Many users love geo-location services such as Google Latitude, Loopt and Brightkite, which leverage GPS data and wireless networks to help users find their friends, businesses or other areas of interest from their smartphones.
Such services also scare some users because they mean our location information is stored in a database. What if we want a user or service provider to know where we are, but not have that information stored in the location-based service provider’s servers?
A privacy expert and a mathematician have proposed such services that ensure users’ locational privacy are possible.
In a whitepaper, “On Locational Privacy, and How to Avoid Losing it Forever,” Peter Eckersley, staff technologist for the Electronic Frontier Foundation, and Andrew Blumberg, a postdoctoral fellow at Stanford University, argue that modern cryptography allows data processing systems to be designed with privacy policies ranging from limited to complete anonymity.
“Preserving locational privacy is about maintaining dignity and confidence as you move through the world,” the researchers wrote. “Locational privacy is also about knowing when other people know things about you, and being able to tell when they are making decisions based on those facts.”
The researchers argue modern cryptography will let companies deploy anything from road tolls and transit tickets to location searches from cell phones and all the other mobile services we want without creating a record of where users are.
Eckersley and Blumberg offer the case of location-based search services on mobile devices as an important example. Because phones are locating themselves based on the signal strength or visibility of nearby wireless networks or on GPS data, companies are trying to provide search tools which use this data to offer people different search results depending on where they are at any given moment.
For example, if a user is on Folsom Street in San Francisco and does a search for local restaurants, a service would return search results for eateries within a half-mile radius of Folsom Street. The researchers provide an example of a location search that does not ensure privacy because it allows for digital footprints:
“The naive way to do mobile location search is for the device to say “This is Frank’s Nokia here. I see the following five Wi-Fi networks with the following five signal strengths.” The service replies “OK, that means you’re at the corner of 5th and Main in Springfield.” Then your device replies, “What burger joints are nearby? Are any of Frank’s friends hanging out nearby?” That kind of search creates a record of everywhere you go and what you’re searching for while you’re there.“
The researchers claim the cryptographic way to blend location-based services and search would sound like this:
More on Location Privacy Practices
“Hi, this is a mobile device here. Here is a cryptographic proof that I have an account on your service and I’m not a spammer. I see the following five wireless networks.” The service replies “okay, that means you’re at the corner of 5th and Main in Springfield. Here is a big list of encrypted information about things that are nearby.” If any of that encrypted information is a note from one of Frank’s friends, saying “hey, I’m here,” then his Nokia will be able to read it. If he likes, he can also say “hey, here’s an encrypted note to post for other people who are nearby.” If any of them are his friends, they’ll be able to read it.”
Eckersley and Blumberg also provide examples for using cryptography in automated tolling and stoplight enforcement and transit passes and access cards.
However, while they cautioned that the challenge of implementing such cryptographic solutions is great, cryptographic software is already used to protect financial services, e-commerce and telecommunications.
Moreover, they argue that while governments have a “responsibility to their citizens to ensure that the infrastructure they deploy protects locational privacy” companies should want to invest in such technologies to avoid the cost of legal compliance issues.
The researchers also don’t believe that waiting for a company to offer privacy solutions as features that can be bolted on to existing location services is an option. Instead, it is incumbent on service providers to build these protections into their software services.
Unfortunately, location-based services might be one of the last action items on the long list for federal agencies such as the Federal Trade Commission or Department of Justice.
These regulators are already grappling with such weighty issues as privacy in behaviorally-targeted advertising, as well as the privacy and possible antitrust ramifications of Microsoft’s and Yahoo’s search deal.
Location-based services are very much in their infancy. Until services such as Google Latitude and Loopt see more widespread adoption, regulators are not likely to sit up and take notice. The whitepaper from the EFF is one seed that could be planted in the name of locational privacy.