Privacy Researchers Push for Location Services Protected By Cryptography

Google Latitude, Loopt and Brightkite are location-based search services that help users find friends, businesses and other information from their mobile and wireless devices. The Electronic Frontier Foundation offers a whitepaper on how these services can use cryptographic security to protect consumer privacy. The challenges are great, but they argue the results will be worth it in ensuring users' locational privacy.

Many users love geo-location services such as Google Latitude, Loopt and Brightkite, which leverage GPS data and wireless networks to help users find their friends, businesses or other areas of interest from their smartphones.

Such services also scare some users because they mean our location information is stored in a database. What if we want a user or service provider to know where we are, but not have that information stored in the location-based service provider's servers?

A privacy expert and a mathematician have proposed such services that ensure users' locational privacy are possible.

In a whitepaper, "On Locational Privacy, and How to Avoid Losing it Forever," Peter Eckersley, staff technologist for the Electronic Frontier Foundation, and Andrew Blumberg, a postdoctoral fellow at Stanford University, argue that modern cryptography allows data processing systems to be designed with privacy policies ranging from limited to complete anonymity.

"Preserving locational privacy is about maintaining dignity and confidence as you move through the world," the researchers wrote. "Locational privacy is also about knowing when other people know things about you, and being able to tell when they are making decisions based on those facts."

The researchers argue modern cryptography will let companies deploy anything from road tolls and transit tickets to location searches from cell phones and all the other mobile services we want without creating a record of where users are.

Eckersley and Blumberg offer the case of location-based search services on mobile devices as an important example. Because phones are locating themselves based on the signal strength or visibility of nearby wireless networks or on GPS data, companies are trying to provide search tools which use this data to offer people different search results depending on where they are at any given moment.

For example, if a user is on Folsom Street in San Francisco and does a search for local restaurants, a service would return search results for eateries within a half-mile radius of Folsom Street. The researchers provide an example of a location search that does not ensure privacy because it allows for digital footprints:

"The naive way to do mobile location search is for the device to say "This is Frank's Nokia here. I see the following five Wi-Fi networks with the following five signal strengths." The service replies "OK, that means you're at the corner of 5th and Main in Springfield." Then your device replies, "What burger joints are nearby? Are any of Frank's friends hanging out nearby?" That kind of search creates a record of everywhere you go and what you're searching for while you're there."

The researchers claim the cryptographic way to blend location-based services and search would sound like this: