries have different thresholds for allowing access to
retained data. However, it can safely be assumed that fighting terrorism reaches this
threshold in every Member State.

Besides communication service providers storing location data, other commercial parties
have an interest in storing location data of mobile phone users.23 Offering Location Based
Services is a growing industry where consumers receive services such as information on local
restaurants in exchange for revealing their location (and sometimes other personal
information).24 The increased use of smart phones and the ever growing popularity of LBS’s25
have opened up the possibility of large scale storage of location information of mobile
phone users. The location data is held by commercial parties and is in principle not available
to law enforcement. However, the legal framework for commercial parties sharing location
data with law enforcement is at this point quite vague.26 IMEI/IMSI

In order for law enforcement to intercept or track the mobile phone of a person of interest,
it is of course essential to know the telephone number of the mobile phone the target
carries. In general most phone numbers are related to a contract with a service provider, and
in order to get such a contract, the service provider registers personal data such as a name,

   The transposition of Directive 2006/24/EC has been controversial and is in many Member States at this point
in time an on-going process.
   The implementation of the Directive in national law is still on-going, also countries outside the EU like
Norway and Iceland are implementing the Directive. Iceland does not have an explicit provision that requires
judicial authorization to access the data.
   Apple and Google collect user data. Wall street Journal 22 April 2011
   Location Based Service, a Markerter’s Dream on
   According to an article published on
Location-Based-Services-But-Reluctant-to-Share-Specifics.html 28% of American adults use LBS. This
percentage gets up 58% amongst smart phone users.
   Future of Identity in the Information Society. Deliverable D11.5 The Legal Framework for Location Based
Services in Europe. Available on
address and billing information. When a target carries a phone that is part of contract with a
service provider, tracking by law enforcement becomes a matter of obtaining judicial
authorization and simply contacting the service provider to request access to a person’s
location data.

However, there are other ways of obtaining a mobile phone and number without signing a
contract with a service provider, and without registering personal data with a service
provider. Pre-paid or pay-as-you-go systems often provide a customer with a phone and a
certain amount of credit, which can be topped up occasionally by making (cash) payments to
that effect. There are many legitimate reasons to opt for such a phone; however, it is known
that criminals are increasingly making use of this system as they believe that it will be more
difficult to track and trace such phones.

Whenever a person or group of interest make use of mobile phones without a contract, it
becomes a challenge for law enforcement to figure out who carries which phone. However,
every phone identifies itself in two ways when it connects to the mobile phone network, and
these identification codes can be intercepted by law enforcement with a technology known
as an IMEI Grabber or the IMSI-Catcher. IMEI stands for International Mobile Equipment
Identity and IMSI for International Mobile Subscriber Identity. If law enforcement knows
where a person of interest is located at a certain time, they can deploy the IMSI or IMEI
catcher to identify the phone the target might be carrying.

Though there are many different types of IMSI and IMEI catchers on the market the basic
principles are common to all.

Every mobile phone has a built-in function to optimize the reception, and it will choose to
connect with the base station with the strongest signal. The IMSI-catchers masquerade as a
base station and cause every mobile phone within a certain radius to log in.

It is normal for base stations to require that the handset identifies itself to the network. They
can send a special identity request, which forces the handset to send out explicit
identification of the user. The SIM card sends a unique IMSI number. This starts with the
country code of the user’s account, followed by the network code and finally the telephone
number. In most cases, the operation cannot be recognized by the subscriber.
By using this technology, the device will pick up all the phone numbers within a certain
radius. It may be needed to use the IMSI catcher at three separate locations where the
target is located, in order to triangulate the data and filter out the phone number belonging
to the target.

The IMSI will identify which phone number a target is using. It is easy to change the SIM card
in a phone and thereby change the IMSI code. However, the IMEI code remains unchanged
no matter what SIM card is installed on the device.

Once the phone number and/or IMEI of the mobile device have been distilled, law
enforcement can, after obtaining authorization, start using the mobile phone as a location

3.1.5 ANPR

Automatic Number Plate Recognition (ANPR) (or Number Plate Recognition, NPR or License
Plate Recognition, LPR as it is also known) is a technology aimed at recognizing which
vehicles have been driving where at what time. Initially, the technology was used for
detecting traffic violations such as surpassing the speed limit or accessing prohibited zones.
It later became an effective tool in regulating measures to alleviate traffic congestion in
bigger cities by imposing charges on cars passing through a certain area.27 In recent years,
ANPR has become a tool in counter-terrorism as well. But how does it actually work?28

ANPR is basically a CCTV-type technology that is enhanced with features that distil number
plates from grainy images taken of licence plates of passing cars. Because the surface of the
licence plate is covered with many tiny hemispheres that reflect light back to its source,
licence plate numbers are visible no matter what direction the light comes. However, the
reflective nature of the licence plate alone is not enough to guarantee that any camera can
take a picture accurate enough to read the licence plate.

An ANPR camera has to function at all times of day and in all kinds of weather. A normal
camera cannot cope with such huge variation in lighting conditions, so there is a need to
provide a constant level and direction of illumination irrespective of the natural lighting
conditions. To this end, ANPR cameras are fitted with infrared illumination which, by making
use of the retro reflective nature of licence plates, ensures that the licence plate is visible no
matter the natural lighting conditions. Depending on the shutter speed of the camera, it is
even possible to create an image which is completely black except for the number plate.
Cameras with ANPR function can be static or mobile or mounted in police vehicles.

ANPR systems come with software that makes the pictures ‘readable’. The images captured
by the camera consists of thousands of individual pixels. Special Optical Character
Recognition (OPR) software is necessary to convert these groups of pixels into characters
which form the licence plate.

Though the main function of the ANPR system is to capture the licence plate, often this is
combined with ‘regular’ CCTV in order to produce an overview image. In some countries, this
overview image is of importance when ANPR is used in prosecution or congestion charging.
The overview image is taken by a conventional colour camera mounted alongside the ANPR
camera. It is possible to set up the system in such a way that the overview camera will only
save the image when the ANPR camera registers a licence plate.29

Merely knowing which licence plate has passed which location at which time does not
provide valuable information. The usability of the ANPR system depends on the connected
ANPR database. Different ANPR products provide different types of database, but a common
standard database provides search options on: full plate, part plate, time, data, category,
name and address of licence holder etc.

ANPR data includes so-called ‘read’ data and ‘hit’ data. A read is a capture of the vehicle’s
licence plate in combination with an overview image. Read data is the term used to describe

  There are many ANPR systems available. Examples of ANPR products are:
Elsagna’s MPH-900 – Automatic licence plate recognition, works from a stationary location or while mobile and
cross references against an onboard ‘hotlist’. Can record 100s of plates a minute and keeps record of image
and GPS coordinates of every plate scanned for future reference. Soon to be incorporating i2 analytic
capabilities Similar producst can be found at : See Detecter Deliverable 12.10
all the data collected as vehicles pass through the ANPR readers. A ‘hit’ is a match between
the licence plate and the database being searched.30

There are often several databases connected with the ANPR system. In the U.K., the Police
National Computer file is one of them. PCN contains information about vehicles that have
markers on them because, for example, they have been stolen or are otherwise associated
with crime. Other databases can be Local Force Databases, Foreign Force databases, and
motor insurance databases.31
Although in some cases, authorization from a judge will be necessary to consult the ANPR
system, there is no need for judicial authorization to ‘flag’ a licence plate. ‘Flagging’ a licence
plate can be done for a variety of reasons, e.g. because a driver no longer has insurance
cover or because the vehicle has been associate with a crime or has been located in the
vicinity of activity deemed terror-related. However, whenever a ‘hit’ occurs, it is not always
immediately clear why a vehicle’s licence plates match with a vehicle of interest in the ANPR
system, because the reason why a vehicle is flagged is omitted in the initial data provided
with the ‘hit’ information. In addition it is not always clear who decided to ‘flag’ a vehicle

3.2 Uses of location tracking
It is important to note that tracking devices are used for a range of legitimate ends.
Countering terrorism might, under the right preconditions, be one of them.

3.2.1 GPS trackers
GPS trackers are widely used in many jurisdictions in Europe as they are considered to be a
cost effective way of gathering useful information about the target. Because its use is
considered to be invasive, authorization from an independent or judicial body is required.
The technology is widely available and the cost of employing such devices, especially a GPS
logger, is relatively low. With tight budgets and the need to allocate counter terrorism

  National Policing Improvement Agency, Practice advice on the management and use of automatic number
plate recognition, 2009. P. 10
     The exact name of these databases may vary from country to country.

resources most effectively, it is expected that GPS trackers are increasingly being used to
replace human surveillance which is relatively more expensive. However, for GPS trackers
placed on for example vehicles, simply recording the movements of that vehicle will not
provide valuable intelligence, unless it has been ascertained that the person of interest was
in fact traveling with that vehicle. A certain amount of human surveillance will therefore
remain necessary. Especially where the data recorder by GPS trackers becomes part of the
evidence presented in Court, other evidence will need to be presented that corroborates
that it was indeed the target that was being tracked.

3.2.2 Location data gathered through mobile phones
There are several reasons to track the location of mobile phones, most of them perfectly
legitimate, for example for billing purposes, or for targeting (with informed consent of the
user) behavioural advertising.

Location tracking by tracking a mobile phone has proven effective in the fight against
terrorism. One of the suspects of the failed suicide bombings of the London transit system
on July 21 in 2005, Hamdi Isaac Adus32, was caught with the help of mobile phone location
tracking technology. The suspect had fled to Rome to his brother’s apartment. Along the way,
he had changed is SIM card. However, the British police had provided their Italian
counterparts not only with the suspect’s phone number, but also the IMIE related to the
device the target was known to use. The combination of this knowledge and its cross-border
exchange led to the arrest and conviction of the suspect.33

Technologies to track a certain mobile phone are widely available and in most jurisdictions
require the authorization of an independent authority. The relatively simple technological
features of modern mobile phone tracking devices make them relatively cheap to use.34

   Also known as Hussain Osman.
   Heather Timmons, London Suspect Betrayed by His Cellphone, New York Times, August 2, 2005. And
Tracking a suspect by mobile phone. BBE News, August 3 2005.
   This is not true for the system purportedly in use in the United States. In the United States, the F.B.I.
purportedly uses a system called Triggerfish, developed by the Harris Corporation. It makes use of the target’s
However, because the location data of mobile phones is already being retained by mobile
phone service providers under the EU Data Retention regime, the amount of location data
available at a relatively low cost (for law enforcement) makes that the use of location data
more appealing.

Location data stored by mobile phone service providers under the data retention directive is
in principle accessible to law enforcement for counter-terrorism purposes. And, according to
Cecilia Malmstrom, the data retained is a valuable tool in fighting terrorism. 35
In the evaluation report on the use of the data retention directive, the Commission found
that “Member States generally reported data retention to be at least valuable, and in some
cases indispensable.”36

Location data stored by providers of location based services is in principle not accessible for
law enforcement, but many of the terms of use agreements show that many commercial
parties will share the personal data they collected when asked for by law enforcement. In
some cases the decision about whether or not to share information depends on what the
commercial party deems necessary or appropriate.37

phone, an antenna and a laptop to determine a mobile phone’s location. Whenever a mobile phone is on, the
phone registers with the nearest tower and that signal gets intercepted by the triggerfish antenna. By analysing
the direction and signal strength, triggerfish determines the mobile phone’s location. According to Landau,
this system is quite expensive “running upward of $50,000”, which is the reason why the use of this system is
limited. S. Landau. Surveillance or Security?: The Risks Posed by New Wiretapping Technologies, 2011 p. 103
   Cecila Malmstrom, speech 11/280. It needs to be noted here that the data retained on mobile phones is
more than location data alone. The term used is traffic data which includes which numbers were connected at
what time, and from which location.
   Report form the Commission to the Council and the European Parliament, Evaluation report on the data
retention directive (Directive 2006/24/EC), Brussels 18.4.2011 (Com 2011) 225. P. 23
Czech Republic considered data retention ‘completely indispensable in a large number of cases; Hungary said it
was ‘indispensable in (law enforcement agencies’) regular activities’; Slovenia stated that the absence of
retained data would ‘paralyze the law enforcement agencies’ operation’; a United Kingdom police agency
described the availability of traffic data as ‘absolutely crucial…to investigating the threat of terrorism and
serious crime.’
   An example from apple’s privacy policy: “It may be necessary − by law, legal process, litigation, and/or
requests from public and governmental authorities within or outside your country of residence − for Apple to
disclose your personal information. We may also disclose information about you if we determine that for
purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or
appropriate.” From . Many other commercial services have a similar clause in
their terms of use agreement.
ANPR is used in most EU countries and was originally introduced as a measure to fight traffic
congestion and to automatically detect speed limit violations. For the latter purpose, it is
possible for the technology to only be activated once a violation is detected. In other words,
only those who are ‘guilty’ will be captured by the technology, and information gathered by
the technology serves as evidence which can be scrutinized in court if need be.
For the purpose of fighting traffic congestion, it might be necessary to capture and store
data on all vehicles passing through a certain area. For this purpose it will be necessary to
store the data at least until all charges are paid by the customer.

In recent years, ANPR has been used in counter-terrorism as well.38 And some even claim it
has been successful in countering terrorism in the UK.39
Using ANPR for counter terrorism purposes, however, entails a different kind of use of ANPR
technology. As explained in the description of the technology, the aim of ANPR is to record
the data of number plates once the car they belong to is in violation of traffic rules. However,
using ANPR for counter terrorism purposes requires the constant use of the ANPR system. As
becomes clear from the ‘Practice’ advice given to UK police, ANPR can be a valuable tool in
producing intelligence products:

“All intelligence products should be supported by analysis and this includes analysis to
identify hotspots or series of crime and disorder, subject profile analysis and case analysis to
identify vehicles being used by persons of interest, and network analysis to identify vehicles
being used by groups of individuals.”40

   According to a policy document by the City of London Police ANPR will be used “to assist in the prevention
and detection of acts of terrorism against persons and property.” A.1.5.
Similarly the Hampshire constabulary will “use ANPR in a lawfaul and ethical manner in relation to the
prevention and detection of: a) terrorism, b) serious crime, c) volume crime, d) fatal and serious injury road
traffic accidents.” 28100 Policy- ANPR version 2, last updated 12/03/2007.
   National Policing Improvement Agency, Practice advice on the management and use of automatic number
plate recognition, 2009. P. 37
See also reports in media: NBC: U.K: terror suspects include 2 doctors. 01/01/2007
   National Policing Improvement Agency, Practice advice on the management and use of automatic number
plate recognition, 2009. P. 29
In order to conduct such thorough analysis, large sets of data must be stored in the ANPR
system; much more data than the ANPR system was initially designed to store. It is
estimated that in the UK alone, the ANPR systems records 14 million motorists every day,
and it is alleged that “the records do not only include details of car registrations, but often
photographs of drivers and front seat passengers.”41 The data collected through the ANPR
system is stored in a central database for 2 years.

In the Netherlands similar ANPR technology is used42, but for the time being on a much
smaller scale. Current regulation makes the storage of ‘read’ data illegal: only ‘hits’ may be
retained. Despite these regulations, it has become known that several police forces have
stored ‘read’ data anyway and have used this data successfully in their investigation of
crime.43 The public outcry notwithstanding, the Minister of Security reacted to this violation
by proposing changes in the law to allow for the retention of ANPR data for a period of four
weeks. 44

The use of ANPR and in particular the storage of all ‘reads’ not merely ‘hit’ data gives rise to
concern however useful it is. Innocent people have been stopped because their car has
secretly been flagged on the police computer. Such was the case of John Cat, who at the age
of 80, in 2005, was stopped and had his car searched under the Terrorism Act. In addition,
Mr Catt was threatened with arrest if he failed to answer questions posed by the City of
London Police. As it turns out, Mr Catt’s car had been secretly ‘flagged’ in the ANPR system
because it had been spotted in the vicinity of a demonstration against the arms trade.45

   Police secretly snapping up to 14m drivers a day. The Sunday Times, 4 April 2010. This seems to be in
accordance with the NPIA Practice Advice which states that ANPR can be useful in determining who was driving
vehicle and who was a passenger. National Policing Improvement Agency, Practice advice on the management
and use of automatic number plate recognition, 2009. P. 39
   Politie Programma ANPR, Standaarden ANPR Algemeen , September 2011 versie 4.0. p.4.
   In one case, the use of ANPR became part of evidence in a murder case where a body had been discovered in
the proximity of a highway. ANPR records showed that a certain vehicle matching the tire tracks at the crime
scene had indeed been at the scene around the time the body must have been disposed of.
‘Opsporing via Kenteken Stap Dichterbij’. Binnelands Bestuur, 11 January 2011.
   Police secretly snapping up to 14m drivers a day. The Sunday Times, 4 April 2010
Though the fact that the system yields false positives is itself not enough to discredit it ,
there are wider implications for human rights, which will be discussed in the section on risks.

4 Potential human rights risks
There is a risk that using detection technologies can violate human rights. The following
paragraphs will discuss the potential dangers of using location tracking technologies in
counter terrorism in relation to the right to respect for private life, home, and
correspondence as protected in article 8 of the European Convention of Human Rights.46

4.1 Potential risks of location tracking
Deliverable 5.2 on the Relative Moral Risks of Detection Technology has analysed the general
risks of using detection technologies in countering terrorism. It explored the risks relevant
to the right to privacy such as intrusion into private space, invasion of informational privacy,
and the chilling effect surveillance measures may have on the enjoyment of the right to
privacy. Deliverable 17.1 has also briefly mentioned the risk of using detection technologies
in counter-terrorism. The analysis in these Deliverables will not be repeated here, but the
main points, relevant to location tracking can be summarized as follows:

      In order to determine whether someone might be involved in terrorist activities, it is
         imperative for counter terrorism professionals to get an understanding of a person’s
         habits, whereabouts, contacts and motivations. These are inevitably aspects of
         someone’s private life. Covert surveillance methods to unveil these aspects are
         therefore intruding on the right to privacy as enshrined in article 8 ECHR.

      Intrusiveness into private life increases by widening access to personal data through
         mass information sharing. In other words, the more people have access to the data,
         the more intrusive the measure is.

      Mass sharing of information deepens the possibility of errors by reducing the
         opportunities for faulty information to be corrected.

  Article 8.1.Everyone has the right to respect for his private life, his home and correspondence.
8.2.There shall be no interference by a public authority with the exercise of the right except such as is in
accordance with the law and is necessary in a democratic society in the interest of national security, public
safety or the economic well-being of the country, for the protection of disorder or crime, for the protection of
health or morals, or for the protection of the rights and freedoms of others.

        Detection technologies that acquire publically available information may threaten the
           protection of private life. For the possibilities for aggregation and analysis make the
           details of a person’s life clear in a way which otherwise not be possible.

        Detection technologies that gather and store data carry the risk of ‘function creep’.
           Data collected for a specific purpose (with the consent of the data subject), may at a
           later stage be used for a wider range of purposes (for which the data subject has not
           given explicit consent).

        Electronically stored data carries the inherent risk of being ‘leaked.’ Either
           accidentally by leaving stored data in places where the public has easy access, or as a
           result of the activities of ‘hackers’ who have made an effort to (illegally) obtain
           access to sets of data.47

        Counter terrorism can sometimes have an unintended ‘chilling effect’ on the general
           population. “The feeling of vulnerability that comes with the awareness of others’
           access to one’s private data may be enough to motivate a withdrawal from public life
           which hampers the full potential of a well-functioning democratic process.”48

In the previous chapter the actual use of different location tracking technologies was
described. It is possible to envisage how these technologies might be used. Some possible
uses do not comply with the intended aims to which such technologies were originally
employed. Because location tracking technologies can reveal intimate details about a
person’s private life, their misuse may lead to serious human right infringements. The
underlying fear is that the State will abuse its power to collect information in order to
control its citizens in a way that is incompatible with the rule of law and democratic
principles. The following paragraphs describe situations wherein location tracking
technology might be used in a way that violates human rights.

  The examples of data leaks is endless and reference to all of the instances would simply not fit in this
footnote. Leaks of personal data by government have become so frequent that the Dutch website ‘Webwereld’
renamed the month October, ‘lektober’ to reveal every day of that month another data breach by the Dutch
     Deliverable 5.2 The Relative Moral Risks of Detection Technology p.45

The use of IMEI grabbers or IMSI catchers usually goes unnoticed by the people being
tracked and the technology is relatively simple to deploy. It is not uncommon for law
enforcement to surveil demonstrations or political gatherings, at which they are in principle
even allowed to take pictures. It is easy to envisage how the use of an IMSI catcher or IMEI
grabber could help identify everyone with a mobile phone present at a rally. It would be
possible to create a clear list of the names of all protesters at demonstrations or supporters
of opposition parties by simply deploying IMSI or IMEI technology in areas known to be
frequented by these persons. Though in some jurisdictions it is forbidden to cover your face
during protest, it is quite a different matter to make known to the authorities your exact
name, address and phone number in order to exercise your right to protest. It is not difficult
to imagine that IMEI/IMSI grabbers can be a popular technology for oppressive regimes to
gather information about opposition parties and their supporters.

Similar scenarios could apply to the use of ANPR data and mobile phone location data.
Location tracking might have a chilling effect that has bearing on the enjoyment of many
rights: the right to freedom of movement, freedom of association, and the right to respect to
private life. In Deliverable 17.1 it became apparent that the right to respect for private life,
besides having a value on its own, is of instrumental importance to the fulfilment of other
rights. Therefore, in the following, the focus will be on whether and how location tracking
technologies pose a risk to the right to respect for private life.

4.2 Location tracking and the right to privacy
In Europe, the right to privacy is protected in several human rights instruments.49 Amongst
many provisions, article 8 (1) of the European Convention on Human Rights which protects
the right to respect to private life, family life, home and correspondence might be
considered to be the most authoritative.

The case law produced by the European Court of Human Rights interpreting article 8 in a
counter-terrorism context can therefore be of guidance in determining how location tracking
technologies may interfere with the right to privacy.

     DETECTER Deliverable 17.1 p.6-8.

It is important to note that not every invasion into privacy necessarily constitutes a violation
of the right to privacy as enshrined in article 8 of the European Convention on Human Rights.
Interference with the right to privacy may well be in accordance with the Convention, if the
use of a detection technology passes the ‘permissible limitations’ test. Whether the
permissible limitations test is passed depends on a multi-layered assessment of many factors
that concern both the characteristics of the technology and the legal framework in which the
technology is used.

The Court’s assessment can be roughly divided in three subsequent steps.

   1. Is there an interference with private life, family life, home or correspondence.

   2. If there was an interference, was this legal?

   3. If it was legal, was it proportionate.

For the purpose of the paper we will only focus on the first and last part of the assessment
of the European Court of Human Rights, whether or not the use of location tracking
technology constitutes an interference with the right to privacy and whether the
interference is proportionate. These aspects are the most interesting at this point, because it
will help answer the question whether location tracking has bearing on the right to privacy in
the first place. And second, whether the use of this technology can be deemed
proportionate (provided that the legal framework is adequate). The reason why the second
part of the analysis, the question on whether the interference is legal is left out of this paper
is because the legal regimes in which location tracking technologies are used vary from
country to country. Where some regimes may be in accordance with the Court’s
requirements and some are not. For the purpose of this paper, however, it may be helpful to
assume that the legal framework is in accordance with the Court’s requirements, in order to
move on to the matter of proportionality which should be a concern to all countries,
irrespective of whether or not the legal regime is adequate. It therefore falls outside the
scope of this paper to review the legal framework for each of the described technologies in
all countries in Europe.

The Court has dealt with few cases concerning location tracking and article 8. The case of
Uzun v. Germany is the first and only case dealing with GPS tracking technology.50 This case
concerned the GPS tracking of the applicant as part of a criminal investigation into his
suspected participation in bomb attacks in Germany. The data gathered by the use of GPS
was part of the evidence presented in trial, which was corroborated by information obtained
by other methods of investigation. The inclusion of this evidence led to the conviction of the
applicant to a prison term of 13 years. The applicant complained that his surveillance via GPS
and the use of the data obtained thereby in the criminal proceedings both violated his rights
under Article 8, and, having been the essential basis for his conviction, Article 6 § 1. From
this judgment, the general principles related to assessments of whether location tracking is
an interference or perhaps even a violation with the right to privacy, can be distilled.

4.2.1 Principles relevant in assessing the interference of location tracking
Analysing the case law of the European Court of Human Rights concerning article 8,
surveillance and counter terrorism, reveals the following principles:

        A person’s reasonable expectation to privacy may be a significant, although not
           necessarily conclusive factor in deciding whether there was an interference with art.
           8. 51

        In principle, the monitoring of public space, even by technological means, does not
           interfere with the right to private life. 52

        Private life considerations arise once any systematic or permanent record of material
           from the public domain comes into existence. 53

     Uzun v. Germany (application no. 35623/05), Judgment 2 September 2010.
  Perry v. UK para 37. Uzun v. Germany para 44.
  “A person walking along the street will inevitably be visible to any member of the public who is also present.
Monitoring by technological means of the same public scene (for example, a security guard viewing through
CCTV) is of a similar character”. Uzun v. Germany para 44.
See also Herbecq and the Association “Ligue des droits de l’homme” v, Belgium, nos. 32200/96 and 32201/96,
Commission decision of 14 January 1998, Decision and Reports (DR) 92-B, p.92, concerning the use of
photographic equipment which does not involve the recording of the visual data obtained.
        The compilation of data on a particular individual54, processing of personal data, and
           the subsequent publication of that material in a manner or degree beyond that
           normally foreseeable are of relevance in determining the interference.55

        Systematic collection and storing of data on particular individuals by security services,
           without the use of covert surveillance may constitute an interference.

Once an interference is established, the following factors decide the severity of the

               The number of state authorities with access to the data.

               The number of persons with access to the collected data.

               Whether other surveillance measures are being deployed simultaneously.

               The duration of the period in which data is collected.

For the purpose of this paper, we assume that the use of location trackers is in general ‘in
accordance with the law’, and deemed to pursue the legitimate aim of countering terrorism.
What remains to consider is whether the severity of the interference is proportionate to the
legitimate aim pursued. The more severe the interference, the more compelling reasons are
required. Issues to consider are:

        Have other, less intrusive measures been tried?57

        Is there reason to believe that by using this technology, serious harm can be

     Uzun v. Germany para 44, P.G. and J.H. v. the UK para 57. Peck v. UK para 58-59, and Perry v. UK para 38.
   In Amann v. Switzerland (no. 27798/95), para 65-67, the mere storing of information about the applicant on
a card in a file was found to be an interference with private life, even though it contained no sensitive
information and had probably never been consulted.
   Rotaru v. Romania (GC), no 28341/95, para 43-44. P.G. and J.H. v the UK para 57, Peck v. UK para 59, Perry v.
UK para 38
   Uzun v. Germany para 78-80
   Uzun v. Germany para 78.
   Uzun v. Germany para 80.
4.2.2 Applying the principles to the described technologies
In applying these principles to location tracking devices described in this Deliverable it might
at times be useful distinguish between the technologies that are aimed at a specific
individual, and those technologies aimed at larger groups of the population.

On the question whether people have a reasonable expectation of privacy when it comes to
location data gathered by mobile phone services, it is important to bear in mind that the
media has paid ample attention to the implementation of the Data Retention Directive. It
may therefore be assumed that the average person could be aware that his phone’s location
data will be stored for a certain period of time and will be made available to competent
national authorities if a judge so authorizes59. However, it must also be noted that the
reasonable expectation to privacy may differ for each individual depending on how well he
or she is acquainted with technological advancements and legal standards. As the Court
notes, the reasonable expectation to privacy may not be a decisive factor in determining
whether or not there has been an interference. So even though people may be expected to
know that their location data is being stored, this does not exclude the possibility that
location tracking may still be considered to be an interference. On this point, it may be
important to note that there was huge public resistance to the Data Retention Directive,
which might point to the fact that the practice of storing location data (amongst other
things), was not publicly accepted.

In general the use of technological means to observe the public sphere does not amount to
an interference in itself. After all, my travel movements can be observed by anyone present
where I am. However, with the exception of real life GPS trackers, the other location
technologies are characterized by their ability to store in a systematic way the products of
technological observation of the public domain. It is this systematic storing and the
possibility of aggregating the data that makes that location tracking technologies likely to be
an interference. The creation of a permanent record of movement patterns, available to law

  This assumption may not be correct. Even though media has paid attention to the Data Retention Directive,
this does not mean that everybody has correctly understood the implications.

enforcement, gives law enforcement a detailed insight into the whereabouts of a person.
However, location data reveals much more than simply the coordinates visited at a certain
point in time. Several studies point out that aggregating location data reveals intimated
details about a person’s life.

A mobile phone is intimately linked to its user. Most people tend to keep their phone within
1 meter from their body, and it seldom happens that mobile phones are left in the care of
others for longer periods of time. Location data of a mobile phone can therefore reveal
intimate details of habits and patterns of the owner. For example, by a pattern of inactivity
at night, the sleeping place of the owner can be deduced and from a regular travel pattern in
the morning, the workplace of a person may be revealed. Several studies have shown how
much personal details become known simply by tracking the movement of a person’s mobile

Alex Pentland at MIT found after analysing location data recorder over a time span of 2 years,
that “the data is able to predict with uncanny accuracy where people are likely to be at any
given time in the future. (…) Just by watching where you spend time, I can say a lot about the
music you like, the car you drive, your financial risk, your risk for diabetes.” 60

Another group at Northeastern University in Boston studied the travel routines of 100.000
mobile phone users and found that people’s movements appear to follow a mathematical
pattern. “With enough information about past movements, they could forecast someone’s
future whereabouts with 93,6% accuracy.”61

In Germany, Malte Spitz, a Green party politician, sued Deutsche Telekom to see his own
records. It appeared his location had been recorded by the phone company 35 thousand
times in a period of six months. In an attempt to highlight privacy concerns, Mr Spitz gave

   The Really Smart Phone, The Wall Street Journal, 23 April 2011.
   Marta C. Gonzalez [et al.]. Understanding individual human mobility patterns. I: Nature. Vol. 453 (2008). p.
779-782. .
these records to the news Site Zeit Online, which combined the data with public records and
was able to correctly construct Mr Spitz’s daily travel routines.62

As the article 29 Working Group notes in its Opinion 13/2011, “ A behavioural pattern may
also include special categories of data, if it for example reveals visits to hospitals and
religious place, presence at political demonstrations or presence at other specific locations
revealing data about for example sex life.”63

Article 2 of Directive 95/46/EC defines ‘personal data’ as follows: any information relating to
an identified or identifiable natural person (‘data subject’); an identifiable person is one who
can be identified, directly or indirectly, in particular by reference to an identification number
or to one or more factors specific to his physical, physiological, mental, economic, cultural,
or social identity. 64 Location Data can therefore be deemed personal data. It could even be
considered ‘sensitive personal data’65 because as the quoted studies show, location data
reveals a lot about a person’s habits and can even reveal sexual preference or political views.

Some of the location tracking devices are used in an overt (as opposed to covert) way, for
example ANPR and arguably mobile phone location tracking. Their overt use could be
interpreted as providing people with an option as to whether or not to subject themselves to
the tracking. After all, if you don’t want your licence plate to be registered, you could choose
not to drive on roads known to be fitted with ANPR technology, or you could travel by public
transport. So if you do decide to use your car, or use your phone, it can be regarded as an
active choice, implying consent to the overt use of location tracking.

   Betrayed by your own data, Zeit Online, 2 May 2011.
   Article 29 Data Protection Working Party. Opinion 13/2011 on Geolocation services on smart mobile devices,
adopted 16 May 2011. P. 7
   Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of
individuals with regard to the processing of personal data and on the free movement of data.
   Article 8.1 of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the
protection of individuals with regard to the processing of personal data and on the free movement of data
defines ‘special categories of data as follows: special categories of data is data revealing racial or ethnic origin,
political opinions, religious or philosophical beliefs, trade-union membership, and data concerning health or sex
life. In literature, this ‘special category of data’ has become to be understood as ‘sensitive data’. See for
example Kosta (2007) E. Kosta [et al.]. Data protection in the third pillar: in the aftermath of the ECJ decision on
PNR data and the data retention directive. I: International Review of Law Computers and Technology. Vol. 21
(2007). p. 347-362. P.8
However, this can hardly be considered to be a fair choice because choosing not to be
surveilled would lead to severe restrictions on one’s freedom of movement and could
hamper one’s establishment and development of relationships. To refrain from using a
mobile phone or driving a car would impair one’s ability to pursue the conduct article 8
seeks to protect.

In addition, in relation to location tracking by mobile phones, some have expressed serious
concerns that the general public does not understand the implications of using location-
based services.66 As they do not understand the consequences, they cannot be regarded as
having given their ‘informed consent’ to the location tracking by mobile phone.

The severity of the interference

The severity of the interference constituted by location tracking varies from country to
country and from case to case. For example, the use of ANPR varies widely across European
jurisdictions both in terms of scale and reasons for using ANPR. Also, access to retained
mobile phone location data is granted to different authorities.

What can be noted here is that the use of a combination of location tracking technologies
seems likely to aggravate the interference. It can be assumed that large parts of the
population are subject to at least one or two of the location tracking regimes: everyone with
a mobile phone and everyone traveling by vehicles on public roads. In addition, some of
these records are kept for the duration of 2 years, which is a long time. These factors mean
that the interference by the State by means of ANPR can be considered quite severe. For
individual location tracking, at least when it comes to placing GPS trackers on a person’s
belongings, there seem to be more restrictions regarding the length of time for which a
person can be tracked. Authorization is only given for a couple of weeks at a time, and

  “One of the risks is that the owner are unaware that they transmit their location, and to whom. Another
related risk is that the consent for certain applications to use their location data is invalid, because the
information about the key elements of the processing is incomprehensible, outdated or otherwise
inadequate.” Article 29 Data Protection Working Party. Opinion 13/2011 on Geolocation services on smart
mobile devices, adopted 16 May 2011. P 19.
An American communications service provider recently announced that it will place a warning label on its
smart phone to warn consumers that the device they are buying is in fact a location tracking device.
renewal is based on strict necessity. Individual location tracking can therefore be considered
less severe than blanket location tracking of large parts of the population by means of ANPR
or mobile phone location tracking.


It is clear that location tracking, on both an individual as well as a large scale, interferes with
the right to privacy. Assuming, for the purposes of this Deliverable, that the use of these
technologies fall within national legal frameworks that comply with the ECtHR’s
requirements for the quality and foreseeability of the law, the question still remains whether
the use of location tracking technology can be deemed proportionate.

In this assessment the risks of misuse need to be considered. As was described in the section
on potential risks, there is a possibility that the use of location tracking devices causes
effects that are so harmful to an individual or to society at large that they might outweigh
the need to use location tracking technology.

The first question that arises is whether other less intrusive measures might be available.
There are definitely other options: tracking of someone’s movement could also be done by
human observation, which would limit the electronic storage of location data, and would
probably limit the amount of people with access to the data. However, it has to be
considered how cost effective and thereby realistic this option is. Because human
observation is labour intensive and therefore more expensive than electronic tracking,
human observation seems to be less likely to be adopted by law enforcement.

If we look at the purposes to which tracking technologies are put, (i.e. uncovering a person’s
habits and whereabouts in order to determine whether someone poses a threat), there are
other technologies available that can help. Examples include audio bugging someone’s home,
intercepting communications, either by phone or mail, or monitoring someone’s web surfing
habits. Yet, because these technologies make even more directly visible someone’s personal
preferences, habits, and political views, these technologies are (perhaps incorrectly)
presumed to be more interfering with someone’s privacy than location tracking technologies.
It can therefore be assumed that there are few reasonable alternatives to location tracking.

In addition to the requirement that it be the least intrusive option, it is required that the use
of this technology is expected to help prevent serious harm. Considering how much
information can be revealed about a person by merely looking at travel patterns, it is not
surprising that location tracking does indeed help to inform counter terrorism and to make a
better threat assessment on whether a person of interest might be involved in terrorist
activities and therefore merits further investigation. Many of the counter terrorism
professionals interviewed for Deliverable 17.2 perceived location tracking important to
becoming familiar with a person or group of interest.67

So we have established that location tracking is one of the least intrusive technologies that
contribute to preventing counter terrorism. But whether location tracking therefore is
proportionate remains to be seen.

As the beginning of this chapter pointed out, there are several risks associated with the use
of location tracking. Some of the risks pertain to society as a whole and these should also
play a role in determinations of the proportionality of location tracking devices. For example,
how does storing personal location data for future criminal investigation comply with the
presumption of innocence?

In the case of ANPR and mobile phone location data, personal data is retained without the
existence of even the slightest indication that this person is involved with terrorism. This
amounts to blanket and indiscriminate retention of personal data. Blanket and
indiscriminate retention of personal data by the state should, where possible, be prevented,
as there is a risk that the State may misuse this data in order to abuse its power over its
citizens. For example, the blanket and indiscriminate retention of fingerprints and DNA
material was found to be disproportionate and in violation of the right to respect for private
life.68 Now, at first sight, it hardly seems that location data can be compared with DNA
material in terms of sensitivity. As the ECtHR noted in S. and Marper, the severity of the
interference (and therefore the need to justify it) depended in this case on the sensitivity of
the type of data. “The retention of cellular samples is particularly intrusive given the wealth
of genetic and health information contained therein.” Indeed, DNA material can give away a

     Deliverable 17.2. p. 19
     S. and Marper v. the United Kingdom judgment 4 December 2008, para 125.
lot of personal information. However, it takes quite exceptional skills, qualifications and
techniques to distil any usable information from a DNA sample. If we compare that with how
relatively ‘easy’ it is to distil other, also very personal, information from location tracking
data69 we might come to the conclusion that blanket and indiscriminate retention of location
data is equally disproportionate. The risk of data leaks with DNA samples is significantly
smaller than with location tracking data, which makes the risk of misuse of location tracking
data equal to if not bigger than that of DNA samples.

How likely it is that location data is misused depends on the system of safeguards that
surrounds the use of location tracking technologies. These safeguards vary from country to
country. The following safeguards should in general be considered if the use of location
tracking technologies is to be proportionate.

       -   The access to data collected through general location tracking systems needs to be
           subject to safeguards similar to the placing of a GPS tracker on one individual. In
           other words, access should only be granted if there is judicial authorization. This
           includes information shared by commercial parties with law enforcement.

       -   Strict oversight and electronic logs of who accessed which data.

       -   Data collected through location tracking technologies should be automatically
           deleted after a set interval.

If the use of location tracking technologies is paired with these safeguards against abuse, it
might be proportionate and therefore an example of interference with, but not violation of
article 8 ECHR.

     See page 30-31.

5   Conclusion

This Deliverable has sought to identify characteristics of detection technologies used in
counter terrorism and the potential human rights risk they pose. The choice to focus on
location tracking technologies was informed by the results of the interviews conducted for
Deliverable 17.2. During those interviews, participants indicated that tracking the
movements of a person or group of interest is usually the starting point of investigations in
efforts to prevent terrorism. This deliverable identified that it is not so much the tracking
itself, but rather the creation of huge databases including detailed personal information that
is problematic.

It further explained that aggregating the data in these databases reveals intimate details of a
person’s private life, which include information about a person’s habits, (future)
whereabouts, religion, and can even reveal sexual preference or political views. This means
that location data can fall within the ambit of ‘special category of data’ or ‘sensitive personal
data’. The storing and processing of such data by governments is an interference with the
private life of the individuals concerned.

The collection of data, especially in relation to mobile phone location data, is necessary for a
number of legitimate reasons, and can in many ways not be avoided. General concerns
related to counter terrorism technologies apply also to location tracking devices. The risk of
de facto tracking of everyone’s movement and storing of the location data for a period of up
to two years can have a significant ‘chilling effect’ on society. People may be less willing to
participate in public life when, for example, participating in a demonstration or political
gatherings will entail authorities having an electronic record revealing your attendance. This
is a loss for any well-functioning democracy.

The chilling effect and the blanket and indiscriminate storage of sensitive data make that the
proportionality of the use of location technologies really depend on how strong the
safeguards against abuse are. Focus should therefore be on safeguards that restrict access to
stored data, which include measures to prevent data leaks. Imposing strict regulation on the
access of location data by requiring judicial authorization and having a built-in function that
creates an ‘electronic trail’ of those accessing the data might mitigate concerns.

6   Bibliography
Technology Product info websites

Online News articles
Apple and Google collect user data. Wall street Journal, 22 April 2011

Betrayed by your own data, Zeit Online, 2 May 2011.

EU funding Orwellian artificial intelligence plan to monitor public for abnormal behaviour,
The Telegraph, 19 September 2009
London Suspect Betrayed by His Cellphone, New York Times, August 2, 2005

Location Based Service, a Markerter’s Dream, Mobile Marketing Association Magazine

NBC: U.K: terror suspects include 2 doctors. MNS NBC, 2007

‘Opsporing via Kenteken Stap Dichterbij’. Binnelands Bestuur, 11 January 2011.
Police secretly snapping up to 14 m drivers a day. The Sunday Times, 4 April 2010.

The Really Smart Phone, The Wall Street Journal, 23 April 2011.

Tracking a suspect by mobile phone. BBE News, August 3 2005
Verizon plans to put location tracking warning sticker on phone, Forbes 28 April 2011.


DETECTER Deliverbale 5.2. Paper on the relative Moral Risks of Detection technology. J.
Guelke and T. Sorell.

DETECTER Deliverable 17.2. Interviews with Government Officials on Detection Technologies,
R. van der Hilst and H. Draper

Future of Identity in the Information Society. Deliverable D11.5 The Legal Framework for
Location Based Services in Europe.

Gonzalez, Marta C. [et al.]. Understanding individual human mobility patterns. I: Nature.
Vol. 453 (2008). p. 779-782.

Kosta (2007) E. Kosta [et al.]. Data protection in the third pillar: in the aftermath of the ECJ
decision on PNR data and the data retention directive. I: International Review of Law
Computers and Technology. Vol. 21 (2007). p. 347-362

Landau, S. Surveillance or Security?: The Risks Posed by New Wiretapping Technologies, 2011

Varshavsky, S "Are GSM Phones THE Solution for Localization?," wmcsa, pp.34-42, Seventh
IEEE Workshop on Mobile Computing Systems & Applications (WMCSA'06), 2006 available at

Other Documents
Article 29 Data Protection Working Party. Opinion 13/2011 on Geolocation services on smart
mobile devices, adopted 16 May 2011

National Policing Improvement Agency, Practice advice on the management and use of
automatic number plate recognition, 2009
City of London Policy Document Police ANPR
Hampshire 28100 Policy- ANPR version 2, last updated 12/03/2007.
Politie Programma ANPR, Standaarden ANPR Algemeen , September 2011 versie 4.0. p.4.
Report form the Commission to the Council and the European Parliament, Evaluation report
on the data retention directive (Directive 2006/24/EC), Brussels 18.4.2011 (Com 2011) 225.

Cases of the European Court of Human Rights
A and Others v. the United Kingdom, judgment of 19 February 2009
Amann v. Switzerland [GC], no. 27798/95
Copland v. the United Kingdom, judgment 3 April 2007
Gillan and Quinton v. the United Kingdom, judgment 12 January 2010
Gaskin v. the United Kingdom, judgment 7 July 1989
Halford v. the United Kingdom, judgment 27 may 1997
Von Hannover v. Germany, judgment 24 September 2004
Handyside v. the United Kingdom, judgment 7 December 1976
Herbecq and the Association “Ligue des droits de l’homme” v, Belgium, Decision of 14 January 1998,
Huvig v. France, judgment of 24 April 1990, Series A no. 176-B
Iordachi and Others v. Moldova, judgment 10 February 2009
Klass and Others v. Germany, Series A no. 28 1978
Kruslin v. France, judgment of 24 April 1990, Series A no. 176-A
MS and PS v. Switzerland Decision 15 October 1985
Malone v. the United Kingdom, judgment of 2 August 1984 Series A no. 82
Mersch and Others v. Luxemburg, decision 10 May 1985
Peck v. the United Kingdom (no. 44647/98)
Perru v. the United Kingdom ((no. 63737/00)
P.G and J.H. v. the United Kingdom, judgment 25 September 2001
Rotaru v. Romania (GC), no 28341/95
S. and Marper v. the United Kingdom judgment 4 December 2008
Uzun v, Germany (application no 35623705), judgment 2 September 2010
Weber and Saravia v. Germany, decision on admissibility, 29 June 2006


Shared By:
yaohongm yaohongm http://