NO2ID

Millions of mobile phone numbers held on new directory service
John Bingham:

Ring a bell?

Times, 13 July 2007: Britain’s first mobile phone directory announced:

13 July 2007:


9 June 2009:

http://118800.co.uk/privacy-policy.html:

Well spotted on the historicals! And that 'privacy' policy which looks more like an identity-theft request than anything else. Probably better just to go ex-directory - but only after the first attempt to contact you since you might not be listed,

And from their website FAQ page

There is a world of difference between being contaced by a related business and being shoved into a directory.

Also remember that if your details are held by a company that goes bust, that database can be sold as part of the receivership/liquidation process with little or no restriction on how that information is then used by the purchaser. It may be that there are *supposed* to be restrictions, but not from what I have seen in practice.

[ I'd suggest that this thread is perhaps somewhat off-topic since it's not a government project, just someone trying to make money from yet another database ]

I'm glad you mention that.

Connectivity was a topic for discussion at the Crosby Forum on Public/Private Identity Management back in March 2007.

Simon Davies of Privacy International – and ex-Chairman of No2ID, of course – can fill in the details.

As a commercial project, Connectivity has got guaranteed failure written all over it. It's a government project. To build an NIR.

So what is wrong with demanding that they delete the information they hold on you, rather than going "ex directory" which implies they won't.

Sorry, can't find the reference for that one at the mo - do you have a link?

No links that I know of. Just my contemporaneous notes.

Blow me down, there was Simon Davies on the BBC Radio PM programme, just after 5.25 p.m., http://www.bbc.co.uk/programmes/b006qskw, discussing Connectivity.

Given the number of times my family change their mobile numbers I would think that this service is basically useless.

That's not entirely helpful, you know...

Are you sure it wasn't simply a 'likely use' note? This really does look like just another naff (re)attempt at 'data monetisation', helped by a bit of generated controversy.

The Reg has a good item on this and the readers are as incisively entertaining as ever:
http://www.theregister.co.uk/2009/06/09 ... directory/

BBC relatively neutral but does at least highlight the issues, assuming the clip is the same as what I just saw on the box
http://news.bbc.co.uk/1/hi/business/8091472.stm

What a a bloody cheek, they want your name, address and ID, just to get your number removed.

I can see some taking these to court, on abuse of the information they hold on people.

How is it a government project?

Also, isn't DematerialisedID premised on the establishment of a database not dissimilar to that proposed by Connectivity, which associates a mobile phone number and thus SIM with the owner of that mobile phone.

Interesting to note that he was an advisor to the project in the early days but walked away when it became apparent that the business model was incompatible with privacy assurance. In a nutshell - opt-in rather than opt-out would mean Connectivity wouldn't make money. He also pointed out the generational issues which mean that what was acceptable for landlines is totally unacceptable for mobile phones which are perceived as an extension of the individual (presumably as opposed to something in the corner of the lounge on a 70s-style telephone table).

Smart marketing: they are positioning compliance with the Data Protection Act as a benefit!

Daily Telegraph, 9 June 2009:

http://news.bbc.co.uk/1/hi/business/8091472.stm:

Tue, 09 Jun 2009 20:23:59 and Tue, 09 Jun 2009 20:27:08 were me not logged on.

No, it isn't.

The dematerialised ID proposal is available at http://dematerialisedid.com/Register.html.

The "trivially obvious solution as far as any moderately capable IT consultant is concerned" proposed there is that you leave the people who know what they're doing to maintain the mobile phone databases, i.e. the telcos.

They have the experience to do it properly and they have the incentive to do it properly – that's what they depend on for their income. They are the ones who keep the databases on SIMs and IMEIs up to date, they are the ones who keep that data matched to people – people they can charge. IPS wouldn't be up to the job. (IPS aren't up to any job.) GCHQ probably aren't up to the job (c.f. IMP). Connectivity don't stand a chance. Not without government help, at least. If they really are collecting mobile phone data from all and sundry, it won't be accurate and it won't be up to date.

That's what I said, when asked, in March 2007. Instead of building a new database full of inaccurate and out of date information, the obvious design is to build a portal that accesses the existing databases, which in turn are maintained by the experts.

Subject to what's legal. Subject to civil liberties. If the project fails those tests, then drop it. But there is no point under any circumstances adopting the Connectivity approach.

The dematerialised ID approach is, in those respects, quite different to Connectivity's. Portal, yes. New database, no.

The Connectivity approach is an attempt to re-create old-fashioned telephone directories. Without the benefit of the telephone companies being involved. It cannot possibly succeed, it is bound to fail.

Which brings me on to my next post.

And who would have access to that portal/ As one of those "moderately capable IT consultant"s with 20+ years experience in the database industry, whether you access the information in multiple databases via a portal or in one database is neither here nor there: the impact is the same. If, every time the mobile phone is used as an alternative to an ID card, the identity verification event is recorded by the mobile phone company in their database and the government then has access to the aggregated audit trails of all those mobile phone companies via a portal the impact is EXACTLY the same.

The issue is not who holds the data, whether it is in multiple databases owned by T-Mobile, O2 et al and accessed via a portal or one databases owned by IPS (putting to one side the comparative abilities of those organisations to manage that data effectively) but rather who has access to that data and any associated audit trails, the controls in place regarding access to that data and how and who it is shared with.

IPS ID cards are an attempt to re-create the ration cards of the 1940s. That's the technology they understand. That's what they feel comfortable with. Typewriters and rubber stamps. See http://dematerialisedid.com/index.html. Connectivity's venture is an attempt to re-create telephone directories. It has the same smell as the National Identity Scheme.

The Connectivity business cannot possibly succeed, see above. It has the same smell as the National Identity Scheme.

Only stupid people put money into a venture that cannot possibly succeed. 3i and Esprit are not stupid. They wouldn't put £17 million into Connectivity if they didn't think they had a good chance of taking £100 million out.

Who would pay £100 million for a business? Someone who thought it had earnings of, say, £25 million p.a. Connectivity's costs will presumably be kept to a minimum by siting the operation in India. And they probably don't pay much for their poor quality data. There may be some minor advertising revenue from the website. Maybe some income from one of those expensive telephone lines. They have forsworn selling the data, so no income there. So they've got to cover costs, including legals and mass marketing, from their £1 connection charges and make £25 million on top.

All this, supplying a service no-one wants.

It doesn't make sense.

The venture capital chaps would not be in there if there wasn't a chunky customer contract somewhere behind the business.

That will not be with the telcos. Telcos don't like running directory enquiries. BT begged to get out of the business. Most of the 118 competition flopped. BT now provide the service grudgingly, as a public service, on pain of losing their licence.

That really only leaves the government.

If there isn't a government contract there, 3i and Esprit are stupid. They're not. So there is. And it was being discussed at the Crosby Forum.

Who else, apart from the government, would want a complete list of mobile phone numbers? No-one.

2 + 2 = 4

The distinction I am trying to make is this. The data on the Connectivity database is likely to be inaccurate and out of date. The data on the telcos' databases is likely to be accurate and up to date. The "impact" is very different.

In various versions of the dematerialised ID proposal produced between January 2003 and March 2007, I foresaw the police having access to the data when an investigation was underway and access was warranted.

I was young and carefree then. Never in my wildest dreams had I imagined a Home Secretary giving access to that data to the purchase ledger clerk at the London Borough of Merton.

Guardian Cif: Our data is already online
Michael Cross: