The Mexican legislature today adopted a surveillance legislation that will grant the police warrantless access to real time user location data. The bill was adopted almost unanimously with 315 votes in favor, 6 against, and 7 abstentions. It has been sent to the President for his approval.
There is significant potential for abuse of these new powers. The bill ignores the fact that most cellular phones today constantly transmit detailed location data about every individual to their carriers; as all this location data is housed in one place—with the telecommunications service provider—police will have access to more precise, more comprehensive and more pervasive data than would ever have been possible with the use of tracking devices. The Mexican government should be more sensitive to the fact that mobile companies are now recording detailed footprints of our daily lives.
In response to the law’s adoption, Mexican human rights lawyer Luis Fernando García told EFF, "Mexican policy makers must understand that the adoption of broad surveillance powers without adequate safeguards undermines the privacy and security of citizens, and is therefore incompatible with their human rights obligations."
Sensitive data of this nature warrants stronger protection, not an all-access pass. Human rights advocates will evaluate all necessary legal options for challenging the legality of the measure. In the meantime, Mexican citizens should evaluate the possibility of requesting access to their own personal data retained by their mobile company according to the Mexican Data Protection Law.
In Germany, the politician and privacy advocate Malte Spitz used a similar local privacy law—which like laws in many European countries, gives individuals a right to know what kinds of data private companies retain about them—to force his cell phone carrier to reveal what records it had on him. The result was 35,831 different facts about his cell phone use over the course of six months, revealing vast amounts of personal information. To demonstrate just how intrusive this data is, Spitz chose to make it all available to the public. Watch the remarkable interactive map of Spitz’s location information if you haven’t done so.
It is time to educate all of our legislators and the general public that sensitive data warrants strong protections. EFF will continue to report on mobile and online surveillance in Mexico.
If you are Mexican, the Data Protection Authority has provided a FAQ on how to request access to your own personal data retained by private companies.
Stay tuned for additional updates: