Report Warns of Losing "Locational Privacy"

By Matthew Harwood

A new report from a privacy watchdog warns that Americans are losing their privacy as they travel through public space due to location-based technologies and services such as EZ Pass and cellphones.

In an 8-page report, the Electronic Frontier Foundation (EFF) worries about "locational privacy," or  "the ability of an individual to move in public space with the expectation that under normal circumstances their location will not be systematically and secretly recorded for later use."

Location-based services that transmit, record, and store where a person is—such as EZ Pass, WiFi networks, transit cards, Google Latitude—can be exploited by government, business, or prying ex-lovers to track and reconstruct where people have been as they go about their daily life.

The EFF concedes that people forfeit some privacy when they go into public. However, the ability to track people as they went about their lives before the rise of such technology was extraordinarily difficult and generally quite expensive: people hired private investigators to do that work. Besides, the person being monitored had a decent shot at detecting the surveillance.

Not anymore, says EFF.

"In the world of today and tomorrow, this information is quietly collected by ubiquitous devices and applications, and available for analysis to many parties who can query, buy or subpoena it. Or pay a hacker to steal a copy of everyone’s location history," the report argues. "It is this transformation to a regime in which information about your location is collected pervasively, silently, and cheaply that we’re worried about."

By delving into such databases, it's possible to determine whether a young woman went to an abortion clinic or that father of four checked into a hotel at lunchtime with someone other than his wife—information that a person doesn't want friend or foe alike to know about.

The upside, as the EFF contends, is that modern cryptography can design location-based services that do not collect identifiable data at all, like "electronic cash." The downside, however, is that this costs additional money that companies are reluctant to invest into the original design when not absolutely necessary.

The EFF believes there are real financial reasons why companies may want to do so though.

"Corporations with large locational datasets face a risk that lawyers and law enforcement will realize the data exists and begin using legal processes to obtain it," the report says. "The best way to avoid this costly compliance risk is to avoid having identifiable location data in the first place."

The second reason companies should ensure locational privacy is to gain a competitive edge. According to the EFF, a good deal of customers will find robust privacy protections a reason to purchase one technology or service over another.

Until democratic lawmaking catches up with technology, the EFF says, it's up to private companies to protect locational privacy and design systems that do not sacrifice it for expediency.

"We can’t stop the cascade of new location-based digital services. Nor would we want to — the benefits they offer are impressive," the report says. "What urgently needs to change is that these systems need to be built with
privacy as part of their original design."

♦ Photo by PlayingBareFoot/Flickr


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.