Location privacy
May 19th, 2009 at 15:05 UTC by Frank Stajano
I was recently asked for a brief (4-page) invited paper for a forthcoming special issue of the ACM SIGSPATIAL on privacy and security of location-based systems, so I wrote Foot-driven computing: our first glimpse of location privacy issues.
In 1989 at ORL we developed the Active Badge, the first indoor location system: an infrared transmitter worn by personnel that allowed you to tell which room the wearer was in. Every press and TV reporter who visited our lab worried about the intrusiveness of this technology; yet, today, all those people happily carry mobile phones through which they can be tracked anywhere they go. The significance of the Active Badge project was to give us a head start of a few years during which to think about location privacy before it affected hundreds of millions of people. (There is more on our early ubiquitous computing work at ORL in this free excerpt from my book.)
Location privacy is a hard problem to solve, first because ordinary people don’t seem to actually care, and second because there is a misalignment of incentives: those who could do the most to address the problem are the least affected and the least concerned about it. But we have a responsibility to address it, in the same way that designers of new vehicles have a responsibility to address the pollution and energy consumption issue.
Entry filed under: Academic papers, Politics, Privacy technology, Security economics
5 comments Add your own
1. David Mery | May 19th, 2009 at 22:45 UTC
> today, all those people happily carry mobile phones
They better do, otherwise they’ll appear suspicious. More at The mobile phone as self-inflicted surveillance.
(This post brings back memories of fingering some badges when I first heard about this project!)
br -d
2. Frank Stajano | May 20th, 2009 at 12:12 UTC
Interesting comment. Perhaps not being on facebook will be seen as equally suspicious sometime soon…
3. Verity | May 20th, 2009 at 13:58 UTC
I wonder how many people realise to what extent they can be tracked by their mobile phone. I also wonder if those that realise they *can* be tracked actually assume that they *won’t* be, unless the police get a warrant, or similar.
4. evergrowingbrain | May 21st, 2009 at 11:44 UTC
I’m firmly in a combination of the “nothing to hide” and there fore the “no-one has time to bother tracking me” camps.
Phone tracking couldn’t save Holly and Jessica, but it helped to bring their killer to justice.
Ben Elton’s “Blind Faith” would be my suggestion for extended reading on this topic, especially in light of Frank Stajano’s comments.
I’m guilty of losing contact with friends because they didn’t disappear into the internet like i did.
5. Clive Robinson | May 25th, 2009 at 13:59 UTC
The issue is not just of geoloc but temporal as well.
I have known for many years looking at handoff information on cell networks that it is fairly easy to track a person via their mobile phone.
Although you might be one of twenty or thirty people living in postcode A and working in postcode B (see paper by Philippe Golle and Kurt Partridge http://crypto.stanford.edu/~pgolle/papers/commute.pdf) you generally travel to work by the same route at the same time.
Even when the data is randomized to protect the user the same journey and time tends to nail you cold. If the randomization is incorectly picked, then your subsiquent movments can still be determined with a fair degree of accuracy.
And even if you decide to change your phone by swapping it with a colleague or friend, at some point you fall back into the same regular pattern and therefore you are “found again”.
It is surprisingly difficult to hide a user as an unknown entity if the attendent geoloc and time data is included. The process of making them known is usually simply a DB lookup for unique known patterns (like days you where not in the office or at a known site for a meeting etc).
Leave a Comment
Some HTML allowed:<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Subscribe to the comments via RSS Feed