ICO to conduct probe on O2 regarding mobile phone number leaks
To many firms, users discovering that they were using Carrier IQ was bad news. Many customers became irate and concerned over the fact that the program was recording actions being performed on their mobile phones without their permission.
UK mobile networks were quick to dismiss the notion that they were using the program themselves. Carrier IQ has since explained that the information they gathered was only going to be used to improve the user-mobile experience, saying that it only recorded “information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life.”
It’s easy to understand why these users would be outraged. Privacy is a huge deal to most people (including me), and to have someone encroach on it is just unacceptable.
This is also probably why many users find themselves displeased at what O2 has done recently. In a blog post, Lewis Peckover, who is a web systems administrator and a subscriber of O2, revealed that the provider was inserting their phone numbers into the HTML headers of websites that users visited.
The headers are used to facilitate the connection between the site’s servers and the user’s browser.
Peckover wrote: “O2 seem to be transparently proxying HTTP traffic and inserting this header.” He provided a script for others to use so they can determine whether their own service provider was doing the same thing. In the case of O2, the header shows up with the following line: ‘x-up-calling-line-id: 447726900XXX.’
Because of this, the Information Commissioner’s Office (ICO) has announced that they will be conducting a probe into the matter. The organisation said in a statement: “Keeping people’s personal information secure is a fundamental principle that sits at the heart of the Data Protection Act and the Privacy and Electronic Communications Regulations.”
ICO added: “When people visit a website via their mobile phone, they would not expect their number to be made available to that website. We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed.”
Meanwhile, Privacy International’s Alex Hanff commented: “This is a serious mistake that exposes hundreds of thousands of people to the risk of exposing their phone numbers to anyone with a website. Phone number lists sell for large quantities of money. People with unlisted phone numbers have been exposed.”
Loading ...
Well as far as Carrier IQ was concerned it is clearly stated in the EULA which end users sign. At least in the US it is. We also know that no personal information was sent when using the
Carrier IQ profiles.
With O2 I can imagine that if we clearly see numbers attached to web pages, not a very good thing. I can imagine as far as data mining it is great, but one would hope that anything transmitted off the device is at least encrypted. I would like to know why it is happening rather than it is. It seems like an odd behavior and some clarification would be nice.