More on Location Privacy Practices

"Hi, this is a mobile device here. Here is a cryptographic proof that I have an account on your service and I'm not a spammer. I see the following five wireless networks." The service replies "okay, that means you're at the corner of 5th and Main in Springfield. Here is a big list of encrypted information about things that are nearby." If any of that encrypted information is a note from one of Frank's friends, saying "hey, I'm here," then his Nokia will be able to read it. If he likes, he can also say "hey, here's an encrypted note to post for other people who are nearby." If any of them are his friends, they'll be able to read it."

Eckersley and Blumberg also provide examples for using cryptography in automated tolling and stoplight enforcement and transit passes and access cards.

However, while they cautioned that the challenge of implementing such cryptographic solutions is great, cryptographic software is already used to protect financial services, e-commerce and telecommunications.

Moreover, they argue that while governments have a "responsibility to their citizens to ensure that the infrastructure they deploy protects locational privacy" companies should want to invest in such technologies to avoid the cost of legal compliance issues.  

The researchers also don't believe that waiting for a company to offer privacy solutions as features that can be bolted on to existing location services is an option. Instead, it is incumbent on service providers to build these protections into their software services.

Unfortunately, location-based services might be one of the last action items on the long list for federal agencies such as the Federal Trade Commission or Department of Justice.

These regulators are already grappling with such weighty issues as privacy in behaviorally-targeted advertising, as well as the privacy and possible antitrust ramifications of Microsoft's and Yahoo's search deal.

Location-based services are very much in their infancy. Until services such as Google Latitude and Loopt see more widespread adoption, regulators are not likely to sit up and take notice. The whitepaper from the EFF is one seed that could be planted in the name of locational privacy.